Privacy Policy

Thank you for visiting our website. This privacy policy also applies to our other services and online presences. Below, we inform you in detail about the type, scope and purpose of the personal data we collect, use and process and inform you about your rights as a data subject.

We reserve the right to change the privacy policy at any time with effect for the future. When you visit our website again, the updated and published privacy policy will apply. The current version of the privacy policy can be accessed, saved and printed out on our website at any time.

With regard to the terms used (e.g. personal data, person responsible), we refer to the definitions of the General Data Protection Regulation (GDPR).

I. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection provisions is:

Tideways Gesellschaft mit beschränkter Haftung (GmbH)
Königswinterer Straße 116
53227 Bonn
E-Mail: [email protected]
Phone: +49 228-38758328

II. General information on data processing

Scope of processing

As a matter of principle, we collect and use personal data only insofar as this is necessary for the provision of a functional website and our content and services, you have given your consent, or the processing of the data is permitted by a statutory regulation.

Legal basis for the processing of personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) sentence 1 lit. a GDPR serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which you are a party, Article 6 (1) sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, Art. 6 (1) sentence 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and your interests, basic rights and fundamental freedoms do not outweigh the first-mentioned interest, Art. 6 (1) sentence 1 lit. f GDPR serves as the legal basis for the processing.

Legitimate interests in the processing

If the processing of your personal data is based on Art. 6 (1) sentence 1 lit. f GDPR, our legitimate interest, unless otherwise stated, is the performance of our business activities. In addition, we have indicated our purposes and interests in the context of the above list of processing in each case.

Data deletion and storage period

Your personal data will be erased or made unavailable as soon as the purpose of the storage no longer applies, or you withdraw your consent. In addition, storage may take place if this has been provided for by the European or national legislator in union regulations, laws, or other provisions to which the controller is subject. If the purpose of storage ceases to apply, if you withdraw your consent or if a storage period prescribed by the European Directive and Regulation Maker or another competent legislator expires, the personal data will be routinely made unavailable or deleted in accordance with the statutory provisions, unless there is a necessity for further storage of the data for the conclusion or performance of a contract.

Recipients of the collected data / data transmission

The recipients of the data collected via our website are primarily us as the responsible company. In addition, processors (web hoster, IT service provider, etc.) may have access to the data collected via our website. In this respect, however, compliance with the legal regulations is guaranteed by a data processing agreement that we conclude with our processors based in the EU. Data is only transferred to so-called third countries outside the EU if and insofar as this has been pointed out below.

Data transfer and processing to third countries

We only transfer data to a third country, i.e. a country outside the European Union (EU) and the European Economic Area (EEA), or have data processed via the use of third-party services in a third country, if this is a third country with a recognized level of data protection, we have concluded a so-called standard contractual clause or there are certifications or binding corporate rules.

Necessity of the disclosure of personal data

You can visit our website without personal data being collected. However, if you wish to make use of our services, the provision of personal data is mandatory contract execution.

Existence of automated decision making

We do not carry out automatic decision-making or profiling within the meaning of Art. 22 GDPR.

Data security

We secure our website and other systems through comprehensive technical and organizational measures against loss, destruction, access, modification, or distribution of your data by unauthorized persons. These measures are subject to constant review and improvement in order to ensure state-of-the-art technology.

III. Data processing when using our website and making use of our services Access data in server log files

Our hosting provider automatically stores access data in so-called server log files every time our website is accessed.

This includes the date and time of the request, the amount of data transferred and, if applicable, the name of the requested file, the browser used and its version, the operating system used, the IP address, the requested URL including sub-pages, the referrer URL (URL that you visited immediately before) and the requesting provider.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to your end device. For this purpose, your IP address must remain stored for the duration of the session.

The legal basis for the temporary storage of your data and the log files is Art. 6 (1) sentence 1 lit. f GDPR.

This data is evaluated exclusively to ensure the permanent and trouble-free operation of the website and to ensure the security of our information technology systems. For this purpose, the above-mentioned data is stored for a maximum of 30 days.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of our website. There is therefore no possibility to object.

Use of cookies

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called “cookies” on our website. These are small text files that are stored on your end device via a browser.

Many cookies contain a so-called cookie ID. It consists of a string of characters by which websites and servers can be assigned to a specific browser in which the respective cookie was stored.

We set the following cookies:

Name of the cookieFunction of the cookieData collectedStorage periodTechnically necessary cookie
TWSESS*Web server sessionSession IDUntil the browser is closedYes
REMEMBERMEAutomatic login in the browser for a longer period of timeCryptographic hash30-90 daysYes
__stripe_midFraud prevention through Stripe Payment ProviderID1 yearYes

Technically necessary cookies are required to operate our website.

The purpose of using technically necessary cookies is to enable you to use our website (e.g. your log-in data is stored). Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that your browser is recognized even after a page change. If technically necessary cookies are deactivated, the functionality of our website may be limited.

The legal basis for the processing of personal data using necessary cookies is Art. 6 (1) sentence 1 lit. f GDPR.

Cookies are stored on your terminal device and transmitted to our website. You therefore have control over the use of cookies. You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general or set it so that the setting of cookies is prevented and thus permanently object to the setting of cookies. In addition, you can delete cookies that have already been set at any time via your browser. A comprehensive objection to online marketing cookies can also be declared via http://www.youronlinechoices.com/, among other places. This also applies to all third-party cookies listed below.

Data collection and use upon conclusion of the contract, use of our services and use of the “Tideways” software

When you enter into a contract with us to use our services, you must provide certain mandatory information in order to access and manage your account (“mandatory Information”). Mandatory information is required for the conclusion of the contract. Which data is collected can be seen in the respective contract. You must also create a password for your account.

If you do not provide this data, you will not be able to create an account.

We use the information you provide to authenticate you when you log in and to follow up on password reset requests, to verify your eligibility to manage the account, to enforce the Website Terms of Use and all related rights and obligations, and to contact you to send you technical or legal notices, updates, security alerts, or other messages, such as those related to the management of the account. We also use your information to bill you for our services. Accordingly, we use the data you provide only to process the contract and provide our services to you under the contract. We may also pass on your data to one or more processors (e.g. parcel service providers or payment service providers), who will also use your data exclusively for internal use on our behalf.

The legal basis for the processing of your data is the performance of our contract with you according to Art. 6 (1) sentence 1 lit. b GDPR.

By default, no personal data is collected or transmitted via our “Tideways” software. We would like to point out that, in accordance with our terms of use, you are also not permitted to transmit personal data via our “Tideways” software without legal authorization or our consent.

All data transmitted within the scope of using the “Tideways” software is hosted on a server in Germany.

After complete processing of the contract, your data will initially be blocked for further use and deleted after expiry of the statutory retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you below.

You have the option to object to the processing at any time and to delete your account. In such a case, the contractual relationship with you cannot be continued.

Service emails

We send system and service emails to our customers. The system and service emails are used for purposes including, but not limited to, account verification, notification of technical and security notices, crawl status notifications, inactivity notifications, account invitations to other users, changes/updates to features of the Service. To send these system and service emails, we use the Postmark mailing service operated by AC PM LLC at 1 N Dearborn Street, Suite 500, Chicago, IL 60602, USA  (“Postmark”).

The legal basis for the processing of your data is the performance of our contract with you according to Art. 6 (1) sentence 1 lit. b GDPR. Accordingly, you cannot unsubscribe from the system and service emails.

After complete processing of the contract or deletion of your account, your data will initially be made unavailable for further use and deleted after expiry of the statutory retention periods.

For more information on data protection, please refer to Postmark’s privacy policy https://postmarkapp.com/privacy-policy.

Newsletter

You can sign up to receive our newsletter. To send our newsletters, we use the newsletter delivery service Postmark, which is operated by Wildbit LLC, 225 Chestnut St., Philadelphia, PA, 19106 USA (“Postmark”).

Our newsletter is published regularly and contains information about new offers on our website and news about us and our products.

To register, you must provide us with your e-mail address. Other information that serves to optimize the newsletter can be provided voluntarily. The registration takes place in a so-called double opt-in procedure. After registering on our website, you will receive a confirmation e-mail from us in which you must confirm the registration again. This entire process is documented and stored. This includes the storage of the registration and confirmation time as well as the storage of your IP address. The collection of this data is necessary so that we can trace the processes in the event of misuse of the e-mail address and therefore serves our legal protection. By subscribing to our newsletter, you agree to receive it.

The legal basis for the processing of your data after registration for the newsletter is Art. 6 (1) sentence 1 lit. a GDPR if you have given your consent.

You can withdraw your consent to the storage and use of your personal data to receive the newsletter at any time with effect for the future. For the purpose of withdrawing your consent, you can use the link provided for this purpose in the newsletter or unsubscribe on our website or inform us of your withdrawal by e-mail to the following address: [email protected].

Your data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your e-mail address will be stored as long as the subscription to the newsletter is active.

Content integration via Wistia

We embed videos on our website via the Wistia plugin, which is operated by Wistia, Inc., 17 Tudor Street, Cambridge, MA 02139, USA (“Wistia”).

When you visit our website, a direct connection to Wistia’s servers is established via your browser. Your browser is automatically prompted by the respective video embedded on our website to download a representation of the corresponding component from Wistia. As part of this technical process, Wistia obtains knowledge of which specific sub-page of our website you are visiting and knowledge of your anonymized IP address, type of end device, your operating system and the browser used.

If you interact with the videos, the corresponding information – e.g. the activation of the play button, details of the video segments viewed, access time to the video viewed – is transmitted from your browser to Wistia and stored.

If you are logged in with your personal account while visiting our website, Wistia can assign your visit and the subpages of our website that you specifically visited to your account.

The legal basis for the use of your personal data is Art. 6 (1) sentence 1 lit. f DSGVO.

Our legitimate interest in data processing according to Art. 6 (1) sentence 1 lit. f DSGVO lies in the provision of our website and our services.

Further information on data protection can be found in the data protection declaration of Wistia https://wistia.com/privacy.

E-Mail

Due to legal regulations, we provide information on our website that enables a quick electronic contact to us as well as direct communication with us. This includes, in particular, our e-mail address. If you contact us by e-mail, the personal data you send us will be stored automatically.

The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) sentence 1 lit. f GDPR. If the purpose of the contact is to conclude a contract, the additional the legal basis for the processing is Art. 6 (1) sentence 1 lit. b GDPR.

However, we use the personal data you provide exclusively for processing your specific enquiry. The data provided will always be treated confidentially.

Your details may be stored in a customer relationship management system (so-called CRM system) or another organizational tool for customer data.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

If you contact us, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued.

Internal organization with Google Services

We use the services Google Drive, Gmail and GSuite, which are operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, for our internal organization and provision of our services, in particular for our email correspondence and for storing files and documents.

In the course of using Google Services, your personal data may be processed and stored on Google’s servers. This includes, in particular, your master data and contact data, data relating to internal processes, data relating to our contract with you, data relating to our communication with you and other internal processes.

The legal basis for the processing of your data is the performance of our contract with you Art. 6 (1) sentence 1 lit. b DSGVO. The legal basis is also our legitimate interest in the internal administration and provision of our services to you Art. 6 (1) sentence 1 lit. f DSGVO.

Google may also process your data and the collected metadata for its own security purposes, for service optimization or for marketing purposes.

For more information, please refer to Google’s privacy policy www.google.com/policies/privacy/.

Meetings with Zoom

We use Zoom, a service operated by ZOOM Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA (“Zoom”), to conduct online meetings.

In the course of using Zoom, your inventory data, such as first name, last name, telephone (optional), e-mail address, password and your profile picture (optional), are processed. In addition, meeting metadata, such as topic, description (optional), participant IP addresses, and device/hardware information, is collected. If the meeting is recorded, MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings and the text file of the online meeting chat are also stored. If you dial in by phone, your corresponding data, such as phone number, country name, start and end time and, if applicable, your IP address will be saved. If you make entries in the chat during the meeting, ask questions or use the survey function, this entered data will also be saved. To enable the display of your video and the playback of your audio track, the data of your video camera and microphone are processed during the meeting. You can turn off or mute the camera or microphone at any time.

The legal basis for processing your data is the performance of our contract with you Art. 6 (1) sentence 1 lit. b DSGVO. Furthermore, the legal basis is our legitimate interest in the effective implementation of online meetings Art. 6 (1) sentence 1 lit. f DSGVO.

Your data will be processed as long as it is necessary for the implementation of the online meeting and related services. This does not apply if, in derogation thereof, a longer storage or retention period is required by law or is necessary for legal enforcement within the statutory limitation periods.

If an online meeting is to be recorded, we will inform you of this in advance.

If you are logged in with a ZOOM account, reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by ZOOM for up to one month.

For more information, please see Zoom’s privacy policy https://explore.zoom.us/docs/de-de/privacy.html.

Support via Help Scout

We use the helpscout.net tool, a customer service platform operated by Help Scout Inc., 131 Tremont Street, 3rd Floor, Boston, MA 02111-1338 (“Help Scout”), to process customer inquiries through our contact form.

In order to respond to your inquiries via our contact form, email address [email protected] or other support mailboxes, necessary data such as your last name, first name, email address, and the subject and category of your message are collected and transmitted to Help Scout. If you contact us by telephone as part of a customer relationship, your name, telephone number, the date of the call as well as notes and summaries of the call by our employees will be stored and transmitted to Help Scout.

The legal basis for processing your data is the performance of our contract with you Art. 6 (1) sentence 1 lit. b DSGVO. Furthermore, the legal basis is our legitimate interest in the effective implementation of online meetings Art. 6 (1) sentence 1 lit. f DSGVO.

For more information on data protection, please refer to Help Scout’s privacy policy https://www.helpscout.com/company/legal/privacy/.

Payment service provider Recurly

We use the payment service provider Recurly, Inc, 400 Alabama St, Suite 202, San Francisco, California 94110, USA (“Recurly”) to process payments and subscriptions.

You provide Recurly with your inventory data, such as first name, last name, address, email address, IP address, as well as your bank data, to the extent necessary for payment processing, such as credit card numbers, passwords, account numbers, TANs, verification numbers, expiration date and CVC code. Also necessary for the processing of the payment are such personal data that are related to your booking, such as prices and tax levies or information on previous ordering behavior.

The transmission of the data is solely for the purpose of processing the payment. The legal basis is therefore Art. 6 (1) sentence 1 lit. b DSGVO, insofar as the payment serves to fulfill a contract. Furthermore, we use external payment service providers on the legal basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO in order to offer you effective and secure payment options.

We do not gain access to the data entered, it is processed and stored exclusively by Recurly. Recurly may transmit your data to credit agencies for identity and credit checks as well as for fraud prevention.

Your data will be stored by us until the expiry of statutory retention periods and then deleted.

Recurly’s terms and conditions apply to payment transactions. For further information on data protection, please refer to Recurly’s https://recurly.com/legal/privacy/.

Payment service provider Stripe

We also use the payment service provider Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland (“Stripe”) to process credit card payments.

You provide Stripe with your inventory data, such as first name, last name, address, e-mail address, IP address, as well as your bank data, to the extent necessary for payment processing, such as credit card numbers, TANs, verification numbers, expiration date and CVC code. Also necessary for the processing of the payment is such personal data related to your booking, such as prices and tax levies or information on previous ordering behavior, which we transmit to Stripe.

The transmission of the data is solely for the purpose of processing the payment. The legal basis is therefore Art. 6 (1) sentence 1 lit. b DSGVO, insofar as the payment serves to fulfill a contract. Furthermore, we use external payment service providers on the legal basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO in order to offer you effective and secure payment options.

We do not gain access to the data entered, it is processed and stored exclusively by Stripe. Stripe may transmit your data to credit agencies for identity and credit checks as well as for fraud prevention.

Your data will be stored by us until the expiry of statutory retention periods and then deleted.

The terms and conditions of Stripe apply to payment transactions. For further information on data protection, please refer to Stripe’s https://stripe.com/de/privacy#translation.

Billing via FastBill

We use FastBill GmbH, Wildunger Str. 6, 60487 Frankfurt am Main (“FastBill”), to bill our services.

For the billing of our services, we collect your name and billing data such as address, amount and term as well as a transaction number. Based on this data, our services are billed via FastBill.

The legal basis is Art. 6 (1) sentence 1 lit. b DSGVO, insofar as the payment serves to fulfill a contract. Furthermore, we use external payment service providers on the legal basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO in order to offer you effective and secure billing for our services.

Your data will be stored by us until the expiry of statutory retention periods and then deleted.

For more information on data protection, please refer to Fastbill’s privacy policy https://www.fastbill.com/datenschutz.

IV. Data subjects’ rights

If your personal data are processed, you have the following rights as a data subject within the meaning of the GDPR:

Right of access (Art. 15 GDPR)

You have the right to request confirmation as to whether we are processing data relating to you. You also have the right to obtain from us, at any time and free of charge, information about the personal data stored about you and a copy of this data in accordance with the legal requirements.

Right to rectification (Art. 16 GDPR)

You have the right to request the immediate rectification and/or completion of inaccurate or incomplete personal data concerning you. We shall carry out the correction without delay.

Right to restriction of processing (Art. 18 GDPR)

You have the right to demand that we restrict processing if one of the legal requirements is met. Right to erasure (Art. 17 GDPR)

You have the right to request that we delete the personal data concerning you without delay, provided that one of the legal grounds applies and insofar as the processing is not necessary.

Right to information

If you have asserted the right to rectification, erasure, or restriction of processing against us, we are obliged to notify all recipients to whom the personal data relating to you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

Right to data portability (Art. 20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements. You also have the right to transfer this data to another data controller without hindrance from us in accordance with the legal requirements. You also have the right, in accordance with the law, to have the personal data transferred directly from us to another data controller, insofar as this is technically feasible and insofar as this does not affect the rights and freedoms of other persons.

Right to object (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data relating to you which is carried out on the legal basis of Article 6 (1) sentence 1 lit. e or f GDPR. This also applies to profiling based on these provisions.

We will no longer process the personal data in the event of objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can contact us at any time to exercise your right to object.

Right of withdrawal in case of consent

You have the right to withdraw your consent to the processing of personal data at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the legal basis of the consent until the withdrawal.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

Status: October 2021