IMPRINT

1 RESPONSIBLE

responsible according to Art. 4 para. 7 DS-GVO is

troodi GmbH
Lichtstr. 25
50825 Köln

2 YOUR RIGHTS

• You have the following rights regarding your personal data:
• Right to receive a copy of your stored data,
• Right to rectification,
• Right to delete your data,
• Right to restriction of processing,
• Right to objection to processing,
• Right to data portability.
• You also have the right to complain to a data protection authority about your personal data processed by us.

3 PROCESSING WHEN VIEWING OUR WEBSITES (TROODI.DE AND GROW.TROODI.DE)

3.1 Web server log file

When you visit our websites, information is automatically sent to our website servers by the browser used on your terminal device and stored in a log file.

3.1.1 Purpose

The aforementioned data is processed by us for the following purposes:

• Ensuring a smooth connection setup with the websites,
• Ensuring a comfortable use of our websites,
• Evaluation of system security and stability.

3.1.2 Legal basis

The legal basis for this processing is our legitimate interest according to Art. 6 para. 1 DS‑GVO.

3.1.3 Types of Data

The web server’s log file records which page views occurred and when. It contains the following data: IP address, directory protection user, date, time, accessed pages, logs, status code, amount of data, referrer, user agent, accessed hostname. The IP address is logged only if no hostname could be resolved. In the log file, the host name or IP address is anonymized. The first nine bits of the IP address of the entry are converted into a hash value. Thus, the IP address 123.123.123.123 would become the anonymized IP address 123.123.122.243. An anonymized IP address retains its validity for a maximum of 24 hours. After that, the same source IP address would become another anonymized IP address.

3.1.4 Storage period

Entries in the web server log file are deleted after six weeks.

3.1.5 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• Our website is hosted by a European service provider. The servers of the service provider are located exclusively in Europe.

3.1.6 Possibility of objection

You have the right to object to this processing of your personal data in accordance with Article 21 DS-GVO, given that there are reasons for doing so that arise from your particular situation. If you would like to exercise your right to object, please contact us. We would be pleased if you chose to contact us for this purpose via e-mail, as this is the fastest way for us to process your request.

3.2 Session cookies

To identify a user, we use the _contract_platform_session cookie and to secure a request to our server (cross-site request forgery), we use the session cookies XSRF-PARAM and XSRF-TOKEN.

3.2.1 Purpose

Identification of the user and securing the request to our server.

3.2.2. Legal basis

The legal basis for this processing of your data is Art. 6 para. 1 DS-GVO.

3.2.3 Types of data

No data is collected via the session cookie.

3.2.4 Recipients

There is no storage of data on our web space.

3.2.5 Storage period

The session cookie is automatically deleted when your browser session, i.e. your website visit, ends.

3.3. IMAGE PROCESSING WITH CLOUDINARY

3.3.1 Purpose

We use Cloudinary as a processing service for the images displayed on the websites, which are delivered by Cloudinary in the appropriate size and quality.

3.3.2. Legal basis

The legal basis for this processing of your data is Art. 6 para. 1 DS-GVO.

3.3.3 Types of data

Cloudinary does not set cookies. However, the following data is requested when calling up image files on our website: anonimized IP address, browser version used, device specification.

3.3.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• The servers of the service provider are located in the USA and are subject to the DS-GVO on a voluntary basis.

3.4. IMAGE PROCESSING WITH SHORTPIXEL

3.4.1 Purpose

We use ShortPixel as a processing service for the images displayed on the websites, which are delivered by ShortPixel in the appropriate size and quality.

3.4.2. Legal basis

The legal basis for this processing of your data is Art. 6 para. 1 DS-GVO.

3.4.3 Types of data

ShortPixel establishes a connection to the browser you are using. Through this, ShortPixel obtains knowledge that our website was accessed via your IP address.

3.4.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

4 SPECIFICATION OF DATA PROCESSING ON TROODI.DE

4.1 Web analysis with Matomo

4.1.1 Purpose

This website uses the web analysis tool Matomo to analyze the use of our website so that we can continuously optimize it.

4.1.2 Legal basis

The legal basis for the use of Matomo is our legitimate interest according to Art. 6 para. 1 DS‑GVO.

4.1.3 Types of data

• Matomo sets a session cookie and a persistent cookie.
• The information generated by the cookie about website usage is transmitted to our server and summarized in pseudonymous usage profiles, as our website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are shortened to one byte and a direct reference to a person can thus be excluded.
• The IP address transmitted by your browser via Matomo is not merged with other data we collect about you.

4.1.4 Recipient

• The information collected via the persistent cookies created with Matomo is stored by us on a server in Germany. The information is not transmitted to third parties.
• Our website is hosted by a German service provider as an order processor. The service provider’s servers are located exclusively in Germany. Apart from us, only our IT service provider has access to the server as an order processor.

4.1.5 Storage period

• The session cookie set by us with Matomo is automatically deleted after the end of your browser session.
• The persistent cookie set by us with Matomo is automatically deleted after one year.

4.1.6 Option to object

You can configure your browser setting according to your preferences and refuse to accept cookies and also delete them at any time.

4.2 WordPress session cookie

4.2.1 Purpose

The WordPress content management system we use sets a session cookie.

4.2.2 Legal basis

The legal basis for this processing of your data is Art. 6 para. 1 DS-GVO.

4.2.3 Types of data

No data is collected via the session cookie.

4.2.4 Recipient

The information collected via the session cookie is stored on the server of our web space. Our web space is hosted by a German service provider as an order processor. The service provider’s servers are located exclusively in Germany. Apart from us, only our IT service provider has access to the server as an order processor.

4.2.5 Storage period

The session cookie is automatically deleted when your browser session, i.e. your website visit, ends.

4.2.6 Option to object

You can configure your browser setting according to your wishes and exclude the acceptance of session cookies.

5 SPECIFICATION OF DATA PROCESSING ON GROW.TROODI.DE

5.1 User data

To use the digital learning platform grow.troodi.de, you need a demo or user account. For this purpose, personal data is collected from you on a voluntary basis.

5.1.1 Types of data

To create a demo or user account, the following personal data is collected: First and last name, e-mail address, company, position, telephone number, personal password for grow.troodi.de.

5.1.2 Legal basis

The legal basis for this processing is our legitimate interest according to Art. 6 para. 1 DS‑GVO.

5.1.3 Storage period

Personal data within the scope of a demo account will be deleted 6 weeks after the account has been terminated by sending an e-mail to info@troodi.de. Personal data within the scope of a user account will be deleted after 2 years after termination by sending an e-mail to info@troodi.de.

5.1.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• Our website is hosted by a European service provider. The servers of the service provider are located exclusively in Europe.

5.2 Processor according to Art. 28 DS-GVO:

5.2.1 Quiz creation and processing

For the creation of the quizzes and the collection of the data, we use the service “Typeform”. This service is provided by TYPEFORM S.L., Carrer Bac de Roda, 163, 08018 Barcelona (“Typeform”).

5.2.1.1 Purpose

Evaluation of quizzes of learning programs to illustrate the learning progress of a user.

5.2.1.2 Legal basis

The legal basis is Art. 6 para. 1 DSGVO.

5.2.1.3 Types of data

Through the connection to Typeform established when our website is viewed, Typeform can determine the following data: anonymized user name, quiz results, assignment to learning program progress. You can find more information about “Typeform” at: https://admin.typeform.com/to/dwk6gt.

5.2.1.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• Our website is hosted by a European service provider. The servers of the service provider are located exclusively in Europe.

5.2.2 Display of quiz results

For the documentation of the quiz result, a PDF creation service is available to you. Here, a certificate is created based on the quiz result. The service used to create the PDF is PDFShift from PDFShift S.A.S. Software, Inc.

5.2.2.1 Purpose

Certificate creation for storage and printing by the user.

5.2.2.2 Legal basis

The legal basis is Art. 6 para. 1 DSGVO.

5.2.2.3 Types of data

By making use of the PDF creation service, the following data is collected: First and last name, quiz results in the form of the achieved score.

5.2.2.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• Our website is hosted by a European service provider. The servers of the service provider are located exclusively in Europe.

5.2.3 Messenging platform

To communicate with you on grow.troodi.de, we use Intercom as a messaging platform. For this purpose, Intercom sets the following cookie: intercom-session-shs763lq with a duration of 7 days.

5.2.3.1 Purpose

Direct processing of support requests and direct communication with a user.

5.2.3.2 Legal basis

The legal basis is Art. 6 para. 1 DSGVO.

5.2.3.3 Types of data

By using support function the following data is collected: First and last name, e-mail address, e-mail history and chat history.

5.2.3.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• The servers of the service provider are located in the USA and are subject to the DS-GVO on a voluntary basis.

You can configure your browser setting according to your wishes and exclude the acceptance of intercom cookies. In this case, the chat function will not be available to you.

5.2.4 Video display

For the provision of videos, we use Vimeo of Vimeo Inc.

5.2.4.1 Purpose

Smooth display of embedded videos.

5.2.4.2 Legal basis

The legal basis is Art. 6 para. 1 DSGVO.

5.2.4.3 Types of data

The following data is collected when a video is viewed: anonymized IP address, page history. For this purpose, the following cookies are set by Vimeo to display the videos:

• vuid: Collects data about your visit and the accessed pages, storage period is 2 years.
• Player: Stores your default setting when playing embedded videos from Vimeo, storage period is 1 year.

5.2.4.4 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• The servers of the service provider are located in the USA and are subject to the DS-GVO on a voluntary basis.

5.2.5. Payments

We use the Stripe service of the payment service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland (hereinafter “Stripe”) to process payments via our website.

5.2.5.1 Purpose

Processing payments from the purchase of licenses for our learning programs via our online order form.

5.2.5.2 Legal basis

The legal basis is Art. 6 para. 1 DSGVO.

5.2.5.3 Types of data

Your personal contact data and bank data or payment information are processed.

5.2.5.4 Recipients

Stripe discloses personal data to third parties in order to offer and perform its services. For more information on the type, scope, recipients and purposes of data processing, please refer to Stripe’s privacy policy at https://stripe.com/de/privacy, see also https://stripe.com/de/privacy#translation.”

5.2.6. Adding a certificate to the LinkedIn profile

Plugins of the social network LinkedIn of the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter “LinkedIn”) are integrated on this website. You can recognize the LinkedIn plugins from the LinkedIn logo or the “Add to Profile” button on this website. When you visit this website, a direct connection is established between your browser and the LinkedIn server via the plugin. LinkedIn thereby receives the information that you have visited this website with your IP address. If you click the LinkedIn “Add-to-profile” button while logged into your LinkedIn account, you can link the content of this website to your LinkedIn profile. This allows LinkedIn to associate your website visit with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn’s privacy policy. LinkedIn provides this information under this following link: https://de.linkedin.com/legal/privacy-policy?.

5.2.7. Webanalysis with Matomo

5.2.7.1 Purpose

This website uses the web analysis tool Matomo to analyze the use of our website so that we can continuously optimize it.

5.2.7.2 Legal basis

The legal basis for the use of Matomo is our legitimate interest according to Art. 6 para. 1 DS‑GVO.

5.2.7.3 Types of data

Matomo sets a session cookie and a persistent cookie. The information generated by the cookie about website usage is transmitted to our server and summarized in pseudonymous usage profiles, as our website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are shortened to one byte and a direct reference to a person can thus be excluded. The IP address transmitted by your browser via Matomo is not merged with other data we collect about you.

5.2.7.4 Recipient

The information collected via the persistent cookies created with Matomo is stored by us on a server in Germany. The information is not transmitted to third parties. Our website is hosted by a German service provider as an order processor. The service provider’s servers are located exclusively in Germany. Apart from us, only our IT service provider has access to the server as an order processor.

5.2.7.5 Storage duration

The session cookie set by us with Matomo is automatically deleted after the end of your browser session. The persistent cookie set by us with Matomo is automatically deleted after one year.

5.2.7.6 Option to object

You can configure your browser setting according to your preferences and refuse to accept cookies and also delete them at any time.

6 CONTACT BY E-MAIL, TELEPHONE AND CONTACT FORM, VALID FOR TROODI.DE AND GROW.TROODI.DE

6.1.1 Purpose

We can be reached by you via the contact form on our website, by telephone and via our e-mail address provided on the website in order to answer your questions.

6.1.2 Legal basis

The legal basis for this processing of your data is Art. 6 para. 1 DS-GVO.

6.1.3 Types of data

When you contact us by e-mail, the data you provide (e.g., your e-mail address, your name) will be stored by us in order to answer your questions.

6.1.4 Storage period

We delete the data accruing in this context after storage is no longer required to answer your inquiry, or restrict processing if there are legal retention obligations. Data with questions that do not lead to a business transaction will be deleted after we have answered your inquiry. Data leading to a business transaction will be retained for six years in accordance with the statutory retention periods.

6.1.5 Recipients

We use a service provider as an order processor for hosting our e-mail server. The e-mail server is located in Germany. If you contact us via e-mail, your e-mail will be received on this server. Apart from us, only our server hoster and our IT service provider have access to the e-mail server as order processors. They are bound to confidentiality.

7 PURCHASE PROCESSING BY E-MAIL FOR TROODI.DE AND GROW.TROODI.DE

7.1.1 Purpose

You can purchase our products via e-mail.

7.1.2 Legal basis

The legal basis for this processing of your data is Art. 6 para. 1 DS-GVO.

7.1.3 Types of data

During your purchase, we collect the following data directly from you: First and last name, e-mail address, telephone number, contact details, billing address (street, house number, postal code, city, state, country), bank details and VAT number. As part of our customer management, we assign you a customer number and customer type and create your sales history with contract and sales data.

7.1.4 Storage period

Documents are stored for six years in accordance with the statutory retention periods.

7.1.5 Recipients

• The aforementioned data will not be forwarded by us to third parties, unless the forwarding is required in accordance with Art. 6 para. 1 DS-GVO for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
• We use a service provider as a processor for hosting our e-mail server and web space. The servers are located in Europe. If you buy our products via e-mail, your e-mail will go to this server. Apart from us, only our IT service provider has access to the server as an order processor.
• We also use an external service provider as a processor for our accounting. The invoice data is processed in a cloud of this service provider. The servers of this cloud are located in Germany.

8 NEWSLETTER REGISTRATION

• We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients. For the newsletter dispatch we use the MailerLite component. MailerLite is a service provided by MailerLite UAB, a European company based in Lithuania, which is subject to and applies the GDPR.
• Data (email address, name if applicable, date and time of registration) is transferred to a server of the company MailerLite UAB in Lithuania and stored there in compliance with European data protection regulations. MailerLite uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailerLite may use this data to optimize its own services. However, MailerLite does not use this data to address them itself or to pass it on to third parties. The legal basis for the processing of this data is your consent pursuant to Art. 6 para. 1 p. 1 a) GDPR. You can revoke your consent at any time, thus causing the deletion of your data. For more information on data protection at MailerLite, please visit: mailerlite.com/legal/privacy-policy.
• If you have expressly consented, we will use your email address and voluntary personal information to send you our newsletter on a regular basis. To receive our newsletter, it is sufficient to provide an e-mail address. The additional voluntary information about you is only used to personalize the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter. By doing so, you simultaneously revoke your consent to the storage of your data.

9 SOCIAL MEDIA

• Our website uses the conversion tool “LinkedIn Insight Tag” from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser, which enables the collection of the following data: IP address, device and browser properties, and page events (e.g. page views). This data is encrypted, anonymized within seven days, and the anonymized data is deleted within 90 days. LinkedIn does not share any personal data with us, but offers anonymized reports on website audience and ad performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Troodi can use this data to display targeted advertising outside of their website without identifying you as a website visitor. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
• Troodi uses the conversion tool “LinkedIn Pixel” in the form of a JavaScript tag from LinkedIn Ireland Unlimited Company. The pixel creates a cookie in your web browser, which enables the collection of, among other things, the following data: IP address, device and browser properties, and page events (e.g. page views). LinkedIn does not share any personally identifiable information with us, but provides anonymized reports on website audience and ad performance. You have the option to disable cookies in your browser.
  •  

You can find more information on data protection on LinkedIn in the LinkedIn privacy policy.