Data Protection Notice

Last updated: 27/09/2023

ToolTime GmbH (the “Company,” “we,” or “us”) wants you to be familiar with how we collect, use and disclose Personal Information. This Privacy Notice applies to all processing operations carried out by the Company in its own responsibility as a controller. Where the Company processes Personal Information on behalf of a user as described in Sec. 5.1 of the Terms of Use, the data processing agreement attached to the Terms of Use shall apply instead.

Personal Information” is information that identifies you as an individual or relates to an identifiable individual. This Privacy Notice describes our processing practices of Personal Information that we collect and use in connection with:

  • Websites operated by us from which you are accessing this Privacy Notice (the “Websites”); 
  • Software applications made available by us for use on or through computers and mobile devices (the “Apps”); 
  • Our social media pages from which you are accessing this Privacy Notice (collectively, our “Social Media Pages”);
  • Email messages that we send to you that link to this Privacy Notice or other communications with you; and
  • Offline business interactions you have with us.

Collectively, we refer to the Websites, Apps, Social Media Pages, emails, and offline business interactions as the “Services.”

Collection and processing of personal information 
How we collect Personal Information

We collect Personal Information in a variety of ways, including through our Services and from other sources, as set out in the grid below.

We need to collect certain Personal Information in order to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. We will note which Personal Information is required to provide the Services at the time of its collection.

If you disclose any Personal Information relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Notice.

Processing of Personal Information 

We use your Personal Information for legitimate business purposes as described in the overview below.

Making our Services available to you

1. Providing the functionality of the Services

1.1 Examples of Processing Activities

Provide the functionality of the Services to you, such as arranging access to your online account; facilitating your purchases and delivery of purchased products; verifying your information; processing your orders and related payments; processing returns, exchanges or requests for a refund. 

1.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Billing Information; Preferences; Relationship History; Transaction Information; Device Information; and Social Media Information.

1.3 Legal Basis

Performance of the contract, including the ToolTime Terms of Service which govern how we provide the Services.

1.4 Third Party Sources

Publicly available databases.

2. Demonstrating the Services

2.1 Examples of Processing Activities

Demonstrating the capabilities and functions of the Services in an online video call with potential customers; some of these video calls may be recorded for training and quality purposes.

2.2 Personal Information Categories

Name; Telephone or Video Call Recordings and any personal information 

2.3 Legal Basis

Consent; we will ask for and rely on your prior opt-in consent before starting a Telephone or Video Call Recording

2.4 Third Party Sources

N/A

3. Customer service

3.1 Examples of Processing Activities

Administering customer-care services to facilitate and address inquiries, requests, comments and complaints about any of our Services (such as in person, through phone lines, email, or on social media), for example, to send you documents or product information you request or assist you in using the Services.

3.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Billing Information; Relationship History; Transaction Information; Device Information; Telephone or Video Call Recordings; and Preferences.

3.3 Legal Basis

Performance of the ToolTime Terms of Service which govern how we provide the Services.
Legitimate interests, such as responding to inquiries or complaints.
Legal obligations*, such as when you submit a request to access your Personal Information.

3.4 Third Party Sources

N/A

4. Communicating important changes / Service messages

4.1 Examples of Processing Activities

Send to you important information regarding our relationship with you, our Services, any changes to our terms, conditions, policies and procedures, and/or other administrative information. 

4.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Preferences; Relationship History; Transaction Information; Device Information; and Social Media Information.

4.3 Legal Basis

Legitimate interests, such as to ensure our Services are used in accordance with our terms, conditions, and policies. Performance of contract, where provided in the ToolTime Terms of Service which govern how we provide the Services.Legal obligations*, such as to inform you of material changes to the ToolTime Terms of Service to comply with applicable consumer and/or data protection laws.

4.4 Third Party Sources

N/A

5. Operations and general business

5.1 Examples of Processing Activities

Administering online Services (including troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, and the hosting of data); employee training and managing work activities and personnel generally. 

5.2 Personal Information Categories

Personal Information as relevant for the specific business operation.

5.3 Legal Basis

Legitimate interests, such as to ensure our Services are used in accordance with our terms, conditions, and policies. Performance of contract, where provided in the ToolTime Terms of Service which govern how we provide the Services.Legal obligations*, such as to inform you of material changes to the ToolTime Terms of Service  to comply with applicable consumer and/or data protection laws.

5.4 Third Party Sources

Third party organizations, when they share personal information with us to, for example, facilitate mergers, acquisitions and other reorganization and restructurings of our business. 

Events and visitors

6. Visits, conferences and other events

6.1 Examples of Processing Activities

Facilitate and participate in conferences and events, such as trade shows or bookings at our premises (including rentals), and welcome guests and visitors to our premises.

6.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Billing Information; Relationship History; Transaction Information; Preferences; Visitor and Event Information; Marketing Data; and Event Photographs and Videos.

6.3 Legal Basis

Performance of a contract with you, such as collecting information regarding a planned event in which you participate. Legitimate interests, such as responding to customer complaints or concerns relating to an event.

6.4 Third Party Sources

Event management service providers.

Marketing and user engagement 

7. Marketing

7.1 Examples of Processing Activities

Send you promotional information about our Services, products, newsletters, promotions, offers and other news about our Company.

7.2 Personal Information Categories

Name & Contact Details (including email address); Device Information (including IP address; usage data, cookie generated data, online navigation data, location data, browser data)

7.3 Legal Basis

Legitimate interests, such as to promote our Services. Consent, for example, where we would like to send you direct email marketing communications, but do not have an existing relationship with you, we will ask for and rely on your prior opt-in consent.

7.4 Third Party Sources

Publicly available databases. Marketing / advertising service providers. Data broker service providers.

8. Promotions and contests

8.1 Examples of Processing Activities

Conduct prize promotions, contests and other promotional offers. If you participate, we will use your information to administer such promotions and offers. 

8.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Relationship History; Transaction Information; Preferences; Marketing Data; Device Information; User Content; User Photographs and Videos; Event Photographs and Videos; and Social Media Information.

8.3 Legal Basis

Legitimate interests, such as to promote our Services.
Performance of contract, such as fulfilling obligations associated with a contest.

8.4 Third Party Sources

Publicly available databases. Marketing / advertising service providers. Data broker service providers.

9. Relationship building and engagement

9.1 Examples of Processing Activities

Facilitate and respond to any product reviews, social sharing and posts on our Services. 

9.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Marketing Data; Social Media Information; and User Content.

9.3 Legal Basis

Legitimate interests, such as engaging with individuals who post on our Social Media Pages.

9.4 Third Party Sources

Marketing / advertising service providers. Data broker service providers.

Personalization and improving our Services

10. Personalizing our Services

10.1 Examples of Processing Activities

Personalize our interactions with you and provide you with information and/or offers tailored to your interests, such as targeted advertising tailored to your interests, on our online Services as well as our marketing partners’ platforms; deliver content via our Services that we believe will be relevant and interesting to you. 

10.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Marketing Data; Social Media Information; Relationship History; Transaction Information; Device Information; and Preferences.

10.3 Legal Basis

Consent, for example, where we would like to send you offers tailored to your specific interests, shopping history and/or behavior, and such tailoring of offers would result in extensive profiling.
Legitimate interests, such as providing tailored Services based on past usage and/or preferences, and such tailoring would be based on basic and privacy-non-intrusive segmentation.

10.4 Third Party Sources

Publicly available databases. Marketing / advertising service providers. Data broker service providers.

11. Improving and developing new products and Services

11.1 Examples of Processing Activities

Conduct data analysis, for example, monitoring and analyzing usage of Services and using data analytics to improve the efficiency of our Services; develop new products and Services; consider ways for enhancing, improving, repairing, maintaining or modifying our current products and Services; identify usage trends, for example, understanding which parts of our Services are of most interest to users; determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; and operate and expand our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.

11.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Relationship History; Transaction Information; Preferences; User Content; Device Information; Telephone or Video Call Recordings; and Social Media Information. 

11.3 Legal Basis

Legitimate interests, such as developing new Services.
Consent, such as when we use cookies and similar technologies and the data collected by means of such technologies qualify as Personal Information.

11.4 Third Party Sources

Publicly available databases. Marketing / advertising service providers. Data broker service providers.

12. Aggregating and/or anonymizing Personal Information

12.1 Examples of Processing Activities

Aggregate and/or anonymize Personal Information so that it will no longer be considered Personal Information.

12.2 Personal Information Categories

Personal Information as relevant for the specific business purpose.

12.3 Legal Basis

Legitimate interests, such as to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.

12.4 Third Party Sources

N/A

Security and legal reasons

13. Fraud prevention and security

13.1 Examples of Processing Activities

Conduct audits, verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements; monitor for and prevent fraud; and security purposes, including system security and on-site security of our premises.

13.2 Personal Information Categories

Name & Contact Details; Business Contact Details; Account Information; Billing Information; Device Information; Relationship History; Telephone or Video Call Recordings; CCTV and Site Security Information; and Transaction Information.

13.3 Legal Basis

Legal obligations*, such as to detect and prevent cyberattacks.
Legitimate interests, such as identifying and/or preventing fraudulent transactions.

13.4 Third Party Sources

N/A

14. Legal and compliance

14.1 Examples of Processing Activities

Fulfill our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements.

Enforcing our terms and conditions; protecting our operations; protecting the rights, privacy, or property of the Company; and allowing us to pursue available legal remedies, defend claims and limit the damages that the Company may sustain.

14.2 Personal Information Categories

Personal Information as relevant for the specific legal action, regulatory investigation, and/or legal processes in question, which may include:

Name & Contact Details; Business Contact Details; Account Information; Billing Information; User Content; Preferences; Marketing Data; Relationship History; Transaction Information; Visitor and Event Information; User Photographs and Videos; Social Media Information; Event Photographs and Videos; CCTV and Site Security Information; Telephone or Video Call Recordings; and Device Information.

14.3 Legal Basis

Legal obligations*, such as to detect and prevent cyberattacks.
Legitimate interests, such as identifying and/or preventing fraudulent transactions.

14.4 Third Party Sources

Public and/or government and/or regulatory authorities, including courts, tribunals, regulators and government authorities.

Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.).

*For more information on our legal obligations, please see section ‘Other Disclosures below. 

** For more information on disclosure of Personal Information in connection with a sale or business transaction, please see ‘Other Disclosures’ below.

Personal information

We collect the following categories of Personal Information:

  1. Personal Information we receive from you:
  • Name & Contact Details such as first and last name, title, prefix, email address, telephone number, postal address, date of birth, gender, country of residence.
  • Business Contact Details such as company name, business email address, business telephone number, business postal address, country of business.
  • Account Information such as your chosen username and password, avatar, and other information you share in your account.
  • Billing Information such as debit or credit card details, bank account details, billing address.
  • User Content such as reviews about our products and Services, and other content you may create or share on our Services, including posts on our Social Media Pages, blogs, and comment sections.
  • Preferences such as language, interests, and other customer feedback/preferences that you might express during your use of our Services.
  • Marketing Data such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication.
  • Relationship History such as details of your communications with us, and details of your claims, complaints and queries in general.
  • Transaction Information such as details of products and Services you have purchased from us.
  • Visitor and Event Information such as dietary restrictions, travel and accommodation details, issued identification pass to access the premises, and other details specific to a particular event or conference that you share with us.
  • User Photographs and Videos such as photos and videos submitted by you while using our Services.
  • Telephone or Video Call Recordings such as audio and/or video recordings of calls when you contact us or when we demonstrate the Services to you.
  1. Personal Information we collect through your use of our Services or from other sources:
  • Social Media Information such as profile pictures, social media account ID, and other social media profile information, including lists of friends/followers on social media.
  • Event Photographs and Videos such as photos and videos taken at one of our events/conferences.
  • CCTV and Site Security Information such as images or video footage captured or recorded by CCTV and other security measures on our premises.
  • Device Information such as information about your devices and your use of our Services. This includes data obtained through cookies and similar technologies.
Disclosure of Personal Information

Recipients: Payment processing service providers

Purpose: 

  • Fraud prevention and security
  • Providing the functionality of the Services
  • Visits, conferences and events

Recipients: Website hosting service providers

Purpose: 

  • Improving and developing new products and Services
  • Operations and general business
  • Providing the functionality of the Services

Recipients: Information technology and related infrastructure service providers

Purpose: 

  • Fraud prevention and security
  • Improving and developing new products and Services
  • Operations and general business
  • Providing the functionality of the Services

Recipients: Email delivery service providers

Purpose: 

  • Communicating important changes
  • Customer service
  • Improving and developing new products and Services
  • Marketing
  • Personalizing our Services
  • Promotions and contests
  • Providing the functionality of the Services
  • Relationship building and engagement
  • Visits, conferences and events

Recipients: Advertising networks

Purpose: 

  • Improving and developing new products and Services
  • Marketing
  • Personalizing our Services
  • Promotions and contests
  • Relationship building and engagement

Recipients: Customer service or related benefits (including special promotions) service providers

Purpose: 

  • Communicating important changes
  • Customer service
  • Improving and developing new products and Services
  • Marketing
  • Providing the functionality of the Services 
  • Personalizing our Services
  • Promotions and contests
  • Relationship building and engagement

Recipients: Order fulfillment service providers

Purpose: 

  • Providing the functionality of the Services

Recipients: Return authorization service providers

Purpose: 

  • Providing the functionality of the Services

Recipients: Analytics providers for our Services

Purpose: 

  • Aggregating and/or anonymizing Personal Information
  • Customer service
  • Fraud prevention and security
  • Improving and developing new products and Services
  • Marketing
  • Operations and general business
  • Personalizing our Services
  • Promotions and contests
  • Relationship building and engagement

Recipients: Law enforcement, public, regulatory and government authorities, courts or tribunals

Purpose: 

  • Emergency and incident response
  • Fraud prevention and security
  • Legal and compliance

Recipients: Emergency services 

Purpose: 

  • Emergency and incident response
  • Legal and compliance

Recipients: Auditing service providers 

  • Fraud prevention and security
  • Legal and compliance

Recipients: Other services, including, without limitation, our Social Media Pages

Purpose: 

  • Individual user/customer public interactions and communications, such as message boards, chat, profile pages, blogs and other services to which you choose to post information and content
  • Social sharing activities
Connecting Your Services to Social Media

When you connect your Services account to your social media account, you will share information with your friends associated with your social media account, with other users, and with your social media account provider. By doing so, you authorize us to facilitate this sharing of information, and you understand that the use of shared information will be governed by the social media provider’s privacy notice.

Other Disclosures

We also disclose your Personal Information as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.

Purpose: To comply with applicable law and regulations

Further Detail: This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your Personal Information, including:

  • Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
  • Criminal matters: to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws.
  • Consumer matters: to comply with requests from competent authorities under EU or EU Member State consumer protection law, such as under Directive (EU) 2019/2161 and its implementing laws in EU Member States.
  • Corporate and taxation matters: to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional personal information for tax purposes.
  • Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the General Data Protection Regulation into our Company. These can include authorities outside of your country of residence.
  • Compliance and internal investigations: to comply with whistleblowing requirements under Directive (EU) 2019/1937 and its implementing laws in EU Member States.
  • Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises.

Purpose: For other legal reasons

Further Detail: 

  • For dispute resolution purposes; 
  • To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

Purpose: In connection with a sale or business transaction

Further Detail: We have a legitimate interest in disclosing or transferring your Personal Information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Information in accordance with applicable law and the ‘Updates To This Privacy Notice’ section.

Cookies

Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us to make our offer more user-friendly, effective and secure.

Some cookies are “session cookies”. These cookies are automatically deleted at the end of your browsing session. On the other hand, other cookies remain on your device until you delete them yourself. These cookies help us recognise you when you return to our website.

With a modern web browser, you can monitor, restrict or prevent the installation of cookies. Many web browsers can be configured so that cookies are automatically deleted when the program is closed. Disabling cookies may result in limited functionality of our website.

The setting of cookies, which are necessary to carry out electronic communication processes or to provide certain functions desired by you, is based on Article 6(1)(f) GDPR. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (eg for analysis functions), these will be treated separately in this data protection declaration.

Security

We seek to use reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the Contacting Us section below.

Choices and individuals’ rights

We give you choices regarding our use of your Personal Information for marketing purposes. You may opt out from receiving marketing-related emails from us. If you no longer want to receive marketing related emails from us on a going-forward basis, you may opt out by using the “unsubscribe” link in each such email or by contacting us as described in the “Contacting Us” section below. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing from us, we may still send you important administrative messages, from which you cannot opt out.

If you would like to request to access, correct, update, suppress, restrict, or delete Personal Information, object to or opt out of the processing of Personal Information, withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your Personal Information for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you may contact us in accordance with the “Contacting Us” section below. We will respond to your request consistent with applicable law. 

In your request, please make clear what Personal Information you would like to have changed or whether you would like to have your Personal Information suppressed from our database. For your protection, we may only implement requests with respect to the Personal Information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a purchase or enter a promotion, you may not be able to change or delete the Personal Information provided until after the completion of such purchase or promotion).

You may lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080.

Retention period

We will retain your Personal Information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. 

The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Information, even after your account has been deleted and/or we no longer provide the Services to you; for example:

  • To cooperate with law enforcement or public, regulatory and government authorities: If we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Information subject to such order or warrant after you delete your Services account.
  • To comply with legal provisions on tax and accounting: We may retain your Personal Information, such as Billing Information, Relationship History, and/or Transaction Information, for up to 10 years after you delete your Services account, as required by tax law and to comply with bookkeeping requirements.
  • To pursue or defend a legal action: We may retain relevant Personal Information in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Information, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for up to 10 years after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal. 

In some circumstances we will anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Third party services

This Privacy Notice does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

The Services may provide functionality allowing you to make payments to the Company using third-party payment services with which you have created your own account. When you use such a service to make a payment to us, your Personal Information will be collected by such third party and not by us, and will be subject to the third party’s privacy notice, rather than this Privacy Notice. We have no control over, and are not responsible for, this third party’s collection, use, and disclosure of your Personal Information.

In addition, we are not responsible for the information collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM, or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider, or device manufacturer, including with respect to any Personal Information you disclose to other organizations through or in connection with the Apps or our Social Media Pages.

Third party advertising

We use third-party advertising companies to serve advertisements regarding goods and services that may be of interest to you when you access and use the Services and other websites or online services.

  • You may receive advertisements based on information relating to your access to and use of the Services and other websites or online services on any of your devices, as well as on information received from third parties. These companies place or recognize a unique cookie on your browser (including through the use of pixel tags). They also use these technologies, along with information they collect about your online use, to recognize you across the devices you use, such as a mobile phone and a laptop. If you would like more information about this practice, and to learn how to opt out of it in desktop and mobile browsers on the particular device on which you are accessing this Privacy Notice, please visit http://optout.aboutads.info/#/ and http://optout.networkadvertising.org/#/. You may download the AppChoices app at www.aboutads.info/appchoices to opt out in mobile apps.
Use of services by minors

The Services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Information from individuals under 18. 

Jurisdiction and cross-border transfer

Your Personal Information may be stored and processed in countries in which we engage service providers, and by using the Services you understand that your Personal Information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

Where this will involve transferring your Personal Information outside the UK and/or EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

Adequacy Decisions: Some non-EEA countries are recognized under the UK GDPR and by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Standard Contractual Clauses: For transfers of Personal Information from the UK and/or EEA to third countries, which are not considered adequate under the UK GDPR and/or by the European Commission, we have put in place standard contractual clauses adopted under the UK GDPR and/or by the European Commission to protect your Personal Information. You may obtain a copy of these measures by contacting us in accordance with the “Contacting Us” section below. “UK GDPR” has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

Sensitive information

Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.

Updates to this privacy notice

The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice on the Services. 

Contacting us

ToolTime GmbH, located at Boxhagener Str. 119, 10245 Berlin, is the company responsible for collection, use, and disclosure of your Personal Information under this Privacy Notice.

If you have any questions about this Privacy Notice, please contact us at partner@tooltime.de.

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

You may also contact our Data Protection Officer (DPO):

heyData UG (haftungsbeschränkt)
Landsberger Straße 155
80687 München
info@heydata.de