隐私政策

隐私政策

一般信息

以下信息简要概述了当你访问本网站时我们会如何处理你的个人数据。“个人数据”一词包括所有可用于识别你个人身份的资料。有关数据保护主题的详细信息,请参阅我们在本文下面列出的隐私政策。

本网站的数据记录

谁负责本网站的数据收集(即“控制者”)?

本网站的数据处理由网站运营商进行。其详细联系方式可以在本网站上找到。

我们如何收集你的数据?

在你向我们提供数据时,我们将收集你的数据。例如,其能是你在联系人表格中输入的数据。

其他数据将在你访问本网站时自动或经你同意后由我们的 IT 系统收集。其中主要为技术数据(如网页浏览器、操作系统或网站的访问时间)。当你进入本网站时,网站将自动收集这些数据。

我们将你的数据用于什么用途?

部分数据的收集目的是为了确保以准确无误的方式提供网站的服务。其他数据可能用于分析你的用户行为。

你对你的数据拥有哪些权利?

你有权随时免费获取所存储且有关你的个人数据的来源、接收方和用途等信息。此外,你也有权要求更正或删除这些数据。如果你已经同意数据处理,你可以在未来的任何时候撤销你的同意。在某些情况下,你还有权要求限制处理你的个人数据。此外,你有权向主管监管机构提出投诉。

如果你对此或任何其他与数据保护相关的问题有疑问,请随时按版本信息中提供的地址与我们联系。

1. Data Protection at a Glance
General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data refers to any data that can be used to personally identify you. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on This Website

Who is responsible for data collection on this website?


Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the legal notice (imprint) of this website or below under section 3.

How do we collect your data?


Some of your data is collected when you provide it to us. This may include, for example, data you enter into a contact form. Other data is collected automatically or with your consent when you visit the website through our IT systems. This primarily includes technical data (e.g., internet browser, operating system, or the time the page was accessed). This data is collected automatically as soon as you enter this website.

What do we use your data for?


Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have regarding your data?


You have the right at any time to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to the processing of your data, you may revoke this consent at any time with effect for the future. In addition, under certain circumstances you have the right to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority. For this purpose, as well as for further questions on the subject of data protection, you may contact us at any time at the address provided in the legal notice (imprint).

2. Hosting and Content Delivery Networks (CDN)
External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact inquiries, metadata and communication data, contract data, contact details, names, website access data, and other data generated via a website. The host is used for the purpose of fulfilling our contractual obligations toward our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of providing our online services securely, quickly, and efficiently through a professional provider (Art. 6(1)(f) GDPR). Our host will process your data only to the extent necessary to fulfill its service obligations and will follow our instructions with regard to this data.

Conclusion of a Data Processing Agreement

To ensure data protection-compliant processing, we have concluded a data processing agreement with our host.

3. General Information and Mandatory Disclosures
Data Protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. When you use this website, various personal data are collected. Personal data refers to data that can be used to personally identify you. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done. Please note that data transmission over the Internet (e.g., when communicating via email) may have security vulnerabilities. Complete protection of data from access by third parties is not possible.

Information about the responsible entity

The responsible entity for data processing on this website is:
TimeWaver Home GmbH

Darritzer Straße 6

16818 Kränzlin

Phone: +49 3391 40022-11

Email: info@timewaver.com
The responsible entity is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Statutorily Required Data Protection Officer


We have appointed a Data Protection Officer for our company:
TimeWaver Home GmbH

Data Protection Officer: Falk Hubald

Darritzer Straße 6

16818 Kränzlin

Phone: +49 3391 40022-28

Email: datenschutz@timewaver.com

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You may revoke any consent you have already given at any time. An informal notification by email to us is sufficient for this purpose. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6(1)(e) or (f) GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21(2) GDPR).

Right to Lodge a Complaint with the Competent Supervisory Authority


In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work, or the place of the alleged violation. This right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to Data Portability


You have the right to receive the data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format, either for yourself or for transfer to a third party. If you request the direct transfer of the data to another controller, this will only be carried out to the extent that it is technically feasible.

SSL or TLS Encryption


For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock symbol in your browser’s address bar. When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted Payment Transactions on This Website


If, after the conclusion of a paid contract, there is an obligation to provide us with your payment data (e.g., account number for direct debit authorization), this data is required for payment processing. Payment transactions using common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock symbol in your browser’s address bar. With encrypted communication, the payment data you transmit to us cannot be read by third parties.

Access, Deletion, and Correction


Within the framework of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients, and the purpose of the data processing, and, if applicable, a right to correction or deletion of this data. For this purpose, as well as for further questions regarding personal data, you may contact us at any time at the addresses provided in the website’s legal notice (imprint) or at the addresses listed above in section 3.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. For this purpose, you may contact us at any time at the address provided in the legal notice (imprint). The right to restriction of processing exists in the following cases:

  • If you contest the accuracy of your personal data stored by us, we usually require time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of deletion.
  • If we no longer need your personal data, but you require it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection pursuant to Art. 21(1) GDPR, a balance must be made between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data – apart from their storage – may only be processed with your consent, for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

Objection to Advertising Emails


We hereby object to the use of contact data published as part of the legal notice (imprint) obligation for sending unsolicited advertising and informational materials. The operators of these pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

4. Data Collection on This Website
Cookies


Our websites use so-called “cookies.” Cookies are small text files and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your device when you enter our website (third-party cookies). These enable us or you to use certain services provided by the third-party company (e.g., cookies for processing payment services). Cookies have different functions. Many cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies are used to analyze user behavior or display advertising. Cookies that are required for carrying out the electronic communication process (necessary cookies) or for providing certain functions requested by you (functional cookies, e.g., for the shopping cart function) or for optimizing the website (e.g., cookies for measuring the web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant cookies are stored exclusively on the basis of this consent (Art. 6(1)(a) GDPR); consent may be revoked at any time.

You can configure your browser so that you are informed about the setting of cookies and allow cookies only on a case-by-case basis, block the acceptance of cookies for specific cases or in general, and enable the automatic deletion of cookies when closing the browser. Please note that disabling cookies may limit the functionality of this website. If cookies from third-party companies or for analytical purposes are used, we will inform you separately about this within the scope of this privacy policy and, if necessary, request your consent.

Cookie Consent with Borlabs Cookie


Our website uses the cookie consent technology from Borlabs Cookie to obtain your consent for storing certain cookies in your browser and to document this in compliance with data protection regulations. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter “Borlabs”). When you visit our website, a Borlabs cookie is stored in your browser in which the consents you have given or the revocation of these consents are recorded. These data are not shared with the provider of Borlabs Cookie. The collected data are stored until you request their deletion from us, delete the Borlabs cookie yourself, or the purpose of data storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on the data processing by Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/. The use of Borlabs Cookie consent technology is intended to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1) sentence 1(c) GDPR.

Server Log Files


The provider of this website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

These data are not merged with other data sources. The collection of these data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free display and optimization of the website—this requires the collection of server log files.

Contact Form


If you send us inquiries via the contact form, the information you provide in the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not share these data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was obtained. The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your inquiry has been processed). Mandatory statutory provisions—particularly retention periods—remain unaffected.

Inquiries via Email, Telephone, or Fax


If you contact us via email, telephone, or fax, your inquiry, including any personal data contained therein (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We do not share this data without your consent. The processing of this data is based on Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or necessary for pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively handling inquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR) if this was obtained. The data you send us via contact requests will remain with us until you request their deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after your request has been fully processed). Mandatory statutory provisions—particularly retention periods—remain unaffected.

Registration on This Website


You can register on this website to use additional features. The data you provide during registration is used solely for the purpose of using the specific service or feature for which you registered. The mandatory information requested during registration must be provided in full; otherwise, we will reject the registration. For important changes, such as changes to the scope of services or technically necessary updates, we will use the email address provided during registration to inform you. The processing of data provided during registration is carried out for the purpose of executing the user relationship established by the registration and, if applicable, for initiating further contracts (Art. 6(1)(b) GDPR). The data collected during registration will be stored as long as you remain registered on this website and will be deleted afterwards. Statutory retention periods remain unaffected.

5. Analysis Tools and Advertising
Google Tag Manager


We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager enables the management of website tags through a single interface. The Tag Manager itself (which implements the tags) does not process any personal data of users, according to Google. However, the service triggers other tags that may themselves collect and process data.

When you access our website, personal data such as your IP address and other device-related information may be transmitted to and stored on Google’s servers. Google may also process this data for its own purposes. Data may be transferred to the United States. We have no control over this data transmission. Google is certified under the EU-U.S. Data Privacy Framework.

The use of Google Tag Manager and the associated data processing is based on your consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time with future effect by accessing the cookie settings and disabling the relevant services. For more information on data protection at Google, please visit: https://policies.google.com/privacy.

Google Analytics


We use Google Analytics 4 on our website, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses cookies that enable an analysis of how visitors use our website. The information collected by means of these cookies about your use of this website is generally transmitted to and stored on Google servers in the United States. Google is certified under the EU-U.S. Data Privacy Framework. In Google Analytics 4, IP address anonymization is enabled by default. Due to IP anonymization, your IP address is shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.
During your visit to our website, your user behavior is recorded. This includes, in particular, page views, the first visit to the website, the start of the session, the web pages visited, interaction with the website, clicks on external links, internal search queries, interactions with videos, file downloads, ads viewed and clicked, your language settings, as well as your approximate location (region), the date and time of your visit, your IP address (in shortened form), technical information about your browser and the devices you use, your internet service provider, and the referrer URL (i.e., the website or advertising medium from which you accessed this website).

Google uses this information on our behalf to evaluate the pseudonymous use of the website by its visitors and to compile reports on website activity. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns. The data sent and linked to cookies is automatically deleted after a maximum of 14 months. The maximum lifetime of Google Analytics cookies is 2 years. The legal basis for this data processing is your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) sentence 1 TDDDG. You may withdraw your consent at any time with future effect by accessing the cookie settings and disabling the relevant services. For more information on data protection at Google, please visit: https://policies.google.com/privacy.

6. Newsletter
Newsletter Data


If you wish to receive the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and consent to receive the newsletter. Additional data is not collected or is collected only voluntarily. This data is used exclusively for sending the requested information and is not shared with third parties. The processing of data entered into the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can revoke the consent given for storing the data, the email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of data processing that has already taken place remains unaffected by the revocation. The data you provide for newsletter subscription is stored with us or the newsletter service provider until you unsubscribe from the newsletter and is deleted from the newsletter distribution list after unsubscription. Data stored for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider to prevent future mailings. The data in the blacklist is used solely for this purpose and is not merged with other data. This serves both your interests and our interest in complying with legal requirements when sending newsletters (legitimate interest pursuant to Art. 6(1)(f) GDPR). Storage in the blacklist is not limited in time. You may object to this storage if your interests override our legitimate interest.

7. Plugins and Tools
YouTube with Enhanced Privacy


This website embeds videos from YouTube. The operator of these pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store information about visitors to this website before they start watching a video. However, the enhanced privacy mode does not necessarily prevent data from being shared with YouTube partners. For instance, YouTube may establish a connection to the Google DoubleClick network regardless of whether you play a video. As soon as you start a YouTube video on this website, a connection is made to YouTube’s servers. The YouTube server is informed about which of our pages you visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account. In addition, YouTube may store various cookies on your device when a video is played. These cookies allow YouTube to collect information about visitors to this website. This information is used, among other things, to compile video statistics, improve user experience, and prevent fraud. The cookies remain on your device until you delete them. Additional data processing may be triggered after starting a YouTube video, over which we have no control. The use of YouTube is in the interest of presenting our online offerings in an engaging manner. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. If consent has been requested, processing occurs solely on the basis of Art. 6(1)(a) GDPR, and consent may be revoked at any time. For more information about privacy at YouTube, please refer to their privacy policy: https://policies.google.com/privacy?hl=de.

Vimeo


This website uses plugins from the video platform Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages equipped with a Vimeo plugin, a connection is established to Vimeo’s servers. The Vimeo server is informed about which of our pages you visited. Additionally, Vimeo obtains your IP address. This applies even if you are not logged into Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to Vimeo’s servers in the USA. If you are logged into your Vimeo account, you allow Vimeo to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Vimeo account. The use of Vimeo is in the interest of presenting our online offerings in an engaging manner. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. If consent has been requested, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time. For more information on how Vimeo handles user data, please see their privacy policy: https://vimeo.com/privacy.

Google Maps


This website uses the Google Maps service via an API. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. To use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The operator of this website has no control over this data transfer. The use of Google Maps is in the interest of presenting our online offerings in an appealing manner and making it easy to locate the places we list on the website. This constitutes a legitimate interest under Art. 6(1)(f) GDPR. If consent has been requested, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR; consent may be revoked at any time. For more information about how Google handles user data, please see Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA


We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. reCAPTCHA is used to verify whether the data entered on this website (e.g., in a contact form) is submitted by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as a visitor enters the website. reCAPTCHA evaluates different information during the analysis (e.g., IP address, duration of the visitor’s stay on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place. The storage and analysis of the data is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scanning and spam. If consent has been requested (e.g., consent to store cookies), processing occurs exclusively on the basis of Art. 6(1)(a) GDPR; consent can be revoked at any time.
For more information about Google reCAPTCHA, please see Google’s privacy policy and terms of service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

8. eCommerce and Payment Providers
Data Transfer When Concluding a Contract for Online Shops, Retailers, and Goods Shipment


We only transfer personal data to third parties if this is necessary for processing the contract, such as to companies responsible for delivering the goods or to the financial institution handling the payment. Any further transfer of data does not occur unless you have expressly consented to it. Your data will not be shared with third parties for purposes such as advertising without your explicit consent. The legal basis for processing this data is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Data Transfer When Concluding a Contract for Services and Digital Content


We only transfer personal data to third parties if this is necessary for processing the contract, for example to the financial institution handling the payment. Any further transfer of data does not occur unless you have expressly consented to it. Your data will not be shared with third parties for purposes such as advertising without your explicit consent. The legal basis for processing this data is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

Use of an External Customer Relationship Management System (CRM)

We use a customer relationship management system to process contracts, consisting of various applications from the Zoho ONE business software suite, in particular Zoho CRM, Zoho Books, and Zoho Campaigns. The provider is Zoho Corporation Pvt. Ltd., Estancia IT Park, Plot No. 140–151, GST Road, Vallancherry Village, Chengalpattu Taluk, Kanchipuram District 603 202, India (hereinafter “Zoho”) within the framework of order processing. For this purpose, the personal data collected during the order process is transferred to Zoho Corporation Pvt. Ltd. – Datacenter Europe, GDPR compliant. Zoho CRM allows us, among other things, to manage existing and potential customers and customer contacts, as well as to organize sales and communication processes. The use of the CRM system also enables us to analyze and optimize our customer-related processes. Customer data is stored on Zoho CRM servers. The use of Zoho CRM is based on our legitimate interest in the most efficient customer management and communication possible, in accordance with Art. 6(1)(f) GDPR. If consent has been requested, processing occurs exclusively on the basis of Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) under the TTDSG. Consent can be revoked at any time. A corresponding contract for order processing exists with Zoho, ensuring the security and confidentiality of the data. Zoho may process personal data outside the European Union. In doing so, Zoho ensures an adequate level of data protection through the use of EU standard contractual clauses and additional organizational measures. For more information, see: https://www.zoho.com/privacy.html and https://www.zoho.com/gdpr.html.

Stripe


On this website, we offer payment via the services of Stripe. The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”). When making a payment via Stripe, your payment data is transmitted via an interface on our website to Stripe in order to process the payment. Details can be found in Stripe’s privacy policy: https://stripe.com/de/privacy. The transmission of your data to Stripe is based on Art. 6(1)(b) GDPR (contract execution) and our legitimate interest in using reliable and secure payment processes (Art. 6(1)(f) GDPR).

PayPal


On this website, we also offer payment via PayPal. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). If you choose to pay via PayPal, the payment data you enter is transmitted to PayPal. The transmission of your data to PayPal is based on Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for contract execution). You may revoke your consent to data processing at any time. The revocation only applies to future data processing and does not affect the lawfulness of processing performed in the past.

Sofortüberweisung


On this website, we offer payment via Sofortüberweisung. The provider of this payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “Sofort GmbH”). Using Sofortüberweisung, we receive a real-time payment confirmation from Sofort GmbH, allowing us to start fulfilling our obligations immediately. When you choose Sofortüberweisung, you transmit your PIN and a valid TAN to Sofort GmbH, enabling them to log into your online banking account. Sofort GmbH automatically checks your account balance and executes the transfer to us using the TAN you provided. You also consent to an automated check of your account transactions, overdraft limit, and the existence and balances of any other accounts. In addition to PIN and TAN, other payment and personal data are transmitted to Sofort GmbH, including first and last name, address, phone number(s), email address, IP address, and any additional data necessary for processing the payment. This data transmission is required to verify your identity and prevent fraud. The transmission of your data to Sofort GmbH is based on Art. 6(1)(a) GDPR (consent) and Art. 6(1)(b) GDPR (processing for contract execution). You can withdraw your consent at any time, which affects future data processing but does not retroactively impact the lawfulness of past processing. Further details about Sofortüberweisung can be found here: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/

9. Audio and Video Conferencing
Data Processing

For communication with our customers, we use, among other things, online conferencing tools. The specific tools we use are listed below. When you communicate with us via video or audio conference over the Internet, your personal data will be collected and processed by both us and the provider of the respective conferencing tool. The conferencing tools record all data that you provide or make available for using the tools (e.g., email address and/or phone number). Additionally, the conferencing tools process the duration of the conference, start and end times of participation, the number of participants, and other “context information” related to the communication process (metadata). Furthermore, the tool provider processes all technical data necessary to conduct online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and type of connection. If content is exchanged, uploaded, or otherwise made available within the tool, it will also be stored on the servers of the tool provider. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during use of the service. Please note that we do not have full control over the data processing carried out by the tools used. Our capabilities are largely determined by the provider’s company policies. For more information on data processing by the conferencing tools, please refer to the privacy policies of the respective tools, which we have listed below.

Purpose and Legal Basis

The conferencing tools are used to communicate with prospective or existing contractual partners or to provide certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of these tools serves to generally simplify and expedite communication with us or our company (legitimate interest pursuant to Art. 6(1)(f) GDPR). Where consent has been obtained, the use of the respective tools is based on this consent; such consent can be withdrawn at any time with effect for the future.

Retention Period

The data directly collected by us via the video and conferencing tools will be deleted from our systems as soon as you request deletion, withdraw your consent for storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. We have no influence over the retention period of your data stored by the providers of the conferencing tools for their own purposes. For details, please refer directly to the privacy policies of the respective conferencing tool providers.

Conferencing Tools Used

We use the following conferencing tools:

Zoom


We use Zoom. The provider of this service is Zoom Communications Inc., 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. Zoom is certified under the EU–U.S. Data Privacy Framework. Further information can be found at: https://www.dataprivacyframework.gov/.
For details on data processing, please refer to Zoom’s privacy policy: https://zoom.us/de-de/privacy.html.
Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with the provider of Zoom and fully comply with the strict requirements of the German data protection authorities when using Zoom.

TeamViewer


We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. For details on data processing, please refer to TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with the provider of TeamViewer and fully comply with the strict requirements of the German data protection authorities when using TeamViewer.

WebinarJam


We use WebinarJam. The provider is Genesis Digital LLC, 4730 S. Fort Apache Rd., Suite 300, Las Vegas, NV 89147, USA. Data transfers to the United States are based on the Standard Contractual Clauses (SCCs) of the European Commission. Further details can be found here: https://home.webinarjam.com/dpa. For details on data processing, please refer to the WebinarJam privacy policy: https://webinarjam.com/privacy-policy/.
Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with the provider of WebinarJam and fully comply with the strict requirements of the German data protection authorities when using WebinarJam.

10. Our Social Media Presence
Data Processing by Social Networks


We maintain publicly accessible profiles on social networks. The social networks we use in detail are listed below. Social networks such as Facebook, Twitter, and others can generally analyze your user behavior when you visit their website or a website with integrated social media content (e.g., Like buttons or advertising banners). Visiting our social media profiles triggers various data processing activities that are relevant to data protection. If you are logged into your social media account and visit our social media presence, the operator of the social media platform may associate this visit with your account. Your personal data may also be collected if you are not logged in or do not have an account with the respective social media platform. This data collection can occur, for example, via cookies stored on your device or by recording your IP address. Using the data collected in this way, social media operators can create user profiles containing your preferences and interests. This allows them to display interest-based advertising both on and off the respective social media platform. If you have an account with the respective social network, interest-based advertising may be displayed on all devices where you are or have been logged in. The processing of your data is based on our legitimate interests (Art. 6(1)(f) GDPR) in operating and promoting our social media presence. You have the right to object to this processing at any time, and you can manage your privacy and ad settings directly through the social network provider. Please note that we cannot fully track all processing activities performed by social media operators. Depending on the provider, additional processing operations may occur. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal Basis


Our social media presence is intended to ensure the widest possible visibility on the Internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Analysis processes initiated by the social networks may be based on different legal grounds, which are specified by the operators of the respective social networks (e.g., consent under Art. 6(1)(a) GDPR).

Controller and Exercising Your Rights


When you visit one of our social media profiles (e.g., Facebook), we act jointly with the operator of the social media platform as controllers for the data processing activities triggered by this visit. You may generally exercise your rights (access, rectification, erasure, restriction of processing, data portability, and lodging a complaint) both with us and with the operator of the respective social media platform (e.g., Facebook). Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing activities of the social media platforms. Our influence is largely determined by the policies of the respective provider.

Retention Period


Data collected directly by us through our social media presence will be deleted from our systems as soon as the purpose for storage no longer applies, you request deletion, you revoke your consent to storage, or the purpose for data storage no longer exists. Stored cookies remain on your device until you delete them. Mandatory legal provisions, in particular retention periods, remain unaffected. We have no influence over the retention period of your data stored by the operators of the social networks for their own purposes. For details, please refer directly to the operators of the respective social networks (e.g., in their privacy policies, see below).

Social Networks in Detail

Facebook


We maintain a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the data collected may also be transferred to the USA and other third countries. You can adjust your advertising settings directly in your user account by clicking the following link and logging in: https://www.facebook.com/settings?tab=ads. For details on how Facebook processes your personal data, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

XING


We maintain a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how XING processes your personal data, please refer to XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn


We maintain a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU–U.S. Data Privacy Framework. Further information can be found here:
https://www.linkedin.com/help/linkedin/answer/a1343190. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For further details on how LinkedIn handles your personal data, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.

11. Single Sign-On Service

We use a centralized Single Sign-On service to perform updates and to manage our products.
This Single Sign-On service is hosted by DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor, New York, NY 10013, USA.
DigitalOcean acts as a data processor within the meaning of Art. 28 GDPR. We have concluded a Data Processing Agreement (DPA) with DigitalOcean to ensure the security and confidentiality of personal data. Your personal data is generally stored and processed on servers located within the European Union. However, we would like to point out that our service provider DigitalOcean is a U.S. company. Despite the servers being located in the EU, it cannot be excluded that U.S. authorities may, in individual cases, request access to your data based on applicable legal provisions (e.g., the U.S. CLOUD Act) or that DigitalOcean may process personal data outside the European Union.
DigitalOcean is contractually obligated to challenge any overly broad or inappropriate request from a governmental authority, particularly if such request conflicts with EU law or the laws of EU Member States. Nevertheless, there remains a potential risk of access by third parties outside the EU, which, under applicable data protection principles, must be considered a transfer to a third country.
DigitalOcean ensures an adequate level of data protection through the use of EU Standard Contractual Clauses (SCCs) as well as additional organizational measures.
Further information can be found at: https://www.digitalocean.com/legal/privacy-policy.
To manage and provide our products, we also use the services Zoho Books and Zoho CRM provided by Zoho Corporation GmbH, II. Hagen 7, 45127 Essen, Germany, a subsidiary of Zoho Corporation Pvt. Ltd., India.
Our Single Sign-On service is connected to Zoho Books in order to automatically synchronize accounting and customer data. As part of an initial data transfer, customer data is transmitted from Zoho CRM to Zoho Books.
We have concluded a Data Processing Agreement (DPA) with Zoho to ensure the security and confidentiality of personal data. Zoho processes personal data partly outside the European Union. In doing so, Zoho ensures an adequate level of data protection through the use of EU Standard Contractual Clauses (SCCs) as well as additional organizational measures.
Further information can be found at: https://www.zoho.com/privacy.html.

Data Processing


In connection with registration, license verification, permission management, the provision of software and content updates, as well as optional synchronization and backup functions, we process the following categories of data:

  • customer data, including name, address, email address, customer number, contract information, billing and payment data
  • login data, including username, password hash, and two-factor authentication
  • device and hardware data, including serial number, device ID, and technical characteristics of the end device
  • license and usage data, including license status, permissions, purchased content, and update history
  • synchronization and backup data, including end-to-end encrypted backups and key metadata
  • transaction data
  • content or data exchanged between customers (e.g., between therapist and patient).
Purpose


The purposes of processing this data are to ensure the proper identification of the customer and the end device used by the customer, to verify licenses and manage permissions, to provide software updates, backups, content, and customer-purchased extensions, to synchronize encrypted content and keys with the customer’s device, and to enable efficient business operations.

Legal Basis


The legal bases for processing this data are the performance of a contract in accordance with Art. 6(1)(b) GDPR for the use of the Single Sign-On service, license verification, and the provision of updates, backups, content, and customer-purchased extensions; our legitimate interest in accordance with Art. 6(1)(f) GDPR for system and data security, abuse prevention, and efficient business operations; our legal obligations in accordance with Art. 6(1)(c) GDPR with regard to invoicing and compliance with commercial and tax law requirements; and the customer’s consent in accordance with Art. 6(1)(a) GDPR for the use of optional backup or synchronization functions.

Retention Period


Personal data is stored as long as an active customer account exists or as required by statutory retention periods. After the end of use, we retain the data for a period of one month following the termination of the contract. Subsequently, this personal data is deleted or anonymized, unless statutory retention obligations (e.g., 6–10 years according to the German Commercial Code (HGB) and Fiscal Code (AO) for certain documents) or our legitimate interests (e.g., assertion, exercise, or defense of legal claims) prevent deletion. Backups and temporary synchronization data are automatically deleted no later than three months after creation.

(last updated: March 12, 2026)

TimeWaver Home GmbH

Darritzer Str. 6 – Schloss Kränzlin

16818 Kränzlin

Local Court Neuruppin, HRB 8954 NP

CEO: Babak Jafarian

Information about your right to object


 pursuant to Art. 21 General Data Protection Regulation (GDPR)

  1. Right to object on grounds relating to your particular situation
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision within the meaning of Art. 4(4) GDPR that we use for advertising purposes. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.
  2. Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to carry out direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

    The objection may be made in any form and should preferably be addressed to:

    TimeWaver Home GmbH

    Darritzer Str. 6 – Schloss Kränzlin
    
16818 Kränzlin
    datenschutz@timewaver.com 

Free Online
Presentation:

Book now!