You can contact the data protection officer of the data controller at datenschutz@trufflebay.de.
a) Details of the responsible party: Information on the data controller can be found at
I. Name and address of the data controller
b) Details of the data protection officer: Information on the data protection officer can be found at
II. Contact details of the data protection officer
Further information
The storage period for personal data is based on the legally prescribed storage and documentation obligations. The data will be deleted at the latest 6 months after the vacancy has been filled. We inform you about your rights as a data subject under point XVI. Rights of the person concerned.
Change of purpose
We do not intend to process personal data for any other purpose. Should further processing of personal information take place for another purpose, we will provide you with all information about this other purpose and any other relevant information – by telephone, by e-mail to the address you have provided us with or by post to the address you have provided us with.
General
a) Details of the responsible party: Information on the data controller can be found at
I. Name and address of the data controller
b) Details of the data protection officer: Information on the data protection officer can be found at
II. Contact details of the data protection officer
c) Purposes and legal basis of the processing of personal data: The purpose of the processing is the fulfilment of contractual obligations in accordance with Art. 6(1)(b) of the GDPR, the execution of pre-contractual measures in accordance with Art. 6(1)(b) of the GDPR, and a legitimate interest of the company concerned in the sense of Art. 6(1)(f) of the GDPR.
d) Recipients or categories of recipients of the personal data: Recipient category of the data are internal departments.
Further information
The storage period of personal data is based on the legally prescribed storage and documentation obligations (e.g. 6 or 10 years after the end of the business year according to § 257 HGB). We inform you about your rights as a data subject under point XVI. Rights of the person concerned.
Change of purpose
We do not intend to process personal data for any other purpose. Should further processing of personal information take place for another purpose, we will provide you with all information about this other purpose and any other relevant information – by telephone, by e-mail to the address you have provided us with or by post to the address you have provided us with.
Responsible party:
The party responsible for data processing directly related to the execution of »online meetings« is Truffle Bay GmbH.
Note:
If you access the websites of our tool providers, the respective tool provider is responsible for data processing. However, accessing the website is only necessary for the use of the respective tool in order to download the software for the use of the tool.
You can also use the tools if you enter the respective meeting ID and, if applicable, other access data for the meeting directly in the tool app.
If you cannot or do not want to use the tool apps, the basic functions can also be used via a browser version, which you can also find on the website of the respective tool provider.
Subject of data protection:
The subject of data protection is personal data. According to Art. 4(1) of the GDPR, this is all information relating to an identified or identifiable person. This includes information such as first and last names, e-mail addresses, but also usage data such as the IP address.
Purpose of the processing:
Wir nutzen das jeweilige Tool, um Telefonkonferenzen, Online-Meetings, Videokonferenzen und/oder Webinare durchzuführen (nachfolgend: »online meetings«).
»zoom« is a service of Zoom Video Communications, Inc. which is based in the USA.
»Teams« is a service of the Microsoft Corporation, which is based in the USA.
Which data are processed?
Different types of data are processed during use. The scope of the data also depends on the data you provide before or during participation in »online meeting«.
The following personal data are processed:
In order to participate in an »online meeting« or to enter the »meeting room« as a guest you must at least provide information about your name.
Information on registered users of the apps: first name, last name, e-mail address and password (depending also on the use of »single sign-on«), telephone, profile picture and department can be specified optionally.
Meeting metadata: Topic, participant IP addresses, device and hardware information, the description of the meeting and the topic are optional.
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of »online meeting« chat.
When dialling in by telephone: information on incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an »online meeting«. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the »online meeting«. In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of the device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the tool applications.
Scope of processing:
We use the above tools to conduct »online meetings«. If we want to record »online meetings«, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will be displayed in the respective tool app.
If it is necessary for the purposes of documenting the results of an online meeting, we will log the chat content. However, this will usually not be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up webinars.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
Legal basis of the data processing:
Insofar as personal data of employees of Truffle Bay GmbH is processed, the legal basis for data processing are § 26(1) sentence 1 BDSG and Art. 6(1)(f) of the GDPR. If, in connection with the use of the respective tool, personal data are not required for the execution, establishment or termination of the employment relationship, but are nevertheless an elementary component in the use of the tool, Art. 6(1)(f) of the GDPR is the legal basis for data processing. In these cases, we are interested in the efficient conduct of »online meetings«.
Furthermore, the legal basis for data processing when conducting »online meetings« is Art. 6(1)(b) of the GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is Art. 6(1)(f) of the GDPR. Here too, we are interested in the efficient conduct of »online meetings«.
Recipient / transfer of data:
Personal data processed in connection with participation in »online meetings« are generally not passed on to third parties, unless they are specifically intended to be passed on.
Further recipients: The provider of the respective tool necessarily receives knowledge of the above-mentioned data, as far as this is provided for in the context of our data processing agreement with the respective tool provider.
Data processing outside the European Union:
The tool providers are services provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded a data processing agreement with the providers that meets the requirements of Art. 28 of the GDPR.
An adequate level of data protection is guaranteed by the »EU-U.S. Privacy Shield« certification of the providers on the one hand, but also by the conclusion of the so-called EU standard contract clauses.
IX. Provision of the website and creation of log files
X. Use of cookies
To manage the cookies and similar technologies used (tracking pixels, web beacons, etc.) and related consents, we use the consent tool "Real Cookie Banner". Details on how "Real Cookie Banner" works can be found at https://devowl.io/rcb/data-processing.
XI. Web fonts from Adobe Typekit
This site uses so-called web fonts, which are provided by Adobe Typekit, for the uniform representation of fonts. When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.
For this purpose, the browser you use must connect to the Adobe Typekit servers. This allows Adobe Typekit to know that our website has been accessed via your IP address. The use of Adobe Typekit Web Fonts is in the interest of a consistent and attractive presentation of our online presence. This represents a legitimate interest in the sense of Art. 6(1)(f) of the GDPR.
If your browser does not support web fonts, a standard font from your computer will be used. Further information on Adobe Typekit Web Fonts can be found at https://typekit.com/ and in the Adobe Typekit privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html
This website uses the analysis technology of Google Analytics. Google Analytics is a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which we use to optimize the user experience.
Google Analytics is a cloud-based software that enables us to analyze how you use our website. For this purpose we have integrated a so-called »tracking code« from Google Analytics, i.e. a script into the source code of our website. As soon as you visit our website, this code passes on information about your behavior on our website to the Google Analytics software. With the help of this software we evaluate how you use our website and which contents are interesting for you.
The information generated by the code about your use of this website is usually transferred to a Google server in the USA and stored there.
This website activates IP-anonymization. This means that your IP address will be shortened before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google. You can prevent the collection of data generated by tracking and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the available browser plug-in under the following link: Disable tracking by Google Analytics. An opt-out cookie will be installed on your device and Google Analytics will prevent the collection of data for this website and for this browser as long as the cookie remains installed in your browser.
This website also uses Google Maps to display maps and to provide directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The link to Google Maps is embedded so that your personal information is not sent to Google until you click on the map. We have no control over what information is sent to Google Maps (Google Ireland Ltd., with its principal place of business at Gordon House, Barrow Street, Dublin 4, Ireland) after you click on it. In accordance with Google's privacy policy, we assume that a transfer of personal data, including the processing thereof, will also be made to servers of Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, California 94043).
By using the Google Maps offer on this website, you agree to the collection, processing and use of the automatically collected data as well as the data entered by you by Google, one of its representatives or third parties. Find the terms of use for Google Maps here.
Links from this website lead to websites of other providers to which this data protection declaration does not extend. If links are defective or the target pages are changed in an unacceptable way, we would be pleased to receive a note.
To set an opt-out cookie that prevents the collection of your information on future visits to this website, please click here: Disable Google Analytics.
We use social plug-ins from the social networks LinkedIn and Twitter on our website on the basis of Art. 6(1)(f) of the GDPR to make our company better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation in conformity with data protection regulations is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.
Our website also uses the »share function« of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you click on the LinkedIn »Share-Button« (plug-in), you will – if you are logged in to LinkedIn in your user account – be redirected to your user account in a separate browser window and can share the electronic publication provided on our website by adding a comment. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn is thus informed that you have visited our website using your IP address. LinkedIn will also be able to track your visit to our website to you and your account. We would like to point out that we have no knowledge of the content of the (personal) data transmitted or how LinkedIn uses it. You can find more information about this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.
When you access a page on our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click on the Twitter »tweet button« while you are logged in to your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.
If you do not want Twitter to be able to link your visit to our pages, please log out of your Twitter user account. You can find further information about this in the Twitter privacy policy at: https://twitter.com/privacy.
This website uses videos. Since local hosting of videos is not powerful enough, the possibility of external video providers is used here.
The integration of the videos leads – for technical reasons – to accessing the servers of providers such as Vimeo. For the use of your browser or device data in connection with this, we refer to the respective data protection declarations of the providers. They are responsible for the corresponding data processing. You can find Vimeo's data protection declaration here: https://vimeo.com/privacy.
Vimeo guarantees an adequate level of data protection by adhering to the EU-U.S. Privacy Shield guidelines.
Description and scope of processing:
With regard to the operation of our LinkedIn presence, we are joint controllers with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, pursuant to Art. 4(7) GDPR. When visiting our LinkedIn page, personal data is processed by the responsible parties. We operate our company page on LinkedIn in order to present ourselves to the outside world, in particular to provide users with information about our company, our products, services and vacancies, combined with the possibility for users to interact with us in a targeted manner.
In connection with the operation of our LinkedIn page, we use the page insight function to obtain statistical data on users and the use of our company page. In order to be able to carry out the statistical evaluations, LinkedIn stores a cookie on the user's end device. The cookie contains a unique user ID. The information stored in the cookie is processed by LinkedIn, especially when the user visits LinkedIn services and services provided by other companies that use LinkedIn services. The visitor statistics created are transmitted to us by LinkedIn exclusively in aggregated form. We do not have access to the data collected by LinkedIn. LinkedIn does not transmit any data to us that allows conclusions to be drawn about individual persons. For more information on the use of cookies by LinkedIn, please refer to their cookie policy.
The essence of the shared responsibility agreement is that users can assert their data subject rights directly against LinkedIn, and that no personal data of LinkedIn members is transmitted to us. We only receive aggregated statistical data from LinkedIn. However, if our assistance in asserting data subject rights is required, please feel free to contact us at any time. For more information on data protection, please refer to LinkedIn's privacy policy.
There is a possibility that your data may also be processed outside the European Union by LinkedIn Corporation in the USA. The LinkedIn Corporation is certified under the U.S.-EU Privacy Shield and thus undertakes to comply with European data protection requirements. We do not pass on any personal data ourselves.
If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:
Right to complaint to a supervisory authority:
Notwithstanding any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy.
The competent supervisory authority is the Bavarian State Office for Data Protection Supervision.
Truffle Bay is an owner-managed, integrated strategic brand consulting and design agency based in Munich. With clarity and creativity we help ambitious companies and entrepreneurs to discover, define, design and bring to life their unique identity – to create strong brands as the compass and catalyst of entrepreneurial change processes as well as attractive and differentiating brand experiences to win and retain customers and employees.
Truffle Bay is a member of bvik – Bundesverband Industrie Kommunikation e.V. Test
© 2024 Truffle Bay, All Rights Reserved.
Imprint | Privacy Policy
TRUFFLE BAY Brand Strategy & Design
Widenmayerstraße 36
80538 Munich
T +49 89 452 23 65 10
F +49 89 452 23 65 49
kontakt@trufflebay.de
Privacy