Safety first
Our Privacy Policy
- Right of withdrawal and objection
- Data processing during your visit to our website
- Collection and processing of personal data
- Use of cookies
- Use of tracking and analysis services
- Data processing within our online presences
- Your rights
- Help with data protection terms
- Security
- Validity and changes to the privacy policy
With this privacy policy, tolingo GmbH (hereinafter referred to as "we" or "us") wishes to inform you about the processing of your personal data (hereinafter also "data") when visiting our website https://www.tolingo.com and using our services.
Furthermore, you will receive information about your rights. We take the protection of your personal data and privacy very seriously and of course comply with the applicable data protection regulations, particularly the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
If you do not understand terms used in this privacy policy, our explanations under "Help with data protection terms" may help. For any questions about data protection, you can also contact us informally using the contact details provided below.
Responsible for data processing:
tolingo GmbH, Kühnehöfe 3, 22761 Hamburg,
Tel. +49 0 40 413 583 100, service@tolingo.com
Managing Director: Jens Völkel
The data protection officer of Tolingo GmbH can be reached at the following contact details:
Email: datenschutzbeauftragter@tolingo.com
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg
https://www.datenschutzkanzlei.de
Right of Withdrawal and Objection
Withdrawal of your consent to data processing and the right to object to data collection in specific cases as well as to direct marketing (Art. 21 GDPR)
Many data processing operations are only possible with your explicit consent or a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
You can withdraw your consent at any time. A simple informal notification via email to datenschutz@tolingo.com is sufficient. The legality of the data processing carried out before the withdrawal remains unaffected by the withdrawal.
Right to object to data processing in specific cases as well as to direct marketing (Art. 21 GDPR)
If the data processing is based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The specific legal basis for processing can be found in this privacy policy. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing is necessary for the establishment, exercise, or defense of legal claims (objection under Art. 21 para. 1 GDPR).
If your personal data is being processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes, including profiling related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection under Art. 21 para. 2 GDPR).
If you wish to exercise your right to object, an email to datenschutz@tolingo.com is sufficient.
Data processing during your visit to our website
In connection with your visit to the tolingo website, we process personal data from you. In principle, visiting our website is possible without providing your personal data. Our website is designed to collect as little data as necessary. Data is collected for the purposes described below and to the extent described below. We only pass on your data to third parties as described below.
Collection and processing of personal data
When you visit our website, we automatically collect and process data from you in order to provide our website. The following data is collected and processed:
- Date and time of your access
- The address of the website you came from
- The websites you visit on our site
- Information about your internet browser (browser type and version)
- The operating system of the device you use to access our website and services
- Your internet service provider
- IP address of your device
The collected data is processed for the following purposes:
- Ensuring the smooth connection of the website
- Ensuring a comfortable use of our website
- Evaluating system security
- Other administrative purposes
The legal basis for processing your data to provide our website and services is Article 6(1)(f) GDPR.
Our legitimate interest stems from the aforementioned purposes for data processing, to offer you our website and the services provided through it in a technically flawless, secure, and optimized manner for your needs. The server log file data is stored separately from other data.
For contact, we provide a contact form on our website. The data provided there will be used to process your request. We collect and process your personal data only if you voluntarily provide it with your knowledge. These include:
- First and last name
- Phone number
- Email address
- Company name
- Position
- Your message
- Attached file
The legal basis for processing your data for contact purposes is Art. 6 para. 1 lit. a DSGVO based on your voluntarily given consent. The personal data we collect for using the contact form will be automatically deleted after your request has been processed.
We store the personal data you provide only until the application process for the position is completed.
If you have applied speculatively, or we are currently unable to offer you a specific position for other reasons, we will explicitly ask if we may store your data in our talent pool. If you agree to this procedure in writing (informally via email), your data will be stored for 6 months. After 6 months, you will need to give written consent for the data to be stored again. Otherwise, your data will be deleted.
For more information on data protection during the application process, please visit: Data Protection for Applicants
For the processing of quotes and orders, we collect and process the following data that is necessary for the proper execution of a mutual contract. We collect and process your personal data only when you voluntarily provide it with your knowledge. These include:
- First and last name
- Company name
- Tax number
- Billing address: street, postal code, city, country
- Phone number
- Email address
- Communication history
- Previous inquiries and orders
The legal basis for processing your data for the purpose of ordering/commissioning is Article 6(1)(a) GDPR based on your voluntary consent, as well as Article 6(1)(b) GDPR for contract fulfillment. The personal data we collect will be stored until the legal retention period expires and then deleted, unless we are required to store it for a longer period due to tax and commercial law retention and documentation obligations (from HGB, StGB, or AO) according to Article 6(1)(c) GDPR or if you have consented to further storage under Article 6(1)(a) GDPR.
For advertising purposes via email in the form of offers and similar communications, we use the email addresses of our existing customers, i.e., only those who already have a business relationship with us. This processing is based on Article 6 (1) sentence 1 lit. f) GDPR in connection with § 7 (3) UWG. Our legitimate interest lies in the simple and cost-effective advertising outreach to our existing customers. This is done in compliance with the requirements of § 7 (3) UWG.
You have the right to object to the use of your email address for these purposes at any time. To exercise this right, please send your objection via email to datenschutz@tolingo.com.
The client submits files to be translated, which we store and make available to the translator for processing. Unless otherwise agreed, tolingo also uses freelance service providers, which may include service providers outside the EU. After the completion of the assignment, source and target files will be stored within the statutory retention periods.
The legal basis for processing the documents you submit for translation is Article 6 (1) lit. b GDPR.
When paying via SEPA transfer, no data is shared with third parties.
For processing payments via credit card and SEPA direct debit, payment processing is handled by the payment service provider BS PAYONE GmbH, Lyoner Straße 9, 60528 Frankfurt/Main, to whom we transmit the information you provided during the order process along with information about your order in accordance with Article 6 (1) lit. b GDPR. The transmission of your data is carried out solely for the purpose of payment processing with the payment service provider PAYONE and only to the extent necessary for this purpose.
On our website, we also offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"). When paying via PayPal, the payment data you enter is transmitted to PayPal. The transmission of your data to PayPal is based on Article 6 (1) lit. a GDPR and Article 6 (1) lit. b GDPR.
Use of Cookies
We use so-called cookies on our website. Most of the cookies we use are automatically deleted from your hard drive after the browser session ends (hence also session cookies). However, there are also cookies that remain on your hard drive. On your next visit, it is automatically recognized that you have already visited us and which inputs and settings you prefer (so-called long-term cookies). These long-term cookies therefore save you from having to re-enter your password or fill in forms with your data on subsequent orders.
You can disable the use of cookies in your browser settings. However, without the use of cookies, some features of our website may only work in a limited way or not function as expected.
The legal basis for processing your data in the form of cookies is Article 6(1)(f) GDPR.
Usage of tracking and analytics services
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Google Analytics also uses cookies, which are text files stored on your computer and allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
On our website, IP anonymization has been activated, so your IP address is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. In these exceptional cases, this processing takes place in accordance with Art. 6 (1) lit. f DSGVO based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services related to website and internet use to us as website operators. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by adjusting the settings of your browser software. However, please note that in this case, you may not be able to fully use all the features of this website. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Alternatively, you can also prevent data collection by Google Analytics by setting an "Opt-Out-Cookie" by clicking here. If you delete the cookies in your browser, you will need to click this link again.
Google LLC, based in the USA, is certified under the US-EU Privacy Shield Agreement, which ensures compliance with the data protection level applicable in the EU.
For more information on how Google Analytics handles user data, please refer to Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de
To statistically track the use of our website and for the purpose of optimizing our website, we use Google Ads and Google Conversion Tracking. Google Ads is an online advertising program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). A cookie is set on your computer by Google Ads if you have arrived at our website via a Google ad.
These cookies generally expire after 30 days and are not used for personal identification. If the user visits certain pages of the Ads customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of Ads customers. The information collected via the conversion cookie is used to generate conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that would allow for personal identification of the users.
The storage of "conversion cookies" is based on Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in analyzing user behavior to optimize our web offerings and advertising.
If you do not wish to participate in the tracking procedure, you can also reject the setting of a cookie required for this – for example, by setting your browser to generally disable the automatic setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com.” You can find Google's privacy policy on Google Ads and Conversion Tracking at https://policies.google.com/privacy
Our website uses the remarketing function of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
The function serves to display interest-based advertisements to website visitors within the Google advertising network. A so-called "cookie" is stored in the visitor's browser, which allows the visitor to be recognized when visiting websites that belong to the Google advertising network. On these pages, advertisements may be displayed to the visitor that are related to content the visitor has previously viewed on websites that use Google's remarketing feature.
The use of Google Remarketing is based on Art. 6 para. 1 lit. f DSGVO. There is a legitimate interest in analyzing user behavior to optimize both the web offerings and the advertising.
According to Google, no personal data is collected during this process. If you do not wish to use Google's Remarketing function, you can generally disable it by adjusting the settings at www.google.com/settings/ads
Further information on Google Remarketing and the Google Privacy Policy can be viewed at: www.google.com/privacy/ads/
If users have consented to linking their web and app browsing history with their Google account and using information from their Google account to personalize ads they see on the web, Google will use data from these logged-in users in conjunction with Google Analytics data to create and define audience lists for cross-device remarketing. To support this feature, Google Analytics collects Google-authenticated IDs of these users. These personal data from Google are temporarily linked with our Google Analytics data to form audience groups.
This website uses the online marketing tool Campaign Manager by Google. Google Campaign Manager is a program of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Campaign Manager uses cookies to display relevant advertisements to you. A pseudonymous identification number (ID) is assigned to your browser to check which ads have been shown to you and which ads have been clicked on. The cookies do not contain any personal information. The use of cookies allows Google and its partner websites to serve ads based on previous visits to our website or other websites on the internet. The information generated by the cookies is transmitted to a server in the USA for evaluation and stored there. Google adheres to the data protection provisions of the “Privacy Shield” agreement and is registered in the “Privacy Shield” program of the US Department of Commerce.
The use of Google Campaign Manager is based on Art. 6 para. 1 lit. f DSGVO. There is a legitimate interest in analyzing user behavior to optimize both the web offering and the advertising.
You can prevent the storage of cookies by adjusting the settings of your browser software. Additionally, you can prevent the collection of data generated by the cookies and related to your use of websites, as well as the processing of this data by Google, by installing the browser plugin available at the following link: https://adssettings.google.com/.
For more information about Campaign Manager, please visit https://www.google.de/doubleclick and for general information about Google’s privacy practices, visit: https://www.google.de/intl/de/policies/privacy.
The use of the Google service Tag Manager only allows us to integrate the listed services by implementing other cookies/tags. The Google Tag Manager does not collect personal data.
tolingo uses HubSpot, a service of HubSpot Inc., on its websites for analysis purposes.
This involves the use of "tracking pixels" and the setting of "cookies," which are stored on your computer and allow us to analyze your use of the website. The collected information (e.g., IP address, geographical location, type of browser, duration of the visit, and pages viewed) is evaluated by HubSpot on behalf of tolingo to generate reports on visits and pages viewed on tolingo's site.
If data collection by HubSpot is generally not desired, the storage of cookies can be prevented at any time by adjusting the browser settings.
Further information about how HubSpot works can be found in the privacy policy of HubSpot Inc., available at: http://legal.hubspot.com/de/privacy-policy
Our website also uses Microsoft’s Conversion Tracking (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Bing Ads sets a cookie on your device if you accessed our website through a Microsoft Bing ad. Microsoft Bing and we can identify that someone clicked on an ad, was redirected to our website, and reached a previously defined landing page (conversion page). We only receive the total number of users who clicked on a Bing ad and were redirected to the conversion page. No personal information about the user’s identity is shared. If you do not want to participate in the tracking process, you can reject the setting of the required cookie – for example, by adjusting your browser settings to disable cookies altogether. For more information on privacy and cookies used by Microsoft Bing, please refer to Microsoft’s website: https://privacy.microsoft.com/de-de/privacystatement
The use of Microsoft Bing Ads is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in analyzing user behavior to optimize our web offering and advertising.
Microsoft is certified under the Privacy Shield framework and thus guarantees compliance with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt0000000KzNaAAK&status=Active)
We collaborate with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replays to improve and market our products/services. Website usage is tracked using first-party and third-party cookies and other tracking technologies to determine product/service popularity and online activities. Additionally, we use this information for website optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
TABLE OF CONTENTS
Data processing within our online presences
In addition to our website, we are also present on the following online platforms and social networks:
- Facebook: https://www.facebook.com/tolingo/
- Instagram: https://www.instagram.com/tolingo_translations/
- LinkedIn: https://de.linkedin.com/company/tolingo-gmbh
- Twitter: https://twitter.com/tolingo
- Xing: https://www.xing.com/companies/tolingogmbh
On these platforms, we present our company, inform about our offers, and communicate with our customers and prospects.
We generally process personal data only when you interact with our respective online presence pages (Facebook, Twitter, Xing), e.g., when you leave a comment, give a “like” (click the like button), or send us a message. The legal basis for these data processing activities is Art. 6 para. 1 lit. b GDPR for inquiries related to contracts or data processing based on your consent under Art. 6 para. 1 lit. a GDPR when submitting a comment, giving a "like", or similar.
We analyze the views and interactions on our online presences. For this purpose, only anonymous data is made available to us.
Please note that when using and accessing our online presences mentioned above, your personal data is also processed by the respective platform providers.
In addition to the above-mentioned processing, at least Facebook processes your data for analysis and advertising purposes, or to generate personalized advertisements. According to our knowledge, cookies are also used to store your usage behavior across devices. This enables targeted advertising within the platform as well as on third-party websites. Further information can be found for the respective online presence under:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
The privacy policy of Facebook can be found at https://www.facebook.com/about/privacy/. With regard to data processing, you can also assert your rights (see "Your Rights" below) against Facebook. The option to object to certain data processing can be found at: https://www.facebook.com/settings?tab=ads. Please note that Facebook processes user data also in the USA or other third countries. Facebook is Privacy Shield certified: www.privacyshield.gov/participant.
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) The privacy policy of Instagram and Instagram's objection options can be found at: https://instagram.com/about/legal/privacy.
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland)
The privacy policy of LinkedIn and LinkedIn's objection options can be found at: https://www.linkedin.com/legal/privacy-policy.
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)
The privacy policy of Twitter can be found at: twitter.com/de/privacy. The option to object to certain data processing can be found at: twitter.com/personalization. Twitter is Privacy Shield certified: www.privacyshield.gov/participant.
Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
The privacy policy and objection options of Xing can be found at: https://privacy.xing.com/de/datenschutzerklaerung.
Your Rights
Right to access
According to Art. 15 GDPR, you have the right to obtain information from us regarding whether and what data we process about you. This includes information such as how long and for what purpose we process the data, where the data originates from, and to whom or which categories of recipients we disclose it. You can also request a copy of this data from us.
Right to rectification
According to Art. 16 GDPR, you have the right to have inaccurate or incomplete personal data about you corrected immediately. If legally required, we will inform third parties about this rectification if we have shared your data with them.
Right to erasure ("Right to be forgotten")
According to Art. 17 GDPR, you have the right to request the immediate erasure of your personal data from us if one of the reasons listed in Art. 17 GDPR applies.
Right to restriction of processing (blocking)
According to Art. 18 GDPR, you have the right to request the restriction of processing of your personal data from us if one of the conditions in Art. 18 GDPR is met.
Right to withdraw consent
According to Art. 7 para. 3 GDPR, you can withdraw your consent given to us at any time with effect for the future. This withdrawal can be made informally via the above contact addresses.
Right to data portability
According to Art. 20 GDPR, you have the right to receive personal data that concerns you and that you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit this data to others. Details and restrictions can be found in Art. 20 GDPR. Exercising this right does not affect your right to erasure.
Right to complain to the supervisory authority
According to Art. 77 GDPR, you have the right to complain to one of the responsible supervisory authorities or the supervisory authority of your place of residence, place of work, or the location of the alleged data protection violation if you believe that the processing of your personal data violates the provisions of the GDPR.
Right to object
You have the right, under Article 21 GDPR, to object to the processing of your personal data at any time. If the conditions for an effective objection are met, we will no longer process your personal data.
Assertion
To assert your rights, please contact us (informally as well) at the following address:
Email: datenschutz@tolingo.com
Help with data protection terms
We use some terms in this privacy policy that are also used by the legislator, especially in the European General Data Protection Regulation (GDPR). Since it is important to us that this privacy policy is understandable for you, we explain some key terms below:
Processor: This is a natural or legal person, authority, agency, or other body that processes personal data on behalf of a controller.
Data subject: This is any identified or identifiable natural person whose personal data is processed by the data controller.
Browser: This is a program used to view websites on the internet.
Cookies: Cookies are small files stored on your device that save certain settings and data for exchange with your browser, unless you prevent this through technical settings. Cookies allow the visited websites and servers to distinguish your individual browser from other internet browsers. A specific internet browser can therefore be recognized and identified by the unique cookie ID. This makes it easier for you to use our website, as you may only need to enter certain data once. If possible, we use session cookies, which are deleted when you close your browser. We also use persistent cookies that are stored on your computer for a longer time. In addition to the option to configure your browser not to accept cookies, you can delete already set cookies at any time via an internet browser or other programs. Please note, however, that not using cookies may result in some features of our website or services being unavailable.
Third party: This is a natural or legal person, authority, agency, or other body that is authorized to process personal data.
Consent: This is any freely given, informed, and unambiguous indication of the data subject's wishes, given in the form of a statement or other clear affirmative action, by which the data subject signifies agreement to the processing of their personal data.
Recipient: This is a natural or legal person, authority, agency, or other body to which personal data is disclosed, whether or not it is a third party.
IP address: This is an address assigned to your device (e.g., smartphone or computer) on the internet so that your device is reachable and addressable.
Personal data: This is any information relating to an identified or identifiable natural person (also known as the "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Pseudonymization: This is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information. This is especially the case when additional information is stored separately, and technical and organizational measures are taken to ensure that the data cannot be assigned to an identified or identifiable natural person with reasonable effort.
Processing: This is any operation or set of operations performed on personal data, whether or not by automated means, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller or responsible party: This is the natural or legal persons, authorities, agencies, or other bodies that alone or jointly with others determine the purposes and means of the processing of personal data.
Security
Your personal data is transmitted to us in an encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption system for this purpose.
We implement technical and organizational security measures to protect your personal data from misuse, loss, destruction, or access by unauthorized persons. Our security measures are in line with the current state of the art and are continuously improved in accordance with technological developments.
Validity and Changes to the Privacy Policy
This privacy policy is currently valid. Due to the further development of our website or the implementation of new technologies, or changes in legal or regulatory requirements, it may be necessary to amend this privacy policy. We reserve the right to make such changes at any time.