Privacy Statement

Privacy Policy for Our Website tectly.com

1. Introduction

Below we provide information on the processing of personal data when using

Personal data refers to all data that can be related to a specific natural person, e.g., their name or IP address.

1.1 Contact Information

The controller pursuant to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is Tectly UG (haftungsbeschränkt), (Address: Torstraße 105–107, 10119 Berlin, Germany; Email: contact@tectly.com). We are legally represented by Prof. Dr.-Ing. David Linner.

1.2 Scope of Data Processing, Purposes of Processing, and Legal Bases

We describe the scope of data processing, purposes of processing, and legal bases in detail below. In general, the following legal bases apply:

  • Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis for processing operations for which we obtain consent.
  • Art. 6 para. 1 sentence 1 lit. b GDPR is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g., when a website visitor purchases a product or we provide a service. This also applies to pre-contractual measures, such as inquiries about our products or services.
  • Art. 6 para. 1 sentence 1 lit. c GDPR applies when the processing of personal data is necessary to fulfill a legal obligation, such as tax regulations.
  • Art. 6 para. 1 sentence 1 lit. f GDPR applies when we rely on legitimate interests for processing personal data, e.g., cookies required for the technical operation of our website.

1.3 Data Processing Outside the EEA

If we transfer data to service providers or other third parties outside the EEA, adequacy decisions by the EU Commission pursuant to Art. 45 para. 3 GDPR ensure the security of the data transfer, where applicable, such as for the United Kingdom, Canada, and Israel.

For data transfers to service providers in the USA, the legal basis is an adequacy decision by the EU Commission, provided the service provider is certified under the EU-U.S. Data Privacy Framework.

In other cases (e.g., if no adequacy decision exists), the legal basis is generally standard contractual clauses unless stated otherwise. These are regulations adopted by the EU Commission and form part of the contract with the respective third party. Under Art. 46 para. 2 lit. b GDPR, they ensure data transfer security. Many providers also offer additional contractual guarantees beyond the standard contractual clauses, such as encryption commitments or obligations to notify affected individuals in case of law enforcement access requests.

1.4 Data Retention

Unless expressly stated otherwise in this privacy policy, we delete stored data as soon as it is no longer needed for its intended purpose and no legal retention obligations prevent deletion. If the data is not deleted because it is needed for other legally permissible purposes, its processing is restricted; that is, the data is blocked and not used for other purposes. This applies, for example, to data we must retain for commercial or tax reasons.

1.5 Data Subject Rights

Data subjects have the following rights with respect to personal data concerning them:

  • Right to access,
  • Right to rectification or deletion,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability,
  • Right to withdraw consent at any time.

Data subjects also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of their personal data. Contact details of the supervisory authorities are available at: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html

1.6 Obligation to Provide Data

Customers, prospects, or third parties only need to provide the personal data that is necessary for initiating, performing, and terminating the business relationship or other relationship, or that we are legally obligated to collect. Without this data, we may not be able to conclude a contract or provide services, or continue an existing relationship. Mandatory fields are marked as such.

1.7 No Automated Individual Decision-Making

We do not use fully automated decision-making pursuant to Article 22 GDPR for initiating or carrying out a business or other relationship. If we use such procedures in individual cases, we will inform you separately, if legally required.

1.8 Contacting Us

When you contact us, e.g., via email or phone, the data you provide (e.g., names and email addresses) will be stored by us to respond to your inquiry. The legal basis for this processing is our legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR) in responding to inquiries. We delete the data once it is no longer needed or restrict processing if legal retention obligations exist.

1.9 Customer Surveys

From time to time, we conduct customer surveys to better understand our clients and their needs. We collect the data requested in each survey. Our legitimate interest is to better understand our clients, making Art. 6 para. 1 sentence 1 lit. f GDPR the legal basis. We delete the data once the survey results have been analyzed.

2. Data Processing on Our Website

2.1 Notice for Website Visitors from Germany

Our website stores information on users’ devices (e.g., cookies) or accesses information already stored (e.g., IP addresses). The exact nature of this information is described in the following sections.

This storage and access are based on the following legal provisions:

  • Where such storage or access is strictly necessary to provide a service explicitly requested by the user (e.g., operation of a chatbot or to ensure IT security), it is based on § 25 para. 2 no. 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG).
  • Otherwise, such storage or access is based on the user’s consent (§ 25 para. 1 TTDSG). The subsequent data processing is governed by the provisions of the GDPR.

2.2 Informational Use of the Website

When using our website for purely informational purposes (i.e., without submitting information), we collect the personal data that your browser transmits to our server to ensure the stability and security of the website. This constitutes our legitimate interest; thus, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

These data include:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

These data are also stored in log files and deleted when no longer necessary—at the latest after 14 days.

2.3 Web Hosting and Website Provision

We have a legitimate interest in providing a website, so the legal basis for the described data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The legal basis for data transfers to a country outside the EEA is an adequacy decision. The safety of data transferred to third countries is ensured by the EU Commission’s decision under Art. 45 para. 3 GDPR that such country provides an adequate level of data protection.

2.4 Appointment Booking

Visitors to our website can book appointments with us. We process the entered data as well as meta and communication data. We have a legitimate interest in offering an easy way to schedule meetings, making Art. 6 para. 1 sentence 1 lit. f GDPR the legal basis. If we use a third-party tool to manage appointments, you will find more details under "Third Parties."

2.5 Service Offering

We offer services through our website. In doing so, we process the following data during order placement:

  • First name
  • Last name
  • Email address
  • Billing address
  • Payment data

The processing of these data is for the purpose of fulfilling a contract concluded with the respective visitor (Art. 6 para. 1 sentence 1 lit. b GDPR).

2.6 Technically Necessary Cookies

Our website uses cookies. Cookies are small text files stored in the user’s web browser. They help make our website more user-friendly, efficient, and secure. Where cookies are technically necessary for the operation or functionality of our website (“technically necessary cookies”), the legal basis for their use is Art. 6 para. 1 sentence 1 lit. f GDPR. We have a legitimate interest in offering a functional website.

Specifically, we use technically necessary cookies for the following purpose:

  • Cookies that store login data

2.7 Umami

We use Umami to create anonymized usage statistics of visitors to this website. We only process anonymized data that cannot be traced back to individuals. No cookies are used, and the collected data is never shared with third parties.

Detailed information on which data are collected is available here: https://umami.is/docs/metric-definitions

2.8 Third Parties

2.8.1 Calendly

We use Calendly to schedule appointments. The provider is Calendly LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA. The provider processes usage data (e.g., visited websites, interest in content, access times), contact data (e.g., email addresses, phone numbers), and basic data (e.g., names, addresses) in the USA.

The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. Processing is based on consent. You can revoke your consent at any time by contacting us via the contact details provided in this privacy policy. Revocation does not affect the legality of processing prior to the revocation.

The legal basis for the data transfer to a country outside the EEA is an adequacy decision. The EU Commission has determined under Art. 45 para. 3 GDPR that the third country provides an adequate level of data protection.

We delete the data once the purpose for its collection no longer exists. Further information is available in the provider’s privacy policy: https://calendly.com/pages/privacy

3. Data Processing on Social Media Platforms

We maintain profiles on social media networks to present our organization and services. Operators of these networks regularly process user data for advertising purposes, including building user profiles based on online behavior to serve interest-based ads. They store information in cookies and may merge it with other data.

More information and how users can object to such processing is available in the privacy policies of the respective platforms. Some operators or servers may be located outside the EU, creating risks such as limited ability to enforce rights or access by authorities.

When users contact us via social media, we process the provided data to respond to inquiries. This constitutes a legitimate interest, so the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.

3.1 LinkedIn

We maintain a profile on LinkedIn. The operator is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The privacy policy is available at: LinkedIn Privacy Policy

You can manage your ad preferences here: LinkedIn Ad Preferences

4. Changes to This Privacy Policy

We reserve the right to modify this privacy policy with future effect. The current version is always available here.

5. Questions and Comments

If you have any questions or comments about this privacy policy, feel free to contact us using the details provided above.

Last updated: January 2025