Privacy Policy

I. Name and address of the data controller
The responsible party in terms of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Truffle Bay GmbH
– Data Protection –
Widenmayerstr. 36
80538 Munich
Germany

T  +49 89 452 23 65 10 
kontakt@trufflebay.de
www.trufflebay.de

 

II. Contact details of the data protection officer

You can contact the data protection officer of the data controller at datenschutz@trufflebay.de.

 

III. Provision of information requirements for customers of Truffle Bay GmbH
  1. General
    a) Details of the responsible party: Information on the data controller can be found at
    I. Name and address of the data controller

    b) Details of the data protection officer: Information on the data protection officer can be found at
    II. Contact details of the data protection officer

    c) Purposes and legal basis of the processing of personal data: The purpose of the processing is to fulfill contractual obligations in accordance with Art. 6(1)(b) of the GDPR.

    d) Recipients or categories of recipients of the personal data: Recipients of the data are in particular internal employees and external data processors (e.g. printing companies)

  2. Further information
    The storage period of personal data is based on the legally prescribed storage and documentation obligations (e.g. 6 or 10 years after the end of the business year according to § 257 HGB). We inform you about your rights as a data subject under XVI. Rights of the person concerned.

  3. Change of purpose
    We do not intend to further process personal data for any other purpose. Should further processing of personal information take place for another purpose, we will provide you with all information about this other purpose and any other relevant information – by telephone, by e-mail to the address you provide us with or by post to the address you provide us with.

 

IV. Provision of information requirements for interested parties of Truffle Bay GmbH
  1. General
    a) Details of the responsible party: Information on the data controller can be found at
    I. Name and address of the data controller

    b) Details of the data protection officer: Information on the data protection officer can be found at
    II. Contact details of the data protection officer

    c) Purposes and legal basis of the processing of personal data: The purpose of the provision and processing is the initiation and conclusion of contracts and the execution of pre-contractual measures in accordance with Art. 6(1)(b) of the GDPR in conjunction with § 257 HGB.

    d) Recipients or categories of recipients of the personal data: Recipients of the data are in particular internal employees (e.g. management).

  2. Further information
    The storage period of personal data is based on the legally prescribed storage and documentation obligations (e.g. 6 or 10 years after the end of the business year according to § 257 HGB). If no business relationship has been established, the data will be deleted at the latest 36 months after the end of the calendar year in which the last contact took place. We inform you about your rights as a data subject under point XVI. Rights of the person concerned.

  3. Change of purpose
    We do not intend to further process personal data for any other purpose. Should further processing of personal information take place for another purpose, we will provide you with all information about this other purpose and any other relevant information – by telephone, by e-mail to the address you provide us with or by post to the address you provide us with.

 

V. Provision of information requirements for applicants of Truffle Bay GmbH
  1. General

    a) Details of the responsible party: Information on the data controller can be found at
    I. Name and address of the data controller

    b) Details of the data protection officer: Information on the data protection officer can be found at
    II. Contact details of the data protection officer

    c) Purposes and legal basis of the processing of personal data: The purpose of the provision and processing is the selection of suitable candidates to fill vacancies. The legal basis for data processing is derived from Art. 6(1)(c) of the GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 BDSG-new.

    d) Recipients or categories of recipients of the personal data: Recipient categories of the data are in particular the human resources department and personnel managers (e.g. management).

  2. Further information
    The storage period for personal data is based on the legally prescribed storage and documentation obligations. The data will be deleted at the latest 6 months after the vacancy has been filled. We inform you about your rights as a data subject under point XVI. Rights of the person concerned.
     

  3. Change of purpose
    We do not intend to process personal data for any other purpose. Should further processing of personal information take place for another purpose, we will provide you with all information about this other purpose and any other relevant information – by telephone, by e-mail to the address you have provided us with or by post to the address you have provided us with.

 

VI. Provision of information requirements for suppliers of Truffle Bay GmbH
  1. General

    a) Details of the responsible party: Information on the data controller can be found at
    I. Name and address of the data controller

    b) Details of the data protection officer: Information on the data protection officer can be found at
    II. Contact details of the data protection officer

    c) Purposes and legal basis of the processing of personal data: The purpose of the processing is the fulfilment of contractual obligations in accordance with Art. 6(1)(b) of the GDPR, the execution of pre-contractual measures in accordance with Art. 6(1)(b) of the GDPR, and a legitimate interest of the company concerned in the sense of Art. 6(1)(f) of the GDPR.

    d) Recipients or categories of recipients of the personal data: Recipient category of the data are internal departments.

  2. Further information
    The storage period of personal data is based on the legally prescribed storage and documentation obligations (e.g. 6 or 10 years after the end of the business year according to § 257 HGB). We inform you about your rights as a data subject under point XVI. Rights of the person concerned.

  3. Change of purpose
    We do not intend to process personal data for any other purpose. Should further processing of personal information take place for another purpose, we will provide you with all information about this other purpose and any other relevant information – by telephone, by e-mail to the address you have provided us with or by post to the address you have provided us with.

 

VII. Privacy policy for online meetings of Truffle Bay GmbH
We would like to inform you in the following about the processing of personal data in connection with »online meetings«.

Responsible party:
The party responsible for data processing directly related to the execution of »online meetings« is Truffle Bay GmbH.

Note:
If you access the websites of our tool providers, the respective tool provider is responsible for data processing. However, accessing the website is only necessary for the use of the respective tool in order to download the software for the use of the tool.

You can also use the tools if you enter the respective meeting ID and, if applicable, other access data for the meeting directly in the tool app.

If you cannot or do not want to use the tool apps, the basic functions can also be used via a browser version, which you can also find on the website of the respective tool provider.

Subject of data protection:
The subject of data protection is personal data. According to Art. 4(1) of the GDPR, this is all information relating to an identified or identifiable person. This includes information such as first and last names, e-mail addresses, but also usage data such as the IP address.

Purpose of the processing:
Wir nutzen das jeweilige Tool, um Telefonkonferenzen, Online-Meetings, Videokonferenzen und/oder Webinare durchzuführen (nachfolgend: »online meetings«).

  • »zoom« is a service of Zoom Video Communications, Inc. which is based in the USA. 

  • »Teams« is a service of the Microsoft Corporation, which is based in the USA.

Which data are processed?
Different types of data are processed during use. The scope of the data also depends on the data you provide before or during participation in »online meeting«.

The following personal data are processed:

  • In order to participate in an »online meeting« or to enter the »meeting room« as a guest you must at least provide information about your name.

  • Information on registered users of the apps: first name, last name, e-mail address and password (depending also on the use of »single sign-on«), telephone, profile picture and department can be specified optionally.

  • Meeting metadata: Topic, participant IP addresses, device and hardware information, the description of the meeting and the topic are optional.

  • For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of »online meeting« chat.

  • When dialling in by telephone: information on incoming and outgoing telephone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.

  • Text, audio and video data: You may be able to use the chat, question or survey functions in an »online meeting«. To this extent, the text entries you make are processed in order to display and, if necessary, log them in the »online meeting«. In order to enable the display of video and the playback of audio, the data from the microphone of your device and from any video camera of the device will be processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the tool applications.

Scope of processing:
We use the above tools to conduct »online meetings«. If we want to record »online meetings«, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will be displayed in the respective tool app.

If it is necessary for the purposes of documenting the results of an online meeting, we will log the chat content. However, this will usually not be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and follow-up webinars.

Automated decision-making within the meaning of Art. 22 GDPR is not used.

Legal basis of the data processing:
Insofar as personal data of employees of Truffle Bay GmbH is processed, the legal basis for data processing are § 26(1) sentence 1 BDSG and Art. 6(1)(f) of the GDPR. If, in connection with the use of the respective tool, personal data are not required for the execution, establishment or termination of the employment relationship, but are nevertheless an elementary component in the use of the tool, Art. 6(1)(f) of the GDPR is the legal basis for data processing. In these cases, we are interested in the efficient conduct of »online meetings«.

Furthermore, the legal basis for data processing when conducting »online meetings« is Art. 6(1)(b) of the GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6(1)(f) of the GDPR. Here too, we are interested in the efficient conduct of »online meetings«.

Recipient / transfer of data:
Personal data processed in connection with participation in »online meetings« are generally not passed on to third parties, unless they are specifically intended to be passed on.

Further recipients: The provider of the respective tool necessarily receives knowledge of the above-mentioned data, as far as this is provided for in the context of our data processing agreement with the respective tool provider.

Data processing outside the European Union:
The tool providers are services provided by a provider from the USA. A processing of personal data therefore also takes place in a third country. We have concluded a data processing agreement with the providers that meets the requirements of Art. 28 of the GDPR.

An adequate level of data protection is guaranteed by the »EU-U.S. Privacy Shield« certification of the providers on the one hand, but also by the conclusion of the so-called EU standard contract clauses.

 

VIII. General information on data processing
  1. Scope of the processing of personal data
    As a matter of principle, we process personal data of our users only to the extent necessary for providing a functional website and our contents and services. The processing of personal data of our users regularly only takes place with the user's consent. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

  2. Legal basis of the processing of personal data
    Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) of the GDPR serves as the legal basis. This also applies to processing operations which are necessary for the execution of pre-contractual measures. Insofar as processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis. In cases where vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) of the GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6(1)(f) of the GDPR serves as the legal basis for the processing.

  3. Data deletion and storage duration
    The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the party responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

 

IX. Provision of the website and creation of log files

  1. Description and scope of data processing
    Whenever our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
    (1) Information about the browser type and the version used
    (2) The user's operating system
    (3) The Internet service provider of the user
    (4) The IP address of the user
    (5) Date and time of access
    (6) Websites from which the user's system accesses our website
    (7) Websites that are visited by the user's system via our website

    The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.

  2. Legal basis of the data processing
    The legal basis for the temporary storage of data and log files is Art. 6 (1)(f) GDPR.

  3. Purpose of the data processing
    The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, the data serves to optimize the website and to ensure the security of the information technology systems. An evaluation of the data for targeted marketing purposes does not take place in this context. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6(1)(f) GDPR.

  4. Duration of storage
    The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected.

  5. Possibility of objection and removal
    The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. There is therefore no possibility of objection on the a of the user.

 

X. Use of cookies

  1. Description and scope of data processing
    This website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is visited again. We use cookies to make our website more user-friendly. Some elements of our website require the accessing browser to be able to be identified even after a page change. We also use cookies on our website which enable an analysis of the surfing behavior of the users. In this way, the following data, among others, can be transmitted:
    (1) Entered search terms
    (2) Frequency and duration of page views
    (3) Use of website functions

    When accessing our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this data protection declaration.
     
  2. Purpose of the data processing
    The analysis cookies are used for the purpose of improving the quality of our website and its contents. The analysis cookies enable us to find out how the website is used and thus to constantly optimize our offer. These purposes also include our legitimate interest in the processing of personal data in accordance with Art. 6(1)(f) GDPR. 

  3. Duration of storage, possibility of objection and removal
    Cookies are stored on the user's computer and transmitted by the user to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

 

XI. Web fonts from Adobe Typekit

This site uses so-called web fonts, which are provided by Adobe Typekit, for the uniform representation of fonts. When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

For this purpose, the browser you use must connect to the Adobe Typekit servers. This allows Adobe Typekit to know that our website has been accessed via your IP address. The use of Adobe Typekit Web Fonts is in the interest of a consistent and attractive presentation of our online presence. This represents a legitimate interest in the sense of Art. 6(1)(f) of the GDPR.

If your browser does not support web fonts, a standard font from your computer will be used. Further information on Adobe Typekit Web Fonts can be found at https://typekit.com/ and in the Adobe Typekit privacy policy: https://www.adobe.com/de/privacy/policies/typekit.html

 

XII. E-mail contact
  1. Description and scope of data processing
    On our website it is possible to contact us via the provided e-mail addresses. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

  2. Legal basis of the data processing
    The legal basis for processing the data is Art. 6(1)(a) of the GDPR if the user has given his consent. The legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 (1)(f) of the GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) of the GDPR.

  3. Purpose of the data processing
    The processing of the personal data from the input mask serves us only for the processing of the establishment of contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

  4. Duration of storage
    The data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. 

  5. Possibility of objection and removal
    The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued. The revocation will be sent to the e-mail address provided for contacting us. All personal data stored in the course of contacting us will be deleted in this case. 

 

XIII. Use of Google services like Google Analytics and Google Maps
Description and scope of data processing:
  1. Google Analytics

    This website uses the analysis technology of Google Analytics. Google Analytics is a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, which we use to optimize the user experience.

    Google Analytics is a cloud-based software that enables us to analyze how you use our website. For this purpose we have integrated a so-called »tracking code« from Google Analytics, i.e. a script into the source code of our website. As soon as you visit our website, this code passes on information about your behavior on our website to the Google Analytics software. With the help of this software we evaluate how you use our website and which contents are interesting for you.

    The information generated by the code about your use of this website is usually transferred to a Google server in the USA and stored there.

    This website activates IP-anonymization. This means that your IP address will be shortened before. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

    On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google. You can prevent the collection of data generated by tracking and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the available browser plug-in under the following link: Disable tracking by Google Analytics. An opt-out cookie will be installed on your device and Google Analytics will prevent the collection of data for this website and for this browser as long as the cookie remains installed in your browser.


  2. Google Maps

    This website also uses Google Maps to display maps and to provide directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The link to Google Maps is embedded so that your personal information is not sent to Google until you click on the map. We have no control over what information is sent to Google Maps (Google Ireland Ltd., with its principal place of business at Gordon House, Barrow Street, Dublin 4, Ireland) after you click on it. In accordance with Google's privacy policy, we assume that a transfer of personal data, including the processing thereof, will also be made to servers of Google LLC in the USA (1600 Amphitheatre Parkway, Mountain View, California 94043).

    By using the Google Maps offer on this website, you agree to the collection, processing and use of the automatically collected data as well as the data entered by you by Google, one of its representatives or third parties. Find the terms of use for Google Maps here.

    Links from this website lead to websites of other providers to which this data protection declaration does not extend. If links are defective or the target pages are changed in an unacceptable way, we would be pleased to receive a note.

    To set an opt-out cookie that prevents the collection of your information on future visits to this website, please click here: Disable Google Analytics.

XIV. Social media plug-ins

We use social plug-ins from the social networks LinkedIn and Twitter on our website on the basis of Art. 6(1)(f) of the GDPR to make our company better known. The advertising purpose behind this is to be regarded as a legitimate interest within the meaning of the GDPR. The responsibility for operation in conformity with data protection regulations is to be guaranteed by their respective providers. The integration of these plug-ins by us takes place by means of the so-called two-click method in order to protect visitors to our website in the best possible way.

  1. LinkedIn

    Our website also uses the »share function« of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When you click on the LinkedIn »Share-Button« (plug-in), you will – if you are logged in to LinkedIn in your user account – be redirected to your user account in a separate browser window and can share the electronic publication provided on our website by adding a comment. The plug-in establishes a direct connection between your browser and the LinkedIn server. LinkedIn is thus informed that you have visited our website using your IP address. LinkedIn will also be able to track your visit to our website to you and your account. We would like to point out that we have no knowledge of the content of the (personal) data transmitted or how LinkedIn uses it. You can find more information about this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy.

  2. XINGOur website also uses the »share function« of the XING network. The provider is New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany. If you click on the XING »Share button« (plug-in), you will – provided you are logged in to XING with your user account – be redirected to your user account in a separate browser window and can share the electronic publication stored on our website by adding a comment. The plug-in establishes a direct connection between your browser and the XING server. XING thereby receives the information that you have visited our website with your IP address. In addition, it is then possible for XING to assign your visit to our website to you and your user account. We would like to point out that we have no knowledge of the content of the transmitted (personal) data or its use by LinkedIn. You can find more information about this in the XING privacy policy at: https://privacy.xing.com/en.

  3. Twitter
    On our website you will find plug-ins of the short news network of Twitter Inc. (Twitter) are integrated. You can recognize the Twitter plug-ins (»tweet button«) by the Twitter logo on our site. You can find an overview of tweet buttons here: https://about.twitter.com/resources/buttons.

     

    When you access a page on our website that contains such a plug-in, a direct connection is established between your browser and the Twitter server. Twitter thereby receives the information that you have visited our site with your IP address. If you click on the Twitter »tweet button« while you are logged in to your Twitter account, you can link the contents of our pages on your Twitter profile. This allows Twitter to associate your visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Twitter.

    If you do not want Twitter to be able to link your visit to our pages, please log out of your Twitter user account. You can find further information about this in the Twitter privacy policy at: https://twitter.com/privacy.


  4. Vimeo

    This website uses videos. Since local hosting of videos is not powerful enough, the possibility of external video providers is used here.

    The integration of the videos leads – for technical reasons – to accessing the servers of providers such as Vimeo. For the use of your browser or device data in connection with this, we refer to the respective data protection declarations of the providers. They are responsible for the corresponding data processing. You can find Vimeo's data protection declaration here: https://vimeo.com/privacy.

    Vimeo guarantees an adequate level of data protection by adhering to the EU-U.S. Privacy Shield guidelines.

XV. Shared responsibility with LinkedIn
  1. Description and scope of processing:
    With regard to the operation of our LinkedIn presence, we are joint controllers with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, pursuant to Art. 4(7) GDPR. When visiting our LinkedIn page, personal data is processed by the responsible parties. We operate our company page on LinkedIn in order to present ourselves to the outside world, in particular to provide users with information about our company, our products, services and vacancies, combined with the possibility for users to interact with us in a targeted manner.

    In connection with the operation of our LinkedIn page, we use the page insight function to obtain statistical data on users and the use of our company page. In order to be able to carry out the statistical evaluations, LinkedIn stores a cookie on the user's end device. The cookie contains a unique user ID. The information stored in the cookie is processed by LinkedIn, especially when the user visits LinkedIn services and services provided by other companies that use LinkedIn services. The visitor statistics created are transmitted to us by LinkedIn exclusively in aggregated form. We do not have access to the data collected by LinkedIn. LinkedIn does not transmit any data to us that allows conclusions to be drawn about individual persons. For more information on the use of cookies by LinkedIn, please refer to their cookie policy.

    The essence of the shared responsibility agreement is that users can assert their data subject rights directly against LinkedIn, and that no personal data of LinkedIn members is transmitted to us. We only receive aggregated statistical data from LinkedIn. However, if our assistance in asserting data subject rights is required, please feel free to contact us at any time. For more information on data protection, please refer to LinkedIn's privacy policy.

    There is a possibility that your data may also be processed outside the European Union by LinkedIn Corporation in the USA. The LinkedIn Corporation is certified under the U.S.-EU Privacy Shield and thus undertakes to comply with European data protection requirements. We do not pass on any personal data ourselves.

  2. Purposes of processing:
    The purpose of processing personal data in connection with our LinkedIn presence is, on the one hand, to compile statistics on visitor flows. This allows us to better understand how users interact with our site and the products and services presented. It allows us to better design our company page and adapt our products and services to the needs of users. On the other hand, we process users' personal data in order to be able to communicate with you directly via media of your choice.

  3. Legal basis of data processing:
    We operate this LinkedIn page in order to present ourselves to LinkedIn users who visit our company page and to communicate with them directly. The processing of your personal data is based on our legitimate interests in an optimized company and product presentation as well as in direct communication with LinkedIn users (Art. 6(1)(f) GDPR).

    If we publish images of individuals, this is done via consent (legal basis: Art. 6(1)(a) GDPR), on the basis of a contractual agreement (legal basis: Art. 6(1)(b) GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6(1)(f) GDPR) in conjunction with § 23( 1)(3) Art Copyright Act.

  4. Possibilities of objection and elimination:
    In accordance with Art. 21 GDPR, you have the right to object to processing on grounds relating to your particular situation at any time. You can exercise your right to object via the LinkedIn settings or the form to object to LinkedIn data processing. As a LinkedIn user, you can influence settings for advertising preferences, and thus also specify the extent to which your user behavior may be recorded when visiting our LinkedIn page. You can find more information about the right to object here.



  5. Storage period:
    Since no personal data is transmitted to us as the operator of a LinkedIn page, the criteria specified by LinkedIn apply to the storage period.



XVI. Rights of the person concerned

If your personal data is processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the data controller:

  1. Right to information:
    In accordance with Art. 15 of the GDPR, you can request information about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that your right to information may be restricted under ceartain circumstances in accordance with statutory provisions (in particular § 34 BDSG and Art. 10 BayDSG).

  2. Right of correction:
    If the information concerning you is not (or is no longer) correct, you can request a correction in accordance with Art. 16 of the GDPR. If your data is incomplete, you can request completion.

  3. Right to deletion:
    You can request the deletion of your personal data under the conditions of Art. 17 of the GDPR. Your right to deletion depends, among other things, on whether the data relating to you is still needed by us to fulfill our legal obligations.

  4. Right to restrict processing:
    You have the right to request a restriction of the processing of data concerning you within the framework of the provisions of Art. 18 of the GDPR.



  5. Right to objection:
    According to Art. 21 of the GDPR, you have the right to object to the processing of data concerning you at any time for reasons arising from your particular situation. However, we are not always able to comply with this, for example if legal provisions oblige us to process data in the course of our official duties.



  6. Right to complaint to a supervisory authority:
    Notwithstanding any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the GDPR.

    The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy.

    The competent supervisory authority is the Bavarian State Office for Data Protection Supervision.



Truffle Bay is an owner-managed, integrated strategic brand consulting and design agency based in Munich. With clarity and creativity we help ambitious companies and entrepreneurs to discover, define, design and bring to life their unique identity – to create strong brands as the compass and catalyst of entrepreneurial change processes as well as attractive and differentiating brand experiences to win and retain customers and employees.

Truffle Bay is a member of bvik – Bundesverband Industrie Kommunikation e.V.


© 2020 Truffle Bay, All Rights Reserved.
Imprint   |   Privacy Policy

TRUFFLE BAY Brand Strategy & Design
Widenmayerstraße 36
80538 Munich

T +49 89 452 23 65 10
F +49 89 452 23 65 49
kontakt@trufflebay.de

Twitter Icon
LinkedIn Icon
Vimeo – Icon