Privacy Policy

This privacy policy informs you about which personal data we process when using our websites, digital services, contact options, registration and login functions, as well as other online offerings. Personal data means any information relating to an identified or identifiable natural person.

Controller

TAAGSOLUTIONS GmbH
Esplanade 29–30
20354 Hamburg
Germany

Email: hello@mytaag.com
Website: www.mytaag.com
Imprint: https://mytaag.com/de/imprint

Represented by the managing partner Berkay Cankiran.

Supervisory authority

You have the right to lodge a complaint with a data protection authority. The competent authority for us is:

The Hamburg Data Protection and Freedom of Information Commissioner
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany
Website: https://datenschutz-hamburg.de

General information on data processing

We process personal data only insofar as this is permitted under the General Data Protection Regulation, the Federal Data Protection Act, the Telecommunications Digital Services Data Protection Act and other applicable data protection provisions.

Processing is carried out in particular to provide our websites and services, to communicate with users, to register and log in, to execute contracts, to process payments, to arrange appointments, to manage leads, to ensure technical security, to measure reach and to improve our offering.

Types of data processed

In particular, we may process the following categories of data: inventory data such as name, address and company details; contact data such as email address and telephone number; login and registration data; contract data; payment data; content data from forms and messages; usage data such as pages visited, clicks and access times; technical data such as IP address, device information, browser information, operating system, referrer URL and log files; appointment and calendar data; cookie and consent data.

Categories of data subjects

Affected persons may include visitors to our websites, registered users, customers, prospects, communication partners, business partners, applicants and other persons who contact us.

Legal bases of processing

Processing of personal data is based, depending on the processing operation, on Article 6(1)(a) GDPR if you have given us consent; Article 6(1)(b) GDPR if the processing is necessary for the performance of a contract or to take pre-contractual measures; Article 6(1)(c) GDPR if we are legally obligated to process the data; and Article 6(1)(f) GDPR if processing is necessary for our legitimate interests or those of third parties and your interests or fundamental rights do not override them.

Access to information on your device or storage of information on your device, in particular through cookies or comparable technologies, is subject to § 25 TDDDG. If such technologies are not strictly necessary, we use them only on the basis of your consent pursuant to § 25(1) TDDDG. Strictly necessary technologies are used on the basis of § 25(2) TDDDG.

Consents and cookie settings

We use a self-developed cookie consent tool that allows you to grant, reject and withdraw consent for non-essential cookies and similar technologies. Your selection is stored so that we can document and respect your decision.

You can withdraw your consent at any time with effect for the future. We provide a way to access the cookie settings on our website for this purpose.

Without your consent, we only use cookies and comparable technologies that are necessary for the operation of the website, security, login, cart or checkout functionality, storage of your privacy settings, or the technical provision of our offering.

Hosting and technical provision

Our landing page at mytaag.com is provided via Vercel. Provider is Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA. When using the landing page, technical data such as IP address, date and time of access, browser data, operating system, referrer URL and accessed content may be processed.

The other servers and services under the domain taag.co are operated via Amazon Web Services in the Frankfurt am Main, Germany region. Provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. According to your information, hosting takes place in the AWS region eu-central-1.

Processing is carried out to provide our online offering securely, stably and efficiently. Legal bases are Article 6(1)(b) GDPR insofar as provision is necessary for contract performance, and Article 6(1)(f) GDPR based on our legitimate interest in a secure and reliable technical infrastructure.

Server log files

When our websites and services are accessed, server log files are automatically processed. These may include IP address, date and time of access, requested URL, referrer URL, amount of data transferred, status codes, browser type, operating system and provider.

Processing serves technical provision, error analysis, system security, abuse prevention and defense against attacks. The legal basis is Article 6(1)(f) GDPR.

Contact form and communication

If you contact us via a contact form, email, telephone or other communication channels, we process the data you provide. This may include name, email address, telephone number, company, message text, time of request and technical metadata.

Processing is carried out to handle your request and communicate with you. Legal bases are Article 6(1)(b) GDPR for contractual or pre-contractual inquiries and Article 6(1)(f) GDPR based on our legitimate interest in answering other inquiries.

Registration and user account

If you create a user account, we process the data required for this. This may include name, email address, password or authentication data, login times, IP address, device information and security-related protocol data.

Processing is carried out to provide the user account, authenticate, manage your access, prevent abuse and ensure technical security. Legal bases are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

Login with email

For email login, we process your email address and the authentication data required for login. If magic links, one-time codes or password reset functions are used, we also process the technical protocol data required for this.

Processing is carried out to ensure secure login and manage your user account. Legal bases are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

Login with Google

We offer login via Google. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you sign in with Google, you are redirected to Google. Google authenticates you and transmits the data required for login, in particular a user identifier, your email address and, if you authorize it, your name and profile picture.

Legal bases are Article 6(1)(b) GDPR to provide the login function and Article 6(1)(f) GDPR based on our legitimate interest in user-friendly and secure authentication.

Login with Apple

We offer login via Apple. Provider is Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland. If you sign in with Apple, Apple processes your authentication data and transmits the data required for login, in particular a user identifier and, if authorized, your email address and name.

Legal bases are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

Login with Microsoft

We offer login via Microsoft. Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

If you sign in with Microsoft, Microsoft processes your authentication data and transmits the data required for login, in particular a user identifier, your email address and, if you authorize it, your name.

Legal bases are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

Own anonymized analytics solution

We use our own anonymized analytics tool from Fabulous Code UG. Usage data is processed to measure reach and improve our offering. According to your information, the analysis is performed anonymously.

If the analysis is fully anonymous and no conclusions can be drawn about individual persons, no personal data is processed within the meaning of the GDPR. However, if IP addresses, online identifiers, cookie IDs, device information or similar identifiers are processed, processing takes place only in accordance with the GDPR and TDDDG.

If cookies or similar technologies are used for analytics that are not strictly necessary, we obtain your prior consent in accordance with § 25(1) TDDDG and Article 6(1)(a) GDPR. Otherwise, processing is carried out on the basis of Article 6(1)(f) GDPR, provided that our legitimate interests in anonymized or privacy-friendly reach measurement do not override your interests.

Provider: Fabulous Code UG. The full provider address must be added if this service provider processes personal data on our behalf.

Cookies and similar technologies

We use cookies and similar technologies such as local storage, session storage, pixels or similar methods. These technologies can store information on or read information from your device.

Necessary cookies and technologies are required to provide our website technically, enable logins, ensure security, save cookie settings or provide checkout functionality. The legal basis is § 25(2) TDDDG. If personal data is processed, this is based on Article 6(1)(b) or (f) GDPR.

Non-essential cookies and technologies, especially for analytics, marketing, external content or convenience functions, are used only with your consent. Legal bases are § 25(1) TDDDG and Article 6(1)(a) GDPR.

Google Fonts

We use Google Fonts. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When externally embedded Google Fonts are loaded, your browser may connect to Google servers. This may transmit your IP address, technical browser data, device information, referrer URL and the time of the request to Google.

The use of external Google Fonts is only carried out if there is a valid legal basis. If Google Fonts are not loaded locally and a connection to Google is established when the page is accessed, the embedding is based on your consent under Article 6(1)(a) GDPR and § 25(1) TDDDG.

For data protection reasons, we recommend hosting Google Fonts locally to avoid transmitting user data to Google when loading the page.

Appointment booking with Cal.com

We use Cal.com to schedule appointments. Provider is Cal.com, Inc., 2261 Market Street #4547, San Francisco, CA 94114, USA.

If you book an appointment via Cal.com, name, email address, telephone number, company, appointment time, time zone, message, IP address, technical metadata and other information you provide may be processed.

Processing is carried out to arrange appointments and conduct pre-contractual or contractual communication. Legal bases are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

Google Calendar for appointment bookings

Google Calendar may be used in connection with appointment bookings. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When synchronizing or creating appointments, appointment data such as name, email address, subject, date, time, participants, description and calendar metadata may be processed.

Processing is carried out to organize and conduct appointments. Legal bases are Article 6(1)(b) GDPR and Article 6(1)(f) GDPR.

HubSpot for lead management

We use HubSpot to manage leads, contact inquiries and sales processes. Provider is HubSpot Germany GmbH, Am Postbahnhof 17, 10243 Berlin, Germany. Parent company is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

In HubSpot, name, email address, telephone number, company, role, communication history, form content, interests, interactions with our website and other CRM data may be processed.

Processing is carried out to handle inquiries, manage customers and prospects, organize sales and track leads. Legal bases are Article 6(1)(b) GDPR for pre-contractual or contractual inquiries and Article 6(1)(f) GDPR based on our legitimate interest in efficient lead and customer management.

If HubSpot uses cookies or tracking technologies for analytics or marketing purposes, this is done only on the basis of your consent pursuant to § 25(1) TDDDG and Article 6(1)(a) GDPR.

Payment processing with Stripe

We use Stripe for payment processing. Provider is Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Parent company is Stripe, Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA.

When paying via Stripe, name, billing address, email address, payment information, transaction data, invoice data, IP address and technical data may be processed. We usually do not receive full credit card or bank details, but payment confirmations and transaction-related information.

Processing is carried out for payment processing, fraud prevention, contract fulfillment and compliance with legal obligations. Legal bases are Article 6(1)(b) GDPR, Article 6(1)(c) GDPR and Article 6(1)(f) GDPR.

Payment and shop functions with Shopify

We use Shopify for shop and payment functions. Provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1–2 Haddington Road, Dublin 4, D04 XN32, Ireland. Parent company is Shopify Inc., 151 O’Connor Street, Ground Floor, Ottawa, ON K2P 2L8, Canada.

When using Shopify, name, email address, billing and shipping address, payment data, order data, cart data, IP address, device information and communication data may be processed.

Processing is carried out to provide shop functions, process contracts, handle payments, prevent fraud and comply with legal retention obligations. Legal bases are Article 6(1)(b) GDPR, Article 6(1)(c) GDPR and Article 6(1)(f) GDPR.

Social media presences

We maintain presences on social networks and platforms to communicate with users, provide information and represent our company.

When visiting our social media profiles, the respective platform operators process personal data of users. Usage profiles may be created and data processed for advertising, analysis and market research purposes. We have limited influence over this data processing.

We process data you provide to us via social networks, in particular messages, comments, profile information and interactions, to communicate with you and represent our company. The legal basis is Article 6(1)(f) GDPR.

Instagram

We maintain a presence on Instagram. Provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. When using Instagram, Meta’s privacy information also applies.

TikTok

We maintain a presence on TikTok. Provider for users in the European Economic Area is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. When using TikTok, TikTok’s privacy information also applies.

LinkedIn

We maintain a presence on LinkedIn. Provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. When using LinkedIn, LinkedIn’s privacy information also applies.

X / Twitter

We maintain a presence on X, formerly Twitter. Provider is X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. When using X, X’s privacy information also applies.

External content and links

Our websites may contain links to external websites and services. If you click external links, you leave our offering. The respective providers are responsible for data processing on external websites.

Third-country transfers

Using certain providers may involve processing personal data outside the European Union or European Economic Area, in particular in the USA.

Such transfers are carried out only if the legal requirements of Articles 44 et seq. GDPR are met. This may include an adequacy decision by the European Commission, certification under the EU-U.S. Data Privacy Framework, standard contractual clauses, additional safeguards or explicit consent.

Please note that a transfer to U.S. providers can only be based on the EU-U.S. Data Privacy Framework if the respective provider is actively certified at the time of the transfer.

Data processing on behalf

If we use service providers who process personal data on our behalf, we conclude data processing agreements with them in accordance with Article 28 GDPR. This particularly concerns hosting providers, technical service providers, CRM providers, analytics providers, form and communication providers as well as payment and appointment booking providers, insofar as they act as processors.

Automated decisions and profiling

We do not make decisions based solely on automated processing that have legal effects on you or similarly significantly affect you. Profiling within the meaning of Article 22 GDPR does not take place unless expressly stated otherwise in this privacy policy.

Security measures

We take appropriate technical and organizational measures to protect personal data against loss, misuse, unauthorized access, disclosure, alteration or destruction. These include access controls, encryption, transport encryption, authorization concepts, logging, data backup, secure server infrastructure and privacy-friendly default settings.

Our websites and services are generally transmitted via TLS / HTTPS.

Storage duration and deletion

We store personal data only as long as it is necessary for the respective purposes or statutory retention obligations exist.

Data from contact inquiries is generally stored only as long as it is necessary to process the inquiry. Contract and payment data is stored in accordance with commercial and tax retention obligations, usually six to ten years. Technical log data is stored only as long as necessary for security, error analysis and abuse prevention. Consent records are stored as long as necessary to demonstrate consent.

After the purpose has expired or statutory periods have elapsed, the data is deleted or anonymized.

Your rights

You have the right to access in accordance with Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to data portability pursuant to Article 20 GDPR and the right to object pursuant to Article 21 GDPR.

If processing is based on your consent, you have the right to withdraw consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

You also have the right to lodge a complaint with a data protection authority if you believe that the processing of your personal data violates data protection law.

Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data based on Article 6(1)(e) or (f) GDPR.

If personal data is processed for direct marketing, you have the right to object at any time to the processing of personal data for such advertising purposes. This also applies to profiling insofar as it is related to such direct marketing.

Obligation to provide personal data

Providing personal data is partly necessary to use our website and services, create a user account, communicate with us, book appointments, process payments or execute contracts. Without the required data, we cannot provide certain functions or services.

Changes to this privacy policy

We adjust this privacy policy when changes to our data processing, the services used or legal requirements make it necessary. The currently published version on our website applies.