Privacy Statement – Theresa Berns Translations

With this data protection statement, we would like to inform you about the type, scope, and purpose of the processing of personal data (hereinafter also referred to as “data”). Personal data are all data that have a personal reference to you, e.g. name, address, email address, or your user behavior. The data protection declaration applies to all data processing operations carried out by us, both within the scope of our core activities and for the online media provided by us.

Who is responsible for the processing of data?

Responsible for data processing is:

Theresa Berns Translations

Owner

Theresa Berns

Kapitän-von-Müller-Str. 6

30167 Hannover

Germany

00491638143432

info@tb-translations.com

Imprint

Processing of your data within the scope of the core activities of our company

If you are our customer or business partner or are interested in our services, the type, scope, and purpose of the processing of your data depend on the contractual or pre-contractual relationship existing between us. In this sense, the data processed by us includes all those data that are or were provided by you for the purpose of making use of the contractual or pre-contractual services and that are required to process your inquiry or the contract concluded between us. Unless otherwise stated in the further notes to this data protection declaration, the processing of your data and its transfer to third parties is limited to those data that are necessary and expedient to answer your inquiries and/or to fulfill the contract concluded between you and us, to protect our rights and to fulfill legal obligations. We will inform you which data is required for this before or in the course of data collection. Insofar as we use third-party providers to provide our services, the data protection notices of the respective third-party providers apply.

Data concerned:

– Inventory data (e.g. names, addresses)

– Payment data (e.g. bank details, invoices)

– Contact data (e.g. email address, telephone number, postal address)

– Contract data (e.g. subject matter of the contract, duration of the contract).

Affected persons: Interested parties, business, and contractual partners

Purpose of processing: processing of contractual services, communication as well as answering contact inquiries, office and organizational procedures

Legal basis: contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legal obligation, Art. 6 para. 1 lit. c GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.

Your rights under the GDPR

According to the GDPR, you are entitled to the rights listed below, which you can exercise at any time by contacting the data controller named in section 1 of this privacy statement:

– Right to information: you have the right to request information from us about whether and what data we process from you.

– Right to rectification: you have the right to request the rectification of incorrect or completion of incomplete data.

– Right to deletion: you have the right to request the deletion of your data.

– Right to restriction: in some instances, you have the right to request that we only process your data in a restricted manner.

– Right to data portability: You have the right to request that we transfer your data to you or another responsible party in a structured, common, and machine-readable format.

– Right to complain: You have the right to complain to a supervisory authority. The supervisory authority of your usual place of residence, your workplace, or our company headquarters is responsible.

Right of withdrawal

You have the right to revoke your consent to data processing at any time.

Right of objection

You have the right to object at any time to the processing of your data, which we base on our legitimate interest according to Art. 6 (1) lit. f GDPR. If you make use of your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that compelling reasons worthy of protection for the data processing outweigh your interests and rights.

Irrespective of the above, you have the right at any time to object to the processing of your personal data for purposes of advertising and data analysis.

Please address your objection to the contact address of the data controller given above.

When do we delete your data?

We delete your data when we no longer need it or when you instruct us to do so. This means that – unless otherwise stated in the individual data protection notices of this data protection declaration – we delete your data,

– if the purpose of the data processing has ceased to exist and therefore the respective legal basis stated in the individual data protection notices no longer exists, e.g.

o after the termination of the contractual or membership relationship existing between us (Art. 6 para. 1 lit. a GDPR) or

o after our legitimate interest in the further processing or storage of your data ceases to exist (Art. 6 para. 1 lit. f GDPR),

– if you exercise your right of withdrawal and no other legal basis for processing within the meaning of Art. 6 (1) lit. b-f GDPR applies,

– if you exercise your right to object and there are no compelling legitimate grounds for deletion.

If, however, we still need to retain (certain parts of) your data for other purposes, for example, because tax retention periods (generally 6 years for business correspondence or 10 years for accounting records) or the assertion, exercise, or defense of legal claims arising from contractual relationships (up to four years) make this necessary, or if the data is needed to protect the rights of another natural person or legal entity, we will delete (that part of) your data only after these periods have expired. However, until the expiration of these periods, we limit the processing of this data to these purposes (fulfillment of retention obligations).

Cloud services

We use cloud services in particular

– to store and process documents,

– to send documents by email or to exchange files of any kind,

– for our calendrical appointment management,

– for the preparation and execution of presentations and spreadsheets,

– to publish files of any kind

– for internal and external communication by means of chats, audio, and video conferences.

The software applications that we use for these purposes are made available to us by the provider(s) named below on their servers. We access these servers via the internet. Insofar as you transmit your data to us in the course of communication with us or in other processes explained by us by means of this data protection statement, we process this data in the cloud service used by us. This means that your data is stored on the servers of the third-party cloud service provider. The third-party providers process usage and metadata to secure their servers and to optimize their services. In particular, we process and store your contact, customer, and contract data.

If we make files of any kind publicly available via our Internet presence by means of the cloud service we use, the respective third-party provider of the cloud service may store cookies on your computer system if you access these files. The service provider may process the data collected in this way to analyze your usage behavior or browser settings.

We would like to point out that, depending on the country of residence of the service provider named below, the data named in more detail below may be transferred to and processed on servers outside the area of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will not be possible or will be difficult. If the service provider we use offers to process the data exclusively within the EU, we intend – if currently not already implemented anyway – to process your data exclusively there.

Data concerned:

– Inventory data (e.g. names, addresses),

– Contact data (e.g. email addresses, telephone and cell phone numbers)

– Content data (e.g. photos, videos, texts),

– Usage data (e.g. times of access, websites visited, interest in content),

– Metadata (e.g. IP address, computer system information).

Affected persons: Interested parties, communication partners, customers, employees (e.g. applicants, current and former employees).

Purpose of processing: Organization of office and administrative tasks

Legal basis: consent, Art. 6 para. 1 lit. a GDPR, contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Cloud service providers used:

Dropbox

Service Provider: Dropbox, Inc, 333 Brannan Street, San Francisco, California 94107, USA

Website: https://www.dropbox.com

Google Cloud Services

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Website: https://cloud.google.com/

Microsoft Cloud Services

Service provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Website: https://www.microsoft.com/en-us/microsoft-365/onedrive/online-cloud-storage

Web.de Freemail online storage

Service provider: 1&1 Mail & Media GmbH, Karlsruhe branch, Brauerstr. 48, 76135 Karlsruhe, Germany

Website: https://web.de/online-speicher/

Cookies

Our website uses cookies. Cookies are small text files consisting of a series of numbers and letters that are placed and stored on the device you are using. Cookies are primarily used to exchange information between the device you are using and our website. This includes, among other things, the language settings on a website, the login status, or where a video was watched.

Two types of cookies are used when you visit our websites:

– Temporary cookies (session cookies): they store a so-called session ID, which can be used to assign various requests from your browser to the joint session. Session cookies are deleted when you log out or close your browser.

– Permanent cookies: Permanent cookies remain stored even after you close your browser.

This allows our website to recognize your computer again when you return to our website. For example, information on language settings or login information is stored in these cookies. In addition, these cookies can be used to document and store your surfing behavior. This data can be used for statistical, marketing, and personalization purposes.

In addition to the above classification, cookies can also be differentiated with regard to their purpose:

– Necessary cookies: these are cookies that are absolutely necessary for the operation of our website, to store logins or shopping carts for the duration of your session, or cookies that are set for security reasons.

– Statistics, marketing, and personalization cookies: these are cookies that are used for analysis purposes or reach measurement. In particular, information on search terms entered, or the frequency of page views may be stored via such “tracking” cookies. In addition, the surfing behavior of an individual user (e.g. viewing of certain content, use of functions, etc.) can also be stored in a user profile. Such profiles are used to display content to users that matches their potential interests. Insofar as we use services through which cookies are stored on your device for statistical, marketing, and personalization purposes, we will inform you about this separately in the following sections of our data protection statement or in the context of obtaining your consent.

Data concerned:

– Usage data (e.g. access times, web pages clicked on)

– Communication data (e.g. information about the device used, IP address)

Affected persons: Users of our online offers

Purpose of processing: Playing out our internet pages, ensuring the operation of our internet pages, improving our online offer, communication, and marketing

Legal basis:

Legitimate interest, Art. 6 para. 1 lit. f GDPR

Unless we obtain consent from you to set the cookies, we base the processing of your data on our legitimate interest in improving the quality and user-friendliness of our internet presence, in particular the content and functions. You have the option to object to the use of cookies set by us within the scope of our legitimate interest via the security settings of your browser. There you have the option of specifying whether you do not accept cookies from the start or only on request, for example, or can specify that cookies are deleted each time you close your browser. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Consent, Art. 6 para. 1 lit. a GDPR

If we ask you before your visit to our website to be allowed to set certain cookies on your device and you consent to this, the consent you give is the legal basis. As part of the consent, we inform you about which cookies we set in detail. If you do not give this consent, we will only set the so-called technically necessary cookies that are required for the proper operation of our website and its display in your browser. If you have given your consent to the setting of cookies, you have the option to revoke your consent at any time.

Web hosting

In order to maintain our websites, we make use of a provider on whose server our websites are stored and made available for retrieval on the internet (hosting). In this context, the provider may process all the data transmitted via the browser you use that is generated when you use our websites. This includes, in particular, your IP address, which the provider needs to deliver our online offer to the browser you use, as well as all entries you make on our website. In addition, the provider used by us may record

– the date and time of access to our website

– time zone difference to Greenwich Mean Time (GMT)

– access status (HTTP status)

– the amount of data transferred

– the internet service provider of the accessing system

– the type of browser you are using and its version

– the operating system you are using

– the website from which you may have accessed our website

– the pages or subpages that you visit on our website.

The aforementioned data is stored as log files on the servers of our provider. This is necessary to ensure the stability and security of the operation of our website.

Sending emails: In addition to hosting our website, we have also commissioned our provider to send, receive and store our emails. For this purpose, our provider processes the email addresses of the recipients and senders as well as other data generated during email communication (metacommunication data such as time, IP address, etc.) and the content of the respective emails. We would like to draw your attention to the fact that emails are generally sent unencrypted. We, therefore, assume no responsibility for the transmission path of the emails between the sender and receipt on our server.

Data concerned:

– Content data (e.g. posts, photos, videos)

– Usage data (e.g. access times, web pages clicked on)

– Communication data (for example, information about the device used, IP address).

Affected persons: Users of our online presence

Purpose of processing: displaying our websites, ensuring the operation of our websites

Legal basis: Legitimate interest, Art. 6 para. 1 lit. f GDPR

Web hoster(s) contracted by us:

manitu GmbH

Service provider: manitu GmbH, Welvertstraße 2, 66606 St. Wendel, Germany

Website: https://www.manitu.de

Contacting us

Insofar as you contact us via email, social media, telephone, fax, mail, our contact form, or otherwise and in doing so provide us with personal data such as your name, telephone number, or email address, or provide us with further information about yourself or your request, we process this data to respond to your inquiry within the scope of the pre-contractual or contractual relationship existing between us.

Data concerned:

– Inventory data (e.g. names, addresses)

– Contact data (e.g. email address, telephone number, postal address)

– Content data (texts, photos, videos)

– Contractual data (e.g. subject matter of the contract, duration of the contract).

Affected persons: Interested parties, customers, business and contractual partners

Purpose of processing: communication as well as answering contact requests, office and organization procedures

Legal basis: contract performance and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.

Payment service provider

In accordance with our legal obligations or because of our legitimate interests in efficient, secure and customer-oriented payment processing, persons who have concluded a contract or other legal relationship with us may use banks and credit institutions as well as other payment service providers for payment. The payment service providers offered by us process inventory data in this context, including name, address, or bank data such as account/credit card number, passwords, TANs, verification numbers as well as information on the concluded contract and information on the recipient of the payment.

The data collected in this context is necessary to enable the payment service provider to process the payment. Only the payment service provider commissioned by us collects and processes this personal information. At no time do we receive information about your account or credit card details. We are informed by our payment service provider whether our customer’s payment has been received or not. It is possible that our payment service providers forward the data of our customers to credit information files in order to be able to check the identity as well as the creditworthiness of the payer. In this respect, we refer to the privacy policy and general terms and conditions (GTC) of our payment service providers.

The terms and conditions and privacy policy of the respective payment service provider apply. You will find this information on the website of the service provider concerned or in the transaction application. For further information and for the assertion of your rights regarding revocation and information, we refer in this respect to the provisions of the respective service provider.

Data concerned:

– Inventory data (e.g. name, address),

– Usage data (e.g. websites visited, interest in certain topics, times of access),

– Payment data (e.g. bank details, invoices, payment history),

– Business transaction data (e.g. term, customer category, subject of contract),

– Communication and metadata (e.g. IP address, device or computer system information).

Purpose of processing: Effective, secure, and customer-oriented payment offers (service) as well as the processing of payments according to a contractual agreement

Legal basis: contract performance and fulfillment of pre-contractual requests, Art. 6 para. 1 lit. b GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR.

Revocation options: You can revoke your consent to the use of personal data at any time vis-à-vis the respective payment service provider. Despite revocation, the payment service provider may still be entitled to process, use and transmit the personal data that is absolutely necessary for the contractual processing of payments. With regard to the storage and timely deletion of personal data, we refer to the respective data protection provisions of the payment service provider.

We use the following payment service providers:

PayPal

Service provider: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg.

Website: https://www.paypal.com/us/webapps/mpp/home

Advertising by email, mail, or telephone

We process personal data for our marketing communications by email, post, or telephone. You may object to receiving our marketing communications at any time or revoke your previously given consent to receive our marketing communications at any time. In order to be able to prove, in case of doubt, that your consent was given even after your objection or revocation, we may store your data for up to 4 years after your objection/revocation. We will not use your data for any further purposes after your objection/revocation. If you want us to delete your data before then, we will do so after you have confirmed that you originally gave us consent.

Data concerned:

– Contact data (e.g. email, phone number, postal address)

– Inventory data (e.g., names, addresses)

Affected persons: Communication partner

Purpose of processing: direct advertising measures (marketing) by email, mail, or telephone

Legal basis: Consent, Art. 6 para. 1 lit. a GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR.

Our online presence on social networks

We operate online presences within the social networks listed below. If you visit one of these presences, the data listed in more detail below will be collected and processed by the respective provider. As a rule, this data is collected for advertising and market research purposes, and usage profiles are created with this data. In the usage profiles, data may be stored regardless of the device you use. This is particularly the case if you are a member of the respective platform and are logged in to it. The usage profiles can be used by the providers to show you interest-based advertising. You have the right to revoke the creation of user profiles. To exercise this right, you must contact the respective provider.

If you have an account with one of the providers listed below and are logged in when you visit our website, the respective provider may collect data about your usage behavior on our website. To prevent such linking of your data, you can log out of the provider’s service before visiting our site.

For what purpose and to what extent data is collected by the provider, you can learn from the respective privacy statements of the providers provided below.

We would like to point out that, depending on the home state of the provider named below, the data collected via its platform may be transmitted and processed outside the territory of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will not be possible or will be difficult.

Data concerned:

– Inventory and contact data (e.g., name, address, phone number, email address).

– Content data (e.g. posts, photos, videos)

– Usage data (e.g. access times, web pages clicked on)

– Communication data (e.g. information about the device used, IP address).

Purpose of processing: communication and marketing, tracking and analysis of user behavior.

Legal basis: consent, Art. 6 para. 1 lit. a GDPR, legitimate interests Art. 6 para. 1 lit. f GDPR.

Objection options: For the respective objection options (opt-out), we refer to the information of the providers linked below.

We maintain online presences on the following social networks:

Facebook

Service provider: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.

Headquarters in the EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Website: https://www.facebook.com/

LinkedIn

Service provider: LinkedIn Corporation, 1000 W Maude, Sunnyvale, CA 94085, USA.

Headquarters in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich, Germany

Website: https://www.linkedin.com

WhatsApp

Service provider: WhatsApp Inc. 1601 Willow Road Menlo Park, California 94025, USA.

Registered office in the EU: Whatsapp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Parent company: Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA.

Website: https://www.whatsapp.com

XING

Service provider: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Website: https://www.xing.com/

Online meetings, video conferencing, and screen sharing

We use third-party offerings to facilitate online meetings, conference calls via video and/or audio circuit, and online seminars among employees and with prospects or customers. When you communicate with us through such a service, the data collected in that communication process is processed by both the third-party provider and us. The data that may be generated in such a communication process includes, in particular, your login and contact information, posts in the chat window, your video and audio posts, and shared screen content. The data processed by the third-party provider we use primarily includes user data as well as metadata (e.g., IP address, computer system information). As a rule, the third-party providers process this data in order to check and ensure the security of the service. In addition, findings from the data processing are to be used to optimize the third-party provider’s offer and to carry out corresponding marketing measures. Please refer to the data protection information of the third-party provider in this regard.

We would like to point out that, depending on the home state of the service provider mentioned below, the data collected via the service may be transmitted and processed outside the territory of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR may not be complied with and that the enforcement of your rights may not be possible or may be difficult.

Data concerned:

– Inventory data (e.g. names, addresses)

– Contact information (e.g., email address, phone number)

– Shared content (e.g. photos, videos, texts, audio recordings)

– User data (e.g. times of access, web pages visited, interest in content)

– Meta and communication data (e.g. IP address, computer system information).

Affected persons: Interested parties, customers, communication partners

Purpose of processing: processing of contact requests, internal and external communication with employees as well as interested parties and customers, the fulfillment of our contractual services, service offer

Legal basis: consent, Art. 6 para. 1 lit. a GDPR, contract performance, and pre-contractual inquiries, Art. 6 para. 1 lit. b GDPR, legitimate interest, Art. 6 para. 1 lit. f GDPR

Services used by us:

Skype

Services offered: Instant messaging, video conferencing, voice conferencing.

Service provider: Skype Communications SARL, 23-29 Rives de Clausen, L-2165 Luxembourg, Luxembourg.

Parent company: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA

Website: https://www.skype.com

Slack

Services offered: (Group) chats, video conferencing, voice conferencing.

Service Provider: Slack Technologies, Inc, 500 Howard Street, San Francisco, CA 94105, USA

Website: https://slack.com

Zoom

Services offered: Video conferencing, voice conferencing, chats.

Service Provider: Zoom Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA

Website: https://zoom.us/meetings

Content services

We use certain services in order to be able to play out certain content or graphics (videos, images, music, fonts, maps) via our online presence. In doing so, the services we use process the IP address assigned to you at the time of your visit to our website, as this is the only way that the respective content can be displayed in the browser you are using. In addition, the providers of these services may place further cookies on your device, which are used to collect information about your usage behavior, your interests, the device and browser you are using, as well as the time and duration of your session. The providers regularly use this data for analysis, statistical, and marketing purposes. In addition, this information may also be combined with information from other sources. This applies in particular if you yourself maintain an account with the service provider and are logged in there at the time of the session.

We would like to point out that, depending on the home state of the service provider named below, the data named in more detail below may be transferred to and processed on servers outside the territory of the European Union. In this case, there is a risk that the level of data protection prescribed by the GDPR will not be complied with and that the enforcement of your rights will not be possible or will be difficult.

Data concerned:

– Usage data (e.g., access times, web pages clicked on).

– Communication data (e.g., information about the device used, IP address).

Affected persons: Users of our online presence

Purpose of processing: displaying our websites, offering content, ensuring the operation of our websites

Legal basis: consent via cookie consent banner, Art. 6 para. 1 lit. a GDPR, legitimate interests, Art. 6 para. 1 lit. f GDPR.

We use the following content services:

YouTube

We use YouTube components on this website to embed videos on our websites so that they can be played via your internet browser when you visit our websites. During your visit to our website, both YouTube and Google are informed about which page or subpage you have accessed by transmitting your IP address to Google’s external servers in the USA. This information transfer takes place regardless of whether the videos displayed are actually viewed or clicked on or whether you are logged into your YouTube or Google account. This information is collected and assigned to your Google account, provided you are logged in there when you visit our websites.

Service provider: YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

Website: https://www.youtube.com/

Opt-out option: https://tools.google.com/dlpage/gaoptout?hl=en

Security measures

We also take state-of-the-art technical and organizational security measures to comply with the provisions of data protection laws and to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized third-party access.

Timeliness and changes to this privacy policy

This data protection statement is currently valid and was updated in February 2021. Due to changes in legal or regulatory requirements, it may become necessary to adapt this data protection statement.

This data protection statement was created with the help of the data protection generator of SOS Recht. SOS Recht is a service of Mueller.legal Rechtsanwälte Partnerschaft, based in Berlin.