Data Protection Regulations

 

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. Therefore, we would like to inform you at this point about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about their rights.

Definitions of the terms used (e.g., "personal data" or "processing") can be found in Article 4 of the GDPR.

General Information on Data Processing

 

Scope of Processing Personal Data

We generally collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly only takes place with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.

 

Legal Basis for Processing Personal Data

Where we obtain the user's consent for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.

If processing of personal data is necessary for the performance of a contract to which the user is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

Where vital interests of the data subject or another natural person require processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to protect the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis for processing.

 

Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue beyond this if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Blocking or erasure of data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract. If you assert a valid request for erasure or withdraw consent to data processing, your data will be erased unless we have other legally permissible grounds for the storage of your personal data (e.g., tax or commercial retention periods); in the latter case, erasure will occur once these reasons no longer apply.

 

Recipients of Personal Data

As part of our business activities, we collaborate with various external entities. In some cases, this collaboration necessitates the transmission of personal data to these external entities. We only disclose personal data to external entities if it is necessary for the performance of a contract, if we are legally obligated to do so (e.g., data transmission to tax authorities), if we have a legitimate interest under Article 6(1)(f) GDPR in the disclosure, or if another legal basis permits data disclosure. When using data processors, these service providers only process data upon explicit instruction and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In the event of joint processing, a joint processing agreement will be concluded.

 

Note on Data Transfer to US Companies

We occasionally use services and tools from companies based in the United States that are (currently) not certified under the EU-US Data Privacy Framework (DPF). Information on transfers to US companies with and without DPF certification can be found in this privacy policy.

 

Hosting

For hosting our website, we use a service provider based in Germany. The use of this hosting service provider is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable presentation of our website.

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures the processing of personal data of our website visitors only according to our instructions and in compliance with the GDPR.

Registering for a User Account

In order to make use of tabtool GmbH's services, it is necessary to create a user account. You have the option to register on our website by providing personal data. The specific personal data transmitted to tabtool GmbH during the registration process can be found in the respective input form used for registration. As part of the registration process, we obtain your consent to process this data.

Upon registration on our website, the IP address assigned by your Internet Service Provider (ISP), along with the date and time of registration, is also stored. The storage of this data is necessary to prevent misuse of our services and, if necessary, to facilitate the investigation of any criminal activities. Thus, the storage of this data is essential to safeguard the controller's interests. In general, this data is not disclosed to third parties unless required by law or for the purpose of criminal prosecution.

Your voluntary provision of personal data during the registration process allows tabtool GmbH to offer you content or services that are exclusively available to registered users. Registered individuals have the option to modify or completely delete the personal data provided during registration from tabtool GmbH's database.

At any time upon request, tabtool GmbH provides affected individuals with information about the personal data stored concerning them. Furthermore, tabtool GmbH corrects or deletes personal data at the request or notification of the concerned individual, provided that no legal retention obligations apply.

When you create a (test) account to use our products, we process (i) information associated with you as the owner of the (test) account, needed for contacting you, such as first name, last name, email address, telephone number, (ii) company master data (e.g., company name, address, email addresses, telephone numbers, contact persons, roles), (iii) information about the type and content of the contractual relationship (e.g., quantity, type, and durations of activated licenses, as well as information about requested and created offers), (iv) marketing-related information such as industry affiliation and target audience, as well as information about the origin and history of the (test) account (e.g., responsible sales partner, timing of the last contact).

For individual users of our products assigned to a specific (test) account, we process information needed for contacting them and uniquely assigning users. This includes contact details such as first name, last name, email address, telephone numbers and company, as well as information required for managing the user account (e.g., (test) account to which the user is assigned, license number, timing of account creation, type of account, active/inactive account). Furthermore, we process information about the activities of users in our products.

Legal Basis for Data Processing

The legal basis for these processes is the execution of pre-contractual measures or the fulfillment of our contractual obligations (Art. 6 para. 1 lit. b GDPR), as well as the safeguarding of our legitimate interests (Art. 6 para. 1 lit. f GDPR), namely the analysis and assurance of the operation of our websites and products, the continuous improvement of our products, and the optimization of our marketing measures.

If we have obtained consent in accordance with Art. 6 para. 1 lit. a GDPR, we also process user contact data together with activity data to (i) interactively support new users in the use of our products and facilitate their use, (ii) provide information on (new) product features or updates/upgrades as well as, if applicable, the account status, and (iii) conduct customer surveys to improve service quality. For these purposes, we may contact you via email or telephone. To achieve the purposes outlined above, we may also disclose your data to selected recipients listed in this Privacy Policy.

When you activate a paid account with us, the payment service providers we have engaged (see below) process payment information in addition to the data mentioned above (e.g., invoice recipient, invoice addresses, invoice numbers, invoice periods, due dates, bank details, payment conditions, contact person for invoices, VAT ID, etc.). An email address and the desired product are passed on to the payment service provider Billwerk for order processing (see "Payment Service Provider").

Duration of Storage

The collected personal data will be deleted as soon as the processing is no longer necessary. If the operator is required to comply with legal retention periods for personal data, your personal data will not be deleted, but will be blocked until the expiration of the legal retention period (restriction of processing through appropriate blocking measures, Art. 4 No. 3 GDPR).

Right to Object

Registered individuals have the option to modify or completely delete the personal data provided during registration from our database. The established test account will be closed, and your personal data will be deleted. To revoke the consent given for the creation and maintenance of the user account pursuant to Art. 7 para. 3 GDPR for the future, you only need to inform us of your revocation, for example, by sending an email to datenschutz@tabtool.de. The personal data entered during this process (e.g. name, email address) will be processed within the legal provisions for processing the request pursuant to Art. 6 para. 1a or Art. 6 para. 1b EU GDPR.

Cookies

 

a) Operator Cookies

We use so-called "cookies" on our website. A cookie is a small file that contains a specific string of characters, is stored on your device, and uniquely identifies your browser, allowing further information to be stored within it. By using cookies, we enhance the comfort and quality of our website and services, for example, by saving user preferences. Through these cookies, certain information about you, such as your browser or location data, or your IP address, is processed to an individual extent. This processing makes our website more user-friendly, effective and secure, as it enables the retention of convenience functions such as settings. Session cookies are deleted when you close your internet browser.

The legal basis for processing operator cookies is Article 6(1)(b) of the GDPR, provided these cookies process data for contract initiation or contract fulfillment. If the processing does not serve contract initiation or fulfillment, our legitimate interest lies in enhancing the functionality of our website. In such cases, the legal basis is Article 6(1)(f) of the GDPR.

b) Third-Party Cookies

Currently, we do not use cookies from partner companies with whom we collaborate for advertising, analysis, or the functionality of our website.

Technologies and Services on the Website

 

Freshsales Suite CRM

This website utilizes the "Freshsales Suite" service provided by Freshworks Inc. for online marketing activities. Freshworks is a software company based in the USA (2950 S. Delaware Street, Suite 201, San Mateo, California 94403) with a branch in Germany. Contact: Freshworks GmbH, Neue Grünstraße 17, 10179 Berlin.

Freshsales Suite is a Customer Relationship Management (CRM) and marketing automation system. We use Freshsales Suite for contact management, email marketing (newsletters and automated mailings) and providing product-related information such as new features or updates/upgrades.

When you create a test account to use our products, activate a paid account with us, are invited by the account owner, or provide us with contact information and other demographic data (e.g., through a contact form on our website), we may share this information with Freshworks. Freshworks' services assist us in contacting prospects and users of our products, responding to inquiries, and determining which services offered by our company are of interest to them.

If you have provided your consent, we process your contact data, such as email address, first name, last name and salutation for email marketing and providing product-related information, such as new features, unused features, updates/upgrades, and potentially account status information. You can revoke your consent at any time, for example, by sending an email to datenschutz@tabtool.de. You can unsubscribe from emails using an unsubscribe-link in each email.

The legal basis for these processing activities is your explicit consent (Article 6(1)(a) GDPR) and the protection of our legitimate interests (Article 6(1)(f) GDPR), namely, enhancing user experience and service quality when using our products or visiting our websites (e.g., efficient and quick handling of inquiries).

Freshworks, the provider of Freshsales Suite, is based in the USA. Therefore, we have concluded a contract with Freshworks that includes standard contractual clauses pursuant to Article 46(2) GDPR, wherein Freshworks commits to processing user data only in accordance with our instructions and maintaining the EU level of data protection. Further information can be found here:

https://www.freshworks.com/privacy/ and here: https://www.freshworks.com/gdpr/

 

Freshdesk Help Widget

On our website, we offer the option of contacting us and accessing Frequently Asked Questions (FAQ) through a "Help" widget by the service "Freshdesk". The provider of this service is Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, California 94403, USA. For the organization and processing of inquiries, personal data, typically including name, first name, and email address, is collected, transmitted to Freshworks, stored, and retrieved.

The legal basis for processing this data is our legitimate interest in efficiently designing our customer service, promptly responding to your inquiries, and optimizing our service offerings (Article 6(1)(f) GDPR).

Your data will be deleted after final processing of your inquiry, provided the circumstances indicate that the matter has been conclusively clarified and there are no legal retention obligations. Further information on data protection from Freshdesk can be found at https://www.freshworks.com/privacy/

We have concluded a contract with Freshworks that includes standard contractual clauses pursuant to Article 46(2) GDPR, wherein Freshworks commits to processing user data only in accordance with our instructions and maintaining the EU level of data protection.

The transmission of your data to Freshworks is based on Article 6(1)(a) GDPR (consent). You have the option to revoke your consent to data processing at any time. A revocation does not affect the legality of data processing carried out in the past.

The use of the Freshdesk Help Widget is optional. You can also contact us for support inquiries or questions about our products using other means, such as by emailing to support@tabtool.de or calling us.

 

Matomo

This website uses the open-source web analysis service Matomo. With Matomo, we can collect and analyze data about the use of our website by visitors. This allows us to determine, among other things, when specific page views occurred and from which region they originated. Additionally, we collect various log files (e.g., IP address, referrer, used browsers, and operating systems) and can measure whether our website visitors perform specific actions (e.g., clicks, purchases, etc.).

The use of this analysis tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and advertising. If appropriate consent has been obtained, processing is carried out exclusively based on Article 6(1)(a) GDPR and § 25(1) and (8)/(12) TTDSG, to the extent that consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

IP anonymization is used for analysis with Matomo. This involves shortening your IP address before analysis, making it no longer uniquely assignable to you.

Cookie-less Analysis:

We have configured Matomo not to store cookies in your browser.

Hosting:

We exclusively host Matomo on our own servers, so all analysis data remains with us and is not shared.

Online Appointment Booking through Microsoft Bookings

Our website uses the Microsoft Bookings service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, for online appointment scheduling. The connection to the service is established only when you access the online booking function via an emdedded form on our site. For appointment scheduling, your entries in the appointment scheduling form are transferred to Microsoft. For further information on how your data is handled, please refer to Microsoft's Privacy Statement at https://privacy.microsoft.com/de-de/privacystatement.

The legal basis for processing your data in relation to the "Microsoft Bookings" service is Article 6(1)(f) GDPR (legitimate interest in data processing). The legitimate interest arises from our aim to provide a user-friendly website with a wide range of functions and to offer you the opportunity to quickly and easily arrange a demo or consultation appointment with our staff when needed. We would like to point out that you are not obligated to use Microsoft Bookings to schedule an appointment. If you do not wish to use the service, please use another one of the offered contact options to schedule an appointment.

The Microsoft Corporation is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards.

 

Plugins and Tools on the Website

YouTube

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our web pages that embeds YouTube, a connection to YouTube's servers is established. This informs the YouTube server about which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use comparable technologies for recognition (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to capture video statistics, improve user-friendliness, and prevent fraudulent activities.

If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube serves the purpose of an appealing presentation of our online offers. This constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR. If appropriate consent has been obtained, processing is carried out exclusively based on Article 6(1)(a) GDPR and § 25(1) TTDSG, to the extent that consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time. For more information on how user data is handled, please refer to YouTube's Privacy Policy: https://policies.google.com/privacy?hl=de.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards.

 

Google Fonts (Local Hosting)

This page uses so-called Google Fonts for the uniform display of fonts, which are provided by Google. Google Fonts are locally installed, and no connection to Google's servers is established. Further information about Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's Privacy Policy: https://policies.google.com/privacy?hl=de.

 

Font Awesome (Local Hosting)

This page uses Font Awesome for consistent font representation. Font Awesome is locally installed. There is no connection to servers of Fonticons, Inc. during this process. Further information on Font Awesome can be found in Font Awesome's Privacy Policy: https://fontawesome.com/privacy.

Online Presences on Social Media

We maintain online presences within social networks and platforms such as LinkedIn and Xing to communicate with customers, interested parties as well as users active on those platforms and to inform them about our offers and company developments. We would like to point out that data of users can be processed outside the European Union. This could result in risks for users, for instance, making it more difficult to enforce user rights. Furthermore, data of users is usually processed by the platforms for market research and advertising purposes. For example, usage behavior and resulting interests of users can be used to create usage profiles. These usage profiles can be used, among other things, to display advertisements within and outside the platforms that presumably correspond to users' interests. For these purposes, cookies are usually stored on users' computers in which user behavior and interests are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by users (especially if users are members of the respective platforms and are logged in to them). Tabtool GmbH does not have access to the actual usage data. We only use general usage statistics to review the effectiveness of use.

The processing of users' personal data is based on our legitimate interests in effective information and communication with users pursuant to Article 6(1)(f) GDPR. If users are asked by the respective providers for consent to terms and conditions that require data processing, the legal basis for processing is Article 6(1)(b), Article 7 GDPR.

For a detailed presentation of the respective processing activities and options for objection (opt-out), please refer to the linked information provided by the providers:

– LinkedIn (LinkedIn Corporation, 605 W Maude Ave, Sunnyvale, CA 94085, USA) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy?

– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.

 

No Application of Automated Decision-Making

As a responsible company, we do not engage in automatic decision-making or profiling.