In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations, in particular the European Data Protection Regulation (DSGVO).
This data protection information informs you about the type, scope and purpose of the processing of personal data within our website (hereinafter “website”). The data protection information applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).
Personal data in the sense of the GDPR are all data that can be related to you personally, e.g. name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services used by us.
We use various other terms in our data protection information in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find corresponding definitions for these terms in Art. 4 GDPR.
Who is responsible for data processing and whom can I contact?
The responsible party is:
You can reach our external data protection officer at:
Herting Oberbeck Attorneys at Law Partnership
What sources and data do we use?
We process personal data that we receive from you in the course of using our website and, if applicable, our business relationship.
In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address (anonymized), date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.
Furthermore, we receive your personal data if you contact us via the form mask. Mandatory data for the contact form are: First name, last name, email address and, if applicable, data communicated via the message function. Voluntary data for the contact form are: Telephone number. Mandatory data for the group form are: Type of group, first name, last name, street, house number, zip code, city, email address, number of adults, number of children/youth, phone, start time and language. Voluntary information for the group form are: Group name, desired date, data communicated via the message function, if applicable. Mandatory data for the school group form are: Type of group, name of school, first name, last name, street, house number, postal code, city, email address, number of students, number of accompanying persons, telephone, start time and language. Voluntary information for the school group form are: Desired date and, if applicable, data communicated via the message function. Mandatory data for the reservation form (vouchers before March 2020): First name, last name, email address, desired date, start time and voucher code. Voluntary data for the reservation form (vouchers before March 2020): Phone number and, if applicable, data communicated via the message function. Mandatory data for group requests for TimeRide GO! via the form: First name, last name, email address, number of persons, date, start time and, if applicable, data communicated via the message function. Mandatory data for group requests for TimeRide GO! Cologne via the form: Telephone number.
What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:
Insofar as you have given us consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by e-mail for processing and handling the inquiry, sending newsletters and e-mails), the lawfulness of this processing is based on your consent. Any consent given can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the contact details above or to email@example.com. Legal basis: Consent, Art. 6 para. 1 sentence 1 lit. a) DSGVO.
When contacting us (via contact form or email), your information will be processed to handle the contact request and its processing. Legal basis: Implementation of pre-contractual measures at the request of the person, Art. 6 para. sentence 1 lit. b) DSGVO.
When you visit our website for the first time, you will be asked whether you want to accept only necessary cookies or all cookies – if you select all cookies, this will also enable us to carry out marketing activities based on your interactions with the website, other marketing channels and other third parties such as social networks.
To learn more about cookies, including in particular how to manage and delete cookies, see the Cookies section below. Legal basis: consent, Art. 6 para. 1 sentence 1 lit. a) DSGVO.
When contacting us (via contact form or email) in connection with your application, we process your data in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your applicant data will be screened by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. There, a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process. Legal basis: Establishment of an employment relationship, Section 26 of the German Federal Data Protection Act (BDSG) and after completion of the application process in the event of rejection to protect legitimate interests, Article 6 (1) sentence 1 lit. f) of the German Data Protection Act (DSGVO) (defense against claims), if applicable, if consent has been given, Article 6 (1) sentence 1 lit. a) of the German Data Protection Act (DSGVO).
We process your access data (see data listed above under point 2) to protect legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests: Ensuring IT security, in particular the security of the website; advertising or market and opinion research, insofar as you have not objected to the use of your data; assertion of legal claims and defense in legal disputes. Legal basis: within the framework of the balancing of interests to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f) DSGVO.
Who gets my data?
Within the company, those departments that need your data to fulfill our contractual and legal obligations are given access to it.
Processors used by us (Art. 28 DSGVO) may also receive data for the purposes mentioned above. These are companies in the categories of IT services, printing services, telecommunications, debt collection, advice and consulting, and sales and marketing. Where we use processors to provide our services, we take appropriate legal precautions and corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
We only disclose data to third parties who are not processors within the scope of legal requirements. We only pass on users’ data to third parties if this is necessary, for example, on the basis of Art. 6 (1) sentence 1 lit. b) DSGVO for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) DSGVO in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informational use of the website, we generally do not pass on any data to third parties.
How long will my data be stored?
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.
Insofar as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.
Applicant data is deleted after 6 months in the event of a rejection. In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there range from two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.
Will data be transferred to a third country or to an international organization?
The data provided is processed within the European Union as well as in the USA. Please note that we have agreed to EU standard data protection clauses with recipients of your data for countries without an adequacy decision by the Commission under Article 45 of the GDPR, as is the case with the USA (such as Google, Salesforce, Adobe).
Note: The protection of personal data in the USA does not meet the level of data protection required by the EU. In particular, there is a lack of enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.
What data protection rights do I have?
Every data subject has the right to information according to Art. 15 DSGVO (i.e. you have the right to request information about your personal data stored by us at any time); the right to rectification according to Art. 16 DSGVO (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be corrected); the right to erasure under Art. 17 GDPR and the right to restriction of processing under Art. 18 GDPR (i.e. you may have the right to request the erasure or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require the continued storage); the right to data portability under Art. 20 DSGVO (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance). Furthermore, you may revoke consents, in principle with effect for the future. In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
In addition, we would like to point out your right to object according to Art 21. DSGVO:
Information about your right of objection according to Art. 21 DSGVO
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 (1) sentence 1 (e) of the DSGVO (data processing in the public interest) and Article 6 (1) sentence 1 (f) of the DSGVO (data processing based on a balance of interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and no transmission costs other than those according to the prime rates will be incurred.
If possible, the objection should be addressed to: TimeRide GmbH, Gundelindenstr. 2, 80805 Munich or by e-mail to: firstname.lastname@example.org.
To what extent is there automated decision-making in individual cases, including profiling?
In the context of accessing our website or in the context of contacting us via form or e-mail, we generally do not use fully automated automatic decision-making pursuant to Article 22 DSGVO. If we use these procedures in individual cases, we will inform you about this separately, provided this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
Is there an obligation for me to provide data?
Within the scope of our website, you must provide those personal data that are required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.
When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise, we will not be able to process your request.
With the following information, we inform you about our newsletter as well as the registration, dispatch and evaluation procedure and inform you about your rights of objection. If you subscribe to our newsletter, you agree to receive the newsletter and the described procedures.
Newsletter content: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only on the basis of the consent of the recipients or on the basis of a legal permission. If we specifically describe individual newsletters as part of the registration process, this description is decisive for the consent of a newsletter subscriber. If no separate description is provided, our newsletters will contain information about our products, offers and promotions as well as information about our company.
Double-Opt-In: The registration for our newsletter takes place in the so-called Double-Opt-In procedure. This means that after you have registered for the newsletter, we will send you an e-mail in which we ask you to confirm your registration. This confirmation serves to ensure that only persons who have access to the specified e-mail address register for our newsletter. We log the registrations to the newsletter in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the newsletter service provider are also logged.
According to its own information, the newsletter service provider uses the data in pseudonymous form, i.e. without assignment to a user, to optimize or improve its own services. However, the newsletter service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
To register for the newsletter, it is sufficient to enter your e-mail address.
The newsletters contain a so-called web beacon, i.e. a pixel-sized file that is retrieved from the newsletter service provider’s server when the newsletter is opened. In the course of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and your reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
The dispatch of the newsletter and the measurement of its success are based on the consent of the recipients according to Art. 6 para. 1 sentence 1 lit. a), Art. 7 DSGVO in conjunction with § 7 para. 2 No. 3 UWG or on the basis of the legal permission according to § 7 para. 3 UWG.
The logging of the registration process takes place on the basis of our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) DSGVO and serves as proof of consent to receive the newsletter.
You can unsubscribe from receiving our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled this subscription, their personal data will be deleted.
By default, we only use necessary cookies. Necessary cookies enable the core functionality of our website. The website may not display properly without these cookies, or some areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.
Click here for information about the cookies we use:Change Cookie Settings
The processing of the data is a joint responsibility between Google and us in accordance with Art 26 DSGVO. It is agreed with Google that the primary responsibility pursuant to the GDPR for the processing of personal data lies with Google and that all obligations under the GDPR with regard to the processing of personal data will be fulfilled by Google (in particular the information obligations pursuant to Art. 12 et seq. GDPR, ensuring data subject rights pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Articles 33, 34 GDPR). Google processes the data to evaluate the use of our website by website visitors, to create reports about the activities within our website and to provide other services related to the use of the website. In doing so, pseudonymous usage profiles of website visitors are created from the processed data.
We use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and the transmission to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Further information on data processing by Google, setting and objection options are available on Google’s websites at https://www.google.de.
We have integrated YouTube videos into our online offer, which are stored on http://www.YouTube.com of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland and can be played directly from our website. The legal basis for the use of YouTube is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) and Art. 49 para. 1 p. 1 lit. a DSGVO.
The videos are integrated in such a way that data about you as a user is only transmitted to YouTube when you play the videos. We have no influence on the data transmission to Google that then takes place.
The processing of the data is a joint responsibility between Google and us in accordance with Art 26 DSGVO. It is agreed with Google that the primary responsibility pursuant to the GDPR for the processing of personal data lies with Google and that all obligations under the GDPR with regard to the processing of personal data will be fulfilled by Google (in particular the information obligations pursuant to Art. 12 et seq. GDPR, ensuring data subject rights pursuant to Article 15 et seq. DSGVO, notification of data breaches pursuant to Articles 33, 34 DSGVO).
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website and data on location (GPS data), IP address and devices used, including information on objects near your device, such as WLAN access points, radio masts and Bluetooth-enabled devices, as well as sensor data from your device (see YouTube privacy information of the provider). This is done regardless of whether you are logged in to Google or YouTube. If you are logged in, however, your data will be assigned to your account. If you do not want the assignment with your profile at YouTube, you must log out before activating a video. YouTube stores your data as user profiles and uses them for purposes of providing the services, maintaining and improving the services, measuring performance, developing new services, and providing personalized services, including content and advertisements. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right.
The processing of data within the scope of this service also takes place in the USA. Standard data protection clauses issued by the EU Commission within the meaning of Article 46 (2) c) DSGVO have been concluded with Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Despite the conclusion of standard data protection clauses with Google, there are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA despite potential access by US authorities.
For more information on the purpose and scope of data collection and its processing by YouTube, please see the privacy information. There you will also find further information on your rights and setting options to protect your privacy:
YouTube’s privacy information can be found at https://policies.google.com/privacy and opting out of personalized advertising is possible at https://adssettings.google.com/authenticated.
On this website, we use the service HubSpot. HubSpot is a software company from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, phone: +353 1 5187500.
Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include:
Contact Management (e.g. user segmentation & CRM) and contact forms.
For this purpose, we have concluded a data processing agreement with Hubspot Germany and additionally so-called standard contractual clauses, in which HubSpot Inc. undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. You can learn more about HubSpot’s data agreement and the EU data protection regulations here.
Third-party services that do not set cookies – Google Fonts.
Google Fonts, i.e. external fonts of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, https://www.google.com/fonts. The integration of Google Fonts takes place via a server call at Google (usually in the USA). Google thereby receives the information that our website was called up from the IP address of your device. Since the processing of data within the scope of this service also takes place in the USA, the standard data protection clauses issued by the EU Commission within the meaning of Art. 46 (2) c) DSGVO have been concluded with Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Despite the conclusion of standard data protection clauses with Google, there are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA despite potential access by US authorities. You can find Google’s privacy information at https://policies.google.com/privacy and opt-out is possible at https://adssettings.google.com/authenticated.
Third-party services that do not set cookies – Adobe Fonts
Our social media presences
You will find us with presences within social networks and platforms, so that we can also communicate with you there and inform you about our services. We would like to point out that your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. Usage profiles can be created from the usage behavior and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users’ computers, in which the users’ usage behavior and interests are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them. The processing of the users’ personal data is based on their consent pursuant to Art. 6 (1) sentence 1 lit. a) DSGVO and in joint responsibility between the platform providers and us pursuant to Art. 26 DSGVO. It is agreed with them that the primary responsibility pursuant to the GDPR for the processing of personal data lies with the platform providers and that all obligations under the GDPR with regard to the processing of personal data are fulfilled by the respective platform providers (in particular the information obligations pursuant to Article 12 et seq. DSGVO, ensuring data subject rights pursuant to Article 15 et seq. DSGVO, notification of data breaches pursuant to Articles 33, 34 DSGVO).
For information on the respective processing and the respective objection options, please refer to the privacy information of the providers linked below:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Facebook pages based on an agreement on joint processing of personal data – privacy information: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com).
Google/ YouTube (Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland) – privacy information: https://policies.google.com/privacy, opt-out: https://adssettings.google.com/authenticated).
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – privacy information/opt-out: http://instagram.com/about/legal/privacy/).
LinkedIN (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy information: https://de.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy).
XING (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany – privacy information: https://privacy.xing.com/de/datenschutzerklaerung).
Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland – privacy information: https://twitter.com/de/privacy).
TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland – privacy information: https://www.tiktok.com/legal/privacy-policy-eea?lang=en).
In case of assertion of data subject rights, we recommend that these are asserted with the providers, as the providers have direct access to the data. If you would still like our support, please feel free to contact us using the contact details above.
Status February 2023