Data Protection Regulations
Definitions of the terms used (e.g., "personal data" or "processing") can be found in Article 4 of the GDPR.
General Information on Data Processing
Scope of Processing Personal Data
We generally collect and use personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The collection and use of personal data of our users regularly only takes place with the user's consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of data is permitted by legal regulations.
Legal Basis for Processing Personal Data
Where we obtain the user's consent for processing personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data.
If processing of personal data is necessary for the performance of a contract to which the user is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
Where vital interests of the data subject or another natural person require processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to protect the legitimate interests of our company or a third party, and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6(1)(f) GDPR serves as the legal basis for processing.
Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may continue beyond this if provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Blocking or erasure of data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a necessity for further storage of the data for the conclusion or performance of a contract. If you assert a valid request for erasure or withdraw consent to data processing, your data will be erased unless we have other legally permissible grounds for the storage of your personal data (e.g., tax or commercial retention periods); in the latter case, erasure will occur once these reasons no longer apply.
Recipients of Personal Data
As part of our business activities, we collaborate with various external entities. In some cases, this collaboration necessitates the transmission of personal data to these external entities. We only disclose personal data to external entities if it is necessary for the performance of a contract, if we are legally obligated to do so (e.g., data transmission to tax authorities), if we have a legitimate interest under Article 6(1)(f) GDPR in the disclosure, or if another legal basis permits data disclosure. When using data processors, these service providers only process data upon explicit instruction and are contractually obligated to ensure appropriate technical and organizational measures for data protection. In the event of joint processing, a joint processing agreement will be concluded.
Note on Data Transfer to US Companies
For hosting our website, we use a service provider based in Germany. The use of this hosting service provider is based on Article 6(1)(f) GDPR. We have a legitimate interest in ensuring a reliable presentation of our website.
We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required contract that ensures the processing of personal data of our website visitors only according to our instructions and in compliance with the GDPR.
Registering for a User Account
In order to make use of tabtool GmbH's services, it is necessary to create a user account. You have the option to register on our website by providing personal data. The specific personal data transmitted to tabtool GmbH during the registration process can be found in the respective input form used for registration. As part of the registration process, we obtain your consent to process this data.
Upon registration on our website, the IP address assigned by your Internet Service Provider (ISP), along with the date and time of registration, is also stored. The storage of this data is necessary to prevent misuse of our services and, if necessary, to facilitate the investigation of any criminal activities. Thus, the storage of this data is essential to safeguard the controller's interests. In general, this data is not disclosed to third parties unless required by law or for the purpose of criminal prosecution.
Your voluntary provision of personal data during the registration process allows tabtool GmbH to offer you content or services that are exclusively available to registered users. Registered individuals have the option to modify or completely delete the personal data provided during registration from tabtool GmbH's database.
At any time upon request, tabtool GmbH provides affected individuals with information about the personal data stored concerning them. Furthermore, tabtool GmbH corrects or deletes personal data at the request or notification of the concerned individual, provided that no legal retention obligations apply.
When you create a (test) account to use our products, we process (i) information associated with you as the owner of the (test) account, needed for contacting you, such as first name, last name, email address, telephone number, (ii) company master data (e.g., company name, address, email addresses, telephone numbers, contact persons, roles), (iii) information about the type and content of the contractual relationship (e.g., quantity, type, and durations of activated licenses, as well as information about requested and created offers), (iv) marketing-related information such as industry affiliation and target audience, as well as information about the origin and history of the (test) account (e.g., responsible sales partner, timing of the last contact).
For individual users of our products assigned to a specific (test) account, we process information needed for contacting them and uniquely assigning users. This includes contact details such as first name, last name, email address, telephone numbers and company, as well as information required for managing the user account (e.g., (test) account to which the user is assigned, license number, timing of account creation, type of account, active/inactive account). Furthermore, we process information about the activities of users in our products.
Legal Basis for Data Processing
The legal basis for these processes is the execution of pre-contractual measures or the fulfillment of our contractual obligations (Art. 6 para. 1 lit. b GDPR), as well as the safeguarding of our legitimate interests (Art. 6 para. 1 lit. f GDPR), namely the analysis and assurance of the operation of our websites and products, the continuous improvement of our products, and the optimization of our marketing measures.
When you activate a paid account with us, the payment service providers we have engaged (see below) process payment information in addition to the data mentioned above (e.g., invoice recipient, invoice addresses, invoice numbers, invoice periods, due dates, bank details, payment conditions, contact person for invoices, VAT ID, etc.). An email address and the desired product are passed on to the payment service provider Billwerk for order processing (see "Payment Service Provider").
Duration of Storage
The collected personal data will be deleted as soon as the processing is no longer necessary. If the operator is required to comply with legal retention periods for personal data, your personal data will not be deleted, but will be blocked until the expiration of the legal retention period (restriction of processing through appropriate blocking measures, Art. 4 No. 3 GDPR).
Right to Object
Registered individuals have the option to modify or completely delete the personal data provided during registration from our database. The established test account will be closed, and your personal data will be deleted. To revoke the consent given for the creation and maintenance of the user account pursuant to Art. 7 para. 3 GDPR for the future, you only need to inform us of your revocation, for example, by sending an email to email@example.com. The personal data entered during this process (e.g. name, email address) will be processed within the legal provisions for processing the request pursuant to Art. 6 para. 1a or Art. 6 para. 1b EU GDPR.
a) Operator Cookies
We use so-called "cookies" on our website. A cookie is a small file that contains a specific string of characters, is stored on your device, and uniquely identifies your browser, allowing further information to be stored within it. By using cookies, we enhance the comfort and quality of our website and services, for example, by saving user preferences. Through these cookies, certain information about you, such as your browser or location data, or your IP address, is processed to an individual extent. This processing makes our website more user-friendly, effective and secure, as it enables the retention of convenience functions such as settings. Session cookies are deleted when you close your internet browser.
The legal basis for processing operator cookies is Article 6(1)(b) of the GDPR, provided these cookies process data for contract initiation or contract fulfillment. If the processing does not serve contract initiation or fulfillment, our legitimate interest lies in enhancing the functionality of our website. In such cases, the legal basis is Article 6(1)(f) of the GDPR.
b) Third-Party Cookies
Technologies and Services on the Website
Freshsales Suite CRM
This website utilizes the "Freshsales Suite" service provided by Freshworks Inc. for online marketing activities. Freshworks is a software company based in the USA (2950 S. Delaware Street, Suite 201, San Mateo, California 94403) with a branch in Germany. Contact: Freshworks GmbH, Neue Grünstraße 17, 10179 Berlin.
Freshsales Suite is a Customer Relationship Management (CRM) and marketing automation system. We use Freshsales Suite for contact management, email marketing (newsletters and automated mailings) and providing product-related information such as new features or updates/upgrades.
When you create a test account to use our products, activate a paid account with us, are invited by the account owner, or provide us with contact information and other demographic data (e.g., through a contact form on our website), we may share this information with Freshworks. Freshworks' services assist us in contacting prospects and users of our products, responding to inquiries, and determining which services offered by our company are of interest to them.
If you have provided your consent, we process your contact data, such as email address, first name, last name and salutation for email marketing and providing product-related information, such as new features, unused features, updates/upgrades, and potentially account status information. You can revoke your consent at any time, for example, by sending an email to firstname.lastname@example.org. You can unsubscribe from emails using an unsubscribe-link in each email.
The legal basis for these processing activities is your explicit consent (Article 6(1)(a) GDPR) and the protection of our legitimate interests (Article 6(1)(f) GDPR), namely, enhancing user experience and service quality when using our products or visiting our websites (e.g., efficient and quick handling of inquiries).
Freshworks, the provider of Freshsales Suite, is based in the USA. Therefore, we have concluded a contract with Freshworks that includes standard contractual clauses pursuant to Article 46(2) GDPR, wherein Freshworks commits to processing user data only in accordance with our instructions and maintaining the EU level of data protection. Further information can be found here:
Freshdesk Help Widget
On our website, we offer the option of contacting us and accessing Frequently Asked Questions (FAQ) through a "Help" widget by the service "Freshdesk". The provider of this service is Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, California 94403, USA. For the organization and processing of inquiries, personal data, typically including name, first name, and email address, is collected, transmitted to Freshworks, stored, and retrieved.
The legal basis for processing this data is our legitimate interest in efficiently designing our customer service, promptly responding to your inquiries, and optimizing our service offerings (Article 6(1)(f) GDPR).
Your data will be deleted after final processing of your inquiry, provided the circumstances indicate that the matter has been conclusively clarified and there are no legal retention obligations. Further information on data protection from Freshdesk can be found at https://www.freshworks.com/privacy/
We have concluded a contract with Freshworks that includes standard contractual clauses pursuant to Article 46(2) GDPR, wherein Freshworks commits to processing user data only in accordance with our instructions and maintaining the EU level of data protection.
The transmission of your data to Freshworks is based on Article 6(1)(a) GDPR (consent). You have the option to revoke your consent to data processing at any time. A revocation does not affect the legality of data processing carried out in the past.
The use of the Freshdesk Help Widget is optional. You can also contact us for support inquiries or questions about our products using other means, such as by emailing to email@example.com or calling us.
This website uses the open-source web analysis service Matomo. With Matomo, we can collect and analyze data about the use of our website by visitors. This allows us to determine, among other things, when specific page views occurred and from which region they originated. Additionally, we collect various log files (e.g., IP address, referrer, used browsers, and operating systems) and can measure whether our website visitors perform specific actions (e.g., clicks, purchases, etc.).
The use of this analysis tool is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its web offering and advertising. If appropriate consent has been obtained, processing is carried out exclusively based on Article 6(1)(a) GDPR and § 25(1) and (8)/(12) TTDSG, to the extent that consent covers the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
IP anonymization is used for analysis with Matomo. This involves shortening your IP address before analysis, making it no longer uniquely assignable to you.
We have configured Matomo not to store cookies in your browser.
We exclusively host Matomo on our own servers, so all analysis data remains with us and is not shared.
Online Appointment Booking through Microsoft Bookings
Our website uses the Microsoft Bookings service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, for online appointment scheduling. The connection to the service is established only when you access the online booking function via an emdedded form on our site. For appointment scheduling, your entries in the appointment scheduling form are transferred to Microsoft. For further information on how your data is handled, please refer to Microsoft's Privacy Statement at https://privacy.microsoft.com/de-de/privacystatement.
The legal basis for processing your data in relation to the "Microsoft Bookings" service is Article 6(1)(f) GDPR (legitimate interest in data processing). The legitimate interest arises from our aim to provide a user-friendly website with a wide range of functions and to offer you the opportunity to quickly and easily arrange a demo or consultation appointment with our staff when needed. We would like to point out that you are not obligated to use Microsoft Bookings to schedule an appointment. If you do not wish to use the service, please use another one of the offered contact options to schedule an appointment.
The Microsoft Corporation is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards.
Plugins and Tools on the Website
This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. When you visit one of our web pages that embeds YouTube, a connection to YouTube's servers is established. This informs the YouTube server about which of our pages you have visited.
Furthermore, YouTube may store various cookies on your device or use comparable technologies for recognition (e.g., device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to capture video statistics, improve user-friendliness, and prevent fraudulent activities.
If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA aimed at ensuring compliance with European data protection standards for data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards.
Google Fonts (Local Hosting)
Font Awesome (Local Hosting)
Online Presences on Social Media
We maintain online presences within social networks and platforms such as LinkedIn and Xing to communicate with customers, interested parties as well as users active on those platforms and to inform them about our offers and company developments. We would like to point out that data of users can be processed outside the European Union. This could result in risks for users, for instance, making it more difficult to enforce user rights. Furthermore, data of users is usually processed by the platforms for market research and advertising purposes. For example, usage behavior and resulting interests of users can be used to create usage profiles. These usage profiles can be used, among other things, to display advertisements within and outside the platforms that presumably correspond to users' interests. For these purposes, cookies are usually stored on users' computers in which user behavior and interests are stored. Furthermore, data can be stored in the usage profiles regardless of the devices used by users (especially if users are members of the respective platforms and are logged in to them). Tabtool GmbH does not have access to the actual usage data. We only use general usage statistics to review the effectiveness of use.
The processing of users' personal data is based on our legitimate interests in effective information and communication with users pursuant to Article 6(1)(f) GDPR. If users are asked by the respective providers for consent to terms and conditions that require data processing, the legal basis for processing is Article 6(1)(b), Article 7 GDPR.
For a detailed presentation of the respective processing activities and options for objection (opt-out), please refer to the linked information provided by the providers:
No Application of Automated Decision-Making
As a responsible company, we do not engage in automatic decision-making or profiling.
b) Right to Information
Every data subject whose personal data is processed has the right granted by the European legislator to obtain from the data controller free information about the personal data stored about them and a copy of this information at any time. Furthermore, the European legislator has granted the data subject access to the following information:
- the purposes of processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly recipients in third countries or international organizations
- if possible, the intended duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration
- the existence of a right to rectification or erasure of the data subject's personal data, or restriction of processing by the data controller, or a right to object to such processing
- the existence of a right to lodge a complaint with a supervisory authority
- if the personal data is not collected from the data subject: all available information about the origin of the data
- the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR, and at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Furthermore, the data subject has the right to be informed whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right of information, they may at any time contact an employee of the data controller.
d) Right to Erasure (Right to Be Forgotten)
Every data subject whose personal data is processed has the right granted by the European legislator to request the data controller to erase without undue delay personal data concerning them, provided that one of the following grounds applies and the processing is not necessary:
- The personal data was collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws consent on which the processing is based according to Article 6(1)(a) GDPR, or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
- The personal data has been unlawfully processed.
- The erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
- The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
If one of the aforementioned reasons applies and a data subject wishes to request the erasure of personal data stored by tabtool GmbH, they may at any time contact an employee of the data controller. The employee of tabtool GmbH will arrange that the erasure request be complied with immediately.
If the personal data has been made public by tabtool GmbH and our company is obliged, as the data controller, to erase the personal data pursuant to Article 17(1) GDPR, tabtool GmbH, taking account of available technology and the cost of implementation, will take reasonable steps, including technical measures, to inform other data controllers processing the published personal data that the data subject has requested erasure of all links to, or copy or replication of, those personal data. The employee of tabtool GmbH will arrange the necessary in individual cases.
e) Right to Restriction of Processing
Every data subject whose personal data is processed has the right granted by the European legislator to obtain from the data controller restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The data controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the data controller override those of the data subject.
If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored by tabtool GmbH, they may at any time contact an employee of the data controller. The employee of tabtool GmbH will arrange the restriction of the processing.