Data Protection
Data Protection
In this privacy policy, we inform you about the processing of personal data when using our website. Personal data refers to information related to an identified or identifiable person. This primarily includes details that allow conclusions about your identity, such as your name, phone number, address, or email address. Statistical data that we collect, for example, during a visit to our website and which cannot be associated with your person, do not fall under the definition of personal data.
PRIVACY NOTICE
Last updated on 01 November 2025
The protection of your personal data is of great concern to us. Therefore, we would like to provide you with all the information about the processing and storage of your data when visiting our website and within our companies.
In order to take full advantage of all the features and services of our site, it is necessary to collect your personal data. The processing and storage are carried out in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and any other applicable data protection laws.
Responsible Entity
turnus.ai GmbH
Fiedelerstraße 35A
30519 Hannover
Germany
Contact details and further information in the Imprint.
DATA PROTECTION OFFICER
Data Protection Officer: Mag.a iur. Elisa Drescher
Email: privacy@turnus.ai
COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE
Note: To protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption procedure on our website. Your data is transmitted over the Internet using a so-called TLS encryption from your computer to our computer and vice versa. TLS stands for "Transport-Layer Security" and is an encryption protocol for data transmission on the Internet. You usually recognise "TLS" by the fact that the padlock symbol in the status bar of your browser is closed and the address starts with https://.
COLLECTION OF ACCESS AND LOG DATA
This website automatically collects and stores server log file information, which your browser transmits to us.
This includes:
· User's IP address
· Date and time of access
· Type of request
· Customer information such as type and version
· User's operating system (device, OS version of the device),
· Referrer information (i.e., the source of access)
The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in identifying evidence of unlawful usage of our website (e.g., defence against hacker attacks) and ensuring a smooth connection setup. The collected data is stored in server log files that your browser automatically encrypts and transmits to us. We only store the server log files in case of attacks on our server infrastructure or other legal violations. This extended storage period occurs due to our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and is solely for evidence preservation.
We have concluded a data processing contract with the provider of this website, Framer B.V., based in the Netherlands, according to Art. 28 GDPR. This is a legally required contract that ensures Framer B.V processes the personal data of our website visitors only according to our instructions and in compliance with GDPR.
ENQUIRIES VIA CONTACT FORM, EMAIL AND PHONE
Any information you provide to us voluntarily concerning your person will, of course, be treated confidentially. We use your provided personal data exclusively to process and respond to your enquiry. The legal basis for the data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners, and prospective clients, and promoting or maintaining customer satisfaction. Another legal basis is for natural persons the initiation or fulfilment of a contract pursuant to Art. 6 para. 1 lit. b) GDPR.
We store and use contact data and information received (such as business communication histories) from customers and prospects for the execution and initiation of the business relationship. Processing is based on (pre)contractual measures on the basis of Art. 6 para. 1 lit. b) GDPR. The provider is HubSpot Ireland Limited, based in Dublin, Ireland, with which we have concluded a contract for commissioned processing according to Art. 28 GDPR. Insofar as personal data is transferred to HubSpot, Inc., based in Cambridge, USA, this is done based on the Data Privacy Framework. This is the adequacy decision for the USA. In addition, there are standard contractual clauses. You have the right at any time to access the data stored about you in the customer database and can request a change or deletion of the data.
All personal details you submit to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response to you, unless a contract is concluded. The 2-year retention period arises from the possibility that you may contact us again about the same matter and refer to previous correspondence. From experience, we have found that no further queries follow our responses after 2 years.
APPOINTMENT BOOKING
To facilitate simplified booking of appointments, we offer you a form for direct booking via our website. After booking, you will receive a confirmation email including the access link to the online meeting and a reminder message before the agreed appointment to avoid missed appointments. You can cancel or reschedule the booked appointment at any time. To do so, we use the appointment booking function integrated into HubSpot. All information about HubSpot can be found under “ENQUIRIES VIA CONTACT FORM, EMAIL AND PHONE. In addition, we do not pass on your data to third parties. The legal basis for data processing during booking and related confirmation and reminder emails is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Deletion of booked appointments occurs after 6 months.
REGISTRATION AND USER ACCOUNT
To use turnus.ai, a user account is necessary, which can be created by providing an email address and a password. In this context, we store the IP address and the time of each user action based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, when you register, log in, or use your user account. This is done to prevent misuse and unauthorised use, which is in our and the users' interests. In principle, we do not pass on this data to third parties, unless it is necessary to enforce our claims or it is legally required.
Within the user account, we store information about your company (phone number, address, email address, team members and their roles), contact details of your customers (phone numbers, campaigns, ...). These data are stored exclusively for contract fulfilment pursuant to Art. 6 para. 1 lit. b) GDPR.
We store your data for the duration of the contract. In the event of termination, you are obliged to secure your data in good time.
We provide you with the following single sign-on services from various providers:
· Microsoft
The purpose is to facilitate and shorten the registration and login process for you. Registration takes place to conclude a contract with us (Art. 6 para. 1 lit. B) GDPR).
By clicking on the respective provider, your web browser automatically establishes a direct connection with the provider's servers. To carry out the login, you will be redirected to the respective provider's page. There you can log in with your usage data, and thus registration takes place. Upon successful registration, your user account with the chosen provider will be linked to our WebApp,
Note: We have no influence on the scope and further use of the data that is collected by the respective provider. For the type and scope of data processing, the purposes pursued, your respective rights, and setting options for protecting your personal data, please refer to the privacy notices of the respective provider:
· Google: https://support.google.com/a/answer/60224?hl=en
· Microsoft: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-single-sign-on
USE OF WEB ANALYSIS TOOLS AND COOKIES
We use cookies to facilitate and improve the use of our website. Cookies are small text information that can be saved on your computer or smartphone (end device) when you visit a website via the browser. Cookies can also provide us with information about how you use our website, allowing us to continuously improve the website's design.
Cookies serve to uniquely identify what our customers find interesting and useful on our website. In addition, we use so-called "Web Beacons" (small graphic images, also known as "pixel tags" or "clear GIFs") on our website. They are used together with cookies to track general user behaviour on the website.
The data processed through necessary cookies are for the purposes stated below to protect our legitimate interests, as well as those of third parties pursuant to Art. 6 para. 1 lit. f) GDPR.
Any use of cookies that is not technically necessary constitutes data processing that is only permitted with your express and active consent pursuant to Art. 6 para. 1 lit. a) GDPR. With our so-called "Cookie Consent Tool", you can set which cookie categories you wish to consent to when visiting our website. Over this, you can also withdraw or change your consent at any time.
Once stored cookies can also be deleted at any time via your web browser settings. You can also adjust your web browser settings so that no cookies are stored. In that case, not all functions of our website are available.
We use cookies for the following purposes:
· Technically necessary: These are cookies and similar methods without which you would not be able to use our services, for example, to correctly display our website or to use functions you desire.
· Convenience: These techniques enable us to consider your actual or assumed preferences for the convenient use of our website. For example, we can display our website in a language suited to you based on your settings.
· Statistics: These techniques allow us to create anonymous statistics on the use of our services. This way, we can, for example, determine how we can further adjust our website to the habits of our users.
· Marketing: This allows us to show you tailored advertising content, which is based on analysing your usage behaviour. Your usage behaviour can also be tracked across different websites, browsers, or devices using a user ID (unique identifier).
As part of data processing (using cookies and similar techniques to process usage data), we may engage specialised service providers from the online marketing field. These process your data on our behalf as processors and are carefully selected and contractually obliged according to Article 28 GDPR. All the above-named providers operate as processors for us.
CONSENT MANAGEMENT
We use a cookie consent technology to obtain your data protection consent for the storage of certain cookies on your end device or to use certain technologies and to document these in compliance with data protection laws. A technically necessary cookie is set for this purpose. The use occurs to obtain the legally required consents for using cookies. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents (Art. 6 para. 1 lit. c) GDPR) to fulfil our accountability under Art. 5 para. 2 GDPR.
USE OF GOOGLE ANALYTICS
This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited (“Google”), a company registered and operated under Irish law (registration number: 368047) with headquarters at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) (“Google”).
Google Analytics uses so-called "cookies." These are text files stored on your computer that allow an analysis of the use of the website by the user. The information generated by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there. For the USA, an adequacy decision exists so that data transfer can be carried out without additional measures. The certification of Google can be viewed here.
We have made the setting that your IP address will be anonymized. The IP address anonymisation is done by Google, however, within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and Internet usage to the website operator.
The anonymized IP address transmitted by your browser as part of Google Analytics is not merged with other data from you, such as search history, personal accounts, usage data from other devices, and all other data known to Google about you.
The cookies set in connection with Google Analytics can be viewed above in the list.
You can revoke your consent at any time by making the corresponding settings directly via the cookie banner. The user and event data will be deleted after 14 days. The function "Reset user data after new activity" is not activated. [ED2] This means that if you visit again before the retention period expires, your data will not be deleted.
GOOGLE TAG MANAGER
We use the Google Tag Manager from the provider Google Ireland Limited, Google Building Gordon House, Barrow St. Dublin 4, Ireland.
With the Google Tag Manager, website tags are managed via an interface. This allows us as marketers to manage website tags via one interface. Tags are small code sections that, for example, record (track) your activities on our website. The Google Tag Manager itself does not set any cookies but ensures that other tags, which may themselves capture data, are activated, such as Google Analytics. Google Analytics itself sets cookies again. For more information, see the "Web tracking measures" section.
Using the Google Tag Manager, your IP address is transmitted anonymously to Google. This may also result in data transfers to Google's servers in the USA. We have concluded an order processing contract with Google pursuant to Art. 28 GDPR. For the USA, an adequacy decision exists, so the data transfer can take place without further measures. You can view Google's certification here.
In the account settings of the Tag Manager, we have not allowed Google to receive anonymous data from us.
The storage duration of the integrated tracking tools, such as Google Analytics, depends on the tool used, which is loaded via the Google Tag Manager.
EMBEDDING YOUTUBE VIDEOS
We embed videos on our webpages that are not stored on our servers. In the first step, to prevent automatically loading third-party provider content when calling up our webpages with embedded videos, we only display locally stored preview images of the maps. The third-party provider does not receive any information.
Only after a click on the preview image or by granting consent via the cookie consent banner are the third-party provider's contents loaded. As a result, the third-party provider receives information that you have accessed our page as well as the usage data that is technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load the third-party provider's content. Embedding is based on your consent under Art. 6 para. 1 lit. a) GDPR, provided you have previously given your consent by clicking on the preview image. For the USA, an adequacy decision exists such that the data transfer can take place without further measures. The certification of Google (YouTube) can be viewed here.
Provider of the video service:
Google Ireland Limited/Google LLC (USA) (“YouTube”)
Revocation of Consent
If you clicked on a preview image, the third-party provider's content is immediately loaded. If you do not want this reloading on other pages, please do not click on the preview images anymore or revoke your consent for the reloading via the cookie consent banner.
LinkedIn Insight Tag
As part of using the "LinkedIn Insight Tag" conversion tracking tool from LinkedIn Ireland Unlimited, based in Ireland, we process personal data jointly with LinkedIn under joint responsibility according to Art. 26 GDPR, provided you have given your consent via the consent banner. You can access the agreement underlying the cooperation with LinkedIn on joint responsibility here. LinkedIn is an American company based in California. Personal data is also processed in the USA. For the USA, there is currently an adequacy decision, and the LinkedIn Corporation is certified under the Data Privacy Framework.
The LinkedIn Insight Tag collects data about your use of our website. LinkedIn does not share personal data with the website owner but provides reports and information (where you are not identified) about the website audience and ad performance. LinkedIn also offers retargeting for website visitors so that the website owner can display targeted advertising outside their website with the aid of this data, without the member being identified. LinkedIn uses the data, which LinkedIn claims do not identify you, to improve the relevance of ads and to reach members across devices. You can learn more about the LinkedIn Insight Tag directly on LinkedIn. LinkedIn also uses the data for its advertising purposes and for third-party advertising purposes in accordance with the LinkedIn Data Policy. There you will also find further information on how to exercise your data subject rights relating to the data processed by LinkedIn. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
Apollo
We use Apollo, a business intelligence platform from the US provider ZenLeads, Inc. based in San Francisco, USA, to improve our marketing efforts. Apollo helps us identify and target new business contacts more accurately (e.g., through email marketing or data analysis). Personal data may be processed in this context. The use of Apollo is only with your explicit consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future. Apollo is operated by a company in the USA. ZenLeads, Inc. is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. More about data processing by Apollo can be found here: https://www.apollo.io/privacy/
USE OF MICROSOFT CLARITY
We use Microsoft Clarity on our website with your consent according to Art. 6 para. 1 lit. a) GDPR, a service of Microsoft Ireland Operations Limited. Data transfers to Microsoft Corporation based in the USA take place based on the adequacy decision for the USA, which you can view here. Clarity analyzes the performance of our website in an anonymous form. For example, we receive so-called heatmaps. Heatmaps show us which parts of our website are particularly popular and help us better adapt our website to the needs of our users. This also serves as the purpose of processing. The retention period for the collected data can be found in the information from the cookie banner. Microsoft processes the data on instructions and in our order. We have concluded a respective order processing agreement with Microsoft. Further information about Microsoft Clarify can be found at https://clarity.microsoft.com
DATA PROCESSING OF BUSINESS PARTNERS AND CUSTOMERS
1. Fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
The purposes of data processing result from the implementation of pre-contractual measures and the fulfilment of the obligations from the concluded contract.
For contract execution, we process master data such as first and last name, billing address, and billing and payment data. We use the email address and telephone number for communication. We also process your data in our HubSpot accounting system.
2. To fulfil legal obligations (Art. 6 para. 1 lit. c) GDPR)
The purposes of data processing result on a case-by-case basis from legal requirements. These legal obligations include, for instance, fulfilling retention and identification obligations, e.g., in the context of tax control and reporting obligations, and responding to authorities' requests, which may include data transfers to our appointed tax advisor.
3. To fulfil our legitimate interests (Art. 6 para. 1 lit. f GDPR)
We process the contact data of contact persons for customers, prospects, suppliers, and other business partners for communication via email, telephone, and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest arises from the desire to carry out or initiate business relationships with customers, prospects, suppliers, and other business partners and maintain personal contact with contacts.
We generally rule out the passing on of data to third parties.
Personal data is stored for business relationship purposes as long as there is a legitimate interest in it. It may be necessary to process the personal data you have provided beyond the actual fulfilment of the contract with business partners. Legitimate interests here include selecting suitable business partners, fulfilling compliance measures, asserting legal claims, defending against liability claims, preventing crimes, and regulating damages resulting from the business relationship.
4. Who receives your personal data?
In the course of contractual relationships, we may commission processors or service providers who may gain access to your personal data. Compliance with data protection requirements is contractually ensured.
Specifically, the following additional processors are used:
· Notion – from the provider "Notion Labs, Inc.", based in the USA. If personal data from clients is stored in them, data may be transferred to Notion's (sub)service providers in the USA. With Notion, there is a data processing agreement according to Art. 28 GDPR and an active certification under the Data Privacy Framework.
· Microsoft Ireland Limited, based in Dublin, for email hosting
5. Retention period
Data collected for contract execution is stored until the expiry of statutory/contractual warranty and guarantee rights. After this period, we retain the legally required information for the duration specified by commercial and tax law. During this period (regularly ten years from the conclusion of the contract), the data are only processed again in the event of a review by the tax authorities or customer inquiries.
6. Data processing to document GDPR compliance
If we process your data based on consent under Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for specific purposes and following separate information to be able to demonstrate that you have consented to the respective data processing within our accountability pursuant to Art. 5 para. 2 GDPR.
If you assert your data subject rights under the GDPR to us, we also process and store your data to demonstrate within the framework of accountability under Art. 5 para. 2 GDPR that we have complied with GDPR when processing your request.
If you assert your rights under the GDPR to us, your data may be transferred to our external data protection consultant (SCALELINE Datenschutz).
DATA PROCESSING IN THE CONTEXT OFAPPLICATION PROCEDURES [ED3]
To accept and manage the application and thus for the purpose of (possibly) establishing an employment relationship, you can send us your application documents by email. You can also send us your application documents via job postings on career platforms. If necessary, we have data protection agreements with the platform providers regarding handling personal data.
In the application process, we only collect data from you that is necessary to establish an employment relationship with us. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR.
Within our organisation, only those persons involved in decision-making have access to your personal data.
Your personal data will be stored for the duration of your employment relationship in case of successful employment. Moreover, after its termination, your tax-relevant data will be archived within statutory retention periods. In the case of an unsuccessful application, your personal data will be deleted 7 months after the rejection.
Personal data of applicants is stored and processed in the tool Notion from the provider "Notion Labs, Inc.", based in the USA. If personal data from clients is stored in them, data may be transferred to Notion's (sub)service providers in the USA. With Notion, there is a data processing agreement according to Art. 28 GDPR and an active certification under the Data Privacy Framework.
OPERATING SOCIAL MEDIA PRESENCES [ED4] [ED5]
We maintain the following social media presences:
LinkedIn: https://www.linkedin.com/company/turnus-ai/
YouTube: www.youtube.com/@turnus_ai
Data processing by us:
a. Maintain the above-mentioned social media pages and run ads (“advertisements”)
Personal data such as comments, videos, images, likes, public messages etc., entered on social media pages, are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our page and contact you via the social media platform, e.g., through the provided messengers. Furthermore, we regularly run ads (“advertisements”) via our social media pages. The legal basis for this data processing is the legitimate interest under Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.
b. Page Insights
Social media platforms provide anonymised statistics and insights that help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created based on certain information about people who have visited our page.
The legal basis for this data processing is our legitimate interest in Art. 6 para. 1 lit. f) GDPR, which is to obtain information about the actions and visitors to our pages.
This processing of personal data is carried out by the social media platform and us as a so-called joint controller under Art. 26 GDPR. A separate agreement is required for joint responsibility.
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
YouTube: https://business.safety.google/controllerterms/
If you wish to object to certain data processing that we can influence (e.g., deleting comments), please contact us using the contact details mentioned above.
Note: The provision of your data is neither legally nor contractually required nor necessary for concluding a contract. You are not obliged to provide your personal data. The consequence of non-provision is that you cannot communicate with us via our social media pages, interact, or participate in the competition. To contact us, please use the email address mentioned above.
Data processing by the operator of the social media platform:
In addition to us, there is also the respective operator of the social media platforms. This is also considered a separate data controller under data protection law, carrying out its data processing. This means that the operator is also a separate responsible party under GDPR. We have limited influence over the operator's data processing. Where we can exercise influence (e.g., through parameterisation), we work within our means to ensure data protection by the operator of the social media platform. At many points, we cannot influence how the operator of the social media platform processes data and do not know exactly what data they process. The respective operator's privacy policy informs you about processing personal data:
LinkedIn: https://de.linkedin.com/legal/privacy-policy?
YouTube: https://policies.google.com/privacy?hl=de
As part of platform use, your personal data is usually processed by the respective platform operator on servers in third countries, especially in the USA. Certain third countries are certified by the European Commission as having an so-called adequacy decision. This means the privacy protection law situation in these countries is equivalent to that within the EU or the EEA. For current countries with an adequacy decision, see here. Certifications according to the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram), LinkedIn, and Google (YouTube). In all other cases, we conclude standard contractual clauses with the platform operators for transferring personal data to third countries.
Note: The operator of the social media platform uses web tracking methods. Web tracking may be done regardless of whether you are logged in or registered on the social media platform. As already mentioned, we have little influence over the web tracking methods of the social media platform. We cannot disable this, for example. Please be aware: It cannot be ruled out that the operator of the social media platform uses your profile and behaviour data, for example, to evaluate your habits or personal relationships and preferences. We have no influence on processing your data by the operator of the social media platform.
COMMUNICATION VIA MICROSOFT TEAMS VIDEO CONFERENCE SYSTEM
We use the tool "Microsoft Teams" to conduct teleconferences, online meetings, and video conferences. You receive access to agreed appointments via a link provided by email. By clicking on the link, you can enter the video room. Before joining, you can decide whether to activate the video or not. You are automatically muted, and you must manually unmute your microphone if desired. If you activate your camera and/or microphone, during the meeting, the data from your microphone and video camera will be processed.
If you participate as an external participant in an online meeting, the host of the meeting will send you an access link via email. Upon signing up for the online meeting, you then need to provide your name and possibly your email address.
The following additional data may be processed depending on the type and scope of actual use:
· Details about your person (e.g., first and last name, email address, profile picture)
· Meeting metadata (e.g., date, time, and duration of communication, meeting name, participant IP address)
· Device/hardware data (e.g., IP addresses, MAC addresses, client version)
· Text, audio, and video data (e.g., chat histories, video, audio, and presentation recordings)
· Connection data (e.g., phone numbers, country names, start and end times, IP addresses)
Additionally, personal data from you may be processed. This also specifically depends on your use, like using the chat and the whiteboard.
We want to explicitly point out that the information you provide during live meetings will be processed for at least the duration of the meeting.
Legal Basis
The legal basis for data processing for direct contract partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contacts at external parties the legitimate interest after Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organisation of virtual communication and web conferencing.
Microsoft Teams is a service of Microsoft Corporation. For more information on processing your data when using “Teams”, see: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot exclude that the routing of data might also be done via Internet servers located outside the EU or the EEA. For data transfer to Microsoft in the USA, the adequacy decision for the USA applies. You can view Microsoft's certification here.
Microsoft as a provider necessarily becomes aware of the mentioned data, as it is contractually regulated within our order processing contract according to Art. 28 GDPR. No other recipients exist.
Generally, you are not obliged to communicate with us via Microsoft Teams. Alternatively, meetings can also be conducted by telephone.
We generally delete personal data when there is no need to store them further.
CREATION OF TRANSCRIPTS AND MINUTES OF ONLINE CONFERENCES
We use AI-supported transcription from Microsoft to document online conferences and to effectively take minutes of online conferences.
What data is processed?
The transcripts are created using artificial intelligence (AI) and stored in HubSpot. The following data will be stored:
· User content:
· Text summaries
How is the data processing carried out?
Through transcription of the audio files of live video conferences, logs are created. These logs are transferred using the automation tool n8n of the company n8n GmbH, based in Berlin, into our CRM of HubSpot and assigned to the conversation partner.
Which legal basis applies?
For the above-described data processing, we collect your consent by sending the invitation for the appointment and by accepting the appointment according to Art. 6 para. 1 lit. a) GDPR before the first use. You can withdraw this consent at any time with effect for the future. If you do not want a transcription, no transcript will be created.
DATA SUBJECT RIGHTS
YOU HAVE THE RIGHT UNDER ART. 15 PARA. 1 GDPR, UPON REQUEST, TO RECEIVE INFORMATION ABOUT PERSONAL DATA STORED ABOUT YOU FREE OF CHARGE. YOU ALSO HAVE THE RIGHT, SUBJECT TO THE STATUTORY REQUIREMENTS, TO CORRECTION (ART. 16 GDPR), DELETION (ART. 17 GDPR), AND RESTRICTION OF PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU SUPPLIED THE PROCESSED DATA YOURSELF, YOU ALSO HAVE A RIGHT TO DATA PORTABILITY UNDER ART. 20 GDPR.
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 E) OR F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE DATA PROCESSING UNDER ART. 21 GDPR. IF YOU OBJECT TO DATA PROCESSING, THIS WILL CEASE IN THE FUTURE, UNLESS THE CONTROLLER CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE FURTHER PROCESSING THAT OVERRIDE THE DATA SUBJECT'S INTERESTS IN OBJECTING.
IF DATA PROCESSING IS BASED ON CONSENT UNDER ART. 6 PARA. 1 LIT. A), ART. 9 PARA. 2 LIT. A) OR ART. 49 PARA. 1 LIT. A) GDPR, YOU CAN REVOKE YOUR CONSENT AT ANY TIME WITH EFFECT FOR THE FUTURE, WITHOUT AFFECTING THE LAWFULNESS OF PROCESSING CARRIED OUT UNTIL THE REVOCATION.
IN ADDITION, YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION AUTHORITY. THE COMPLAINT MAY BE FILED, IN PARTICULAR, WITH A SUPERVISORY AUTHORITY OF THE EU MEMBER STATE OF YOUR HABITUAL RESIDENCE, PLACE OF WORK, OR PLACE OF THE ALLEGED INFRINGEMENT.
Contact details of the responsible data protection authority:
The Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5, 30159 Hanover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
Email: poststelle@lfd.niedersachsen.de
NO AUTOMATED DECISION MAKING.
No automated decision-making or profiling is carried out by us.
PROVISION
Unless otherwise stated in the previous chapters, providing personal data is neither legally nor contractually required nor necessary for concluding a contract. Failure to provide your personal data may mean, for instance, that we cannot answer your enquiries.
These privacy notices have been prepared in collaboration with the consulting company SCALELINE Datenschutz. The legal texts are subject to copyright.
PRIVACY NOTICE
Last updated on 01 November 2025
The protection of your personal data is of great concern to us. Therefore, we would like to provide you with all the information about the processing and storage of your data when visiting our website and within our companies.
In order to take full advantage of all the features and services of our site, it is necessary to collect your personal data. The processing and storage are carried out in accordance with the legal guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and any other applicable data protection laws.
Responsible Entity
turnus.ai GmbH
Fiedelerstraße 35A
30519 Hannover
Germany
Contact details and further information in the Imprint.
DATA PROTECTION OFFICER
Data Protection Officer: Mag.a iur. Elisa Drescher
Email: privacy@turnus.ai
COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE
Note: To protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption procedure on our website. Your data is transmitted over the Internet using a so-called TLS encryption from your computer to our computer and vice versa. TLS stands for "Transport-Layer Security" and is an encryption protocol for data transmission on the Internet. You usually recognise "TLS" by the fact that the padlock symbol in the status bar of your browser is closed and the address starts with https://.
COLLECTION OF ACCESS AND LOG DATA
This website automatically collects and stores server log file information, which your browser transmits to us.
This includes:
· User's IP address
· Date and time of access
· Type of request
· Customer information such as type and version
· User's operating system (device, OS version of the device),
· Referrer information (i.e., the source of access)
The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in identifying evidence of unlawful usage of our website (e.g., defence against hacker attacks) and ensuring a smooth connection setup. The collected data is stored in server log files that your browser automatically encrypts and transmits to us. We only store the server log files in case of attacks on our server infrastructure or other legal violations. This extended storage period occurs due to our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR and is solely for evidence preservation.
We have concluded a data processing contract with the provider of this website, Framer B.V., based in the Netherlands, according to Art. 28 GDPR. This is a legally required contract that ensures Framer B.V processes the personal data of our website visitors only according to our instructions and in compliance with GDPR.
ENQUIRIES VIA CONTACT FORM, EMAIL AND PHONE
Any information you provide to us voluntarily concerning your person will, of course, be treated confidentially. We use your provided personal data exclusively to process and respond to your enquiry. The legal basis for the data processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. This arises from our interest in responding to enquiries from our customers, business partners, and prospective clients, and promoting or maintaining customer satisfaction. Another legal basis is for natural persons the initiation or fulfilment of a contract pursuant to Art. 6 para. 1 lit. b) GDPR.
We store and use contact data and information received (such as business communication histories) from customers and prospects for the execution and initiation of the business relationship. Processing is based on (pre)contractual measures on the basis of Art. 6 para. 1 lit. b) GDPR. The provider is HubSpot Ireland Limited, based in Dublin, Ireland, with which we have concluded a contract for commissioned processing according to Art. 28 GDPR. Insofar as personal data is transferred to HubSpot, Inc., based in Cambridge, USA, this is done based on the Data Privacy Framework. This is the adequacy decision for the USA. In addition, there are standard contractual clauses. You have the right at any time to access the data stored about you in the customer database and can request a change or deletion of the data.
All personal details you submit to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final response to you, unless a contract is concluded. The 2-year retention period arises from the possibility that you may contact us again about the same matter and refer to previous correspondence. From experience, we have found that no further queries follow our responses after 2 years.
APPOINTMENT BOOKING
To facilitate simplified booking of appointments, we offer you a form for direct booking via our website. After booking, you will receive a confirmation email including the access link to the online meeting and a reminder message before the agreed appointment to avoid missed appointments. You can cancel or reschedule the booked appointment at any time. To do so, we use the appointment booking function integrated into HubSpot. All information about HubSpot can be found under “ENQUIRIES VIA CONTACT FORM, EMAIL AND PHONE. In addition, we do not pass on your data to third parties. The legal basis for data processing during booking and related confirmation and reminder emails is your consent pursuant to Art. 6 para. 1 lit. a) GDPR. Deletion of booked appointments occurs after 6 months.
REGISTRATION AND USER ACCOUNT
To use turnus.ai, a user account is necessary, which can be created by providing an email address and a password. In this context, we store the IP address and the time of each user action based on our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, when you register, log in, or use your user account. This is done to prevent misuse and unauthorised use, which is in our and the users' interests. In principle, we do not pass on this data to third parties, unless it is necessary to enforce our claims or it is legally required.
Within the user account, we store information about your company (phone number, address, email address, team members and their roles), contact details of your customers (phone numbers, campaigns, ...). These data are stored exclusively for contract fulfilment pursuant to Art. 6 para. 1 lit. b) GDPR.
We store your data for the duration of the contract. In the event of termination, you are obliged to secure your data in good time.
We provide you with the following single sign-on services from various providers:
· Microsoft
The purpose is to facilitate and shorten the registration and login process for you. Registration takes place to conclude a contract with us (Art. 6 para. 1 lit. B) GDPR).
By clicking on the respective provider, your web browser automatically establishes a direct connection with the provider's servers. To carry out the login, you will be redirected to the respective provider's page. There you can log in with your usage data, and thus registration takes place. Upon successful registration, your user account with the chosen provider will be linked to our WebApp,
Note: We have no influence on the scope and further use of the data that is collected by the respective provider. For the type and scope of data processing, the purposes pursued, your respective rights, and setting options for protecting your personal data, please refer to the privacy notices of the respective provider:
· Google: https://support.google.com/a/answer/60224?hl=en
· Microsoft: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-single-sign-on
USE OF WEB ANALYSIS TOOLS AND COOKIES
We use cookies to facilitate and improve the use of our website. Cookies are small text information that can be saved on your computer or smartphone (end device) when you visit a website via the browser. Cookies can also provide us with information about how you use our website, allowing us to continuously improve the website's design.
Cookies serve to uniquely identify what our customers find interesting and useful on our website. In addition, we use so-called "Web Beacons" (small graphic images, also known as "pixel tags" or "clear GIFs") on our website. They are used together with cookies to track general user behaviour on the website.
The data processed through necessary cookies are for the purposes stated below to protect our legitimate interests, as well as those of third parties pursuant to Art. 6 para. 1 lit. f) GDPR.
Any use of cookies that is not technically necessary constitutes data processing that is only permitted with your express and active consent pursuant to Art. 6 para. 1 lit. a) GDPR. With our so-called "Cookie Consent Tool", you can set which cookie categories you wish to consent to when visiting our website. Over this, you can also withdraw or change your consent at any time.
Once stored cookies can also be deleted at any time via your web browser settings. You can also adjust your web browser settings so that no cookies are stored. In that case, not all functions of our website are available.
We use cookies for the following purposes:
· Technically necessary: These are cookies and similar methods without which you would not be able to use our services, for example, to correctly display our website or to use functions you desire.
· Convenience: These techniques enable us to consider your actual or assumed preferences for the convenient use of our website. For example, we can display our website in a language suited to you based on your settings.
· Statistics: These techniques allow us to create anonymous statistics on the use of our services. This way, we can, for example, determine how we can further adjust our website to the habits of our users.
· Marketing: This allows us to show you tailored advertising content, which is based on analysing your usage behaviour. Your usage behaviour can also be tracked across different websites, browsers, or devices using a user ID (unique identifier).
As part of data processing (using cookies and similar techniques to process usage data), we may engage specialised service providers from the online marketing field. These process your data on our behalf as processors and are carefully selected and contractually obliged according to Article 28 GDPR. All the above-named providers operate as processors for us.
CONSENT MANAGEMENT
We use a cookie consent technology to obtain your data protection consent for the storage of certain cookies on your end device or to use certain technologies and to document these in compliance with data protection laws. A technically necessary cookie is set for this purpose. The use occurs to obtain the legally required consents for using cookies. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents (Art. 6 para. 1 lit. c) GDPR) to fulfil our accountability under Art. 5 para. 2 GDPR.
USE OF GOOGLE ANALYTICS
This website uses Google Analytics if you give your consent within the meaning of Art. 6 para. 1 lit. a) GDPR and Art. 49 para. 1 lit. a) GDPR. This is a service provided by Google Ireland Limited (“Google”), a company registered and operated under Irish law (registration number: 368047) with headquarters at Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC (USA) (“Google”).
Google Analytics uses so-called "cookies." These are text files stored on your computer that allow an analysis of the use of the website by the user. The information generated by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there. For the USA, an adequacy decision exists so that data transfer can be carried out without additional measures. The certification of Google can be viewed here.
We have made the setting that your IP address will be anonymized. The IP address anonymisation is done by Google, however, within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and Internet usage to the website operator.
The anonymized IP address transmitted by your browser as part of Google Analytics is not merged with other data from you, such as search history, personal accounts, usage data from other devices, and all other data known to Google about you.
The cookies set in connection with Google Analytics can be viewed above in the list.
You can revoke your consent at any time by making the corresponding settings directly via the cookie banner. The user and event data will be deleted after 14 days. The function "Reset user data after new activity" is not activated. [ED2] This means that if you visit again before the retention period expires, your data will not be deleted.
GOOGLE TAG MANAGER
We use the Google Tag Manager from the provider Google Ireland Limited, Google Building Gordon House, Barrow St. Dublin 4, Ireland.
With the Google Tag Manager, website tags are managed via an interface. This allows us as marketers to manage website tags via one interface. Tags are small code sections that, for example, record (track) your activities on our website. The Google Tag Manager itself does not set any cookies but ensures that other tags, which may themselves capture data, are activated, such as Google Analytics. Google Analytics itself sets cookies again. For more information, see the "Web tracking measures" section.
Using the Google Tag Manager, your IP address is transmitted anonymously to Google. This may also result in data transfers to Google's servers in the USA. We have concluded an order processing contract with Google pursuant to Art. 28 GDPR. For the USA, an adequacy decision exists, so the data transfer can take place without further measures. You can view Google's certification here.
In the account settings of the Tag Manager, we have not allowed Google to receive anonymous data from us.
The storage duration of the integrated tracking tools, such as Google Analytics, depends on the tool used, which is loaded via the Google Tag Manager.
EMBEDDING YOUTUBE VIDEOS
We embed videos on our webpages that are not stored on our servers. In the first step, to prevent automatically loading third-party provider content when calling up our webpages with embedded videos, we only display locally stored preview images of the maps. The third-party provider does not receive any information.
Only after a click on the preview image or by granting consent via the cookie consent banner are the third-party provider's contents loaded. As a result, the third-party provider receives information that you have accessed our page as well as the usage data that is technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us your consent to load the third-party provider's content. Embedding is based on your consent under Art. 6 para. 1 lit. a) GDPR, provided you have previously given your consent by clicking on the preview image. For the USA, an adequacy decision exists such that the data transfer can take place without further measures. The certification of Google (YouTube) can be viewed here.
Provider of the video service:
Google Ireland Limited/Google LLC (USA) (“YouTube”)
Revocation of Consent
If you clicked on a preview image, the third-party provider's content is immediately loaded. If you do not want this reloading on other pages, please do not click on the preview images anymore or revoke your consent for the reloading via the cookie consent banner.
LinkedIn Insight Tag
As part of using the "LinkedIn Insight Tag" conversion tracking tool from LinkedIn Ireland Unlimited, based in Ireland, we process personal data jointly with LinkedIn under joint responsibility according to Art. 26 GDPR, provided you have given your consent via the consent banner. You can access the agreement underlying the cooperation with LinkedIn on joint responsibility here. LinkedIn is an American company based in California. Personal data is also processed in the USA. For the USA, there is currently an adequacy decision, and the LinkedIn Corporation is certified under the Data Privacy Framework.
The LinkedIn Insight Tag collects data about your use of our website. LinkedIn does not share personal data with the website owner but provides reports and information (where you are not identified) about the website audience and ad performance. LinkedIn also offers retargeting for website visitors so that the website owner can display targeted advertising outside their website with the aid of this data, without the member being identified. LinkedIn uses the data, which LinkedIn claims do not identify you, to improve the relevance of ads and to reach members across devices. You can learn more about the LinkedIn Insight Tag directly on LinkedIn. LinkedIn also uses the data for its advertising purposes and for third-party advertising purposes in accordance with the LinkedIn Data Policy. There you will also find further information on how to exercise your data subject rights relating to the data processed by LinkedIn. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
Apollo
We use Apollo, a business intelligence platform from the US provider ZenLeads, Inc. based in San Francisco, USA, to improve our marketing efforts. Apollo helps us identify and target new business contacts more accurately (e.g., through email marketing or data analysis). Personal data may be processed in this context. The use of Apollo is only with your explicit consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time with effect for the future. Apollo is operated by a company in the USA. ZenLeads, Inc. is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection. More about data processing by Apollo can be found here: https://www.apollo.io/privacy/
USE OF MICROSOFT CLARITY
We use Microsoft Clarity on our website with your consent according to Art. 6 para. 1 lit. a) GDPR, a service of Microsoft Ireland Operations Limited. Data transfers to Microsoft Corporation based in the USA take place based on the adequacy decision for the USA, which you can view here. Clarity analyzes the performance of our website in an anonymous form. For example, we receive so-called heatmaps. Heatmaps show us which parts of our website are particularly popular and help us better adapt our website to the needs of our users. This also serves as the purpose of processing. The retention period for the collected data can be found in the information from the cookie banner. Microsoft processes the data on instructions and in our order. We have concluded a respective order processing agreement with Microsoft. Further information about Microsoft Clarify can be found at https://clarity.microsoft.com
DATA PROCESSING OF BUSINESS PARTNERS AND CUSTOMERS
1. Fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
The purposes of data processing result from the implementation of pre-contractual measures and the fulfilment of the obligations from the concluded contract.
For contract execution, we process master data such as first and last name, billing address, and billing and payment data. We use the email address and telephone number for communication. We also process your data in our HubSpot accounting system.
2. To fulfil legal obligations (Art. 6 para. 1 lit. c) GDPR)
The purposes of data processing result on a case-by-case basis from legal requirements. These legal obligations include, for instance, fulfilling retention and identification obligations, e.g., in the context of tax control and reporting obligations, and responding to authorities' requests, which may include data transfers to our appointed tax advisor.
3. To fulfil our legitimate interests (Art. 6 para. 1 lit. f GDPR)
We process the contact data of contact persons for customers, prospects, suppliers, and other business partners for communication via email, telephone, and post. The legal basis for data processing is the legitimate interest pursuant to Art. 6 para. 1 f) GDPR. The legitimate interest arises from the desire to carry out or initiate business relationships with customers, prospects, suppliers, and other business partners and maintain personal contact with contacts.
We generally rule out the passing on of data to third parties.
Personal data is stored for business relationship purposes as long as there is a legitimate interest in it. It may be necessary to process the personal data you have provided beyond the actual fulfilment of the contract with business partners. Legitimate interests here include selecting suitable business partners, fulfilling compliance measures, asserting legal claims, defending against liability claims, preventing crimes, and regulating damages resulting from the business relationship.
4. Who receives your personal data?
In the course of contractual relationships, we may commission processors or service providers who may gain access to your personal data. Compliance with data protection requirements is contractually ensured.
Specifically, the following additional processors are used:
· Notion – from the provider "Notion Labs, Inc.", based in the USA. If personal data from clients is stored in them, data may be transferred to Notion's (sub)service providers in the USA. With Notion, there is a data processing agreement according to Art. 28 GDPR and an active certification under the Data Privacy Framework.
· Microsoft Ireland Limited, based in Dublin, for email hosting
5. Retention period
Data collected for contract execution is stored until the expiry of statutory/contractual warranty and guarantee rights. After this period, we retain the legally required information for the duration specified by commercial and tax law. During this period (regularly ten years from the conclusion of the contract), the data are only processed again in the event of a review by the tax authorities or customer inquiries.
6. Data processing to document GDPR compliance
If we process your data based on consent under Art. 6 para. 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR, we process your data exclusively for specific purposes and following separate information to be able to demonstrate that you have consented to the respective data processing within our accountability pursuant to Art. 5 para. 2 GDPR.
If you assert your data subject rights under the GDPR to us, we also process and store your data to demonstrate within the framework of accountability under Art. 5 para. 2 GDPR that we have complied with GDPR when processing your request.
If you assert your rights under the GDPR to us, your data may be transferred to our external data protection consultant (SCALELINE Datenschutz).
DATA PROCESSING IN THE CONTEXT OFAPPLICATION PROCEDURES [ED3]
To accept and manage the application and thus for the purpose of (possibly) establishing an employment relationship, you can send us your application documents by email. You can also send us your application documents via job postings on career platforms. If necessary, we have data protection agreements with the platform providers regarding handling personal data.
In the application process, we only collect data from you that is necessary to establish an employment relationship with us. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR.
Within our organisation, only those persons involved in decision-making have access to your personal data.
Your personal data will be stored for the duration of your employment relationship in case of successful employment. Moreover, after its termination, your tax-relevant data will be archived within statutory retention periods. In the case of an unsuccessful application, your personal data will be deleted 7 months after the rejection.
Personal data of applicants is stored and processed in the tool Notion from the provider "Notion Labs, Inc.", based in the USA. If personal data from clients is stored in them, data may be transferred to Notion's (sub)service providers in the USA. With Notion, there is a data processing agreement according to Art. 28 GDPR and an active certification under the Data Privacy Framework.
OPERATING SOCIAL MEDIA PRESENCES [ED4] [ED5]
We maintain the following social media presences:
LinkedIn: https://www.linkedin.com/company/turnus-ai/
YouTube: www.youtube.com/@turnus_ai
Data processing by us:
a. Maintain the above-mentioned social media pages and run ads (“advertisements”)
Personal data such as comments, videos, images, likes, public messages etc., entered on social media pages, are published by the respective social media platform. We reserve the right to delete content if necessary. We may share content on our page and contact you via the social media platform, e.g., through the provided messengers. Furthermore, we regularly run ads (“advertisements”) via our social media pages. The legal basis for this data processing is the legitimate interest under Art. 6 para. 1 lit. f) GDPR, which is in the interest of our public relations and communication.
b. Page Insights
Social media platforms provide anonymised statistics and insights that help us gain insights into the types of actions people take on our page (so-called “Page Insights”). These Page Insights are created based on certain information about people who have visited our page.
The legal basis for this data processing is our legitimate interest in Art. 6 para. 1 lit. f) GDPR, which is to obtain information about the actions and visitors to our pages.
This processing of personal data is carried out by the social media platform and us as a so-called joint controller under Art. 26 GDPR. A separate agreement is required for joint responsibility.
LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
YouTube: https://business.safety.google/controllerterms/
If you wish to object to certain data processing that we can influence (e.g., deleting comments), please contact us using the contact details mentioned above.
Note: The provision of your data is neither legally nor contractually required nor necessary for concluding a contract. You are not obliged to provide your personal data. The consequence of non-provision is that you cannot communicate with us via our social media pages, interact, or participate in the competition. To contact us, please use the email address mentioned above.
Data processing by the operator of the social media platform:
In addition to us, there is also the respective operator of the social media platforms. This is also considered a separate data controller under data protection law, carrying out its data processing. This means that the operator is also a separate responsible party under GDPR. We have limited influence over the operator's data processing. Where we can exercise influence (e.g., through parameterisation), we work within our means to ensure data protection by the operator of the social media platform. At many points, we cannot influence how the operator of the social media platform processes data and do not know exactly what data they process. The respective operator's privacy policy informs you about processing personal data:
LinkedIn: https://de.linkedin.com/legal/privacy-policy?
YouTube: https://policies.google.com/privacy?hl=de
As part of platform use, your personal data is usually processed by the respective platform operator on servers in third countries, especially in the USA. Certain third countries are certified by the European Commission as having an so-called adequacy decision. This means the privacy protection law situation in these countries is equivalent to that within the EU or the EEA. For current countries with an adequacy decision, see here. Certifications according to the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc (Facebook, Instagram), LinkedIn, and Google (YouTube). In all other cases, we conclude standard contractual clauses with the platform operators for transferring personal data to third countries.
Note: The operator of the social media platform uses web tracking methods. Web tracking may be done regardless of whether you are logged in or registered on the social media platform. As already mentioned, we have little influence over the web tracking methods of the social media platform. We cannot disable this, for example. Please be aware: It cannot be ruled out that the operator of the social media platform uses your profile and behaviour data, for example, to evaluate your habits or personal relationships and preferences. We have no influence on processing your data by the operator of the social media platform.
COMMUNICATION VIA MICROSOFT TEAMS VIDEO CONFERENCE SYSTEM
We use the tool "Microsoft Teams" to conduct teleconferences, online meetings, and video conferences. You receive access to agreed appointments via a link provided by email. By clicking on the link, you can enter the video room. Before joining, you can decide whether to activate the video or not. You are automatically muted, and you must manually unmute your microphone if desired. If you activate your camera and/or microphone, during the meeting, the data from your microphone and video camera will be processed.
If you participate as an external participant in an online meeting, the host of the meeting will send you an access link via email. Upon signing up for the online meeting, you then need to provide your name and possibly your email address.
The following additional data may be processed depending on the type and scope of actual use:
· Details about your person (e.g., first and last name, email address, profile picture)
· Meeting metadata (e.g., date, time, and duration of communication, meeting name, participant IP address)
· Device/hardware data (e.g., IP addresses, MAC addresses, client version)
· Text, audio, and video data (e.g., chat histories, video, audio, and presentation recordings)
· Connection data (e.g., phone numbers, country names, start and end times, IP addresses)
Additionally, personal data from you may be processed. This also specifically depends on your use, like using the chat and the whiteboard.
We want to explicitly point out that the information you provide during live meetings will be processed for at least the duration of the meeting.
Legal Basis
The legal basis for data processing for direct contract partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contacts at external parties the legitimate interest after Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the organisation of virtual communication and web conferencing.
Microsoft Teams is a service of Microsoft Corporation. For more information on processing your data when using “Teams”, see: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot exclude that the routing of data might also be done via Internet servers located outside the EU or the EEA. For data transfer to Microsoft in the USA, the adequacy decision for the USA applies. You can view Microsoft's certification here.
Microsoft as a provider necessarily becomes aware of the mentioned data, as it is contractually regulated within our order processing contract according to Art. 28 GDPR. No other recipients exist.
Generally, you are not obliged to communicate with us via Microsoft Teams. Alternatively, meetings can also be conducted by telephone.
We generally delete personal data when there is no need to store them further.
CREATION OF TRANSCRIPTS AND MINUTES OF ONLINE CONFERENCES
We use AI-supported transcription from Microsoft to document online conferences and to effectively take minutes of online conferences.
What data is processed?
The transcripts are created using artificial intelligence (AI) and stored in HubSpot. The following data will be stored:
· User content:
· Text summaries
How is the data processing carried out?
Through transcription of the audio files of live video conferences, logs are created. These logs are transferred using the automation tool n8n of the company n8n GmbH, based in Berlin, into our CRM of HubSpot and assigned to the conversation partner.
Which legal basis applies?
For the above-described data processing, we collect your consent by sending the invitation for the appointment and by accepting the appointment according to Art. 6 para. 1 lit. a) GDPR before the first use. You can withdraw this consent at any time with effect for the future. If you do not want a transcription, no transcript will be created.
DATA SUBJECT RIGHTS
YOU HAVE THE RIGHT UNDER ART. 15 PARA. 1 GDPR, UPON REQUEST, TO RECEIVE INFORMATION ABOUT PERSONAL DATA STORED ABOUT YOU FREE OF CHARGE. YOU ALSO HAVE THE RIGHT, SUBJECT TO THE STATUTORY REQUIREMENTS, TO CORRECTION (ART. 16 GDPR), DELETION (ART. 17 GDPR), AND RESTRICTION OF PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU SUPPLIED THE PROCESSED DATA YOURSELF, YOU ALSO HAVE A RIGHT TO DATA PORTABILITY UNDER ART. 20 GDPR.
IF DATA PROCESSING IS BASED ON ART. 6 PARA. 1 E) OR F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE DATA PROCESSING UNDER ART. 21 GDPR. IF YOU OBJECT TO DATA PROCESSING, THIS WILL CEASE IN THE FUTURE, UNLESS THE CONTROLLER CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE FURTHER PROCESSING THAT OVERRIDE THE DATA SUBJECT'S INTERESTS IN OBJECTING.
IF DATA PROCESSING IS BASED ON CONSENT UNDER ART. 6 PARA. 1 LIT. A), ART. 9 PARA. 2 LIT. A) OR ART. 49 PARA. 1 LIT. A) GDPR, YOU CAN REVOKE YOUR CONSENT AT ANY TIME WITH EFFECT FOR THE FUTURE, WITHOUT AFFECTING THE LAWFULNESS OF PROCESSING CARRIED OUT UNTIL THE REVOCATION.
IN ADDITION, YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION AUTHORITY. THE COMPLAINT MAY BE FILED, IN PARTICULAR, WITH A SUPERVISORY AUTHORITY OF THE EU MEMBER STATE OF YOUR HABITUAL RESIDENCE, PLACE OF WORK, OR PLACE OF THE ALLEGED INFRINGEMENT.
Contact details of the responsible data protection authority:
The Commissioner for Data Protection of Lower Saxony
Prinzenstraße 5, 30159 Hanover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
Email: poststelle@lfd.niedersachsen.de
NO AUTOMATED DECISION MAKING.
No automated decision-making or profiling is carried out by us.
PROVISION
Unless otherwise stated in the previous chapters, providing personal data is neither legally nor contractually required nor necessary for concluding a contract. Failure to provide your personal data may mean, for instance, that we cannot answer your enquiries.
These privacy notices have been prepared in collaboration with the consulting company SCALELINE Datenschutz. The legal texts are subject to copyright.
Powered by AI —
Data security is the top priority.
Server in
Germany
Jointly developed with
Uplift Ventures and Jungheinrich.
info@turnus.ai – Fiedelerstr.35A, 30519 Hannover
Powered by AI —
Data security is the top priority.
Server in
Germany
Developed in collaboration with
Uplift Ventures and Jungheinrich.
info@turnus.ai – Linienstr. 86, 10119 Berlin
Powered by AI —
Data security is the top priority.
Server in
Germany
Jointly developed with
Uplift Ventures and Jungheinrich.
info@turnus.ai – Fiedelerstr.35A, 30519 Hannover