I. General information
We place great importance on data protection. Your personal data is collected and processed taking into consideration the valid data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the aforementioned websites.
This Policy describes how and for which purpose your data are collected and used and which options you have in relation to personal data.
By clicking on the field about data protection in the contact form, you give your consent to the processing of your personal data in the context of the enquiry in the contact form.
The controller for the collection, processing and use of your personal data as set out in the GDPR is Telio Management GmbH, Holstenstraße 205, 22765 Hamburg, registered in the commercial register of the Hamburg district court – HR B 112181 -.
III. General use of the website
1. Access data
We collect information about you when you use this website. We automatically record information about your usage behaviour and your interaction with us and register data about your computer or mobile device. We collect, save and use data about every access to our online offer (so-called server log files). Access data include name and URL of the retrieved file, data and time of retrieval, amount of data transferred, notification of successful retrieval (HTTP response code), browser type and browser version, operating system, referrer URL (i.e. the site visited beforehand), IP address and the requesting provider. We use these protocol data without associating them with you as a person or other profiling for statistical analyses for the purpose of the operation, security and optimisation of our online offer, but also to anonymously record the number of visitors to our website (traffic) as well as to analyse the scope and type of usage of our website and services and the data traffic, to search for and troubleshoot errors and to improve our services. We reserve the right to check protocol data retrospectively if there is a legitimate suspicion of unlawful use based on concrete evidence. We store IP addresses for a limited period of time in the log files if this is necessary for security purposes. We also store IP addresses if we have a concrete suspicion of an offence with regards to the use of our website. In addition, we store the date of your last visit as part of your account (e.g. when registering, logging in, clicking on links, etc.).
2. Email contact
If you contact us (e.g. via the contact form or email), we store your details to process the enquiry as well as for the event that you may have follow-up questions. We only store and use other personal data if you give your consent or if this is permissible by law without any special consent.
3. Legal bases and storage period
The legal basis for the data processing in accordance with the above clauses is Article 6(1)(f) GDPR. Our interests in the data processing are, in particular, in safeguarding the operation and security of the website, simplifying the use of the website as well as processing your enquiries via our contact form.
Unless explicitly specified, we store personal data only for as long
as is necessary to fulfil the pursued purposes.
IV. Your rights as a data subject
According to the applicable laws you have various rights regarding your personal data. If you wish to exercise these rights, please direct your enquiry by:
Ø email to Data.Protection.Officer@tel.io
Ø or by post with a clear identification of who you are to Data Protection Officer, Telio Management GmbH, Holstenstraße 205, 22765 Hamburg
Ø or via our contact form on the tel.io or mytel.io websites
The following will provide you with an overview of your rights.
1. Right to obtain confirmation and communication
You have the right to obtain confirmation from us at any time whether data concerning you is being processed. Should this be the case, you have the right to obtain access to personal data saved about you free of charge in addition to a copy of these data. You also have the right to the following information:
Ø the processing purposes;
Ø the categories of personal data being processed;
Ø the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular with regards to recipients in third countries or international organisations;
Ø if possible, the planned duration for storing the data or, if this is not possible, the criteria for establishing this duration;
Ø the existence of a right to rectification or erasure of the personal data concerning you or to the restriction of processing by the controller or to object to this processing;
Ø the existence of the right to lodge a complaint with a supervisory authority;
Ø if the personal data are not collected from you, all available information concerning the origin of the data;
As a responsible company, we forego automated decision-making including profiling pursuant to Article 22(1) and (4) GDPR.
2. Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate
personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
3. Right to erasure (“right to be forgotten”)
You have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
Ø the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
Ø you withdraw consent on which the processing is based according to point (a) of Article 6(1) GDPR, or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
Ø you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
Ø the personal data have been unlawfully processed.
Ø the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the we are subject.
Ø the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
Where we have made the personal data public and are obliged pursuant to Article 17 GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
4. Right to restriction of processing
You have the right to obtain from us restriction of processing where one of
the following applies:
Ø the accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data;
Ø the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
Ø we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims;
Ø you have objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of our company override your own.
5. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where:
Ø the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or on a contract pursuant to point (b) of Article 6(1) GDPR; and
Ø the processing is carried out by automated means. In exercising your right to data portability pursuant to Paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
6. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
7. Right to withdraw consent concerning privacy of data
You have the right to withdraw consent given to the processing of personal data
at any time.
8. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the Hamburg Commissioner for Data Protection and Freedom of Information, Kurt-Schumacher-Allee 4, 20097 Hamburg, as well as in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
V. Data security
We endeavour to protect your data to the maximum in the context of the valid data protection laws and technical possibilities. We transfer your personal data in encrypted form. We use the SSL (Secure Socket Layer) coding system, but would still like to point out that data transfer online (e.g. communication via email) can present gaps in security. It is impossible to protect data completely against third-party access. In addition, we also do not guarantee that our offer is available at specific times; malfunctions, interruptions or failures cannot be ruled out. The servers we use are carefully secured on a regular basis.
VI. Automated decision-making
We do not employ automated decision-making on the basis of the personal data collected.
VII. Transfer of data to third parties, no data transfer to non-EU countries
As a rule, we only use your personal data within our company. If and insofar as we employ third parties for the purpose of contract performance, they only receive personal data to the extent that is necessary for the respective service. In the event that we outsource parts of data processing (“order processing”), order processers are bound by contract to only use personal data in accordance with the requirements of the data protection laws and to guarantee that the rights of the data subject are protected. Data is not transmitted to bodies or persons outside the EU nor is this being planned.
VIII. Data Protection Officer
If you still have questions or concerns regarding data privacy, please contact
our Group Data Protection Officer at Data.Protection.Officer@tel.io.