Data protection and privacy is very important to us, toleadoo GmbH (hereinafter "toleadoo GmbH" or "we"), Am Unisys-Park 1, 65843 Sulzbach (Taunus), Germany, represented by the Managing Director Mr. Jürgen Böttcher. In our position as data controller we would like to inform you of the nature, scope, and purposes of any collection, storage, transfer, and/or use of personal data, complying in the process, already at this time, with the specifications of the EU General Data Protection Regulation (GDPR). For this reason, the relevant standards are already mentioned at this time in this data protection and privacy statement. You can contact us anytime either via our postal address or by e-mail at the following address: firstname.lastname@example.org.
You can reach our data protection officer at: email@example.com.
This statement provides you with information on all aspects of our offering that are relevant in terms of data protection and privacy, particularly:
If you utilise our offering and/or use our website by filling out the entry fields and/or contact us and/or merely visit our website, we may collect personal data as follows:
Further data – such as, in particular, local times, time zones, and usage data – may also be stored in addition to the data specified above.
Statistical data may be collected and used in the case of a visit to our website. “Statistical data” means, among other things, data regarding the use of a particular Internet browser and the browser version.
The data collected during registration to the prize draw is used to conduct the prize draw, determine the winner, handle the awarding of prizes and notify the winner and transmit the prize (Article 6(1)(b) GDPR).
If, after the conclusion of the prize draw, declarations of intent for purchase, service, or other contracts with external companies are received, the data collected, where applicable, and further data collected on a contract-specific basis will be disclosed to the external company or companies in question. Otherwise those companies cannot use the data to establish or perform a contract or contracts (Article 6(1)(b) and (f) GDPR).
Based on the participation agreement that is entered into and in the event of an online participation in a prize draw, toleadoo will collect and process your personal data. This agreement requires that you provide your personal data if and insofar as you wish to participate in our prize draw offering. The data processing takes place for both our own direct marketing (Article 6(1)(b) GDPR) as well as for our sponsors to also enable them to engage in individual, demand-driven direct marketing that is tailored to you via the channels of e-mail, push notifications, mail, phone, and text message (Article 6(1)(b) GDPR).
Processing your personal data would be in accordance with declaration of consent for advertising and marketing purposes, via phone, text messages, email, push notifications, mail and/or the disclosure of data for direct marketing purposes for the mentioned sponsors of the prize draw that may have been issued separately; this also takes place within the scope of our legitimate interests as established by your relevant consent (Article 6(1)(f) GDPR).
toleadoo assumes that the consent to receive advertising by phone, text message, e-mail, push notifications and mail from us and our sponsors, which is to be declared separately, also constitutes consent for purposes of data protection and privacy law to the processing of your personal data with the result that – in addition – the relevant, aforementioned data processing is also permitted pursuant to (Article 6(1)(a) GDPR).
Possible sectors that you may expect to receive advertisement about are:
|Industry Sector||include, but not limited to|
|Charity||e.g. animal welfare, disaster relief, children’s medical, elderly, environmental, health|
|Gaming||e.g. bingo, betting, competitions, lottery|
|Leisure||e.g. food & drink, events, museums, cinema|
|Financial Products||e.g. pensions, banking, credit cards, investments, loans, mortgages|
|Insurance||e.g. car, home, life, medical, pet, income protection, travel, warranty products|
|Health / Lifestyle||e.g. fitness, beauty, opticians, hearing, care homes, mobility, leisure, pharmaceuticals|
|Home Improvements||e.g. house moving, blinds & curtains, insulation, boilers, conservatories, doors & windows, extensions, gardens, solar panels.|
|Funeral Plans||e.g. to arrange and pay for a funeral in advance|
|Legal Services||e.g. claims, will writing, will reviews|
|Mail Order||e.g. catalogues, online retailers|
|Market Research||e.g. to gather information about consumers' opinions and preferences|
|Media||e.g. online, television, radio, newspapers, magazines|
|Retail||e.g. online retail, electrical goods, comparison sites, discounts, FMCG, automotive, home improvement|
|Telecoms||e.g. landline, mobile phones, broadband, digital TV|
|Travel||e.g. holidays, city breaks, airlines, UK breaks, accommodation|
|Utilities||e.g. gas & electricity switching, other household utilities such as water|
It may be the case that an analysis of your affinities, interests, and preferences is performed before the data is used for direct marketing and/or disclosed to sponsors. To this end, the answers that you will provide after registering to the prize draw may also be analysed, and a profile may be established in order to enable more targeted performance of direct marketing measures by us and our sponsors, if any (Article 6(1)(f) GDPR).
Using the data obtained, particularly those from our surveys following the prize draw registration page, we will create a “user profile” of you in order to be able to offer you an interest-driven service that is geared towards your individual needs and requirements. By creating this profile, we may categorise personal aspects, such as your interests and preferences, thorugh automated processing of your data in order to make it possible for both us and our sponsors to send you exclusive advertising and offers that match you profile.
toleadoo frequently receives – provided that your end device supports this function – confirmation of which e-mails from us you open and how you proceed with the e-mail. This helps us to understand your interests and supports us in making the offers more useful interesting, tailor-made to you in the future (Article 6(1)(f) GDPR).
Assertion, if any, of your rights (Article 6(1)(c) and (f) GDPR) as provided in Sec. 5 of this data protection and privacy statement also leads to collection and processing of your personal data.
Disclosure of your personal data may take place in cases in which we are under a legal obligation of disclosure (Article 6(1)(c) GDPR) or to the extent that disclosure should be necessary to enforce other rights/demands or for purposes of legal defense, if and insofar as these are based on the legitimate interests of the organiser or other third parties (Article 6(1)(f) GDPR). The same applies in the event of (also partially) purchase or sale of business assets and/or other assets, in the event that our business is otherwise acquired by a third party, in the event of initiation of insolvency proceedings, or if a request for initiation of insolvency proceedings is denied for lack of sufficient assets (Article 6(1)(f) GDPR).
a) We store your personal data within the European Economic Area.
However, in agreement with the sponsors named in the prize draw’s sponsor list, which also shows the respective country of the establishment as the destination location for any transfer of data, it is also possible that data will be transferred to “third countries.” Third countries are countries located outside the European Union. With regard to such data transfers, we point out that with regard to all of the destination countries mentioned in the sponsor list, a secure transfer within the scope of EU specifications on data protection and privacy is ensured. The European Commission has issued corresponding adequacy decisions for the third countries of Andorra, the Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, Canada (commercial organisations), and Switzerland. These decisions confirm that based on their own domestic legal provisions or international obligations, the aforementioned third countries ensure an adequate level of protection of personal data. To the extent that datasets are transferred to third countries, for which an adequacy decision has not yet been issued, we have entered into contracts based on the standard clauses issued by the EU. These standard clauses were published by the EU to ensure the relevant level of protection - with the corresponding partners that are based or headquartered in these countries. These agreements ensure adequate and uniform protection of data at the level provided by European specifications. You can review the content of these agreements here.
In addition, we would like to draw your attention to the fact that, after registration, it is possible to accept offers provided by Sovendus GmbH. However, a data transfer in this context arises out of so-called prefilling. In this regard, the information you provide during the registration process will be used to fill in the information fields on the Sovendus website. However, data transfer to Sovendus GmbH will not take place until you confirm it by clicking on the appropriate button and submit it yourself. In this context, the following privacy notices apply:
Voucher offers of Sovendus GmbH: In order to select a currently interesting voucher offer for you, we will transmit your pseudonymised hash value of your e-mail address and your IP-address in encrypted form to Sovendus GmbH, Moltkestrasse 11, D-76133 Karlsruhe (Sovendus) (Art. 6 par. 1 f GDPR). The pseudonymised hash value of your e-mail address is used to consider a possibly existing objection to receive offers from Sovendus (Art. 21 par.3, Art. 6 par. 1 c GDPR). The IP-address will be exclusively used for data security purposes and as a rule the same will be anonymised after seven days (Art. 6 Abs.1 f DSGVO). Furthermore, we will transmit order number, order value with currency, session ID, coupon code, and time stamp in pseudonymised form to Sovendus for billing purposes (Art. 6 Abs.1 f DSGVO). If you are interested in a voucher offer of Sovendus, while there is no objection existing to receive such offers, and if you click on the voucher banner, we will transmit your form of address, your name and your e-mail address in encrypted form to Sovendus to prepare a voucher (Art. 6 par. 1 b, f GDPR). You will find further information about the processing of your data by Sovendus in their Online Data Protection Notice at www.sovendus.co.uk/privacy_policy.
b) Unless the data is erased or blocked pursuant to your exercise of the rights specified in Sec.°5, your data will be stored permanently for the purposes mentioned above.
After you have revoked any consent to the processing of data that may have been issued and/or have objected thereto, we will put you on our “blocking list.” This means that we will no longer use your personal data for marketing purposes, nor will we disclose them any longer. We will then only store your data for legal purposes (e.g. documentation obligations, defending against and asserting claims, etc.), and will erase the data after a further period of four years unless compelling reasons argue against our doing so or the processing of this data is permitted for other reasons, for example by way of new consent.
Furthermore, we will proceed in the same manner if we have not used your personal data for a period of 24 months, meaning that we have not used the data for our own marketing purposes or disclosed them to sponsors.
We take corresponding precautions – administrative/organisational, technical, and physical – to protect your personal data against loss, theft, abuse, unauthorised access, unauthorised disclosure, unauthorised modification, and destruction. For example, your data is protected in particular within the scope of physical access control (secure location of servers, to which physical access is granted only following to a defined security procedure), systems access control (128-bit encryption of data transfers, individual assignment of passwords, menus, and authorisations for employees, up-to-date virus software), information access control (individual access authorisation for employees through personal accounts, identification and authentication requirements), transmission control (ongoing monitoring and notifications to authorised parties, no local storage of data, logging of all data exports and transfers), input control (account-linked reviews, logging with time stamps and host), job control (continuous monitoring by managing director(s) and data protection officer, clear drafting of contracts with regard to the specifications pursuant to Sec.°11 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) respectively Art. 28 GDPR in coordination with the data protection officer and executive management) and availability control (general safeguarding measures by the hoster constant power supply (UPS), halon gas system, etc.], backup streaming involving other general safeguarding measures by the hoster [e.g. UPS, halon gas system, etc.], backup streaming at another location [with all security precautions; see physical access control] every night, mirroring on two additional hard drives, virus protection programs).
Despite these precautions, the insecure nature of the Internet means that we cannot guarantee the security of your data transfer to our website. Therefore, any and all transfers of data by you to our website take place at your own risk.
You have the right to obtain information regarding the personal data stored regarding you, including the origin and recipients of your data and the purpose of data processing, at any time pursuant to Article 15 GDPR.
You also have the right to demand, at any time, that we correct inaccurate personal information concerning you (Article 16 GDPR). You can restrict the processing of data if any of the prerequisites mentioned in Article 18(1) GDPR are met, e.g. in the event of a dispute concerning the accuracy of your personal data.
Moreover, you have the right to revoke any declaration(s) of consent to the processing of your personal data that may have been issued, with effect for the future (Article 7 GDPR). Such a revocation does not, however, affect the legality of the processing that has taken place up until then.
In addition, you are entitled to demand that we provide the personal data transferred to us in a format that permits the transfer thereof to another body (Art. 20 GDPR).
Furthermore, you have the right to demand the erasure of your data and assert your right to be forgotten pursuant to Article 17 GDPR. If the statutory prerequisites are met, we will proceed in this regard even without such a request having been issued on your part and will erase your personal data.
To assert your rights as enumerated above in this section, please contact us at toleadoo GmbH, c/o Talk2 GmbH, Rheinstrasse 22, 64293 Darmstadt, Germany, or write to us by e-mail at firstname.lastname@example.org.
If you have a complaint, you can contact the supervisory authority with jurisdiction over toleadoo GmbH, the Data Protection Official for the State of Hesse (Hessischer Datenschutzbeauftragter) (Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Postfach 31 63, 65021 Wiesbaden, Germany), or any other supervisory authority.
You can view our Internet pages without providing personal information. However, certain technical data, known as "usage data", are generated whenever our pages are visited. In addition, we may use one or more cookies and integrate social media plugins in some cases. The text below is intended to provide you with information regarding this as well.
When you visit our Web pages, the only items of information we store by default are the website from which you reached our page, the name of your Internet service provider, which Web pages you visited within our Internet presence, and the date and duration of your visit. The data obtained is fully anonymous.
Your IP address and a time stamp are also stored for security reasons and used for internal purposes. The IP address is a machine-related code that provides information of the computer or Internet gateway used to access the Internet at the time of online retrieval. A time stamp is a value in a defined format that assigns a certain point in time to an event (for example, sending or receiving a message, modification of data, etc.). The purpose of a time stamp is to make it clear to people or computers when events occurred.
We integrate "social media plugins" (often also known as "social media buttons") into some areas of our Web pages. These kinds of plugins are marked on our pages by buttons (hence the term "buttons"), each of which shows the provider of the plugin through corresponding colours and symbols. Clicking these buttons allows you to do things like notify your friends in the social networks you use that you like one of our pages or share a link to a website with other Internet users, depending on the button.
If you are surfing on our website and access one of our Web pages that contains a social media plugin, your browser makes a direct connection with the servers of the provider of the plugin, and the plugin is loaded from there. In the process, the provider of the plugin may be notified that the relevant Web page has been accessed from our website.
If you have a user account with one or more of the social networks operated by the providers of the plugins and are logged into the network(s) in question while you are on one of our Web pages that contains one or more social media plugins of the provider(s) in question, it may also be possible to associate the access to that page with your existing user profile(s) with the provider(s) in question. If you click on integrated plugins and log into one or more of the networks afterward (or are already logged in), the shared or "recommended" information is generally posted in short form in your profile. This may allow the provider of the network to collect and store further usage data. In this way, the providers of the networks can create user profiles that go beyond what you yourself directly and actively disclose in the network. For further information on the collection and processing of data, please see the privacy policies of the providers of the plugins.
We use so-called cookies on our Internet pages. These are small files that are stored on your hard drive and in which certain information is stored that a server can read out again. These cookies can be so-called session cookies, which are automatically deleted as soon as you close your browser, on the one hand, and cookies with a longer, predefined runtime, on the other. Furthermore, when you visit one of our websites, our partner AppNexus sets cookies (click here for more info) which allow communicating tailor-made offers – for example by displaying so-called banners – also on other websites on which the AppNexus technology is implemented.
The information stored in cookies may include your login (your visit when you register), the date and time of your visit, your other behaviour on our sweepstakes pages, the cookie number and the URL of the website from which you accessed our offer pages.
The use of certain cookies enables us, on the one hand, to guarantee the functionality of our websites and to continuously improve their performance. In addition, cookies help us and our partner to recognise you and in this way to adapt our offers – also on the other pages on which our partner is active – optimally to your individual needs and thus to display the most relevant information for you. This technology enables us to pass on the personal data you have previously entered in one of our competitions and which you have released for commercial use directly and conveniently to those of our sponsors whose services you are interested in. Finally, cookies make it possible to record the statistical frequency of visits to the various pages of our website and the general navigation.
Occasionally, you may be asked to give your further consent to the receipt of push notifications from our push notifications dispatch service partner “Accengage”. Your personal data will then be processed on the (additional) basis of this consent, in accordance with Art. 6 (1)(a) GDPR. In this case, the giving of your consent is, of course, also covered by the rights as set out in Clause 5 of this declaration. In addition to the above-named provisions you can – for the purposes of withdrawing your consent to the receipt of push notifications – also change the relevant push notification settings in your browser. If you are using a desktop PC with a “Windows” operating system, you can unsubscribe by right-clicking on the relevant push notification in the settings list.
In order to be able to display the list of push notifications, “Accengage” collects and processes on our behalf your browser ID and (in the case of mobile access) your device ID. Accengage also collects and evaluates on our behalf statistical data related to push notifications; Accengage does not collect or evaluate any personal data.
You will find detailed information on Accengage push notifications at: Accengage_FAQ.pdf.
As a user, you have the right at any time to decide which cookies – including those for push notifications – you wish to accept or delete. You can adjust the individual settings thereto in the settings menu of your Internet browser. For further information, please contact the provider of your Internet browser.
Current as of: August 2019