Data Privacy
Version 6.0 from 22. March 2024
Information about the processing of your data
In accordance with Art. 12 of the General Data Protection Regulation (hereinafter: DSGVO), we are obliged to inform you aIn accordance with Art. 12 of the General Data Protection Regulation (hereinafter: GDPR), we are obliged to inform you about the processing of your data when you use our website. We take the protection of your personal data very seriously and this privacy policy informs you about the details of the processing of your data and your legal rights in this regard. We reserve the right to adapt the data protection declaration with effect for the future, in particular in the event of further development of the website, the use of new technologies or changes to the legal basis or the corresponding case law. We recommend that you read the privacy policy from time to time and take a printout or copy for your records.
Definitions
“Website” or “Internet presence” hereinafter means all pages of the controller on https://www.trust-ident.com. Personal data” means any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data therefore includes, for example, a person’s name, email address and telephone number, but may also include data about preferences, hobbies and memberships. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Consent hereinafter means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. Scope of application The privacy policy applies to https://www.trust-ident.com. It does not extend to any linked websites or internet presences of other providers.
Responsible provider
The following is responsible for the processing of personal data within the scope of this privacy policy: New Horizon GmbH
Neue Schönhauser Str. 2
10178 Berlin
contact@timeless.investments
Questions about data protection
If you have any questions about data protection with regard to our company or our app, you can contact our data protection officer: SPIRIT LEGAL Fuhrmann Hense Partnership of Lawyers
Lawyer and data protection officer
Peter Hense
Postal address:
Data Protection Officer
New Horizon GmbH
Neue Schönhauser Str. 2
10178 Berlin
Contact by e-mail:
datenschutzbeauftragter@timeless.investments
Security
We have taken comprehensive technical and organisational precautions to protect your personal data from unauthorised access, misuse, loss and other external interference. To this end, we regularly review our security measures and adapt them to the state of the art.
Your rights
You have the following rights with regard to the personal data concerning you, which you can assert against us:
Right to information: You can request information in accordance with Art. 15 GDPR about your personal data that we process.
Right to rectification: If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
Right to erasure: You can request the erasure of your personal data in accordance with Art. 17 GDPR.
Right to restriction of processing: In accordance with Art. 18 GDPR, you have the right to request the restriction of your personal data.
Right to object to processing: You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR pursuant to Article 21(1) GDPR. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, including where the processing serves the establishment, exercise or defence of legal claims (Art. 21 (1) GDPR). You also have the right to object at any time to the processing of personal data concerning you for the purpose of direct marketing in accordance with Art. 21 para. 2 GDPR; this also applies to any profiling insofar as it is associated with such direct marketing. We draw your attention to the right to object in this privacy policy in connection with the respective processing.
Right to withdraw your consent: If you have given your consent for processing, you have the right to withdraw your consent in accordance with Art. 7 (3) GDPR. Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit this data to another controller if the requirements of Art. 20 para. 1 lit. a, b GDPR are met (Art. 20 GDPR).
You can assert your rights by sending a message to the contact details specified in the “Responsible provider” section or to the data protection officer appointed by us. If you believe that the processing of your personal data violates data protection law, you also have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 GDPR. This also includes the data protection supervisory authority responsible for us Berliner Beauftragte für Datenschutz und Informationssicherheit, Friedrichtstr. 219, 10969 Berlin. Further information on your rights in relation to your personal data can be found, for example, at the European Commission at https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en.
Legal bases for the processing
We process your personal data if and insofar as this is necessary for the initiation, establishment, execution and/or termination of a legal transaction with our company. The legal basis for this results from Art. 6 para. 1 sentence 1 lit. b) GDPR. After the purpose has been achieved (e.g. contract processing), the personal data will be blocked for further processing or deleted unless we are entitled to further storage and processing required in the respective context on the basis of consent given by you (e.g. consent to the processing of the email address for sending electronic advertising mail), a contractual agreement, a legal authorisation (e.g. authorisation to send direct advertising) or on the basis of legitimate interests (e.g. storage for the enforcement of claims). Your personal data will be passed on if it is necessary for the establishment, execution or termination of legal transactions with our company (e.g. when passing on data to a payment service provider/shipping company to process a contract with you), (Art. 6 para. 1 sentence 1 lit. b) GDPR), or a subcontractor or vicarious agent that we use exclusively in the context of providing the offers or services requested by you requires this data (unless you are expressly informed otherwise, such auxiliary persons are only authorised to process the data to the extent that this is necessary for the provision of the offer or service), there is an enforceable official order (Art. 6 para. 1 sentence 1 lit. c) GDPR), there is an enforceable court order (Art. 6 para. 1 sentence 1 lit. c) GDPR), we are obliged to do so by law (Art. 6 para. 1 sentence 1 lit. c) GDPR), processing is necessary in order to protect the vital interests of the data subject or of another natural person (Art. 6 para. 1 sentence 1 lit. d) GDPR), it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 sentence 1 lit. e), we are authorised or even obliged to disclose data in order to pursue overriding legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR). Your personal data will not be passed on to other persons, companies or organisations unless you have effectively consented to such a transfer. The legal basis for processing is then Art. 6 para. 1 sentence 1 lit. a) GDPR.
Use of the website, access data
In principle, you can use our website for purely informational purposes without disclosing your identity. When accessing the individual pages of the website in this sense, only access data is transmitted to our hosting provider so that the website can be displayed to you. This is the following data:
Browser type/ browser version
Operating system used
Language and version of the browser software
Host name of the accessing end device
IP address
Website from which the request comes
Content of the request (specific page)
Date and time of the server request
Access status/HTTP status code
Referrer URL (the previously visited page)
Amount of data transferred
Time zone difference to Greenwich Mean Time (GMT)
The temporary processing of this data is necessary to technically enable the course of a website visit and delivery of the website to your end device. The access data is not used to identify individual users and is not merged with other data sources. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests lie in ensuring the functionality of the website and the integrity and security of the website. Storing access data in log files, in particular the IP address, for a longer period of time enables us to recognise and prevent misuse. This includes, for example, defence against requests that overload the service or possible bot use. The access data is deleted as soon as it is no longer required to fulfil the purpose for which it was processed. In the case of the collection of data for the provision of the website, this is the case when you end your visit to the website. The log data is always stored directly and only accessible to administrators and is deleted after seven days at the latest. After that, it is only available indirectly via the reconstruction of backup tapes and is permanently deleted after a maximum of four weeks.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Cookies and similar technologies
In addition to the aforementioned access data, so-called cookies, pixels or other tracking technologies are used when using the website. Cookies are small text files with a sequence of numbers that are stored locally in the cache of the browser used. Pixels are one-pixel images that are not transparent or are created in the background colour of the website and are therefore not visible to the user. The pixel also records information about your user behaviour on the website. Fingerprinting technologies generate a unique fingerprint based on the browser settings and thus identify an individual browser. Using a script that every Internet browser executes automatically, information such as the screen resolution, fonts used, operating system, hardware information and integrated browser plug-ins can be collected, which in their specific combination can ultimately be traced back to a specific user. Tracking technologies are used to make our website more user-friendly. The use of tracking technologies may be technically necessary or for other purposes (e.g. analysing/evaluating website usage).
Technically necessary website elements
Some elements of our website require that the accessing browser can be identified even after a page change. The following data is processed in the technically necessary elements, such as cookies or similar methods of terminal device access in particular, for the purpose of carrying out or facilitating electronic communication and providing an information society service requested by the user: Language settings,
Settings for fonts,
Log-in information.
The user data collected by technically necessary elements are not processed to create user profiles. We also use so-called “session cookies”, which store a session ID that can be used to assign various requests from your browser to the joint session. “Session cookies” are necessary for the use of the website. In particular, they allow us to recognise the device you are using when you return to the website. We use this cookie to recognise you on subsequent visits to the website if you have a customer account with us; otherwise you will have to log in again each time you visit. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the processing are to provide the aforementioned special functionalities and thereby make the use of the website more attractive and effective. The “session cookies” are deleted as soon as you log out or, depending on which browser you are using and which browser settings you have made, when you close the browser.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Controller” section.
Technically unnecessary website elements
Insofar as we integrate third-party cookies or pixels and similar tracking technologies into our website that are not technically necessary, we will inform you of this separately below. Contact our company
When contacting our company, e.g. by email, the personal data you provide will be processed by us to respond to your enquiry. The legal basis for the processing is Article 6 para. 1 p. 1 lit. f) DSGVO. The data is processed exclusively for processing in the context of the conversation. We delete the data accruing in this context after the processing is no longer necessary or restrict the processing to compliance with the existing legally mandatory retention obligations. You can object to the processing. Your right to object exists on grounds arising from your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.
Data transmission to Switzerland / the EU
If users from Switzerland use the app, data is transferred to EU member states and vice versa to Switzerland in order to provide the app. The data transfer to Switzerland takes place on the basis of the adequacy decision of the European Commission 2000/518/EC (available at: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32000D0518&from=EN) in accordance with Art. 45 of the GDPR, according to which Switzerland offers an adequate level of protection for your data. The transfer of data to the European Union takes place on the basis of the list of states published by the Swiss Federal Data Protection and Information Commissioner (available at: https://www.edoeb.admin.ch/dam/edoeb/de/dokumente/2017/04/staatenliste.pdf.download.pdf/staatenliste.pdf) for countries in the European Union that offer an adequate level of protection under Swiss data protection law.
Legal defence
In addition, we process the aforementioned data for the establishment, exercise or defence of legal claims. The legal basis for the processing is Art. 6 para. 1 lit. c) DSGVO and Art. 6 para. 1 lit. f) DSGVO. In these cases, we have a legitimate interest in asserting or defending claims.
You may object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.
Hosting
We use external hosting services from Amazon Web Services (Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States) to provide you with the following services: infrastructure and platform services, computing capacity, storage resources and database services, security and technical maintenance services. All data required for the operation and use of our app is processed. We use external hosting services for the operation of this app offering. Amazon also processes your data in the USA. We have agreed standard contractual clauses with Amazon in order to oblige Amazon to maintain an appropriate level of data protection. We will provide you with a copy on request. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interests in the use of external hosting services are the efficient and secure provision of our app offering.
You can object to the processing. You have the right to object on grounds relating to your particular situation. You can send us your objection using the contact details provided in the “Responsible provider” section.
Cloudfront
We also use Cloudfront as a content delivery network (CDN). The provider of this is Amazon Web Services Inc, 440 Terry Ave N, Seattle, WA 98109, USA. When you use our app, requests are forwarded to servers of the CDN. In the process, your IP address is transmitted and processed. Amazon also processes your data in the USA. We have agreed standard contractual clauses with Amazon to oblige Amazon to maintain an appropriate level of data protection. We will provide you with a copy upon request. A permanent storage of your data does not take place in this case. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) DSGVO. We use Cloudfront to make our app offer more attractive and to optimise the loading times of the app.
You may object to the processing. Your right to object is on grounds relating to your particular situation. You can send us your objection via the contact details mentioned in the section “Responsible provider”.
Google Analytics
In order to tailor our website perfectly to user interests, we use Google Analytics, a web analytics service from Google (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland and Google, LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter referred to as “Google” and “Google Analytics 4″). Google Analytics 4 uses so-called “cookies” that are stored on your end device for recognition, as well as similar tracking methods for device recognition such as pixel tags, device fingerprinting, and programming interfaces (e.g., APIs and SDKs) to process information from your end device. For this purpose, a randomly generated identification number (cookie ID/device ID) is assigned to your end device. Using these technologies, Google processes the generated information about the use of our website by your end device, as well as access data, for the purpose of statistical analysis. This includes, for example, the access to specific web pages, the number of unique visitors, entry and exit pages, duration of visit, click, swipe, and scroll behavior, button clicks, newsletter sign-ups, bounce rate, and similar user interactions. For this purpose, it may also be determined whether different end devices belong to you or your household. Access data includes, in particular, the IP address, browser and device information, cookie ID/device ID, the previously visited website, and the date and time of the server request. In the systems of Google Analytics 4, individual IP addresses are not logged or stored. At the moment of capturing the IP address by Google in specific local data centers in the EU, your IP address is used to determine location information. Subsequently, the IP address is deleted before the access data is stored in a data center or on a server for Google Analytics. Google Analytics 4 does not provide precise data on the geographic location; rather, it only offers general location information such as the region and city of the device’s location derived from the IP address. Google will process this information to evaluate your use of the website, compile reports on website activities, and – if specifically indicated – provide us with additional services related to website usage. If you are registered with a Google service, Google may associate the website visit with your user account and create and analyze user profiles across applications. In addition, there is a cross-platform analysis of user behavior on websites and apps utilizing Google Analytics 4 technologies. This allows the user behavior to be captured, measured, and compared across different environments equally. For instance, automated scroll events of the user are recorded to provide a better understanding of the use of websites and apps. Various cookie IDs/device IDs for different end devices are used for this purpose. Subsequently, anonymized statistics, created based on selected criteria, are provided to us regarding the usage of different platforms.
Using Google Analytics 4, automatically, target audiences are created for specific cookie IDs/device IDs or mobile advertising IDs, which are later used for personalized advertising. Target audience criteria may include, for example: users who viewed products but did not add them to a shopping cart, or added items to a cart but did not complete the purchase, OR users who have purchased specific items. A target audience comprises at least 100 users. With the Google Ads tool, interest-based ads can then be displayed in search results. Similarly, users of websites on other sites within the Google advertising network (in Google Search, on YouTube, so-called “Google Ads” or on other websites) can be recognized, and tailored ads can be presented based on the defined target audience criteria. With regard to the storage of and access to information on your end device, your consent is the legal basis according to Article 6(1) sentence 1 (a) of the General Data Protection Regulation (GDPR). Google also processes the data in part in the US. The EU Commission has issued an adequacy decision for the USA. Google, LLC is certified within this framework. In addition, we have concluded so-called standard contractual clauses with Google, LLC in order to oblige Google, LLC to an appropriate level of data protection. A copy is of course available at https://cloud.google.com/terms/sccs. Your data processed in connection with Google Analytics 4 will be erased after 26 months at the latest. For further information about privacy at Google, please refer to: https://www.google.de/intl/de/policies/privacy. You can withdraw your consent to the processing and transfers to third countries at any time by moving