Data Protection | Tiba Transformation Group GmbH

Privacy Policy

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other data protection regulations, is:

Tiba Transformation Group GmbH
Perchtinger Straße 10
81379 Munich
Germany

Phone: +49 89 89 31 61-0
Email: info@tiba.de
Internet: https://www.tiba.de/en

Managing Director: Till H. Balser

I. The Data Protection Officer of the Controller is:

DataCo GmbH
Herr Kivanc Semen
Nymphenburger Str. 86
80636 Munich
Email: dataprivacy@tiba.de

III. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device. Additionally, the provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

The following data is collected:

Visited website
Date and time of access
Amount of data transmitted in bytes
Referrer URL or source/reference from which you reached the website
Browser type and browser version used
Operating system used
Anonymized IP address
Utilization of website functions

This data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

2. Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

3. Purpose of Data Processing

The temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The storage in log files ensures the functionality of the website. Additionally, the data helps us optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.

4. Duration of Storage

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for website provision, this occurs when the respective session is terminated.

In the case of storage in log files, this is the case after no more than thirty days. Extended storage is possible. In such cases, the IP addresses of users are deleted or anonymized so that the accessing client can no longer be assigned.

5. Right to Object and Removal

The collection of data for the provision of the website and the storage of data in log files are essential for the operation of the website. Therefore, the user has no right to object.

IV. Use of Cookies

a) Description and Scope of Data Processing

Our website uses cookies. Cookies are text files stored in the internet browser or by the internet browser on the user's computer system. When a user visits a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Language settings
Screen resolution
Client
Statistics cookies to determine page views/users

Additionally, we use cookies on our website that enable an analysis of users' browsing behavior.

Through this, the following data may be transmitted:

Frequency of page views
Use of website functions
Entered search terms

When accessing our website, users are informed via a cookie pop-up about the use of cookies for analysis purposes and referred to this privacy policy. In this context, users are also informed about how the storage of cookies can be prevented in their browser settings.

When visiting our website, users are informed about the use of cookies for analysis purposes, and their consent to process personal data in this context is obtained. Users are also referred to this privacy policy.

We provide a consent management system that allows you to make decisions about the use of cookies within our offerings according to your preferences. You can change your decision at any time, granting or withdrawing your consent retroactively. You can access the configuration options here.

b) Legal Basis for Data Processing

The processing of personal data in connection with the use of cookies is based on Article 6(1)(f) GDPR, provided it is necessary to protect legitimate interests and there are no overriding interests, fundamental rights, or freedoms of the data subject. Legitimate interests may include, for example, ensuring the functionality of the website or improving the user experience.

For the use of cookies that are not technically necessary and require active consent (e.g., marketing or analytics cookies), processing is based on prior consent in accordance with Article 6(1)(a) GDPR. Consent is obtained, documented, and managed in compliance with the requirements of Article 7 GDPR and can be withdrawn at any time by the data subject.

c) Purpose of Data Processing

The purposes of the individual cookies can be found within the cookie pop-up.

d) Duration of Storage, Right to Object, and Removal

Cookies are stored on the user’s computer and transmitted to our website. The storage duration of individual cookies can be found within the cookie pop-up. As a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time, either manually or automatically.

If cookies are deactivated for our website, it may no longer be possible to use all website functions to their full extent.

Additionally, you can change your cookie preferences here.

V. Contact Form and Email Contact

1. Description and Scope of Data Processing

It is possible to contact us via the provided email address. In this case, the personal data transmitted with the email will be stored.

This data may include:

a) Contact Form

Salutation (Mr./Ms./Diverse)
First and last name
Email address
Telephone number
Job title
Department
Position
Company
Industry
Address
Date and time
Message content

b) Download Form

Salutation (Mr./Ms./Diverse)
First and last name
Email address
Telephone number
Department
Company
Date and time
Record type (About Tiba, Publications, Tiba Magazine, Case Studies, Product Brochures)

c) Event Registration Form

Salutation (Mr./Ms./Diverse)
First and last name
Email address
Telephone number
Job title
Department
Position
Company
Industry
Address/Billing address
Optional: Company order number
Optional: VAT ID
Date and time
Record type (e.g., Registration, etc.)

d) Newsletter Subscription Form

Salutation (Mr./Ms./Diverse)
First and last name
Email address
Date and time
Area of interest

2. Legal Basis for Data Processing

Different legal bases apply depending on the processing process.

User Consent (Art. 6(1)(a) GDPR):

Contact via the contact form
Provision of downloads (download form)
Registration and handling of events (optional for voluntary information)
Sending newsletters

Legitimate Interest (Art. 6(1)(f) GDPR):

Ensuring IT security and preventing misuse
Documentation and proof of download activities

Contract Fulfillment (Art. 6(1)(b) GDPR):

Processing inquiries aimed at concluding a contract
Handling events for paid registrations

3. Purpose of Data Processing

The purpose of processing varies depending on the process.

Processing contact inquiries (contact form):

Processing personal data to establish contact and handle inquiries
Technical data processing to prevent misuse and ensure IT security

Provision of downloads (download form):

Documentation and provision of requested materials (e.g., About Tiba, Publications, Tiba Magazine, Case Studies, Product Brochures)

Event management (event form):

Registration and organizational handling of events
Processing for invoicing and documentation (for paid events)

Sending newsletters (newsletter form):

Providing newsletters and customizing content based on indicated areas of interest

4. Duration of Storage

General inquiries (contact form and email communication):

Duration: Until the conversation is concluded
Exception: In the case of a contract conclusion, data will be retained in accordance with legal requirements (6–10 years)

Download requests (download form):

Duration: Until the purpose of provision is fulfilled, provided no further legal retention obligations exist

Event data (event form):

Duration: 6–10 years after the event concludes, if invoicing or legal requirements necessitate this

Newsletter subscriptions (newsletter form):

Duration: Until the user unsubscribes from the newsletter
After unsubscribing: Data is immediately deleted, provided no legal requirements apply

5. Right to Object and Removal

The user has the right to withdraw their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

The objection can be made via email or post. The necessary contact details can be found in the imprint, and our email address is info@tiba.de.

All personal data stored in the course of communication will be deleted in such a case.

VI. Appointment Scheduling via Microsoft Bookings

Interested parties can schedule coordination appointments directly with the relevant Tiba representatives via Microsoft Bookings.

1. Description and Scope of Data Processing

Interested parties can schedule appointments directly with the relevant Tiba representatives via Microsoft Bookings.

In the course of an appointment request, interested parties or customers provide their contact details and receive an appointment invitation via email.

Consent: During the appointment request process, interested parties and customers give their consent by checking a box.

The personal data transmitted by the user includes:

First and last name
Email address
Telephone number
Notes
Optional: Address
Optional: Salutation (Mr./Ms./Other)
Optional: Position
Optional: Company

2. Legal Basis for Data Processing

The processing of personal data is carried out in accordance with Article 6(1)(b) GDPR if the appointment scheduling is necessary for the fulfillment of a contract or the implementation of pre-contractual measures.

If the processing is based on consent (e.g., for voluntary information), it is carried out in accordance with Article 6(1)(a) GDPR.

The processing is based on Article 6(1)(f) GDPR if it is necessary to safeguard legitimate interests. The legitimate interest here lies in the efficient organization and handling of appointments, as well as the improvement of communication and workflow processes.

3. Purpose of Data Processing

The purpose of scheduling appointments via Microsoft Bookings is to optimize and automate appointment processes. Microsoft Bookings allows customers, colleagues, or other interested parties to quickly and easily view available times and schedule appointments independently, eliminating the need for manual coordination or lengthy email correspondence.

4. Duration of Storage

Personal data is stored for the duration of the appointment process and in accordance with statutory retention periods. After the appointment is completed and statutory periods have expired, the data will be deleted unless further processing is necessary.

5. Right to Object and Removal

Users have the right to object to the processing of their personal data at any time if it is based on Article 6(1)(f) GDPR (legitimate interest). For data processed based on consent (Article 6(1)(a) GDPR), the consent can be withdrawn at any time.

The withdrawal can be submitted in writing or via email to the responsible entity. Data already processed remains unaffected, provided statutory retention obligations exist.

For questions or concerns regarding the processing of personal data, users can contact the Data Protection Officer.

VII. Applications via Email

1. Description and Scope of Data Processing

You have the option to send us an application via email. During this transmission process, our servers log the following data:

First and last name
Email address
Telephone number
Interest in permanent employment or freelance work
Date and time
Record type (type of employment)
Attachments, if applicable

In connection with your application, your data will not initially be shared with third parties. The data will only be used for processing within the application process. If you provide consent, your application data may also be shared with third parties within the scope of our projects.

2. Legal Basis for Data Processing

The legal basis for processing the data is the user's consent pursuant to Article 6(1)(a) GDPR.

The legal basis for processing the data transmitted as part of an email is Article 6(1)(f) GDPR.

Additionally, if the email is sent for the purpose of concluding a contract, the legal basis is Article 6(1)(b) GDPR.

3. Purposes of Data Processing

The processing of personal data from your application documents and email is solely for handling your application within the application process and for contacting you. In the case of employment and contact via email, this also constitutes the necessary legitimate interest in processing the data.

The consideration of your documents takes place within the application process, which constitutes the legitimate interest in processing the data.

4. Duration of Storage

The application data, including attachments, will be stored for up to six months after the application process is completed. In the event of employment, this data will be stored as part of the contractual relationship with you.

If your application is used as part of one of our projects, your data will be stored until the corresponding search and selection process is completed, you withdraw your consent or application, or as required by legal obligations.

5. Right to Object and Removal

The objection can be made via email to recruiting@tiba.de or by post. The necessary contact details are available in the imprint.

All personal data stored during the course of contact will be deleted in such cases.

VIII. Newsletter

To send our newsletter, we require your email address. Verification of the provided email address is necessary, and consent to receive the newsletter must be given. Additional data is not collected or is provided voluntarily. The data is used solely for sending the newsletter.

The data provided during newsletter registration is processed exclusively based on your consent (Art. 6(1)(a) GDPR). You can withdraw your previously granted consent at any time. A simple notification via email or unsubscribing using the "Unsubscribe" link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the withdrawal.

You can revoke your consent to receive the newsletter at any time with effect for the future, pursuant to Art. 7(3) GDPR. Simply inform us of your withdrawal or use the unsubscribe link included in every newsletter. Data entered to set up the subscription will be deleted upon unsubscribing. If this data was transmitted to us for other purposes or in another context, it will remain with us.

Microsoft Dynamics CRM

We use Microsoft Dynamics CRM to send newsletters. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. This service helps us organize and analyze newsletter distribution. The data you provide for receiving the newsletter, such as your email address, is stored on Microsoft servers located in Germany (Berlin and Frankfurt).

IBIN International Business Information Network

In addition to the in-house CRM system from Microsoft Dynamics 365, Tiba works with a trusted partner to send newsletters with a broader reach.

Imprint: https://ibin.network/index_de_23.php?pid=103

CleverReach

We use CleverReach to send press releases. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. This service helps us organize and analyze newsletter distribution. The data you provide for receiving the newsletter, such as your email address, is stored on CleverReach servers located in Germany or Ireland.

Using so-called conversion tracking, it is possible to determine whether a predefined action was performed after clicking certain links, such as purchasing a product on our website. Technical information, such as the time of access, IP address, browser type, and operating system, is also collected. This data is collected exclusively in pseudonymized form and is not linked to other personal data, ensuring that a direct connection to your identity is excluded. This information is used solely for statistical analysis of newsletter campaigns. The insights gained can be used to tailor future newsletters more effectively to the recipients' interests.

If you object to the statistical analysis of your data, it is necessary to unsubscribe from the newsletter.

We have concluded a data processing agreement with CleverReach, obligating CleverReach to protect our customer' data and not share it with third parties.

Further information about data analysis by CleverReach can be found here: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/

The CleverReach privacy policy can be found here: https://www.cleverreach.com/de/datenschutz/

IX. Plausible

1. Scope of the Processing of Personal Data

We use Plausible, a privacy-friendly web analytics platform provided by Plausible Analytics OÜ, Telliskivi 60a, 10412 Tallinn, Estonia. This tool is used to analyze user behavior on our website without storing personal data such as IP addresses or cookies. The following information is stored:

The URL of the page accessed
The URL of the page from which you accessed our site (referrer)
The URL of an outbound link clicked on our site
The browser type and version you are using
The operating system and type of your device

Information about your location (country, region, and city) is approximated based on your IP address; however, the IP address itself is not stored.

2. Purpose of Data Processing

The processing aims to improve user-friendliness and optimize our website based on aggregated and anonymized usage data.

3. Legal Basis for the Processing of Personal Data

The integration of Plausible is based on our legitimate interest under Article 6(1)(f) GDPR. Our legitimate interest lies in analyzing and optimizing our website to better meet the needs of our users.

4. Duration of Storage

The data collected by Plausible is anonymized and cannot be linked to any individual. Storage only occurs as long as necessary for the analysis of our website. No personal data is stored.

5. Exercising Your Rights

You can prevent the collection and processing of your data by Plausible by taking certain actions. This includes disabling the storage of third-party cookies on your computer, using the "Do Not Track" function of a supporting browser, disabling the execution of script code in your browser, or installing a script blocker such as NoScript or Ghostery in your browser.

For more information about how Plausible handles your data, please refer to their privacy policy: Plausible: GDPR, CCPA and cookie law compliant site analytics | Plausible Analytics

X. Microsoft Teams for Webinars & Trainings

1. Scope of the Processing of Personal Data

We use Microsoft Teams, a communication and collaboration platform provided by Microsoft Ireland Operations Limited, Ireland. Microsoft Teams is used by us for conducting webinars and training sessions.

2. Purpose of Data Processing

The processing of personal data is carried out for the purpose of organizing and conducting webinars and training sessions, including providing features such as video and audio transmission, chat, and document sharing.

3. Legal Basis for the Processing of Personal Data

The processing of personal data via Microsoft Teams is based on your consent pursuant to Article 6(1)(a) GDPR. This consent is given when you register for and participate in our webinars and training sessions. Additionally, processing is carried out based on our legitimate interest pursuant to Article 6(1)(f) GDPR. The legitimate interest lies in the efficient conduct of webinars and training sessions.

4. Duration of Storage

The personal data processed by Microsoft Teams is stored only as long as necessary for the stated purpose. Once the purpose is fulfilled, the data will be deleted or anonymized, unless statutory retention obligations apply.

5. Exercising Your Rights

You have the right to withdraw your consent to data processing at any time. The withdrawal does not affect the legality of processing carried out based on consent before its withdrawal.

You can also prevent the collection and processing of your data by disabling the storage of third-party cookies in your browser, activating the "Do Not Track" function, or using script blockers such as NoScript or Ghostery.

For more information about data processing by Microsoft Teams, please refer to Microsoft's privacy policy: Microsoft Privacy Statement – Microsoft privacy

XI. Rights of the Data Subjects

If your personal data is processed, you are considered a data subject under the GDPR and are entitled to the following rights vis-à-vis the controller:

1. Right of Access

You have the right to request confirmation from the controller as to whether personal data concerning you is being processed. If such processing is taking place, you can request the following information:

(1) The purposes for which the personal data is being processed;
(2) The categories of personal data being processed;
(3) The recipients or categories of recipients to whom the personal data has been or will be disclosed;
(4) The planned duration of storage of the personal data or, if specific details are not possible, the criteria for determining the storage duration;
(5) The existence of a right to rectify or delete the personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
(6) The existence of a right to lodge a complaint with a supervisory authority;
(7) All available information on the origin of the data if the personal data is not collected from the data subject;
(8) The existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and – at least in such cases – meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.

You also have the right to request information about whether your personal data has been transferred to a third country or an international organization. In this context, you can request to be informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to request the rectification and/or completion of your personal data if it is inaccurate or incomplete.

The controller must make the correction without delay.

3. Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of your personal data:

(1) If you contest the accuracy of your personal data for a period enabling the controller to verify its accuracy;
(2) If the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of its use;
(3) If the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims;
(4) If you have objected to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If processing has been restricted, such data – apart from storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing has been applied under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

4.a. Obligation to Delete

You have the right to request the immediate deletion of your personal data, and the controller is obliged to delete such data without undue delay if one of the following reasons applies:

(1) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
(3) You object to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to processing pursuant to Article 21(2) GDPR.
(4) The personal data has been unlawfully processed.
(5) The personal data must be deleted to comply with a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data has been collected in relation to the offer of information society services pursuant to Article 8(1) GDPR.

4.b. Information to Third Parties

If the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to delete it, the controller shall, taking into account available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the deletion of all links to, or copies or replications of, such personal data.

4.c. Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) For exercising the right of freedom of expression and information;
(2) For compliance with a legal obligation requiring processing under Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) For reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
(4) For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, where the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) For the establishment, exercise, or defense of legal claims.

5. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obligated to communicate this rectification or erasure of data or restriction of processing to all recipients to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients by the controller.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

(1) the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR and
(2) die Verarbeitung mithilfe automatisierter Verfahren erfolgt.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The freedoms and rights of other persons must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR, including profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option to exercise your right to object in the context of the use of information society services, notwithstanding Directive 2002/58/EC, by automated means using technical specifications.

8. Right to Withdraw Consent

You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

9. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Web: www.lda.bayern.de