Privacy Notice for Timecho Website
This privacy policy will explain how Timecho Europe GmbH (hereinafter referred to as “Timecho Europe”) uses the personal data we collect from you when you use our website and services.
1. Controller
Timecho Europe GmbH
Emma-Joos-Str. 6
70439 Stuttgart
Tel.: +49 711 81048763
E-mail: Contact@timecho.com
2. Purposes and Legal Bases of the Processing of Data
2.1 Visiting Our Website
For the purpose of the technical provision of the website, it is necessary that we process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time our website is called up and automatically stored in so-called server log files. These are:
Browser type and version
Operating system used
Website from which the access is made (referrer URL)
host name of the accessing computer
Date and time of access
IP address of the requesting computer
The storage of the aforementioned access data is necessary for technical reasons to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimization of our website, purely statistically and without any inference to your person. This data is not merged with other data sources, nor is the data evaluated for marketing purposes.
The access data collected in the course of using our website is only stored for the period of time for which this data is required to achieve the aforementioned purposes. Your IP address is stored on our web server for a maximum of 7 days for IT security purposes.
The basis for the temporary storage and processing of access data is Art. 6 para. 1 s. 1 lit. f GDPR. Our legitimate interest is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
2.2 Contact Form
If you send us enquiries via the contact form, your message and contact data you provided, will be stored and processed accordingly for the purpose of processing and answering the enquiry and in the event of follow-up questions. We will only pass on this data to third parties if this is necessary within the scope of processing and answering your contact enquiry or if you have given us your consent.
If you contact us within the scope of a contractual relationship or contact us in advance for information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and answering your contact enquiry in accordance with Art. 6 para 1 s. 1 lit. b GDPR. In addition, for the purposes of our legitimate interests in accordance with Art. 6 para. 1 s. 1 lit. f GDPR for the appropriate response to contact enquiries.
The data you enter in the contact form will remain with us until the purpose for processing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.
2.3 Business Partners
We process personal data that we receive from you in the course of contacting you or establishing a contractual relationship or in the course of pre-contractual measures or that you provide either to the organizer or to us directly at trade fairs or conferences.
If you have given us your consent to store your data and contact you, the processing is based on Art. 6 para. 1 lit. a GDPR. If you have provided us with your contact details and wish us to contact you, we may also base the processing of your data on a legitimate interest of ours in accordance with Art. 6 para. 1 lit. f GDPR. In this case, our legitimate interest in the processing prevails.
As the processing of your personal data is necessary for the initiation or implementation of a contractual relationship or in the context of the implementation of pre-contractual measures, the processing is based on Art. 6 para. 1 lit. b GDPR.
2.4 Cookies
We use so-called cookies on our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string of characters that enables your browser to be uniquely identified when you return to the website.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit or browser session (so-called transient cookies). Other cookies remain stored on your end device for a specified period of time or until you delete them (so-called persistent cookies). These cookies enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only give your consent to cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. You can regularly obtain the procedure for deactivating cookies via the "Help" function of your Internet browser. If cookies are deactivated, the functionality and/or complete availability of this website may be limited. For further cookie-specific setting and deactivation options, please also see below the individual explanations of the cookies and associated functions/technologies specifically used when visiting our website.
Some of the cookies we use on our website come from third parties that help us to analyse the impact of our website content and the interests of our visitors, measure the performance of our website or serve ads and other content to our website or other websites. As part of our website, we use both first party cookies (only visible from the domain you are visiting) and third party cookies (visible across domains and set regularly by third parties).
The cookie-based data processing is carried out on the basis of your consent given in accordance with Art. 6 para. s. 1 lit. a GDPR or on the basis of Art. 6 para. 1 s. 1 lit. f GDPR for the purposes of our legitimate interests. In particular, our legitimate interests are in being able to provide you with a technically optimized website that is user-friendly, as well as ensuring the security of our systems. You can revoke the consent you have given us at any time, e.g. by deactivating the cookie-based tools/plugins listed in detail in the following overview. By making the appropriate settings, you can also object to processing based on legitimate interests.
In detail, the following cookie-based tools/plugins are used within the framework of this website:
Google Analytics
We create pseudonymous usage profiles with the help of Google Analytics, a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4 Ireland ("Google."), in order to design our websites in line with demand. Google Analytics uses targeting cookies that are stored on your terminal device. In this way, we are able to recognise and count returning visitors as such and to learn how often our web pages have been accessed by different users. The data processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. Since we have activated the IP anonymisation on our website, your IP address will, however, be shortened by Google beforehand within member states of the European Union. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and only shortened there. For these cases, Google Ireland has agreed to so-called standard data protection clauses with Google LLC, the purpose of which is to ensure compliance with an appropriate level of data protection in the third country.
We have concluded a data processing agreement with Google Ireland in accordance with Art. 28 GDPR. Accordingly, Google will use all information strictly for the purpose of evaluating the use of our websites for us and compiling reports on website activity (for more information on the purpose and scope of data collection, see https://support.google.com/analytics/answer/6004245?hl=en#zippy=%2Ccookies-und-kennzeichnungen-von-google-analytics). Google Ireland regularly stores the data for 12 months.
You can withdrawal your consent at any time. If you do not agree with the processing, you can prevent it with the one-time installation of the browser add-on to disable Google Analytics or by rejecting cookies via our cookie settings dialog. You can also prevent the collection of data generated by the cookie and related to your use of our websites (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available at the following link https://tools.google.com/dlpage/gaoptout?hl=de.
2.5 Further Processing Purposes
We also process your personal data to comply with other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial, trade or tax law. We process your personal data in accordance with Art. 6 para. 1 s. 1 lit. c GDPR to fulfil a legal obligation to which we are subject.
We also process your personal data to enforce our rights and legal claims. We also process your personal data to defend ourselves against legal claims. In this context, we process your personal data for purposes of legitimate interests pursuant to Art. 6 para. 1 s. 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes.
3. Recipients of Data
Within Timecho, your data is accessed by those departments that need it to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us (e.g. technical service providers, shipping companies, waste disposal companies) may also receive data for these purposes. We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out in this data privacy information. We have concluded a data processing agreement in accordance with Art. 28 GDPR with our service providers. The categories of recipients in this case are, in particular, providers of Internet service providers, providers of customer management systems and software. Your data is only passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus the fulfilment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorised to provide information.
In addition, we process data under joint controllership with Timecho Bejing in accordance with Art. 26 para. 1 GDPR.
4. Joint Controller
The controllers above processing the personal data specified below as joint controllers for the following purposes. For this purpose, they have concluded a joint controller agreement.
Customer Data:
Contact details (company name, surname, last name, e-mail address, address, birthdate)
Payment information
Marketing Data
Geolocation data, device information, (anonymised) IP address
These data will be used for the purpose of storage and processing and to provide customers with our services.
In the course of using our website, your personal data may be transferred outside the European Economic Area (EEA), i.e. to Timecho Beijing with the server location in Hong Kong. Such processing will only take place to fulfil contractual and business obligations and to maintain your business relationship with us.
In Beijing there may not be a consistently high level of data protection due to a lack of legal provisions. However, we ensure that data protection is sufficiently guaranteed. This is possible through standard contractual clauses of the European Commission for the protection of personal data we entered into.
5. Duration of Data Storage
We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage. This may also include the periods of initiating a contract and processing a contract. On this basis, personal data are regularly deleted within the framework of the fulfilment of our contractual and/or legal obligations, unless their temporary further processing is necessary for the following purposes:
Fulfilment of legal obligations to retain records, which result. The periods specified there for storage or documentation are up to ten years.
Preservation of evidence, taking into account the statute of limitations.
6. Data Security
Personal data is protected by us by means of suitable technical and organisational measures in order to ensure an appropriate level of protection and to safeguard the personal rights of the persons concerned. The measures taken serve, among other things, to prevent unauthorised access to the technical equipment used by us and to protect personal data from unauthorised disclosure by third parties. In particular, this website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as your contact requests that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. Nevertheless, we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is therefore not possible.
7. Your Rights as a Data Subject
You are entitled to the following rights as a data subject under the legal conditions:
Right of access: You are entitled to request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled within the scope of Art. 15 GDPR to receive information about this personal data as well as certain other information (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of third country transfers, the appropriate safeguards) and a copy of your data.
Right to rectification: In accordance with Art. 16 GDPR, you are entitled to demand that we rectify the personal data stored about you if it is inaccurate or incorrect.
Right to erasure: You have the right, under the conditions of Art. 17 GDPR, to demand that we delete personal data relating to you without delay. The right to erasure does not exist, among other things, if the processing of the personal data is necessary, e.g. to comply with a legal obligation (e.g. statutory retention obligations) or to assert, exercise or defend legal claims.
Right to restrict processing: You are entitled to demand that we restrict the processing of your personal data under the conditions of Art. 18 GDPR.
Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to demand that we hand over to you the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
Right of withdrawal: You can withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected. An informal communication, e.g. by e-mail to us, is sufficient to declare the withdrawal. The withdrawal can be made without formalities and should preferably be directed to:
E-mail: privacy@timecho.com
Right to object: You have the right to object to the processing of your personal data that is carried out on the basis of Art. 6 para 1 lit. f GDPR in accordance with Art. 21 GDPR. The right to object only exists within the limits in accordance with Art. 21 GDPR. In addition, our interests may conflict with the termination of processing, so that we are entitled to process your personal data despite your objection. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. We will consider an objection to any direct marketing measures immediately and without weighing up the existing interests again. The objection can be made without formalities and should preferably be addressed to:
E-mail: privacy@timecho.com
Right of appeal to a supervisory authority: Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority.
8. Automated Individual Decision-Making, Including Profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).
9. Amendment of This Privacy Policy
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.
Status August 2023