The protection of your personal data (hereinafter also referred to as "data") is a major and very important concern for us. In the following, we would therefore like to inform you in detail about which data is collected when you visit our website and use our offers there and how it is processed or used by us in the following. We would also like to inform you about the accompanying protective measures we have taken in technical and organizational terms. Please note that this Privacy Policy may be updated from time to time due to the implementation of new technologies and/or changes in the law. We will draw your attention to this in an appropriate manner. Naturally, we will always take your interests into account in an appropriate manner when making any changes.

A. General information on data processing

According to Art. 4 No. 7 GDPR, the controller under data protection law is the entity that decides on the purposes and means of the processing of personal data. We are responsible for the technical setup, administration and distribution of the website.

You can reach us at:

Tigerhall USA, Inc.

3790 El Camino Real, 1035, Palo Alto, CA 94306

Its authorized representative is Nashita Pilay,

e-mail-address: nash@tigerhall.com

2. GDPR Representative

Please contact our GDPR Representative at:

EU GDPR Representative

Rickert Rechtsanwaltsgesellschaft mbH

- Tigerhall -

Colmantstraße 15

53115 Bonn, Germany

art-27-rep-tigerhall@rickert.law

UK-GDPR Representative

Rickert Services Ltd UK

- Tigerhall -

PO Box 1487

PE1 9XX

Peterborough, United Kingdom

art-27-rep-tigerhall@rickert-services.uk

3. Legal basis for the processing of personal data

3.1: Personal Information

We may collect and process personal information about you, such as:

• Name

• Contact information (email address, phone number, address)

• Identification information (i.e. government-issued ID, passport number, etc.)

• Job Title

• Company you work for

In principle, we only process data if we have a legal basis for doing so. We go into more detail on the individual bases in the individual processing operations. In general, however, the following applies:

• Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a), Art. 7 GDPR serves as the legal basis.

• When processing personal data that is required to fulfill a contract, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

• Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.

• If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.

4. Retention periods

The data processed by us will be deleted or restricted in their processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 GDPR.

Unless expressly stated in this privacy policy, we delete stored data as soon as it is no longer required for the intended purpose, server log files will be deleted after 30 days. Data will only be stored after the purpose has ceased to apply if this is necessary for other and legally permissible purposes or if the data must be stored due to statutory retention obligations.  For example, a statutory retention obligation exists, due to documentation obligations under tax and corporate law.

5. Your rights

In accordance with the statutory provisions, you can assert the following rights against the data controller free of charge:

• Withdrawal of your consent (Art. 7 (3) GDPR);

• Right to information (Art. 15 GDPR);

• Right to rectification or erasure (Art. 16 and Art. 17 GDPR);

• Right to restriction of processing (Art. 18 GDPR);

• Right to data portability (Art. 20 GDPR);

• Right to object to processing (Art. 21 GDPR).

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by the controller.

To assert a claim, please contact the controller at the above address.

If you wish to contact us by e-mail, please use an address that is used to access our system so that we can identify you.  

In addition, you have the right to lodge a complaint with a supervisory authority responsible for data protection against the processing of their personal data by the controller (Art. 77 GDPR).

6. Recipients, third country transfer, linked third party websites

We use external service providers to process your data and would like to inform you about the third parties and processors to whom we transfer data. There are various third-party services that we use on our website. These have different purposes, which we explain in more detail in the respective sections. These are services that we use to make our website functional, secure and visually appealing and to continuously optimize its content. In general, we transmit data to the following categories of recipients:

If processors are used, you are bound to our data protection instructions by a corresponding data processing agreement in accordance with Art. 28 GDPR. These service providers are our contractors and assist in the processing of your personal data, e.g. in the provision of this website. These contractors have been carefully selected by us and are regularly monitored. The processors do not carry out any independent processing for their own purposes.

In the event of a cross-border transfer (transfer to a third country or to an international organization), we will inform you separately about the recipient and the corresponding legal basis. If your data is transferred outside the European Union either to controllers or processors, the transfer is justified by the European Commission's standard contractual clauses or by other guarantees.

Our website may contain links to third party websites. If you follow a link to any of these websites, please note that they have their own privacy policies and that we are not the controller of your data on those websites. Please read the respective privacy policies before you provide any personal data to these data controllers.

As part of the so-called "Data Privacy Framework", the EU Commission has recognized the level of data protection for certain companies from the USA as secure as part of the adequacy decision of 10 July 2023. Both the list of certified companies and further information on the Data Privacy Framework can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/. In the respective sections of the data protection information, we inform you which service providers we use are certified under the Data Privacy Framework.

7. Data Security

We also use technical and organizational security measures to protect personal data that is generated or collected, in particular against accidental or intentional manipulation, loss, destruction or attack by unauthorized persons. Our security measures are continuously improved in line with technological developments. When transmitting your personal data via our website, we use transport encryption technology (so-called TLS, Transport Layer Security).

8. Children

You must be at least 16 years old to use our website. We do not knowingly collect personal data from children under the age of 16 and we do not allow anyone under the age of 16 to use the website.

9. Automated decision making

Automated decision-making, which has legal or similarly significant effects on you, does not take place. However, we do use profiling techniques, analyzing user behavior, to predict and improve the reach of content distributed through our services.

B. Collection and processing of your personal data when using our website

1. Server log data

For the informational use of our website, it is generally not necessary for you to actively provide personal data. Rather, in this case we only collect and use the data that your Internet browser automatically transmits to us. This includes

·           the date and time of accessing one of our Internet pages; -

·           your browser type;

·           the browser settings;

·           the operating system used;

·           the last page you visited;

·           the amount of data transferred and the access status (file transferred, file not found, etc.) and

·           your IP address.

The data is stored on our servers. We do not store this data together with personal data other than that specified above. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to your computer. A personal evaluation of the data, in particular for marketing purposes, does not take place.

The processing of the aforementioned data is technically necessary for the provision of the website in accordance with Art. 6 (1) (b) GDPR in order to display our website to you correctly. We store log files with your anonymized IP address for a period of 30 days to prevent threats and for our IT security as well as to detect possible attacks. The legal basis for this is Art. 6 (1) (f) GDPR.

Our website is stored and hosted on servers of our host providers. In particular, the host provider processes inventory data, contact data, content data, contract data, usage data, meta and communication data of visitors or customers of the website. The legal basis is our legitimate interest in the efficient and secure provision of the website in accordance with Art. 6 (1) (f) GDPR. The host provider has been contractually obliged by means of a data processing agreement in accordance with Art. 28 GDPR to process personal data only on our instructions.

2. Personal Information

We may collect and process personal information about you, such as:

·            Name

·            Contact information (e-mail-address, phone number, address)

·            Identification information (i.e. government-issued ID, passport number, etc.)

·            Job Title

·            Employer

You provide further information voluntarily, i.e. on the basis of your consent. We will delete your contact requests from our active systems immediately after final processing, unless legal permission (in particular your consent, which can be withdrawal at any time) or retention obligations permit or require further storage.

We collect information you provide for the following purposes:

·       Service Delivery: We use your personal information to provide you with the products or services you have requested. This may include processing your payment, shipping products to your address, or providing access to our online services. The lawful basis for this processing is typically the performance of a contract because we need to process your data to fulfill our contractual obligations to you.

·       Communication: We may use your contact information to communicate with you. This includes sending transactional e-mails, service updates, and responding to your inquiries or requests. We may also use your contact information for marketing purposes, such as sending newsletters or promotional offers if you have provided your consent or if we have a legitimate interest in doing so. The lawful basis for processing personal information for communication is legitimate interests and, when applicable, consent if you have provided it.

·       Account Management: We use your personal information to manage your account, including account setup, verification, and maintenance. This ensures the security and functionality of your account on our platform. The lawful basis for this processing is typically the performance of a contract to maintain your account.

·       Customer Support: Your information allows us to provide customer support when you have questions or encounter issues with our products or services. This may include troubleshooting, resolving complaints, and addressing your concerns. This processing is based on the legitimate interests to assist you in using our services effectively.

·       Social Learning: We may use your information to create your profile which can be viewed by fellow users on the platform.

·       Improvement of Services: We analyze your data to understand how our services are used and to make improvements. This includes enhancing the user experience, developing new features, and optimizing the performance and security of our products. This processing is also based on legitimate interests to improve and maintain the quality of our services.

·            Legal Compliance: We may process your personal information to comply with our legal obligations, such as tax reporting, responding to legal requests, or assisting law enforcement agencies when required by law. This processing is necessary to fulfill legal obligations.

·            Contractual Obligations: If you are a client or business partner, we may use your personal information to fulfill our contractual obligations, including managing contracts, invoicing, and providing support as agreed upon in our business relationship. The lawful basis for this processing is the performance of a contract.

·            Fraud Prevention and Security: We use your information to protect against fraud, unauthorized access, and other security risks. This may include monitoring account activities and implementing security measures. The lawful basis for this processing is legitimate interests to ensure the security and integrity of our services.

·            Aggregated and Anonymized Data: We may aggregate and anonymize your data to create statistical or research reports, which do not personally identify you. This information may be used for business analysis, marketing, and sharing with partners or clients. The lawful basis for processing aggregated and anonymized data is legitimate interests and the fact that this data is no longer considered personal information.

·            Other Purposes: In addition to the purposes listed above, we may use your personal information for other legitimate purposes, provided that they are compatible with the original reasons for which your data was collected. For these other purposes, we will rely on legitimate interests or other lawful bases as required by applicable laws.

3. Information from other Sources

We may receive personal data about you from other sources to supplement data already collected. This may include publicly available data or data provided by third parties. We may combine this data with the data we already have. We will handle this data in accordance with this Privacy Policy and the purposes outlined when the data was collected. We will notify you if there are any material changes to the way we intend to use this data. Please note that we are not responsible for the accuracy of the data provided by third parties or any consequences arising from the use of such data.

4. Security and performance

a.    Hosting and Cloud Services – AWS

Our website utilizes hosting and cloud services provided by Amazon Web Services (AWS) (Amazon Web Services Singapore Private Limited 1, 17-00, Robinson Road, AIA Tower, 048542, Singapore; parent company: Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA). When you visit our website, your data is processed and stored on AWS servers. As a result, AWS receives your IP address and information about your browser and operating system. Data may be transferred to and processed in the USA.

However, Amazon Web Services, Inc. is a covered entity under Amazon.com, Inc. and therefore certified under the EU-US Data Privacy Framework, ensuring an adequate level of data protection in compliance with European standards. AWS may process this information to ensure the reliability and security of the services they provide, as well as for purposes such as advertising, market research, and customizing AWS services.

We utilize AWS GuardDuty and AWS Inspector to enhance the security of our services. AWS GuardDuty provides continuous security monitoring to identify potential threats, and AWS Inspector assesses applications for exposure, vulnerabilities, and deviations from best practices.

If you have any concerns about AWS's handling of your data, you can find information about AWS's data protection policies and practices at https://aws.amazon.com/privacy/.

b.    Content Delivery Network und Web Application Firewall (CloudFlare)

This website uses CloudFlare (USA: Cloudflare Inc., 101 Townsend Street, San Francisco, California 94107, USA) to safeguard our website (Web Application Firewall) to optimise loading times and to provide dynamic content through its Content Delivery Network.

When you load our website, your requests are routed by the CloudFlare Server and statistical data about your visit is being collected and stored on a cookie on your device. This data includes your IP-address, accessed websites, type and version of your browser, your operating system, the referrer-URL (the site, from where you reached us), the length of your stay and the frequency of requests on our pages.

The analysis based on this data is necessary to detect and defend attacks. Cookies are used to recognise your device. An analysis for the purpose of statistical evaluation or for advertising purposes is not performed.

CloudFlare, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Cloud Flare, Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The legal basis is Art. 6 (1) (f) GDPR our legitimate interest in safeguarding and optimizing the functionality of our website. For further details, please see www.cloudflare.com/privacypolicy.

c.    Hosting and Cloud Services – Google Cloud

We use specific artificial intelligence (AI) services from Google Cloud (provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to power some of our features.

It’s important to note that we do not store your data or train our AI models within the Google Cloud Platform. Instead, we send data to Google’s pre-trained AI models via an API call to perform a specific task (e.g., analyzing an image or text). The data is processed in real-time to generate a result that is returned to us, and it is not retained or used by Google for any other purpose.

For this processing to occur, data may be transferred to Google’s servers in the USA. Google LLC is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. For more details on Google Cloud’s data policies, please visit their privacy page: https://cloud.google.com/security/privacy.

d.    GitLab Ultimate

Our website utilizes GitLab Ultimate for our DevSecOps lifecycle management (parent company: GitLab Inc., 268 Bush Street, Suite 350, San Francisco, CA 94104, USA). When you interact with our website or our development processes, your data may be processed and stored on GitLab servers. As a result, GitLab receives your IP address and information about your browser and operating system. GitLab adheres to strict data protection policies and industry standards to ensure your data is handled securely and in compliance with relevant regulations.

GitLab may process this information to ensure the reliability and security of the services they provide, as well as for purposes such as improving their services, performing analytics, and complying with legal obligations. GitLab Ultimate provides comprehensive security features, including continuous integration and delivery, code review, and vulnerability management to safeguard our development processes. The legal basis is Art. 6 (1) (f) GDPR our legitimate interest in safeguarding and optimizing the functionality of our website.

If you have any concerns about GitLab's handling of your data, you can find information about GitLab's data protection policies and practices at https://about.gitlab.com/privacy/.

e.    Atlassian – Jira Support Tickets

Our website utilizes the Jira support system provided by Atlassian (Atlassian Corporation Plc, 341 George Street, Sydney, NSW 2000, Australia,). When you interact with our support system, the system will create a ticket through Jira, and your data may be processed and stored on Atlassian servers. As a result, Atlassian receives your IP address and information about your browser, your operating system and your ticket details. Data may be transferred to and processed in various locations globally, including the USA and Australia.

Atlassian, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Atlassian, Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

When you use our Jira support system, Atlassian may collect and process information such as your name, e-mail-address, and details of your support requests to facilitate and manage our support services. This information is used to provide you with assistance, track and resolve issues, and improve our support system. Atlassian may also process this information for purposes such as improving their services, performing analytics, and complying with legal obligations. The legal basis is Art. 6 (1) (f) GDPR our legitimate interest in safeguarding and optimizing the functionality of our website.

If you have any concerns about Atlassian's handling of your data, you can find information about Atlassian's data protection policies and practices at https://www.atlassian.com/legal/privacy-policy#what-this-policy-covers.

f.     Neo4J

Our website and services utilize Neo4j AuraDB (Neo4j’s fully managed cloud platform) and other Neo4j Cloud offerings, operated by Neo4j, Inc. (headquartered at 95 Third St, Suite 100, San Francisco, CA 94103, USA), as part of our recommendation engine infrastructure. When you interact with our platform—such as browsing content, receiving personalized suggestions, or engaging with features powered by our recommendation system—certain data (e.g., IP address, browser type, user behavior, and interaction metadata) may be processed and stored on Neo4j Cloud servers.

Neo4j acts as a GDPR-compliant data processor and follows strict data privacy regulations, including GDPR and CCPA, implementing industry-standard security measures to protect your personal data throughout its lifecycle. Neo4j may process this information to ensure the performance, security, and scalability of the recommendation engine, improve service functionality, and meet legal and compliance obligations. Neo4j Cloud includes robust security features such as encryption in transit and at rest, role-based access control, audit logging, and vulnerability management.

For international data transfers, Neo4j, Inc. is certified under the EU‑U.S., Swiss‑U.S., and UK‑U.S. Data Privacy Frameworks administered by the U.S. Department of Commerce, ensuring an adequate level of data protection.

In addition, Neo4j’s Data Processing Addendum (DPA) includes Standard Contractual Clauses (SCCs) in accordance with Article 28 of the GDPR and supports the rights of data subjects, including access, correction, deletion, and data portability.

The legal basis for this processing is Art. 6(1)(f) GDPR—our legitimate interest in delivering personalized experiences and optimizing the functionality of our recommendation engine. If you have any questions about how Neo4j handles your data, please refer to their privacy policy at https://neo4j.com/privacy-policy/ or contact their Data Protection Officer at dponeo4j@neo4j.com.

g.    Data Dog

Tigerhall utilizes Datadog for performance monitoring and analytics (USA: Datadog, Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105, USA). When you interact with our website, your data—such as IP address, browser type, and operating system details—may be processed and stored on Datadog servers.

Datadog is fully certified under the EU‑U.S. Data Privacy Framework, the Swiss‑U.S. Data Privacy Framework, and the UK Extension to the EU‑U.S. Data Privacy Framework, as recognized by the U.S. Department of Commerce. As such, data transfers to the U.S. rely on the European Commission’s adequacy decision under Article 45 GDPR, confirming equivalency with EU protections. When applicable, Datadog also implements Standard Contractual Clauses as a fallback mechanism.

Datadog processes this information to ensure service reliability and performance, enhance their offerings, perform analytics, and comply with legal obligations. They offer comprehensive monitoring capabilities (e.g., logs, metrics, traces) to help us understand and optimize the performance of our applications.

The legal basis for this processing is Art. 6(1)(f) GDPR—our legitimate interest in safeguarding and optimizing our website’s functionality.

If you have any concerns about Datadog's handling of your data, you can refer to their data protection practices here: https://www.datadoghq.com/legal/privacy/

h.    Elastic Cloud – Search Engine

Our website and services utilize Elastic Cloud for our data ingestion, storage, search, and analytics workflows (Keizersgracht 281 1016 ED Amsterdam Netherlands; parent company: Elastic N.V., 8 The Green, Suite 2, Dublin, Ireland, and/or its affiliates such as Elastic U.S., Inc., 800 W El Camino Real STE 180, Mountain View, CA 94040, USA).

When you interact with our website or our systems, your data (such as IP address, browser details, request logs, or uploaded content) may be processed and stored on Elastic Cloud servers.

Elastic Cloud adheres to stringent data protection policies and implements industry-standard security measures to ensure that your data is protected and processed in compliance with applicable regulations. Elastic Cloud processes this information to maintain service reliability and performance, run analytics, improve platform capabilities, and fulfill legal obligations. Their platform includes security features like encryption (TLS for data in transit, AES for data at rest), role-based access controls, audit logging, vulnerability management, and optional data pseudonymization elastic.co. They act as a data processor under GDPR and similar frameworks, operating under our documented instructions. Elastic provides a Data Processing Addendum (DPA) that includes European Commission–approved Standard Contractual Clauses and meets the requirements of Article 28 GDPR dealerdesk.com.

Under GDPR, Elastic Cloud supports data subject rights (access, rectification, deletion), maintains processing records, assists with breach notifications, and supports migration and deletion of personal data at the end of service.

The legal basis for this processing is Art. 6(1)(f) GDPR—our legitimate interest in maintaining, securing, and optimizing our web services and analytics pipelines.

If you have any questions about how Elastic handles your data, you can review Elastic’s privacy practices in their privacy statement at https://www.elastic.co/legal/privacy-statement.

i.     Clarity

Our marketing website uses Microsoft Clarity, a behavioral analytics tool provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA), to help us understand how users interact with our pages. Clarity captures anonymized user interactions such as mouse movements, clicks, scrolls, and navigation patterns to generate heatmaps and session replays. This enables us to analyze user behavior and improve the design, usability, and performance of our website.

When you browse our marketing website, Clarity may collect data such as your IP address, device type, browser information, screen resolution, and referring URL. This data is processed in a pseudonymized form and does not include sensitive personal information. Microsoft does not use the data collected through Clarity to identify individuals or to link it with other Microsoft services.

Microsoft acts as a data processor and adheres to global data protection regulations, including GDPR and CCPA. Microsoft is certified under the EU‑U.S., Swiss‑U.S., and UK‑U.S. Data Privacy Frameworks, ensuring an adequate level of protection for international data transfers.

Data processed through Clarity may be stored on Microsoft Azure servers located in the United States. To safeguard data transferred from the EU/UK, Microsoft relies on the European Commission’s adequacy decision under Article 45 GDPR, and where necessary, Standard Contractual Clauses (SCCs).

The legal basis for this processing is Art. 6(1)(f) GDPR—our legitimate interest in optimizing the user experience and performance of our marketing website through anonymized behavior analysis.

For more information about Microsoft Clarity’s privacy practices, please visit https://clarity.microsoft.com or view Microsoft’s privacy statement at https://privacy.microsoft.com/en-us/privacystatement.

j.     Eleven Labs

Tigerhall utilizes ElevenLabs’ voice generation services (operated by ElevenLabs, Inc., headquartered in New York City, USA) to provide high-quality voice outputs and ensure stability in voice generation workflows. When you use our voice features—such as generating narration, character voices, translations or conversational audio—your input data (text and, if applicable, uploaded voice samples) and generated audio may be processed and stored on ElevenLabs servers temporarily.

ElevenLabs acts as a GDPR-compliant data processor and adheres to global data protection regulations, including GDPR and CCPA. They implement robust privacy and security measures—including end-to-end encryption, SOC 2 certification, and optional European data residency configurations—to safeguard your data.

ElevenLabs may process data to: Ensure platform performance, reliability, and stability in voice generation, Prevent misuse (e.g., deepfakes or fraudulent content) and detect anomalies, Improve their AI models, while dissociating or removing data that could identify individuals, Provide customer support, billing, and compliance-related functions.

For data residency and international transfers:

-       Enterprise customers can enable European data residency, ensuring that voice data and metadata are processed and stored within the EU.

-       Otherwise, international transfers are protected by the EU‑U.S. Data Privacy Framework adequacy decision or Standard Contractual Clauses (SCCs) as outlined in ElevenLabs’ Data Processing Addendum (DPA).

The legal basis for this processing is Art. 6(1)(f) GDPR—our legitimate interest in delivering reliable, secure, and high-quality voice generation services.

If you have questions about ElevenLabs’ data handling or privacy practices, please refer to the following resources: Privacy Policy: https://elevenlabs.io/privacy-policy/, GDPR & Data Residency: https://elevenlabs.io/docs/conversational-ai/legal/gdpr and Data Processing Addendum: https://elevenlabs.io/dpa

k.    Braze

Our website utilizes the Braze platform provided by Braze Inc. (Braze, Inc. 28 East 28th St. 12th Floor Mailroom New York, NY 10016, USA) to manage push notifications in the browser and to facilitate e-mail communications to our customers (e.g. newsletters) and for analytics purposes. When you interact with our services, Braze may collect and process your data to provide personalized notifications and e-mail content. As a result, Braze receives information such as your IP address, browser type, operating system, and interaction details.

Data processed by Braze may be transferred to and stored in various locations globally, including the USA. Braze, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Braze, Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The legal basis for processing this data is Art. 6 (1) (f) GDPR, our legitimate interest. Our legitimate interest lies in the efficient and effective operation of our website and marketing strategies.

When using our services, Braze may collect and process information such as your name, e-mail-address, and interaction history to enhance the personalization and effectiveness of our communications. This information is used to deliver relevant notifications, manage e-mail campaigns, track user engagement, and improve our communication strategies. Braze may also process this data for purposes such as improving their services, performing analytics, and complying with legal obligations.

If you have any concerns about Braze's handling of your data, you can find information about Braze's data protection policies and practices at https://www.braze.com/company/legal/privacy/.

l.     RB2B

Our website utilizes the RB2B platform provided by GetEmails, LLC (1401 Lavaca Street, Unit #298, Austin, TX 78701, USA) to identify anonymous website visitors based in USA, for enhanced communication purposes. When you interact with our services, RB2B may collect and process your data to provide personalized notifications and e-mail content. As a result, RB2B may receive information such as your IP address, browser type, operating system, and interaction details.

Data processed by RB2B is restricted to USA website visitors only and this data is stored locally in USA. If you are based in USA, when using our services, RB2B may collect and process information such as your name, e-mail-address, and interaction history to enhance the personalization and effectiveness of our communications. This information is used to deliver relevant notifications, manage e-mail campaigns, track user engagement, and improve our communication strategies.

If you have any concerns about RB2B’s handling of your data, you can find information about RB2B’s data protection policies at https://www.rb2b.com/rb2b-gdpr. The usage of this tool does not apply to any customers outside of USA, such as EU customers.

5. Contact

The processing of your data in the context of contacting us by form or e-mail takes place, depending on the content of the inquiry, in the case of purely informational inquiries on the basis of your (presumed) consent pursuant to Art. 6 (1) (a), Art.7 GDPR, or pursuant to Art. 6 (1) (b) GDPR, insofar as the contact is made in connection with (pre)contractual performance obligations. In any case, you agree that we may contact you to respond, unless you have previously withdrawn your consent.

When you contact us via our form, we need the following data to answer your request and so that we can address you personally and assign your request:

·           Name

·           First name

·           e-mail-address

·           Subject

·           Message

You provide further information voluntarily, i.e. on the basis of your consent. After registration, you have the option to comment on the contents provided on our services. By submitting comments, you provide consent for the processing of the data associated with your comments under Art. 6 (1) (a), Art. 7 GDPR. Your comments, along with your user name, will be displayed publicly on our site unless you request deletion or withdraw your consent.

We will delete your contact requests from our active systems immediately after final processing, unless legal permission (in particular your consent, which can be withdrawal at any time) or retention obligations permit or require further storage.

Newsletter

We use your personal data to send you newsletters related to the services you have subscribed to via e-mail. To send you these newsletters we rely on third-party services by Braze and Hubspot, see above. To receive our newsletter, you need to sign up to the newsletter with your e-mail address. To ensure that you have explicitly consented to receive our newsletter, we use a double opt-in process. After submitting your e-mail address via our subscription form, you will receive an e-mail asking you to confirm your subscription. You must click the confirmation link in this e-mail to complete your subscription. If you do not confirm your subscription, you will not receive any newsletters from us.

The legal basis for processing is your consent. We will use the personal data you provided during registration exclusively for sending you these service notices. We are also entitled to keep your IP addresses, and times of registration and confirmation times to verify your registration and to appropriately clarify any possible misuse of your personal data.

We can analyse our newsletter campaigns. When you open an e-mail, a file contained in the e-mail (so-called web-beacon) connects to our newsletter-server. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is recorded (e.g. time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

Your data will be stored and processed in an electronic newsletter system for the duration of your subscription. Since we base our processing on your consent, this means that you have the right to withdraw your consent at any time or to object to the processing of your personal data for the purpose of sending the newsletter. If you do so, we will immediately remove you from our newsletter distribution list to comply with your request. You can withdraw your consent at any time by sending an e-mail to our data protection officer or by following the instructions at the end of a promotional/newsletter e-mail. If you send us an e-mail, please let us know what your withdrawal should refer to so that we can assign your request.

Please note that, if you are an employee of our client, it may not be possible to withdraw your consent for certain communications, as these are compulsory communications on behalf of your employer.

C. Third-Party Single Sign-On Services

Our website offers users log in using third-party services instead of registering directly. The prerequisite is that you are already registered with the third-party provider. Therefore, an additional registration on our website is not necessary. For this purpose, you will find the corresponding symbols of the respective providers of the social networks supported by our website on the registration or login page.

You will then be redirected to the third-party provider's site, where you can enter your login credentials. This will result in some of your profile data with the third-party provider being transmitted to us. You can find out which information is transmitted to us in the third-party provider's privacy policy. We never receive the password you use with the third-party provider.

We use only your name and e-mail-address from this data to assign and identify you in our system. These will then be combined with the data listed under section d, provided you choose to provide them.

The legal basis for using third-party services is Art. 6 (1) (f) GDPR, based on our legitimate interest in enhancing the convenience of using our website.

We use the following services with reference to the privacy policy. In the linked privacy policy, you can find further information about the data protection assessment of our cooperation.

You will also learn how to exercise your rights with the third-party provider:

-       Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland https://www.google.com/policies/privacy/partners/.

-       Microsoft Ireland Operations Ltd., South County Business Park, One Microsoft Place, Carmanhall And Leopardstown, Dublin, D18 P521, Irland

https://privacy.microsoft.com/de-de/privacystatement.

-       LinkedIn Ireland Unlimited Company, Attn: Legal Dept. Wilton Plaza, Wilton Place, Dublin 2, Ireland

https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

D. Payment Services

When you purchase services from us, we utilize various payment providers to process your transactions. This processing is carried out based on the legal grounds of Art.6 (1) (b) GDPR, which pertains to the necessity of processing for the performance of a contract.

In cases where a credit check is performed, this is conducted under the legal grounds of Art. 6(1) (f) GDPR, which allows processing for the purposes of the legitimate interests pursued by the controller or by a third party, provided these interests are not overridden by your interests or fundamental rights and freedoms.

We prioritize the protection of your personal data and ensure that all processing activities comply with the relevant legal requirements.

1. Stripe

Tigerhall utilizes Stripe Payments Singapore Pte. Ltd., (8 Marina Boulevard #05-02, Marina Bay, Financial Centre, 018981, Singapore), a third-party payment processor, to handle payments securely and efficiently. Stripe is itself responsible for the processing of payments within the meaning of Art. 4 No. 7 GDPR. By choosing to use Stripe for transactions on our platform, you agree to the collection and use of your information by Stripe as described in their privacy policy.

When you make a payment using Stripe, you will be redirected to Stripe secure payment gateway. We do not have access to your full payment information, such as your credit card number or bank account details. Stripe collects and processes this information directly. Stripe collects personal data necessary to process your payment, including your name, e-mail-address, billing address, and payment method details. This data is used solely for the purpose of processing transactions and is handled in accordance with Stripe’s privacy policy. We receive a confirmation of payment from Stripe that includes limited information, such as your e-mail-address and transaction ID, which we use to confirm your purchase and provide customer service. We do not share your payment information with any third parties, except as necessary to process your transaction through Stripe or as required by law.

Stripe may share your data with third parties as described in their privacy policy. We ensure that Stripe implements adequate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. The legal basis for the transfer to the payment service provider is the fulfillment of the contract pursuant to Art. 6 (1) (b) GDPR and our legitimate interests in secure payment processing and fraud prevention pursuant to Art. 6 (1) (f) GDPR.

We ensure that any transfer of personal data outside the European Economic Area (EEA) is conducted in compliance with GDPR regulations, entering into Standard contractual clauses where necessary.

Stripe, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Stripe, Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

For more details on how Stripe handles your personal data, please review the Stripe Privacy Policy. By using Stripe for transactions, you agree to the terms of this privacy policy and the Stripe Privacy Policy (https://stripe.com/de/privacy).

2. Apple Pay

Tigerhall utilizes Apple Pay (EU: Apple Operations Europe, Holly Hill Industrial Estate, Holly Hill, Cork, Ireland; USA: Apple Inc., 1 Apple Park Way, Cupertino, CA 95014, United States), a third-party payment service, to provide you with a secure and seamless payment experience. By choosing to use Apple Pay for transactions on our platform, you agree to the collection and use of your information by Apple as described in their privacy policy.

When you make a payment using Apple Pay, the transaction is processed through Apple’s secure payment gateway. We do not have access to your full payment information, such as your credit card number or bank account details. Apple collects and processes this information directly through their platform. Apple may collect personal data necessary to process your payment, including your name, e-mail-address, billing address, and payment method details. This data is used solely for the purpose of processing transactions and is handled in accordance with Apple’s privacy policy.

We receive a confirmation of payment from Apple that includes limited information, such as your e-mail-address and transaction ID, which we use to confirm your purchase and provide customer service. We do not share your payment information with any third parties, except as necessary to process your transaction through Apple Pay or as required by law. Apple may share your data with third parties as described in their privacy policy. We ensure that Apple implements adequate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

We ensure that any transfer of personal data outside the European Economic Area (EEA) is conducted in compliance with GDPR regulations, entering into Standard contractual clauses where necessary.

For more details on how Apple handles your personal data, please review the privacy policy: https://www.apple.com/legal/privacy/. By using Apple Pay for transactions, you agree to the terms of this privacy policy and the Apple Privacy Policy.

E. Social media

1. Buttons for social media profiles

Unless otherwise stated, we process your data on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR in order to improve the content and make it more convenient for you to use. The purposes described are in line with our legitimate interests. If cookies are used when integrating social media content, this is done on the basis of your consent in accordance with Art. 6 (1) (a), Art. 7 GDPR which can be withdrawal at any time with effect for the future.

a.    X (formerly Twitter) Share-Buttons

Buttons from the X platform (formerly Twitter) are integrated on our website (X Corp., Market Square, 1355 Market Street, Suite 900 San Francisco, CA 94103, USA). When you access a page of our website that contains such a button, a direct connection between your browser and the X server is only established when you click on the button.

X thereby receives the information that you have visited our site with your IP address. If you click on the button while you are logged into your X account, you can link the content of our pages to your X profile. This allows X to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by X.

X Corp. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR.

This certification confirms that X Corp. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

If you do not want X to be able to assign your visit to our pages, please log out of your X account. Further information on this can be found in X's privacy policy at https://twitter.com/de/privacy.

b.    Facebook Share-Buttons

Facebook buttons are integrated on our website (Meta Platforms Inc., 1 Hacker Wy, Menlo Park, CA 94025, USA). When you visit a page on our website that contains such a button, your browser only establishes a direct connection with the Facebook servers when you click on the button. As a result, Facebook receives your IP address and information about your browser and operating system.

If you are logged in to Facebook, Facebook can assign your visit to our website directly to your Facebook account. If you click on the button, the corresponding information is also transmitted directly to a Facebook server and stored there. Depending on your privacy settings, this information may be published on Facebook. Facebook may process this information for the purposes of advertising, market research and customizing Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

Meta Platforms, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Meta Platforms, Inc. complies with the required data protection regulations and practices.

If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

If you do not want Facebook to associate the data collected via our website with your Facebook account, please log out of Facebook before visiting our website. You can find information about Facebook's data protection at https://www.facebook.com/about/privacy/.

c.    Instagram Share-Buttons

Instagram buttons are integrated on our (Meta Platforms Inc., 1 Hacker Wy, Menlo Park, CA 94025, USA). When you visit a page on our website that contains such a button, your browser only establishes a direct connection with the Instagram servers when you click on the button.

As a result, Instagram receives your IP address and information about your browser and operating system. If you are logged in to Instagram, Instagram can assign your visit to our website directly to your Instagram account. If you click on the button, the corresponding information is also transmitted directly to an Instagram server and stored there. Depending on your privacy settings, this information may be published on Instagram. Instagram may process this information for the purposes of advertising, market research, and customizing Instagram pages.

For this purpose, Instagram creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on Instagram, to inform other Instagram users about your activities on our website, and to provide other services associated with the use of Instagram.

Meta Platforms, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Meta Platforms, Inc. complies with the required data protection regulations and practices.

If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

If you do not want Instagram to associate the data collected via our website with your Instagram account, please log out of Instagram before visiting our website. You can find information about Instagram's data protection at https://privacycenter.instagram.com/policy/.

d.    LinkedIn Share-Buttons

LinkedIn buttons are integrated on our website (LinkedIn Singapore Pte. Ltd, 10 Marina Boulevard Marina Bay Financial Centre Tower 2, Level 30 SINGAPORE 018983). When you visit a page on our website that contains such a button, your browser only establishes a direct connection with the LinkedIn servers when you click on the button. As a result, LinkedIn receives your IP address and information about your browser and operating system. If you are logged in to LinkedIn, LinkedIn can assign your visit to our website directly to your LinkedIn account. If you click on the button, the corresponding information is also transmitted directly to a LinkedIn server and stored there. Depending on your privacy settings, this information may be published on LinkedIn. LinkedIn may process this information for the purposes of advertising, market research, and customizing LinkedIn pages.

For this purpose, LinkedIn creates usage, interest, and relationship profiles, e.g., to evaluate your use of our website with regard to the advertisements displayed to you on LinkedIn, to inform other LinkedIn users about your activities on our website, and to provide other services associated with the use of LinkedIn.

LinkedIn Corp. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that LinkedIn Corp. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

If you do not want LinkedIn to associate the data collected via our website with your LinkedIn account, please log out of LinkedIn before visiting our website. You can find information about LinkedIn's data protection at https://www.linkedin.com/legal/privacy-policy.

F. Cookies and integrated third-party offers

We use cookie technology for our website. Cookies are small text files that are sent to your browser by our web server during your visit to our website and stored on your computer for later retrieval. You can determine yourself whether cookies can be set and retrieved using the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites or configure your browser so that it automatically notifies you as soon as a cookie is to be set and asks you for feedback. You can delete cookies in your browser's security settings at any time. Please note, however, that this may affect the display quality of our website. Unless otherwise stated, the processing described in this section is based on your consent in accordance with Art. 6 (1) (a), Art. 7 GDPR which can be withdrawal at any time with effect for the future. Further information on how you can withdrawal your consent can be found in our cookie settings. These are linked in the footer of our website.

Surveys/Polls

On our website you can participate in surveys for user feedback through our survey form. When you voluntarily participate in this survey, information about the device and application you use to participate in the survey is processed. This includes IP address, geographical location, browser type and version, operating system, referral source, duration of visit, page views and navigation paths of the website or similar information.

You may participate in our user research sessions via Zoom (EU: Zoom EMEA, Floor 2-5, Locatellikade 1, 1076 AZ Amsterdam, Netherlands; USA: Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA). Zoom is a third-party video conferencing service that allows us to interact with users in real-time for the purpose of gathering insights and feedback to improve our products and services.

During these sessions, personal data such as your name, e-mail-address, and any information you voluntarily provide may be collected. The sessions may also be recorded, including audio, video, and shared screen content. This data is stored securely on our servers and is only accessible to authorized personnel within our organization.

Zoom has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done based on the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Zoom complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The legal basis for processing this data is your consent, according to Art. 6 (1) (a), Art. 7 GDPR or Art. 6 (1) (f) GDPR, our legitimate interest. Our legitimate interest lies in understanding user behaviour, preferences, and feedback to enhance the quality and functionality of our offerings.

Please note that since Zoom is a third-party service, your participation in these sessions is also subject to Zoom’s privacy policy and terms of service.

No data is transmitted to Zoom unless you explicitly join a session, at which point your data will be processed according to Zoom’s terms. Further information can be found in Zoom’s Privacy Policy at https://explore.zoom.us/de/privacy/.

G. Statistics, Web-Analytics, Advertising based on Tracking and Retargeting – Use of Cookies

In some cases, we or our partners use cookies or process your data in such a way that your consent is required. Cookies are small text files that can be stored on your device when you visit our website.  Tracking is possible using various technologies like the pixel technology or log file analysis. Consent is given via the so-called cookie banner, which must be actively clicked. Our cookie policy explains how you can disable individual functions to which you have consented. There you will find information on when cookies expire, how to delete cookies and how to withdraw your consent.

Unless otherwise stated, the processing described in this section is based on your consent. Learn more about how to withdraw your consent in our cookie policy. Our cookie policy is linked in the footer of our website.

1.      Web-Analytics, Statistics

To determine which content from our website is most interesting for you we continuously measure the number of visitors and the most viewed content. Therefore, we process your personal data

●           to record the number of visitors of our websites,

●           to record the respective visiting times of our website visitors and

●           to record the sequence of visits to different websites and product sites to optimize our website.

a. Web analysis through Google Analytics 4

We use the Google Analytics 4 service for the purpose of analysis and optimization on our website on the basis of your consent pursuant to Art. 6 (1) (a), Art. 7 GDPR, which can be withdrawal at any time with effect for the future. This is a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). In Google Analytics 4, the anonymization of IP addresses is activated by default.

With IP anonymization on our website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area by the last digits. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics 4 will not be merged with other Google data.

The following data may be processed when you visit our website:

·           IP address (in abbreviated form, a clear assignment is not possible);

·           inappropriate location (country and city);

·           Technical information such as browser, internet provider, end device and screen resolution;

·           The behavior on the page (pages viewed, clicks and scrolling behavior);

·           Source of the visit (via which website or advertising medium the page was reached);

·           session duration and whether the page was left without interaction;

·           Add to favorites;

·           Sharing content (social media);

·           clicked links to other websites;

·           Achievement of certain goals (conversions).

Google uses the aforementioned information on our behalf to evaluate your use of our website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning to automatically analyze and enrich the data. Information on this can be found on the following website https://support.google.com/analytics/answer/10710245. The evaluations are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria.

Google Analytics 4 stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future visits to the website.

The information collected by the cookies about the use of our website (including your anonymized IP address) may be transferred to a Google server in the USA and stored there under Google's responsibility. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

Google LLC has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Google LLC complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The logged data is stored by Google together with the randomly generated user ID, which is stored in a cookie on your device, enabling the evaluation of pseudonymized user profiles. This user-related data is automatically deleted after 14 months.

We have made the following data protection settings for Google Analytics 4:

·           anonymization of the IP address;

·           Retention period of 2 months (and no resetting of the retention period for new activity);

·           Disabled cross-device and cross-page tracking (Google Signals);

·           deactivated data sharing (especially Google products and services, benchmarking, technical support, account specialist).

b.           HubSpot

On this website, we use HubSpot (HubSpot Asia Pte Ltd., Mapletree Anson, 60 Anson Road, #10-03, Singapore 079914 (GST: 201526553E)) for analytical purposes and for managing customer relationships, ensuring effective communication with our customers, e.g. via e-mail sequences. HubSpot is a marketing and sales platform that helps us analyse user interactions, track website performance, and optimize our marketing efforts. In the course of using HubSpot, various personal data may be collected, such as IP addresses, geographical locations, browser types, referral sources, length of visits, and pages viewed. This information assists us in understanding user behavior and improving the user experience on our website. The data collected is stored securely on HubSpot's servers and is accessible only to authorized personnel.

HubSpot, Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that HubSpot, Inc. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

Please note that by interacting with our website, your data may be transmitted to HubSpot and processed in accordance with HubSpot's privacy policy. For more information on HubSpot's data handling practices, please refer to their Privacy Policy at https://legal.hubspot.com/privacy-policy.

2.      Advertising based on Tracking and Retargeting

In order to ensure that we only show advertising that is of interest to our visitors, including on the websites of our advertising partners, we use tracking and retargeting technologies for advertising that is tailored to the interests of the data subjects. Cookies are generally used for this purpose, but other technologies such as "fingerprinting" are also used in some cases.

The cookies cached for this purpose enable our retargeting partners to recognize visitors to our website under a pseudonym and only show them products that are likely to be of interest to the data subjects. With fingerprinting, the device is recognized on the basis of the computer hardware, software, add-ons and browser settings of the data subject.

Unless otherwise stated, the processing described in this section is based on the consent of the data subject pursuant to Art. 6 (1) (a), Art. 7 GDPR which can be withdrawal at any time with effect for the future.

The controller uses the collected data for statistical and advertising purposes and in detail:

•           for targeted advertising, including via advertising networks in cooperation with partners,

•           for measuring the success and billing of advertising measures between advertising partners and us,

•           to track which advertising the data subjects have already seen in order to prevent them from seeing the same advertising again, and

•           to assess which parts of our website need to be optimized.

Unless otherwise stated, we use the following services as processors and contractually oblige them to process data only on our behalf.

a. Meta Pixel/ Business Ads

We use Meta Pixel on our website, a service provided by Meta Platforms Inc. (1601 Willow Road Menlo Park California 94025, USA). The service enables us to determine target groups for advertising on Meta, so-called "business ads", based on website visits and surfing behavior. We also use this pixel to measure the effectiveness of online marketing measures. This allows us to track the actions of users after you have seen and/or clicked on a business ad and subsequently placed an order.

When you visit a website, the pixel is embedded directly by Meta and can store a cookie on your device. If you subsequently log in to your Facebook account or are already logged in to your Facebook account, your visit to this website will be logged in your profile.

The usage data collected is anonymous to us and therefore does not allow any conclusions to be drawn about your identity. However, this data is stored and processed by Meta so that it is possible to draw conclusions about the respective user profile.

You can find more information about Meta Pixel at https://www.facebook.com/business/tools/meta-pixel/. Data processing by Meta is carried out in accordance with the Meta data usage guidelines. For this purpose, we have concluded an agreement with Meta as joint controllers. Further information on data processing by Meta can be found at: https://www.facebook.com/about/privacy/.

It cannot be ruled out that Meta Platforms Ireland Limited will transfer personal data to the parent company Meta Platforms Inc. (USA) as part of the commissioned processing. Meta Platforms Inc. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR. This certification confirms that Meta Platforms Inc. complies with the required data protection regulations and practices.

If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

b.             LinkedIn Insights Tag

We are using the LinkedIn Insights Tag, a Service from LinkedIn Corporation as a tool to analyse your behaviour on our website enabling us to provide you with interest based and behavioural marketing. Additionally, this includes conversion measurement to increase the effectiveness of our marketing activities. This is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, https://www.linkedin.com. More Information can be found at https://www.linkedin.com/legal/privacy-policy.

The Insight Tag will collect and transfer to LinkedIn the following information about you: URL; Referrer URL, IP address, Device- and Browser data (User Agent) and a timestamp. Exceptionally, profile data may be processed together with the above data categories.

This is the case if you are a member of LinkedIn. In this regard, we would like to refer you to the setting possibilities within your LinkedIn profile. LinkedIn will provide us with an analysis of the use of our website in aggregated form, so we are enabled to improve our website and content for our users. Also, this data is used for targeting measures for advertisements in the LinkedIn platform.

We are joint controllers with LinkedIn Corp. for the collection and the transfer of data to LinkedIn; however, any processing of personal data after the transfer lies in the sole responsibility of LinkedIn. The Insight Tag will only be collecting and transferring data after your explicit consent in the Cookie-Banner presented to you when accessing our website.

LinkedIn will encrypt your data, the IP addresses will be truncated, and direct identifiers will be removed within seven days in order to make the data pseudonymous. This remaining pseudonymised data will then be deleted within 90 days.

LinkedIn Corp. has joined the EU-US Data Privacy Framework and Swiss-U.S. Data Privacy Frameworks, as well as the UK Extension to the EU-U.S. Data Privacy Framework in the USA. If data is transferred to the USA, this is done on the basis of the new adequacy decision of the European Commission on the EU-US Data Privacy Framework, Art. 45 GDPR.

This certification confirms that LinkedIn Corp. complies with the required data protection regulations and practices. If a Data Privacy Framework is not or not yet available, the data exchange during the transition period will be based on the concluded EU standard contractual clauses to ensure an adequate level of EU data protection.

The legal basis for this process is your consent. You can find more information at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

11. Location of Personal Information

Our service is hosted in Europe and all personal information collected with the service is stored in the United States & Europe. If you are visiting our site, using our service, or otherwise providing information to us outside Europe/Australia, please be aware that you are transferring personal data to the United States & Europe.

12. Updates to this Privacy Policy

We periodically review this Privacy Policy and may make updates to reflect changes in our practices, for legal reasons, or to meet new regulatory requirements. Your continued use of our services following any notice of changes to this Privacy Policy means you accept such changes. Please refer to the “Effective Date” above for details on when this Policy was last updated.

13. Contact Us

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at support@tigerhall.com. If you are a user under a company contract, please approach your company contact person for any queries or to submit any data requests relating to your rights as a data subject including the rights noted in section “6. Data Subject Rights”.