Privacy Policy

of Tellja GmbH (Tellja business division)
Last revised: 12 February 2025

This website is operated by Tellja GmbH (hereinafter “Tellja” or “we”). We take your privacy very seriously and process your personal data in accordance with the applicable legal data protection requirements. Personal data within the meaning of this Privacy Policy comprises all information that can be connected to you personally, e.g. name, address, email and IP address, user behaviour.
The following Privacy Policy notifies you about how we process your personal data. We also provide you with an overview of your data protection rights.
The specific data that is processed and how it is used depends largely on the services utilised, requested or agreed.

The following explanations apply to the Tellja website (TI) and/or Tellja Widget (TW).

1. 1. Controller and data protection officer

   1. The controller pursuant to Art. 4(7) of the General Data Protection Regulation (GDPR) is:
      Tellja GmbH
      Solmsstr. 12
      D-60486 Frankfurt am Main
      Fax: + 49 (0)69 8700 429 29
      Email: support@tellja.de
      
   2. The data protection officer can be contacted at
      FPS IT and Data Privacy GmbH
      Data Protection Officer
      Kurfürstendamm 220
      10719 Berlin
      Email: datenschutz@tellja.de
      

2. 2. Source of the personal data

   We process personal data that we receive from you in the course of your visit to our website or when you contact us by email.
   

3. 3. Provision of the website and creation of log files (TI)

   1. Each time our website is accessed, our system automatically collects data and information from the computer system of the computer performing the access.
   2. The following data is collected:
      1. information about the browser type and version used,
      2. your operating system,
      3. your Internet service provider,
      4. your IP address,
      5. date and time of access,
      6. time zone difference to Greenwich Mean Time (GMT),
      7. access status/HTTP status code,
      8. amount of data transferred in each case,
      9. websites from which your system accesses our website,
      10. websites that are accessed by your system via our website.
   3. The log files contain IP addresses or other data that enable an allocation to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website which the user subsequently visits contains personal data. The data is also stored in our system log files. This data is not stored together with other personal data concerning the user.
   4. The legal basis for the temporary storage of the data and the log files is our legitimate interest pursuant to Art. 6(1)(f) GDPR.
   5. The temporary storage of the IP address by the system is necessary to enable the website to be displayed on the user’s computer. This requires the user’s IP address to remain stored for the duration of the session.
   6. Data is stored in log files to ensure the functionality of the website. We also use the data for the technical optimisation of the website and to ensure the security of our IT systems. The data is not analysed for marketing purposes in this context.
   7. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.

4. 4. Use of cookies

   1. In addition to the aforementioned data, transient and persistent cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive. They are allocated to the browser you are using and that provide certain information to the entity that places the cookie. Cookies cannot run programmes or transfer viruses to your computer. Their purpose is to make the website more user-friendly and effective overall.
   2. When you visit our website, you will be notified about the use of cookies for analytical purposes and your consent to the processing of the personal data used in this context will be obtained. Reference to this Privacy Policy is also made there.
   3. Most browsers are configured to accept cookies. However, you can deactivate the storage of cookies in your browser at any time or configure your browser so that you receive a message as soon as cookies are sent. However, please note that in this case you may then not be able to use all the functions of this website.
   4. This information is stored separately from any other data provided to us. In particular, the cookie data is not linked to your other data.
   5. Further information on which specific cookies we use and how long they are stored can be found at https://www.tellja.eu/en/cookie-policy.html abrufbar.
   6. The legal basis for the processing of personal data using technically necessary cookies within the meaning of section 25(2) German Telecommunications Digital Services Data Protection Act (TDDDG) is the controller’s legitimate interests pursuant to Art. 6(1)(f) GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is consent pursuant to Art. 6(1)(a), 7 GDPR in conjunction with Art. 25(1) TDDDG. In connection with the transfer to third countries, the legal basis for the processing of personal data using cookies for analytical purposes is your consent pursuant to Art. 6(1)(a), 7, 45(1), (2)(c) GDPR in conjunction with section 25(1) TDDDG.

5. 5. Collection of personal data in cases of personalised use (TI/TW)

   1. In addition to the use of our website for purely information-related purposes, we offer various services that you may be interested in using. To do so, you will generally have to provide further personal data that we use to provide the respective service. This mandatory information is labelled accordingly. Voluntary information may also be provided. We only collect, process and use the personal data that is necessary for your use of the website and/or the fulfilment of a contract concluded with us, in particular the processing of the recommendation and the associated issue of rewards, or personal data that you provide yourself. This relates in particular to the following inventory and usage data that may be transmitted via forms on our website:
      • name (consisting of title, first name and surname)
      • address
      • email address
      • user’s registration and login data
      • user’s bank details
      • user’s customer number with the advertiser, if applicable
   2. We use inventory and usage or tracking data to establish a contractual relationship with you, if necessary, to structure its content, to change or terminate it, to meet our contractual obligations, to log the user in to the website and to contact you if requested by you or required within the framework of the contractual relationship or permitted by law.
   3. When you contact us by email, we will store the data you provide in order to respond to your enquiry. The following data can be transmitted to us:
      • customer number (if not already provided as mandatory information),
      • contract/reference number,
      • date-related information
      We delete the data arising in this context once storage is no longer required, or restrict processing if statutory retention obligations apply.
   4. As an alternative to logging in via our website using the Tellja username/password, users can also link their existing Facebook account with their Tellja account, enabling them to use their Facebook account to log in to Tellja going forward (“Facebook Connect”). Facebook Connect is a service offered by the social network “Facebook”, which is operated by Facebook, Inc. with registered office at 1601 S. California Ave, Palo Alto, CA 94304, USA (hereinafter referred to as “Facebook”). The use of Facebook Connect is subject to Facebook’s privacy policy and terms of use, which are available at https://www.facebook.com/privacy. When you use Facebook Connect, we gain access to the email address and other information stored on Facebook, which is available as public and generally accessible in your Facebook profile.

6. 6. Tellja referral marketing (by telephone)

   1. When a new customer places a telephone order with one of our advertisers, that advertiser collects the new customer’s and their referrers’ personal data that is required to process the order and fulfil the referral.
   2. In order to bring the telephone recommendation process to a successful conclusion and to be able to pay the bonus to the referrer (or to the new customer if the bonus is shared), the advertiser transmits to Tellja the collected data that is required to process the referral (such as first name, surname, order ID, purchased product and referrer’s email address, as well as the new customer’s email address).
   3. The referrer’s email address is required to inform them of the successful referral. If the referrer is not yet registered on our Tellja platform, they will receive a registration link by email. The new customer’s email address is required in order to inform the new customer if the bonus is shared.
   4. The sole purpose of data processing is to bring the referral to a successful conclusion and, in the course of this, to pay the bonus to the referrer and/or optionally to the new customer.
   5. We delete the data arising in this context after the storage is no longer required for the abovementioned purpose, unless otherwise agreed or required by law.

7. 7. Tellja Champions (TI)

   1. We offer our “Tellja Champions” product to our commercial users (champions). This enables commercial users to broker products and services to potential advertisers, and commissions are paid in the event of success.
   2. We only collect, process and use the personal data of the commercial user and/or, if applicable, the potential advertiser that is required for your use of the product and the fulfilment of a contract concluded with us pursuant to Art. 6(1)(b) GDPR, in particular the processing of the brokerage of products and services and the associated payment of commission, such as company name/surname/first name/surname/tax-relevant data/bank data/possibly telephone number and the email address of the commercial customer.
   3. The sole purpose of data processing is to bring the brokerage to a successful conclusion and to pay the commission to the commercial user in the course of this.

8. 8. Processing in the USA, CLOUD Act

   1. Some of the tools we use have a connection to the USA due to the company’s headquarters. The data concerning you collected in this context will be processed by companies based in the USA and may be transferred to countries outside the European Union, in particular the USA. In contrast to the active transfer of personal data, there is also the possibility of passive access by US security authorities on the basis of what is known as the CLOUD Act. According to this, US security authorities may request access to your personal data stored on European servers.
   2. The European Commission has recognised the level of data protection for certain companies from the USA as part of an adequacy decision (known as the EU-U.S. Data Privacy Framework (hereinafter DPF)). The prerequisite for this is effective self-certification by the company concerned. Further information on the EU-U.S. Data Privacy Framework can be found at https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3721. Self-certification is expressly referred to in this Privacy Policy. If the data transfer is based on the DPF, the legal basis is Art. 45(1) GDPR.
   3. If the US company has not self-certified pursuant to the DPF, the data transfer is based on standard contractual clauses (SCC) pursuant to Art. 46(2)(c) GDPR.

9. 9. Anonymous statistical analysis of usage data and market research (TI/TW)

   1. We analyse the usage data anonymously for statistical purposes to enable a demand-focused design of the website.
   2. We also use data for the purposes of advertising or market research and also transfer this data to the advertiser if you have expressly consented to such processing in the specific case. You can revoke this consent at any time.

10. 10. Use of plug-ins (TW)

    1. We currently use the following plug-ins: Facebook, Google, X (formerly Twitter), LinkedIn and Xing. We use what is known as the two-click solution. This means that no personal data is initially passed on to the providers of these plug-ins when you visit our website. You can identify the plug-in provider by the by the initial letter or logo via the marking on the greyed-out box. The services are contacted or the query made from the server, meaning that only the server address is transmitted to the respective provider instead of the visitor’s IP address. Only if you click on the link to share content will the plug-in provider be notified that you have accessed the corresponding website of our online services. Additionally, the data specified in clause 4 of this Privacy Policy will be transmitted. Activating the plug-in causes the personal data to be transmitted and stored there (in the USA for US providers). As the plug-in provider collects data via cookies in particular, we recommend that you delete all cookies via your browser’s security settings before clicking the greyed-out box.
    2. We have no influence over the data collected and data processing procedures, nor are we aware of the full extent of the data collection or the associated purposes and storage periods. We also have no information about the deletion of the data collected by the plug-in provider.
    3. The plug-in provider stores this data as a user profile and uses it for the purposes of advertising, market research and/or to customise its website. Such an analysis is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You need to contact the respective plug-in provider to exercise this right. We offer you the opportunity to interact with social networks and other users via the plug-ins so that we can improve our offering and make it more interesting for you as a user. We also share certain video content and podcasts with you through the use of plug-ins.
    4. Data is shared regardless of whether you have an account with the plug-in provider or are logged in there. If you are logged in with the plug-in provider, your data will be assigned directly to your existing account with the plug-in provider. If you press the activated button and link the page, for example, the plug-in provider also will store this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before you activate the button, as this will avoid this being allocated to your profile held with the plug-in provider.
    5. Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the following privacy policies of these providers. There you will also find further information about your rights in this regard and options for making settings to protect your privacy.
    6. The legal basis for data processing is your consent pursuant to Art. 6(1)(a), 7 GDPR. Where tools from US providers are used, the legal basis derives from Art. 6(1)(a), 7, 45(1), 46(2)(c) GDPR.
    7. Addresses of the respective providers and URL with their privacy policies:
       Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA;
       https://www.facebook.com/policy.php.
       Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA;
       https://www.google.com/policies/privacy/partners/?hl=de.
       X Corp., 1355 Market St, Suite 900, San Francisco, California 94103, USA;
       https://twitter.com/privacy.
       LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA;
       https://www.linkedin.com/legal/privacy-policy.
       Xing SE, Dammtorstraße 30, 20354 Hamburg, DE;
       http://www.xing.com/privacy.

11. 11. Facebook fan page (Insights) (TI/TW)

    1. We operate a fan page on Facebook to advertise our products and services. As part of the joint controllership pursuant to Art. 26 GDPR, a corresponding supplementary agreement (“Page Insights Controller Addendum”) was concluded with Meta Platforms Ireland Ltd (hereinafter “Meta”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This supplementary agreement sets out the respective responsibilities of Facebook and us as fan page operators with regard to the processing of Insights data. You can find more information on Facebook under “Legal”.
    2. Our fan page can be accessed by both Facebook users and visitors who do not have a Facebook account. Regardless of whether you are a Facebook user or not, Facebook places cookies when you visit our fan page. These collect information on user behaviour, even beyond the visit to our fan page. Furthermore, the cookies provide us as the operator of the fan page with anonymous statistical information about the visitors to our fan page (known as Facebook Insights data).
    3. Meta collects and provides us with the following information in anonymised form: the total number of page views, “Like” information, page activity, post interactions, reach, video views, post reach, comments, shared content, responses, gender, origin based on country and city, age, language, views and clicks in the shop, clicks on route planners, clicks on telephone numbers. Furthermore, data on the Facebook groups linked to our fan page is provided in this way.
    4. Pursuant to Meta’s terms of use, which every user agrees to when creating their Facebook profile, we can identify the subscribers and fans of the fan page and view their profiles and other information shared by them.
    5. The data collected about you in this context will be processed by Meta and may be transferred to countries outside the European Union, in particular the USA. The European Commission has recognised the level of data protection for certain companies from the USA (as part of what is known as the EU-U.S. Data Privacy Framework (hereinafter DPF)). Meta has self-certified under the DPF and is therefore committed to complying with the principles of the EU-U.S. Data Privacy Framework. Self-certification enables data to be transferred on the basis of the EU-U.S. Data Privacy Framework.
    6. You can prevent the storage of cookies by changing the settings in your browser or, if you have a Facebook account, by using the Facebook opt-out option at: https://www.facebook.com/settings?tab=ads. You can find more information on this at https://www.facebook.com/policies/cookies/. If you do not have a Facebook account, you can use the Digital Advertising Alliance in the USA, the Digital Advertising Alliance of Canada or the European Interactive Digital Advertising Alliance in Europe to avoid seeing interest-based online adverts from Facebook and other participating companies. Further information can be found in Facebook’s privacy policy at https://www.facebook.com/about/privacy/.

12. 12. X (formerly Twitter)

    1. We use social plug-ins from the social network x.com (formerly twitter.com) (“X”) on our website. X is operated by X Corp, 795 Folsom St., Suite 600, San Francis-co CA 94170, USA. When you visit our website, your browser establishes a direct connection with the X servers, which transmits the plug-in content to your browser and integrates it into the displayed website. As a result, the information that you have visited our website is forwarded to X.
    2. If you are logged in to your personal user account with X during your visit to our website, X can allocate the website visit to this account. By interacting with plug-ins, e.g. by clicking the “tweet” button or leaving a comment, this corresponding information is transmitted directly to X and stored there. If you wish to prevent such data transmission, you must log out of your X account before visiting our website.
    3. A corresponding supplementary agreement (“Data Protection Addendum”) was concluded with X as part of the joint controllership pursuant to Art. 26 GDPR. This supplementary agreement sets out the respective responsibilities of X and us as the operator of an account with regard to the processing of Insights data.
    4. The data collected about you in this context will be processed by X and may be transferred to countries outside the European Union, in particular the USA. X has self-certified under the DPF and is therefore committed to complying with the principles of the DPF. Self-certification allows data to be transferred on the basis of the DPF.
    5. We have no influence over the scope and content of the data that X collects with the button. We assume that your IP address is also recorded and transmitted. You can find out about the purpose, scope and use of data collection by X Corp. in its privacy policy. You can find this website at: https://x.com/de/privacy.

13. 13. Integration of OpenStreetMap

    1. We use the open source mapping tool “OpenStreetMap” from the OpenStreetMap Foundation 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, to visualise geodata. On 28 June 2021, the European Commission recognised the United Kingdom as a safe third country and issued an adequacy decision pursuant to Art. Art. 45 GDPR.
    2. Your IP address is forwarded to OpenStreetMap and processed so that the map can be displayed to you. The information that the OpenStreetMap Foundation continues to receive and how it is used is described by the OpenStreetMap Foundation in the following privacy policy: https://osmfoundation.org/wiki/Privacy_Policy.
    3. The purpose of using OpenStreetMap is to show you how to find us by means of an interactive map on our website. This purpose also constitutes our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
    4. The data collected is transferred to servers of the OpenStreetMap Foundation in the United Kingdom, the Netherlands and other countries within the EU and processed there. The data is only stored for as long as is necessary for the provision of the map services and the abovementioned purpose.
    5. You can find more information about OpenStreetMap’s privacy policy at: https://osmfoundation.org/wiki/Privacy_Policy.

14. 14. Use of paperless.io (TI)

    1. We use the paperless.io service for the digital signing of Tellja Champions documents. Paperless.io is a service of Paperless GmbH, Große Friedberger Straße 13-17, 60313 Frankfurt am Main, Germany, in short paperless.io. Applicants for Tellja Champions can use it to submit the form for signing concerning their valid tax number and business in a paperless and secure manner. This purpose also constitutes our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR. Paperless GmbH processes the personal data on the basis of the fulfilment of its contractual obligations, Art. 6(1)(b) GDPR.
    2. To provide the service, paperless.io processes personal data such as name, tax number and document content on our behalf. Pursuant to Art. 28 GDPR, a corresponding data processing agreement was concluded with paperless.io. Among other things, this stipulates that paperless.io may not process the transmitted personal data for its own purposes.
    3. Paperless GmbH processes data exclusively in the territory of the Federal Republic of Germany, in a member state of the EU or in another contracting state of the EEA.
    4. The data collected will only be stored for as long as is necessary to fulfil the abovementioned purpose.
    5. Further information on the data protection guidelines of Paperless GmbH can be found at: https://www.paperless.io/de/rechtliches/datenschutz.

15. 15. Use of CleverPush (TI/TW)

    1. We use the CleverPush service to send push notifications on our website. Clever-Push is a service provided by CleverPush GmbH, Heidenkampsweg 100, 20097 Hamburg, Germany. Push notifications enable us to inform you about current offers and special promotions directly via your web browser.
    2. You will only receive push notifications after you have registered. This constitutes consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time by deactivating the push notification in your browser settings. A detailed explanation of the deactivation process can be found at: https://cleverpush.com/en/faq/.
    3. CleverPush receives your browser ID from us. This can be used to determine whether the push notifications have been activated. It is also possible to track whether and when our push notifications are displayed and clicked on. Allocation to your customer account is not possible. CleverPush does not process or store any personal data concerning our customers.
    4. Further information on CleverPush’s privacy policy can be found at: https://cleverpush.com/en/privacy/.

16. 16. Newsletter (TI/TW)

    1. With your consent (Art. 6(1)(a) GDPR), you can subscribe to our newsletter, which we use to inform you about our product range, competitions and special promotions as well as general customer information.
    2. You can register for our newsletter in the referrer portal by opting in to our newsletter. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to provide evidence of your registration and, if necessary, to clarify any possible misuse of your personal data.
    3. The newsletter will be sent to the email address you provided in the referrer portal.
    4. Please note that we evaluate your user behaviour when sending the email newsletter. For this analysis, the emails sent contain what are known as web beacons or tracking pixels, which are one-pixel image files stored on our website. To perform the analyses, we link the data mentioned in clause 2 and the web beacons with your email address and an individual ID. The data is collected exclusively in pseudonymised form, i.e. the IDs are not linked to your other personal data, and direct personal references are not possible. The information is stored for as long as you subscribe to the newsletter. After you unsubscribe, we store the data purely anonymously for statistical purposes.
    5. You can revoke your consent to receipt of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email or by sending a message by post, email or fax to the contact details provided in the imprint.
    6. We use the provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, as our processor for the provision and dispatch of our newsletter.

17. 17. Cashback

    1. Customers who purchase a product eligible for cashback can conclude a cashback contract with Tellja in order to receive a reward. After your order with an advertiser with cashback-eligible products, we will be given your email address so that we can contact you about the further cashback process. Once you have registered with Tellja, you can specify the account to which the bonus is to be paid. You will receive the payout pursuant to the conditions of participation of the current cashback promotion.
    2. To prove that a contract has been concluded between an advertiser with products eligible for cashback and you as part of the cashback campaign, we receive the following personal data from the advertiser with products eligible for cashback: email address, acceptance of Tellja’s terms and conditions and privacy policy, order ID/order number for the cashback user’s order, time of the order and the product or service ordered, as well as approval of the final conclusion or non-conclusion of the contract between the cashback user and the advertiser with products eligible for cashback.
    3. This Privacy Policy applies to the processing, use and storage of your personal data entered in the Tellja customer account.

18. 18. Cases under review(TW)

    If an error occurs in the recommendation process, the Tellja Service Team may need to review a case. In this case, data must be processed in order to determine whether a new customer contract was concluded as a result of a successful recommendation. The data transmitted to us by the referrer or new customer to review the case (e.g. name, customer number and date details) is processed in order to request the data from the advertiser that is required to prove the successful order (e.g. an order ID). The sole purpose of the processing is to lead the recommendation to a successful conclusion. We delete the data arising in this context after the case has been concluded or the recommendation has been processed, unless otherwise agreed or required by law.

19. 19. Categories of recipients of the personal data

    1. Some of the aforementioned processes and services are carried out by carefully selected service providers who we commission pursuant to data protection regulations. These external service providers are bound by our instructions and are regularly monitored. They will not pass on your data to third parties.
    2. In addition to the companies already mentioned, the recipients of your data are as follows:
       • The company Inxmail GmbH to send the transactional emails as part of the referral system and to send the newsletter as set out in clause 17. As a global provider of marketing technology and services working on our behalf, Inxmail GmbH takes appropriate measures to protect personal data. Among other things, contractual assurances have been provided for this purpose. In the event that a cross-border data flow takes place outside the European Economic Area, the standard contractual clauses adopted by the European Commission and the associated requirements under the GDPR are agreed as a suitable and appropriate guarantee. You have the option of requesting a copy of the contract at the address below.
       • In the case of rewards in kind, various logistics service providers and logistics companies.
       • The advertiser, if you have given your consent to this as part of your recommendation.
       • The company TeleMarCom European Services GmbH to provide call centre services, in particular for non-German-speaking customers.
       • ScaleUp Technologies GmbH & Co KG, Süderstr. 198, 20537 Hamburg provides hosting and cloud services as a server provider.
    3. In terms of the transfer of data to other recipients, we only pass on information about you if this is required by law, if you have given your consent or if we are authorised to do so. If these requirements are met, recipients of personal data may include:
       • Public bodies and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation.
       • Other companies or comparable organisations to which we transfer personal data in order to conduct the business relationship with you.

20. 20. Purposes for which the personal data are to be processed and legal bases of the processing

    We process your personal data in compliance with the applicable statutory data protection regulations. Processing is lawful if one of the following conditions is met:

    • Consent (Art. 6(1)(a) GDPR):
      The processing of personal data is deemed lawful where consent has been given to processing for specified purposes (e.g. processing your enquiry, use of the data for marketing purposes). Any consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to before GDPR came into force, i.e. before 25 May 2018. If another of the following legal bases is also relevant, it shall continue to apply in the event of withdrawal of consent.
    • On the basis of contractual obligations (Art. 6(1)(b) GDPR):
      We process personal data in order to fulfil our contractual obligations or to implement precontractual measures that are carried out on request.
    • On the basis of legal requirements (Art. 6(1)(c) GDPR):
      Tellja is subject to various legal obligations. These include:
      • Retention provisions under commercial and tax law pursuant to the German Commercial Code (HGB) and Fiscal Code (AO),
      • fulfilment of tax control and reporting obligations.
    • As part of the balancing of interests (Art. 6(1)(f) GDPR):
      Where necessary, we process your data beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples:
      • assertion of legal claims and defence in legal disputes,
      • ensuring IT security and IT operations,
      • analysing and improving the use of our website.

21. 21. Intention to transfer the personal data to a third country or an international organisation

    An active transfer of personal data to a third country only takes place if this has been expressly indicated as part of the aforementioned services.
    

22. 22. Criteria for determining the duration for which the personal data is stored

    1. The data is stored pursuant to statutory data processing regulations and in compliance with statutory retention periods. We process and use your data exclusively for the purposes for which we are authorised and for as long as the data is required for these purposes.
    2. If the data is no longer required for the purpose or to fulfil legal obligations, it will generally be deleted unless its further processing – for a fixed term and possibly also to a limited extent – is necessary for the following purposes:
       • The fulfilment of retention obligations under commercial and tax law: these include the German Commercial Code (HGB) and the German Fiscal Code (AO). Accordingly, the retention and documentation periods are set at up to ten years.
       • The preservation of evidence within the scope of the statutory statute of limitations: pursuant to sections 195 et seq. German Civil Code (BGB), the standard limitation period is three years, but may be up to 30 years under special circumstances.

23. 23. Your data protection rights

    1. Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under sections 34 and 35 German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure. In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with section 19 BDSG).
    2. You can revoke your consent to the processing of personal data at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the General Data Protection Regulation came into force, i.e. before 25 May 2018.
    3. You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) GDPR (data processing in the public interest) and Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR.
    4. In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
    5. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
    6. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
    7. The objection can be made without compliance with a specific formal requirement and should preferably be addressed to:
       Tellja GmbH, Solmsstr. 12, D-60486 Frankfurt am Main
       Fax: +49 (0)69 8700 429 29
       Email: support@tellja.de

24. 24. Data protection supervisory authority

    The data protection supervisory authority responsible for us is the Hesse Commissioner for Data Protection and Freedom of Information, Gustav-Stresemann-Ring 1, 65189 Wiesbaden.
    

25. 25. Obligation to provide and possible consequences of not providing personal data

    When using our services, you must provide the personal data that is required to fulfil the purpose or that we are legally obliged to collect. Without this data, we will generally not be able to provide the requested service.
    

26. 26. Operation of automated decision-making including profiling

    In principle, we do not use fully automated decision-making pursuant to Article 22 GDPR to establish and conduct the business relationship. If we use this procedure in individual cases, we will inform you of this separately if this is required by law. In general, we do not carry out profiling.
    

27. 27. Changes to the data protection information (TI/TW)

    We continuously develop and optimise our services. We may therefore add new functionalities. Should this have an impact on the way in which your personal data is processed, we will inform you of this in good time in our Privacy Policy.