Privacy policy

Person responsible

Responsible for data processing is

exoIQ GmbH
Jaffestraße 12
21109 Hamburg
Germany

Phone: +49 40 23936 9900
E-mail: info@exoiq.com

Data Protection Officer

If you have general questions about data protection, you can contact our data protection team at datenschutz@tts-company.com or at the above postal address with the addition "Data Protection Team".

For confidential communication directly with the Data Protection Officer, please use the above postal address with the addition "Personal: Data Protection Officer".

Purposes of data processing

Operation of the website

The provider is Webflow, Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter referred to as Webflow). When you visit our website, Webflow records various log files including your IP addresses.

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are required to display the page, to provide certain website functions and to ensure security (necessary cookies).

The purpose of data processing is the provision and secure operation of the website. The legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our interests are to enable a smooth and high-performance connection setup and convenient use of the website as well as to ensure system security and stability. To achieve these interests, we also use content delivery networks from sub-processors, e.g. Amazon Web Services and CloudFront.

Details can be found in Webflow's privacy policy: https://webflow.com/legal/eu-privacy-policy.

The provision of personal data is neither required by law nor by contract and you are not obliged to do so. However, if you do not provide the required data, it will not be possible to connect to the website or individual services, or only to a limited extent.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are

- Browser type and browser version

- Operating system used

- Referrer URL

- Host name of the accessing computer

- Time of the server request

- IP address

This data is not merged with other data sources.

Webflow is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in displaying our website as reliably as possible.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://webflow.com/legal/eu-privacy-policy.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6365.

Use of the contact form

You can use our contact form to send us a personal message. Depending on the nature of your inquiry, we process the data on the basis of a contractual relationship or to initiate such a relationship (Art. 6 para. 1 lit. b) GDPR) or for other inquiries on the basis of our and/or your legitimate interest (Art. 6 para. 1 lit. f) GDPR).

In addition to your name, your e-mail address and, of course, your message, we also collect your zip code so that we can assign you to a regional contact in our sales department. All other information is optional.

To process your request, we use a CRM system from the service provider salesforce.com Germany GmbH, which is integrated in compliance with data protection regulations.

Your data will only be passed on to other third parties if this is necessary to process your request and only if data protection is guaranteed.

We process your data to process your request and use suitable service providers for this purpose. If your inquiry concerns a product of another company in the TTS group of companies or cooperation with such a company, we may forward your inquiry within the group of companies for processing. These companies are obliged to maintain an appropriate level of data protection. Your personal data will not be passed on to third parties outside the group of companies. We reserve the right to use suitable service providers.

Lead generation

We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This recognizes visits from companies - not private individuals - to our website based on IP addresses and shows us publicly available information, such as company names or addresses. Further information can be found at www.leadinfo.com. This processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR. Our interest is to recognize visits from companies in order to identify potential customers. At the same time, visits from private individuals are not recognized.

The enrichment of IP addresses with company information is the sole responsibility of the service provider selected for this purpose under data protection law.

On this page www.leadinfo.com/de/opt-out you have the option of defining an opt-out for your company. If you opt out, your data will no longer be collected by Leadinfo.

If you give us your consent, we use cookies to process further information about your visits to our website (returning visitors, pages visited). The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a) GDPR in conjunction with Section 25 para. 1 TDDDG. You can revoke this consent at any time via the consent management.

Display of videos

This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection is established to Google's servers in order to display the video. The Google server is informed which of our pages you have visited.

Furthermore, YouTube may store various cookies on your device or use comparable technologies to recognize you (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. Furthermore, the data collected is processed in the Google advertising network.

Data transfer to third countries by the service provider cannot be ruled out. This applies in particular if your existing Google account is linked to a region outside the EU. Such a transfer by Google is based on an adequacy decision and/or on standard data protection clauses in accordance with Chapter 5 GDPR.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Contact with Google servers is only established after general consent via the consent management ("cookie banner") or individual consent per video on the basis of your consent on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1TDDDG. Consent can be revoked at any time.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Website statistics and analysis

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the user's end device. It is not assigned to a user ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw your consent at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP anonymization

Google Analytics IP anonymization is activated. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals

We use Google signals. When you visit our website, Google Analytics records your location, search history and YouTube history as well as demographic data (visitor data), among other things. This data can be used for personalized advertising with the help of Google Signal. If you have a Google account, Google Signal visitor data will be linked to your Google account and used for personalized advertising messages, unless you have deactivated the use of Google Signals in your Google account. The data is also used to compile anonymous statistics on the user behavior of our users.

Further information can be found at https://policies.google.com/privacy?hl=de.

Recognition of automated visits and entries (Captcha)

We use Friendly Captcha on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is used to check whether the data entry on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, Friendly Captcha analyzes the behavior of the website visitor based on various characteristics. For the analysis, Friendly Captcha evaluates various information (e.g. anonymized IP address, referrer, visit time, etc.). Further information on this can be found at: https://friendlycaptcha.com/legal/privacy-end-users/.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in protecting our website from abusive automated spying and spam.

Control of functions and tools on the website

We use the Google Tag Manager. The provider is Google Ireland Limited, GordonHouse, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

The use of Google Tag Manager is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Analysis of user behavior

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta(Website: https://www.hotjar.com).

Hotjar is a tool for analyzing your user behavior on this website. Hotjar allows us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain position. Hotjar uses this information to create so-called heat maps, which can be used to determine which areas of the website visitors prefer to look at.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

Hotjar can also be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or the use of device fingerprinting).

Hotjar is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Deactivating Hotjar

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/policies/do-not-track/.

Please note that Hotjar must be deactivated separately for each browser or end device.

For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy.

Advertising network

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting), and we as the website operator can evaluate this data quantitatively, for example by analyzing which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Insights about website visitors

This website uses the Insight tag from LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyze the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to provide visitors to our website with targeted advertising outside the website ads, whereby, according to LinkedIn, no identification of the advertising addressee takes place.

LinkedIn itself also collects log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymized) and the direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymized data is then deleted within 180 days.

The data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator. LinkedIn will store the personal data collected from website visitors on its servers in the USA and use it for its own advertising purposes. Details can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig.

The above-mentioned service is used exclusively with your consent on the basis of Art. 6 para. 1 lit. a GDPR and § 25 TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

The company is certified in accordance with the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5448.

Object to the analysis of user behavior and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in the account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Newsletter

To stay informed about us, you can subscribe to our newsletter. For this purpose, we process your e-mail address so that we can send you the newsletter and your name so that we can address you personally.

In order to recognize which topics are of interest and relevance to our customers, we use tracking technologies that tell us which links in the newsletter are clicked on and how often.

We have our newsletter sent by a service provider with whom the necessary data protection agreements have been concluded. The legal basis is your consent in accordance with Art. 6(1)(a) GDPR in conjunction with Section 7(2)(2) UWG. You can revoke this at any time by clicking on the unsubscribe link in a newsletter you have received. The legality of the data processing operations already carried out remains unaffected by the revocation.

We reserve the right to delete or block e-mail addresses from our newsletter mailing list at our own discretion within the scope of our legitimate interest pursuant to Art. 6(1)(f) GDPR.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a so-called blacklist, if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Cookies and other storage

Recipients of personal data

Within our company or group of companies, only persons and departments involved in the respective process (e.g. specialist departments or group companies) have access to your personal data.

We only pass on your personal data to external recipients outside exoIQ if this is necessary on the basis of legitimate interests of us or third parties for processing the transaction or if another legal permission exists (e.g. a legal obligation pursuant to Art. 6 para. 1 lit. c) GDPR or your consent pursuant to Art. 6 para. 1 lit. a) GDPR). Such external recipients may be, for example, courts or authorities as well as banks, lawyers or contractually obligated service providers.

Transfer to third countries

Personal data is not regularly transferred to third countries. In order to be able to use individual services of the website, data may be transferred to a third country, e.g. service providers with a contractual obligation (e.g. YouTube). You will be informed separately about these services at the relevant points in this document. Such a transfer will only take place if the requirements of Chapter 5 GDPR are met.

If you access our website from a third country, personal data may be processed in third countries when the connection is established.

Duration of storage

In principle, we only process your personal data for as long as is necessary to achieve the purpose. Connection data with the website is generally deleted after a few days, unless there are indications of misuse or similar.

If you send us a message via our contact form, we will store your request until it is completed and, if necessary, for the fulfillment of retention obligations or limitation periods.

Rights of the data subjects

Of course, you retain control over all personal data that you provide to us when visiting the website and using our services. You are entitled to the following rights, which you can exercise free of charge. To exercise your rights vis-à-vis exoIQ, please use the above-mentioned contact details of the controller.

Right to information

You have the right to obtain information about your personal data stored by us at any time.

Right to revoke a given consent

You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If we process your personal data as part of a balancing of interests on the basis of our overriding legitimate interest (Art. 6 (1) (f) GDPR), you have the right to object to this processing at any time with effect for the future on grounds relating to your particular situation.

If you exercise your right to object, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing which override your interests, fundamental rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to data portability

You have the right to request a transfer of your personal data from us to another controller.

Right to rectification, erasure or restriction of processing

You have the right to have your personal data rectified, erased or processing restricted.

Right to complain

You have the right to lodge a complaint with a supervisory authority or our company if you have a reason for complaint. The supervisory authority responsible for us is the

Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 7th floor
20459 Hamburg

Phone: +49 40 428 54 4040 (Hamburg Telephone Service)
Fax: +49 40 428 54 4000
E-mail: mailbox@datenschutz.hamburg.de
Complaint form: https://datenschutz-hamburg.de/service-information/beschwerde-einreichen

Automated decision making

Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

‍

‍