Data Protection

Data Protection

In this privacy policy, we inform you about the processing of personal data when using our website. Personal data refers to information related to an identified or identifiable person. This primarily includes details that allow conclusions about your identity, such as your name, phone number, address, or email address. Statistical data that we collect, for example, during a visit to our website and which cannot be associated with your person, do not fall under the definition of personal data.

PRIVACY POLICY

Last updated on 1 November 2025

The protection of your personal data is a key priority for us. Consequently, we wish to provide you here with comprehensive information regarding the processing and storage of your data during visits to our website and within our business operations.

In order to utilise all features and services of our website, the collection of your personal data is necessary. The processing and storage of this data are carried out in compliance with the statutory guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and any other applicable data protection legislation.


Data Controller

turnus.ai GmbH
Fiedelerstraße 35A
30519 Hanover
Germany

 

Contact details and further information can be found in our Legal Notice.

DATA PROTECTION OFFICER

Data Protection Officer: Mag.a iur. Elisa Drescher

Email: privacy@turnus.ai


 

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: To ensure the comprehensive protection of your data against unauthorised access, we implement technical and organisational measures and utilise an encryption protocol on our website. Your data is transmitted over the internet from your computer to our server and vice versa using TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for secure data transmission on the internet. You can typically identify a TLS connection by the locked padlock symbol in the status bar of your browser and an address beginning with "https://".

COLLECTION OF ACCESS AND LOG DATA 

This website automatically collects and stores server log file information transmitted by your browser.

This information includes:

·      IP address of the user

·      Date and time of access

·      Type of request

·      Client information, such as browser type and version

·      Operating system of the user (device, OS version of the device)

·      Referrer information (the source of the access)

 

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in identifying indications of unlawful use of our website (e.g. defending against hacker attacks) and ensuring a smooth connection setup. The collected data is stored in server log files that your browser transmits to us automatically in encrypted form. We only retain server log files for longer periods in the event of attacks on our server infrastructure or other legal violations. This extended storage is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR and serves solely to preserve evidence.

 

We have entered into a data processing agreement pursuant to Art. 28 GDPR with the provider of this website, Framer B.V., based in the Netherlands. This is a legally required contract ensuring that Framer B.V. processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

ENQUIRIES VIA CONTACT FORM, EMAIL, AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will naturally be treated confidentially. We use your provided personal data exclusively to process and respond to your enquiry. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This is based on our interest in addressing enquiries from our customers, business partners, and interested parties, thereby maintaining and promoting customer satisfaction. For natural persons, an additional legal basis is the initiation or performance of a contract pursuant to Art. 6 (1) (b) GDPR.

 

We store and use contact details and information received (such as business communication histories) from customers and prospects to manage and initiate business relationships. This processing is carried out on the basis of (pre-)contractual measures pursuant to Art. 6 (1) (b) GDPR. The provider is HubSpot Ireland Limited, based in Dublin, Ireland, with whom we have concluded a data processing agreement pursuant to Art. 28 GDPR. To the extent that personal data is transferred to HubSpot, Inc., based in Cambridge, USA, this is done under the Data Privacy Framework, which represents an adequacy decision for the USA. Standard Contractual Clauses are also in place. You have the right at any time to obtain information regarding your data stored in the customer database and to request its correction or deletion.

 

Unless a contract is concluded, all personal data you transmit to us with your enquiry will be deleted or anonymised no later than 2 years after our final response. This 2-year retention period is applied because users occasionally contact us again regarding the same matter and refer back to previous correspondence. Experience has shown that follow-up enquiries generally cease after 2 years.

BOOKING AN APPOINTMENT

To simplify the booking of appointments, we offer a direct booking form on our website. After booking, you will receive an email confirmation containing the access link for the online meeting, followed by a reminder message prior to the meeting to prevent missed appointments. You can cancel or reschedule your appointment at any time. For this purpose, we use the appointment booking feature integrated into HubSpot. Comprehensive information regarding HubSpot can be found under "ENQUIRIES VIA CONTACT FORM, EMAIL, AND TELEPHONE." Your data is not disclosed to third parties. The legal basis for data processing during the booking process, as well as the confirmation and reminder emails sent, is your consent pursuant to Art. 6 (1) (a) GDPR. Booked appointments are deleted after 6 months.


REGISTRATION AND USER ACCOUNTS

A) Platform Use During a Free Trial Phase

When you register for a free trial of our platform, we process your personal data to grant you access to the platform and enable its features during the trial period. Upon registration, we collect the following details: your name, your email address, and the name of your company.

During the trial phase, we only record anonymised usage data. No personal analysis or tracking of individual users is conducted. This anonymous data is used solely to analyse and optimise our service. The processing of your data during the trial phase is conducted to provide you with trial access, manage your user account, and ensure the secure operation of our platform. We also send onboarding emails containing tips and guidance on platform usage during the trial. These processing activities are based on the initiation of a contract and the provision of the trial version pursuant to Art. 6 (1) (b) GDPR.

 Following the trial period, we reserve the right to engage in email marketing to inform you of new features or offers and, where appropriate, win you back as a customer. The delivery of such emails is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG (German Act Against Unfair Competition). You have the right to object to the use of your data for these purposes at any time (opt-out).

If you gave your explicit consent during registration, we will also use your telephone number to contact you by phone with information regarding our products and offers. In this case, processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect, for instance via email or by notifying the caller. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

If the trial offer does not lead to a subsequent contractual relationship, we will store the personal data collected during registration for a period of up to twelve months after the end of the trial period. The data will then be deleted, unless statutory retention obligations apply. 

B) User Account

To use turnus.ai, a user account must be created by providing an email address and a password. In this context, we store the IP address and the timestamp of each user action based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR when you register, log in, or use your user account. This is done to prevent misuse and unauthorised access, which serves both our interests and those of our users. We do not disclose this data to third parties unless required for the enforcement of our claims or mandated by law.

Within your user account, we store information about your company (telephone number, address, email address, team members and their roles) and contact details of your clients (telephone numbers, campaigns, etc.). This data is processed exclusively for contract performance pursuant to Art. 6 (1) (b) GDPR.

Your data is stored for the duration of the contract. Upon termination, you are responsible for exporting and backed up your data in a timely manner.

We offer the following Single Sign-On (SSO) services from various providers:

·      Microsoft

·      Google

The purpose is to simplify and accelerate the registration and login process. Registration serves the purpose of concluding a contract with us (Art. 6 (1) (b) GDPR).

By clicking on the respective provider, your web browser automatically establishes a direct connection with the provider's servers. You will be redirected to the provider's page to log in using your credentials,完成 registration. Once registered, your user account with the chosen provider is linked to our WebApp.

 

Note: We have no influence on the scope and further use of data collected through the use of the respective provider. For information on the nature and scope of data processing, the purposes pursued, and your rights and options to protect your privacy, please consult the privacy policy of the respective provider:

·      Google: https://support.google.com/a/answer/60224?hl=en

·      Microsoft: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-single-sign-on

USE OF WEB ANALYSIS TOOLS AND COOKIES 

We use cookies to facilitate and improve the use of our website. Cookies are small text files that can be stored on your computer or smartphone (terminal device) via your browser when you visit a website. Cookies can also provide us with information on how you use our website, enabling us to continuously improve its design.

Cookies help uniquely identify what our customers find interesting and useful on our website. We also use "web beacons" (small graphics, also known as "pixel tags" or "clear GIFs") on our website. These are used in conjunction with cookies to track general user behavior on the website.

 

Data processed by necessary cookies is required for the purposes listed below to safeguard our legitimate interests, as well as those of third parties pursuant to Art. 6 (1) (f) GDPR.

 

Any use of cookies that is not strictly technically necessary represents data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) (a) GDPR. You can configure which cookie categories you wish to consent to via our "Cookie Consent Tool" when visiting our website. You can also withdraw or alter your consent at any time through this tool.

 

You can also delete stored cookies at any time via your browser settings. You can adjust your browser settings to prevent cookies from being saved. However, this may mean that not all features of our website will be fully available.

 

We apply cookies for the following purposes:

·      Strictly Necessary: These are cookies and similar methods without which you cannot use our services, for example, to display our website correctly or to use features you have requested.

 

·      Comfort: These techniques allow us to take into account your actual or preferred settings for the convenient use of our website. For example, we can display our website in the language appropriate for you based on your settings. 

 

·      Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us, for example, to determine how we can better adapt our website to our users' habits.

 

·      Marketing: This allows us to display tailored promotional content based on the analysis of your user behavior. Your behavior can also be tracked across different websites, browsers, or devices using a unique User ID.

 

Link to Cookie Settings.

 

In the context of data processing (with the help of cookies and similar techniques for processing usage data), we may deploy specialised service providers in the online marketing sector. These process your data on our behalf as processors, have been carefully selected, and are contractually bound in accordance with Article 28 GDPR. All providers listed above act as processors on our behalf.

 

 

CONSENT MANAGEMENT

We use cookie consent technology to obtain and document your data protection consent for storing certain cookies on your terminal device or using specific technologies in a legally compliant manner. A technically necessary cookie is set for this purpose. This is used to obtain the legally required consent for cookie usage. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consent (Art. 6 (1) (c) GDPR) to fulfil our accountability obligations under Art. 5 (2) GDPR.

USE OF GOOGLE ANALYTICS

Subject to your consent under Art. 6 (1) (a) GDPR and Art. 49 (1) (a) GDPR, this website uses Google Analytics. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operating under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC (USA) ("Google").

Google Analytics uses cookies. These are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA An adequacy decision exists for the USA, meaning data transfers can take place without additional safeguards. You can view Google's certification here.

We have activated IP anonymisation on this website. This means Google will truncate your IP address within Member States of the European Union or in other contracting states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage to the website operator.

The anonymised IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data, such as search history, personal accounts, usage data from other devices, or any other data Google holds about you.

The cookies set in connection with Google Analytics can be viewed in the list above.

You can withdraw your consent at any time by updating your preferences directly in the cookie banner. User and event data are deleted after 14 days. The function "Reset user data on new activity" is disabled. [ED2] This means that if you visit our site again before the retention period expires, your data will not be deleted.

GOOGLE TAG MANAGER

We use the Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, Barrow St. Dublin 4, Ireland.

 

The Google Tag Manager allows website tags to be managed via an interface. This enables us as marketers to manage webpage tags through a single interface. Tags are small sections of code that, for example, record (track) your activities on our website. The Google Tag Manager itself does not set cookies, but ensures that other tags that may collect data, such as Google Analytics, are activated. Google Analytics, in turn, sets cookies. More details can be found in the "Web tracking measures" section.

By implementing the Google Tag Manager, your IP address is transmitted anonymously to Google. This may also involve transferring data to Google servers in the USA. We have entered into a data processing agreement with Google pursuant to Art. 28 GDPR. An adequacy decision exists for the USA, meaning data transfers can take place without additional measures. Google's certification can be viewed here.

 

In the Tag Manager account settings, we have not permitted Google to receive anonymised data from us.

 

The storage duration of the integrated tracking tools, such as Google Analytics, depends on the respective tool loaded via the Google Tag Manager.

 

INTEGRATION OF YOUTUBE VIDEOS

We embed videos on our webpages that are not stored on our servers. To ensure that visiting our webpages with embedded videos does not automatically result in content from the third-party provider being loaded, we show locally stored preview images of the frames in the first step. The third-party provider receives no information through this step.

 

Third-party content is only loaded after you click the preview image or grant consent via the cookie banner. This informs the third-party provider that you have accessed our site, along with the technically required usage data. We have no influence over further data processing by the third-party provider. Clicking the preview image constitutes your consent to load third-party content. Embedding is based on your consent pursuant to Art. 6 (1) (a) GDPR, provided you have given your consent by clicking the preview image. An adequacy decision exists for the USA, meaning data transfers can take place without additional measures. You can view Google's (YouTube) certification here.

 

Video service provider:

Google Ireland Limited/Google LLC (USA) ("YouTube")

Withdrawal of Consent

If you have clicked a preview image, third-party content is loaded immediately. If you do not wish this to occur on other pages, please do not click the preview images or withdraw your consent for loading via the cookie banner.

 

LinkedIn Insight Tag

When using the "LinkedIn Insight Tag" conversion tracking tool provided by LinkedIn Ireland Unlimited, based in Ireland, we process personal data under joint controllership with LinkedIn pursuant to Art. 26 GDPR, provided you have granted consent via the consent banner. You can access the joint controllership agreement underpinning our collaboration with LinkedIn here. LinkedIn is a US company based in California. Personal data is also processed in the USA. An adequacy decision is currently in place for the USA, and LinkedIn Corporation holds a valid certification under the Data Privacy Framework.

The LinkedIn Insight Tag collects data regarding your use of our website. LinkedIn does not share personal data with the website owner but provides reports and insights (which do not identify you) regarding the website audience and ad performance. LinkedIn also offers retargeting for website visitors, allowing the website owner to use this data to display targeted advertising outside its website without identifying the member. LinkedIn uses data that, according to LinkedIn, does not identify you in order to improve ad relevance and reach members across different devices. You can learn more about the LinkedIn Insight Tag directly on LinkedIn. LinkedIn also uses the data for its own advertising purposes as well as those of third parties pursuant to the LinkedIn Privacy Policy. There you will also find further information on how to assert your data subject rights regarding your data processed by LinkedIn directly against LinkedIn. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Apollo

We use Apollo, a business intelligence platform operated by the US provider ZenLeads, Inc. based in San Francisco, USA, to enhance our marketing initiatives. Apollo helps us identify and target new business contacts more effectively (e.g. through email marketing or data analysis). Personal data may be processed in this context. Apollo is used only with your explicit consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw this consent at any time with future effect. Apollo is operated by a company in the USA. ZenLeads, Inc. is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. For more details on data processing by Apollo, please visit: https://www.apollo.io/privacy/

 

USE OF MICROSOFT CLARITY

Based on your consent pursuant to Art. 6 (1) (a) GDPR, we use Microsoft Clarity on our website, a service provided by Microsoft Ireland Operations Limited. Data transfers to Microsoft Corporation based in the USA are carried out in accordance with the adequacy decision for the USA, which you can view here. Clarity analyses our website's performance in anonymised form. This provides us with heatmaps, which show which parts of our website are particularly popular and help us better adapt our website to our users' needs. This is also the purpose of the processing. The storage duration of the collected data can be found in the cookie banner information. Microsoft processes the data on our instructions and on our behalf. We have entered into a corresponding data processing agreement with Microsoft. Further information on Microsoft Clarity can be found at https://clarity.microsoft.com

 

DATA PROCESSING OF BUSINESS PARTNERS AND CUSTOMERS

1.    Fulfilment of Contractual Obligations (Art. 6 (1) (b) GDPR)

The purposes of data processing are derived from the execution of pre-contractual measures and the fulfilment of obligations under the concluded contract.

 

For contractual execution, we process master data such as first and last name, billing address, as well as billing and payment data. We use email addresses and telephone numbers to manage communications. Furthermore, we process your data in our HubSpot accounting system.   

 

2.    Compliance with Legal Obligations (Art. 6 (1) (c) GDPR)

The purposes of data processing arise on a case-by-case basis from statutory requirements. These legal obligations include, for example, the fulfilment of retention and identification obligations, such as under tax auditing and reporting requirements, and data processing in response to official authority requests. In this context, data may also be disclosed to our appointed tax consultant.

 

3.    Protection of Our Legitimate Interests (Art. 6 (1) (f) GDPR)

We process the contact details of contact persons at customers, prospects, suppliers, and other business partners to communicate via email, telephone, and post. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in conducting or initiating business relationships with customers, prospects, suppliers, and other business partners, and maintaining personal contact with communication partners. 

 

We generally exclude the disclosure of this data to third parties. 

 

Personal data is stored for the purpose of managing business relationships for as long as a legitimate interest exists. It may be necessary to process the personal data you have provided beyond the actual performance of the contract with business partners. Legitimate interests in this regard include, in particular, the selection of suitable business partners, conducting compliance reviews, asserting legal claims, defending against liability claims, preventing criminal acts, and managing damages resulting from the business relationship.

 

4.    Who receives your personal data?

Within the scope of our contractual relationships, we may commission processors or service providers who may be granted access to your personal data. Compliance with data protection regulations is contractually guaranteed.

Specifically, the following additional processors are utilized:

 

·      Notion – provided by Notion Labs, Inc. based in the USA. To the extent that personal data of contract partners is stored therein, data may be transferred to (sub-)processors of Notion in the USA. A data processing agreement pursuant to Art. 28 GDPR is in place with Notion, alongside valid certification under the Data Privacy Framework.

·      Microsoft Ireland Limited, based in Dublin, for email hosting purposes.

 

5.    Retention Period

 

Data collected for contract execution is stored until the expiry of statutory or contractual warranty and guarantee rights. After this period, we retain information required under commercial and tax law for the statutory periods. During this period (typically ten years from the conclusion of the contract), the data is processed solely for auditing by tax authorities and in the event of customer enquiries.

 

6.    Data Processing to Document GDPR Compliance

Insofar as your data is processed on the basis of consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, we process your data strictly for this specific purpose and in accordance with separate information to demonstrate, under our accountability obligation pursuant to Art. 5 (2) GDPR, that you consented to the data processing in question.

 

Should you assert data subject rights under the GDPR against us, we will also process and store your data to demonstrate, within our accountability obligation pursuant to Art. 5 (2) GDPR, that we complied with the GDPR when addressing your enquiry.

 

If you assert your rights under the GDPR against us, your data may be transferred to our external data protection consultant (SCALELINE Datenschutz).

 

 

DATA PROCESSING WITHIN THE SCOPE OF APPLICATION PROCESSES   [ED3] 

To receive and manage job applications, and thus for the purpose of (potentially) establishing an employment relationship, you may submit your application documents to us via email. You can also submit application documents through job postings on career platforms. Where necessary, data protection agreements regarding the handling of personal data are in place with the platform providers.

During the application process, we only collect data from you that is necessary to establish the employment relationship with us. The legal basis for this data processing is Art. 6 (1) (b) GDPR.

Within our company, access to your personal data is restricted to individuals involved in the decision-making process. 

In the event of a successful application, your personal data will be stored for the duration of your employment. Following termination, your tax-relevant data will be archived in accordance with statutory retention periods. In the event of an unsuccessful application, your personal data will be deleted 7 months after the rejection.

Personal data of applicants is stored and processed in the Notion tool provided by Notion Labs, Inc., based in the USA. To the extent that personal data of contract partners is stored therein, data may be transferred to (sub-)processors of Notion in the USA. A data processing agreement pursuant to Art. 28 GDPR is in place with Notion, alongside valid certification under the Data Privacy Framework.

OPERATION OF SOCIAL MEDIA CHANNELS[ED4] [ED5] 

We maintain the following social media channels: 

LinkedIn: https://www.linkedin.com/company/turnus-ai/

YouTube: www.youtube.com/@turnus_ai

Data Processing by Us:

a.    Maintaining the aforementioned social media pages and running ads ("Advertisements")

Personal data entered on social media pages, such as comments, videos, images, likes, public messages, etc., is published by the respective social media platform. We reserve the right to delete content if necessary. Where appropriate, we share content on our page and contact you via the social media platform, for instance, via the integrated messaging features. We also regularly run advertisements ("Ads") via our social media pages. The legal basis for these data processing activities is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which lies in our public relations and communications strategy.

b.    Page Insights

Social media platforms provide anonymised statistics and insights that help us understand the types of actions people take on our page (known as "Page Insights"). These Page Insights are created based on specific information about individuals who have visited our page.

 

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which consists of obtaining information about activities on and visitors to our pages.

 

This processing of personal data is carried out by the social media platform and us as joint controllers pursuant to Art. 26 GDPR. In cases of joint controllership, a separate agreement must be concluded.

 

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

 

YouTube: https://business.safety.google/controllerterms/

 

If you wish to object to a specific data processing activity over which we have influence (e.g., deletion of comments), please contact us using the details provided above.

 

Note: The provision of your data is neither legally nor contractually mandatory, nor is it required for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing it is that you will not be able to communicate, interact with us via our social media pages, or participate in competitions. To contact us, please use the email address listed above.

 

Data Processing by the Social Media Platform Operator:

In addition to us, there is the operator of the social media platform itself. From a data protection perspective, the operator is also considered a data controller carrying out its own data processing. This means the operator is an independent responsible body under the GDPR. However, we have very limited influence over data processing by the operator. Where we can exercise influence (e.g. through parameter settings), we work within our capabilities to encourage data protection-compliant handling by the social media platform operator. In many areas, however, we cannot influence the data processing carried out by the operator of the social media platform and do not know precisely which data they process. The respective operator outlines its handling of personal data in its own privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy?

YouTube: https://policies.google.com/privacy?hl=de

When using the platform, your personal data is typically also processed by the respective platform operator on servers in third countries, particularly in the USA. Certain third countries have been assigned an adequacy decision by the European Commission. This means that the level of protection for privacy in these countries is considered comparable to that in the EU or EEA. Further information on countries with a current adequacy decision can be found here. Certifications under the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc. (Facebook, Instagram), LinkedIn, and Google (YouTube). In all other cases, we conclude standard contractual clauses with platform operators for transferring personal data to third countries.

 

Note: The social media platform operator utilizes web tracking methods. Web tracking can occur regardless of whether you are logged in or registered on the social media platform. As stated, we have virtually no influence over the web tracking methods used by the social media platform. We cannot disable them. Please be aware: it cannot be excluded that the social media platform provider uses your profile and behavioral data, for instance, to evaluate your habits, personal relationships, or preferences. We have no influence on how the social media platform provider processes your data.

 

COMMUNICATION VIA MICROSOFT TEAMS (VIDEO CONFERENCING)

We use "Microsoft Teams" to conduct telephone conferences, online meetings, and video conferences. You can access scheduled appointments via a link provided by email. By clicking the link, you can enter the video room. Before joining, you can decide whether to enable your video. You are muted by default and must manually unmute your microphone if you wish to speak. If you enable your camera and/or microphone, your microphone and video data will be processed during the meeting.

If you participate in an online meeting as an external attendee, you will receive an access link from the host via email. When logging into the online meeting, you must enter your name and, if necessary, your email address.

Further data may be processed depending on the nature and scope of actual usage:

·      Personal details (e.g. first and last name, email address, profile picture)

·      Meeting metadata (e.g. date, time, duration of communication, meeting name, participant IP address)

·      Device/hardware data (e.g. IP addresses, MAC addresses, client version)

·      Text, audio, and video data (e.g. chat logs, video, audio, and presentation recordings)

·      Connection data (e.g. telephone numbers, country names, start and end times, IP addresses)

Furthermore, personal data that you share during the meeting may be processed, depending on your use of the chat or whiteboard features.

We explicitly point out that information shared by you during the meeting will be processed at least for the duration of the meeting.

Legal Basis

The legal basis for data processing for direct contractual partners is Art. 6 (1) (b) GDPR; for business partners or contact persons at external bodies, it is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in the organisation of virtual communication and web conferences.

Microsoft Teams is a service of Microsoft Corporation. For more information regarding data processing when using "Teams", please see: https://privacy.microsoft.com/en-gb/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot rule out that data routing also occurs via servers located outside the EU or EEA. For data transfers to Microsoft in the USA, the adequacy decision for the USA applies. You can view Microsoft's certification here.

The provider Microsoft necessarily receives knowledge of the aforementioned data, as contractually regulated within our data processing agreement pursuant to Art. 28 GDPR. No other recipients exist.

You are under no obligation to communicate with us via Microsoft Teams. Alternatively, meetings can be conducted by telephone.

We generally delete personal data as soon as there is no further requirement for its storage.

 

CREATING TRANSCRIPTIONS AND MINUTES OF ONLINE CONFERENCES

For documentation purposes and efficient minutes of online conferences, we utilize AI-powered transcription software provided by Microsoft.

 

What data is processed?

Transcripts are created using Artificial Intelligence (AI) and stored in HubSpot. The following data is saved:

·      User-generated content

·      Text summaries

 

How is the data processed?

Minutes are generated through the transcription of the audio files of live video conferences. Using the automation tool n8n, operated by n8n GmbH in Berlin, these minutes are transferred into our HubSpot CRM and assigned to the relevant conversation partner.

 

What is the legal basis?

We obtain your consent for the data processing described above upon sending the meeting invitation and through your acceptance of the appointment pursuant to Art. 6 (1) (a) GDPR prior to its first use. You can withdraw this consent at any time with future effect. If you do not wish to have a transcription, no transcript will be created.

 

 

DATA SUBJECT RIGHTS

YOU HAVE THE RIGHT UNDER ART. 15 (1) GDPR TO OBTAIN FREE INFORMATION UPON REQUEST REGARDING THE PERSONAL DATA STORED ABOUT YOU. FURTHERMORE, WHERE THE STATUTORY REQUIREMENTS ARE MET, YOU HAVE A RIGHT TO RECTIFICATION (ART. 16 GDPR), ERASURE (ART. 17 GDPR), AND RESTRICTION OF PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU PROVIDED THE PROCESSED DATA YOURSELF, YOU HAVE THE RIGHT TO DATA PORTABILITY UNDER ART. 20 GDPR.

IF DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT UNDER ART. 21 GDPR. IF YOU OBJECT TO DATA PROCESSING, IT WILL CEASE FOR THE FUTURE UNLESS THE CONTROLLER CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR FURTHER PROCESSING THAT OVERRIDE THE INTERESTS OF THE DATA SUBJECT IN THE OBJECTION.

IF DATA PROCESSING IS BASED ON CONSENT PURSUANT TO ART. 6 (1) (A), ART. 9 (2) (A), OR ART. 49 (1) (A) GDPR, YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME WITH FUTURE EFFECT, WITHOUT AFFECTING THE LAWFULNESS OF PROCESSING CONDUCTED PRIOR TO WITHDRAWAL.

 

ADDITIONALLY, YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION SUPERVISORY AUTHORITY. THE COMPLAINT MAY BE LODGED IN PARTICULAR WITH A SUPERVISORY AUTHORITY IN THE EU MEMBER STATE OF YOUR RESIDENCE, PLACE OF WORK, OR THE PLACE OF THE ALLEGED INFRINGEMENT.

Contact details for the competent data protection authority:

Der Landesbeauftragte für den Datenschutz Niedersachsen

Prinzenstraße 5, 30159 Hanover

Telephone: +49 (0511) 120 45 00

Fax: +49 (0511) 120 45 99

Email: poststelle@lfd.niedersachsen.de

 

NO AUTOMATED DECISION-MAKING

We do not engage in automated decision-making or profiling.

PROVISION

Unless otherwise stated in the preceding sections, providing personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. Non-provision of your personal data may result, for example, in us being unable to respond to your enquiries.

 

This privacy policy was drafted in collaboration with the consultancy SCALELINE Datenschutz. The legal texts are subject to copyright.

PRIVACY POLICY

Last updated on 1 November 2025

The protection of your personal data is a key priority for us. Consequently, we wish to provide you here with comprehensive information regarding the processing and storage of your data during visits to our website and within our business operations.

In order to utilise all features and services of our website, the collection of your personal data is necessary. The processing and storage of this data are carried out in compliance with the statutory guidelines and requirements of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and any other applicable data protection legislation.


Data Controller

turnus.ai GmbH
Fiedelerstraße 35A
30519 Hanover
Germany

 

Contact details and further information can be found in our Legal Notice.

DATA PROTECTION OFFICER

Data Protection Officer: Mag.a iur. Elisa Drescher

Email: privacy@turnus.ai


 

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: To ensure the comprehensive protection of your data against unauthorised access, we implement technical and organisational measures and utilise an encryption protocol on our website. Your data is transmitted over the internet from your computer to our server and vice versa using TLS encryption. TLS stands for "Transport Layer Security" and is an encryption protocol for secure data transmission on the internet. You can typically identify a TLS connection by the locked padlock symbol in the status bar of your browser and an address beginning with "https://".

COLLECTION OF ACCESS AND LOG DATA 

This website automatically collects and stores server log file information transmitted by your browser.

This information includes:

·      IP address of the user

·      Date and time of access

·      Type of request

·      Client information, such as browser type and version

·      Operating system of the user (device, OS version of the device)

·      Referrer information (the source of the access)

 

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in identifying indications of unlawful use of our website (e.g. defending against hacker attacks) and ensuring a smooth connection setup. The collected data is stored in server log files that your browser transmits to us automatically in encrypted form. We only retain server log files for longer periods in the event of attacks on our server infrastructure or other legal violations. This extended storage is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR and serves solely to preserve evidence.

 

We have entered into a data processing agreement pursuant to Art. 28 GDPR with the provider of this website, Framer B.V., based in the Netherlands. This is a legally required contract ensuring that Framer B.V. processes the personal data of our website visitors solely in accordance with our instructions and in compliance with the GDPR.

ENQUIRIES VIA CONTACT FORM, EMAIL, AND TELEPHONE

Any personal data that you provide to us on a voluntary basis will naturally be treated confidentially. We use your provided personal data exclusively to process and respond to your enquiry. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This is based on our interest in addressing enquiries from our customers, business partners, and interested parties, thereby maintaining and promoting customer satisfaction. For natural persons, an additional legal basis is the initiation or performance of a contract pursuant to Art. 6 (1) (b) GDPR.

 

We store and use contact details and information received (such as business communication histories) from customers and prospects to manage and initiate business relationships. This processing is carried out on the basis of (pre-)contractual measures pursuant to Art. 6 (1) (b) GDPR. The provider is HubSpot Ireland Limited, based in Dublin, Ireland, with whom we have concluded a data processing agreement pursuant to Art. 28 GDPR. To the extent that personal data is transferred to HubSpot, Inc., based in Cambridge, USA, this is done under the Data Privacy Framework, which represents an adequacy decision for the USA. Standard Contractual Clauses are also in place. You have the right at any time to obtain information regarding your data stored in the customer database and to request its correction or deletion.

 

Unless a contract is concluded, all personal data you transmit to us with your enquiry will be deleted or anonymised no later than 2 years after our final response. This 2-year retention period is applied because users occasionally contact us again regarding the same matter and refer back to previous correspondence. Experience has shown that follow-up enquiries generally cease after 2 years.

BOOKING AN APPOINTMENT

To simplify the booking of appointments, we offer a direct booking form on our website. After booking, you will receive an email confirmation containing the access link for the online meeting, followed by a reminder message prior to the meeting to prevent missed appointments. You can cancel or reschedule your appointment at any time. For this purpose, we use the appointment booking feature integrated into HubSpot. Comprehensive information regarding HubSpot can be found under "ENQUIRIES VIA CONTACT FORM, EMAIL, AND TELEPHONE." Your data is not disclosed to third parties. The legal basis for data processing during the booking process, as well as the confirmation and reminder emails sent, is your consent pursuant to Art. 6 (1) (a) GDPR. Booked appointments are deleted after 6 months.


REGISTRATION AND USER ACCOUNTS

A) Platform Use During a Free Trial Phase

When you register for a free trial of our platform, we process your personal data to grant you access to the platform and enable its features during the trial period. Upon registration, we collect the following details: your name, your email address, and the name of your company.

During the trial phase, we only record anonymised usage data. No personal analysis or tracking of individual users is conducted. This anonymous data is used solely to analyse and optimise our service. The processing of your data during the trial phase is conducted to provide you with trial access, manage your user account, and ensure the secure operation of our platform. We also send onboarding emails containing tips and guidance on platform usage during the trial. These processing activities are based on the initiation of a contract and the provision of the trial version pursuant to Art. 6 (1) (b) GDPR.

 Following the trial period, we reserve the right to engage in email marketing to inform you of new features or offers and, where appropriate, win you back as a customer. The delivery of such emails is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG (German Act Against Unfair Competition). You have the right to object to the use of your data for these purposes at any time (opt-out).

If you gave your explicit consent during registration, we will also use your telephone number to contact you by phone with information regarding our products and offers. In this case, processing is based on your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with future effect, for instance via email or by notifying the caller. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

If the trial offer does not lead to a subsequent contractual relationship, we will store the personal data collected during registration for a period of up to twelve months after the end of the trial period. The data will then be deleted, unless statutory retention obligations apply. 

B) User Account

To use turnus.ai, a user account must be created by providing an email address and a password. In this context, we store the IP address and the timestamp of each user action based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR when you register, log in, or use your user account. This is done to prevent misuse and unauthorised access, which serves both our interests and those of our users. We do not disclose this data to third parties unless required for the enforcement of our claims or mandated by law.

Within your user account, we store information about your company (telephone number, address, email address, team members and their roles) and contact details of your clients (telephone numbers, campaigns, etc.). This data is processed exclusively for contract performance pursuant to Art. 6 (1) (b) GDPR.

Your data is stored for the duration of the contract. Upon termination, you are responsible for exporting and backed up your data in a timely manner.

We offer the following Single Sign-On (SSO) services from various providers:

·      Microsoft

·      Google

The purpose is to simplify and accelerate the registration and login process. Registration serves the purpose of concluding a contract with us (Art. 6 (1) (b) GDPR).

By clicking on the respective provider, your web browser automatically establishes a direct connection with the provider's servers. You will be redirected to the provider's page to log in using your credentials,完成 registration. Once registered, your user account with the chosen provider is linked to our WebApp.

 

Note: We have no influence on the scope and further use of data collected through the use of the respective provider. For information on the nature and scope of data processing, the purposes pursued, and your rights and options to protect your privacy, please consult the privacy policy of the respective provider:

·      Google: https://support.google.com/a/answer/60224?hl=en

·      Microsoft: https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-single-sign-on

USE OF WEB ANALYSIS TOOLS AND COOKIES 

We use cookies to facilitate and improve the use of our website. Cookies are small text files that can be stored on your computer or smartphone (terminal device) via your browser when you visit a website. Cookies can also provide us with information on how you use our website, enabling us to continuously improve its design.

Cookies help uniquely identify what our customers find interesting and useful on our website. We also use "web beacons" (small graphics, also known as "pixel tags" or "clear GIFs") on our website. These are used in conjunction with cookies to track general user behavior on the website.

 

Data processed by necessary cookies is required for the purposes listed below to safeguard our legitimate interests, as well as those of third parties pursuant to Art. 6 (1) (f) GDPR.

 

Any use of cookies that is not strictly technically necessary represents data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) (a) GDPR. You can configure which cookie categories you wish to consent to via our "Cookie Consent Tool" when visiting our website. You can also withdraw or alter your consent at any time through this tool.

 

You can also delete stored cookies at any time via your browser settings. You can adjust your browser settings to prevent cookies from being saved. However, this may mean that not all features of our website will be fully available.

 

We apply cookies for the following purposes:

·      Strictly Necessary: These are cookies and similar methods without which you cannot use our services, for example, to display our website correctly or to use features you have requested.

 

·      Comfort: These techniques allow us to take into account your actual or preferred settings for the convenient use of our website. For example, we can display our website in the language appropriate for you based on your settings. 

 

·      Statistics: These techniques enable us to compile anonymous statistics on the use of our services. This allows us, for example, to determine how we can better adapt our website to our users' habits.

 

·      Marketing: This allows us to display tailored promotional content based on the analysis of your user behavior. Your behavior can also be tracked across different websites, browsers, or devices using a unique User ID.

 

Link to Cookie Settings.

 

In the context of data processing (with the help of cookies and similar techniques for processing usage data), we may deploy specialised service providers in the online marketing sector. These process your data on our behalf as processors, have been carefully selected, and are contractually bound in accordance with Article 28 GDPR. All providers listed above act as processors on our behalf.

 

 

CONSENT MANAGEMENT

We use cookie consent technology to obtain and document your data protection consent for storing certain cookies on your terminal device or using specific technologies in a legally compliant manner. A technically necessary cookie is set for this purpose. This is used to obtain the legally required consent for cookie usage. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in the legally secure documentation and verifiability of consent (Art. 6 (1) (c) GDPR) to fulfil our accountability obligations under Art. 5 (2) GDPR.

USE OF GOOGLE ANALYTICS

Subject to your consent under Art. 6 (1) (a) GDPR and Art. 49 (1) (a) GDPR, this website uses Google Analytics. This is a service provided by Google Ireland Limited ("Google"), a company incorporated and operating under Irish law (registration number: 368047) with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC (USA) ("Google").

Google Analytics uses cookies. These are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA An adequacy decision exists for the USA, meaning data transfers can take place without additional safeguards. You can view Google's certification here.

We have activated IP anonymisation on this website. This means Google will truncate your IP address within Member States of the European Union or in other contracting states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services relating to website activity and internet usage to the website operator.

The anonymised IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data, such as search history, personal accounts, usage data from other devices, or any other data Google holds about you.

The cookies set in connection with Google Analytics can be viewed in the list above.

You can withdraw your consent at any time by updating your preferences directly in the cookie banner. User and event data are deleted after 14 days. The function "Reset user data on new activity" is disabled. [ED2] This means that if you visit our site again before the retention period expires, your data will not be deleted.

GOOGLE TAG MANAGER

We use the Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, Barrow St. Dublin 4, Ireland.

 

The Google Tag Manager allows website tags to be managed via an interface. This enables us as marketers to manage webpage tags through a single interface. Tags are small sections of code that, for example, record (track) your activities on our website. The Google Tag Manager itself does not set cookies, but ensures that other tags that may collect data, such as Google Analytics, are activated. Google Analytics, in turn, sets cookies. More details can be found in the "Web tracking measures" section.

By implementing the Google Tag Manager, your IP address is transmitted anonymously to Google. This may also involve transferring data to Google servers in the USA. We have entered into a data processing agreement with Google pursuant to Art. 28 GDPR. An adequacy decision exists for the USA, meaning data transfers can take place without additional measures. Google's certification can be viewed here.

 

In the Tag Manager account settings, we have not permitted Google to receive anonymised data from us.

 

The storage duration of the integrated tracking tools, such as Google Analytics, depends on the respective tool loaded via the Google Tag Manager.

 

INTEGRATION OF YOUTUBE VIDEOS

We embed videos on our webpages that are not stored on our servers. To ensure that visiting our webpages with embedded videos does not automatically result in content from the third-party provider being loaded, we show locally stored preview images of the frames in the first step. The third-party provider receives no information through this step.

 

Third-party content is only loaded after you click the preview image or grant consent via the cookie banner. This informs the third-party provider that you have accessed our site, along with the technically required usage data. We have no influence over further data processing by the third-party provider. Clicking the preview image constitutes your consent to load third-party content. Embedding is based on your consent pursuant to Art. 6 (1) (a) GDPR, provided you have given your consent by clicking the preview image. An adequacy decision exists for the USA, meaning data transfers can take place without additional measures. You can view Google's (YouTube) certification here.

 

Video service provider:

Google Ireland Limited/Google LLC (USA) ("YouTube")

Withdrawal of Consent

If you have clicked a preview image, third-party content is loaded immediately. If you do not wish this to occur on other pages, please do not click the preview images or withdraw your consent for loading via the cookie banner.

 

LinkedIn Insight Tag

When using the "LinkedIn Insight Tag" conversion tracking tool provided by LinkedIn Ireland Unlimited, based in Ireland, we process personal data under joint controllership with LinkedIn pursuant to Art. 26 GDPR, provided you have granted consent via the consent banner. You can access the joint controllership agreement underpinning our collaboration with LinkedIn here. LinkedIn is a US company based in California. Personal data is also processed in the USA. An adequacy decision is currently in place for the USA, and LinkedIn Corporation holds a valid certification under the Data Privacy Framework.

The LinkedIn Insight Tag collects data regarding your use of our website. LinkedIn does not share personal data with the website owner but provides reports and insights (which do not identify you) regarding the website audience and ad performance. LinkedIn also offers retargeting for website visitors, allowing the website owner to use this data to display targeted advertising outside its website without identifying the member. LinkedIn uses data that, according to LinkedIn, does not identify you in order to improve ad relevance and reach members across different devices. You can learn more about the LinkedIn Insight Tag directly on LinkedIn. LinkedIn also uses the data for its own advertising purposes as well as those of third parties pursuant to the LinkedIn Privacy Policy. There you will also find further information on how to assert your data subject rights regarding your data processed by LinkedIn directly against LinkedIn. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

Apollo

We use Apollo, a business intelligence platform operated by the US provider ZenLeads, Inc. based in San Francisco, USA, to enhance our marketing initiatives. Apollo helps us identify and target new business contacts more effectively (e.g. through email marketing or data analysis). Personal data may be processed in this context. Apollo is used only with your explicit consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw this consent at any time with future effect. Apollo is operated by a company in the USA. ZenLeads, Inc. is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection. For more details on data processing by Apollo, please visit: https://www.apollo.io/privacy/

 

USE OF MICROSOFT CLARITY

Based on your consent pursuant to Art. 6 (1) (a) GDPR, we use Microsoft Clarity on our website, a service provided by Microsoft Ireland Operations Limited. Data transfers to Microsoft Corporation based in the USA are carried out in accordance with the adequacy decision for the USA, which you can view here. Clarity analyses our website's performance in anonymised form. This provides us with heatmaps, which show which parts of our website are particularly popular and help us better adapt our website to our users' needs. This is also the purpose of the processing. The storage duration of the collected data can be found in the cookie banner information. Microsoft processes the data on our instructions and on our behalf. We have entered into a corresponding data processing agreement with Microsoft. Further information on Microsoft Clarity can be found at https://clarity.microsoft.com

 

DATA PROCESSING OF BUSINESS PARTNERS AND CUSTOMERS

1.    Fulfilment of Contractual Obligations (Art. 6 (1) (b) GDPR)

The purposes of data processing are derived from the execution of pre-contractual measures and the fulfilment of obligations under the concluded contract.

 

For contractual execution, we process master data such as first and last name, billing address, as well as billing and payment data. We use email addresses and telephone numbers to manage communications. Furthermore, we process your data in our HubSpot accounting system.   

 

2.    Compliance with Legal Obligations (Art. 6 (1) (c) GDPR)

The purposes of data processing arise on a case-by-case basis from statutory requirements. These legal obligations include, for example, the fulfilment of retention and identification obligations, such as under tax auditing and reporting requirements, and data processing in response to official authority requests. In this context, data may also be disclosed to our appointed tax consultant.

 

3.    Protection of Our Legitimate Interests (Art. 6 (1) (f) GDPR)

We process the contact details of contact persons at customers, prospects, suppliers, and other business partners to communicate via email, telephone, and post. The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in conducting or initiating business relationships with customers, prospects, suppliers, and other business partners, and maintaining personal contact with communication partners. 

 

We generally exclude the disclosure of this data to third parties. 

 

Personal data is stored for the purpose of managing business relationships for as long as a legitimate interest exists. It may be necessary to process the personal data you have provided beyond the actual performance of the contract with business partners. Legitimate interests in this regard include, in particular, the selection of suitable business partners, conducting compliance reviews, asserting legal claims, defending against liability claims, preventing criminal acts, and managing damages resulting from the business relationship.

 

4.    Who receives your personal data?

Within the scope of our contractual relationships, we may commission processors or service providers who may be granted access to your personal data. Compliance with data protection regulations is contractually guaranteed.

Specifically, the following additional processors are utilized:

 

·      Notion – provided by Notion Labs, Inc. based in the USA. To the extent that personal data of contract partners is stored therein, data may be transferred to (sub-)processors of Notion in the USA. A data processing agreement pursuant to Art. 28 GDPR is in place with Notion, alongside valid certification under the Data Privacy Framework.

·      Microsoft Ireland Limited, based in Dublin, for email hosting purposes.

 

5.    Retention Period

 

Data collected for contract execution is stored until the expiry of statutory or contractual warranty and guarantee rights. After this period, we retain information required under commercial and tax law for the statutory periods. During this period (typically ten years from the conclusion of the contract), the data is processed solely for auditing by tax authorities and in the event of customer enquiries.

 

6.    Data Processing to Document GDPR Compliance

Insofar as your data is processed on the basis of consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, we process your data strictly for this specific purpose and in accordance with separate information to demonstrate, under our accountability obligation pursuant to Art. 5 (2) GDPR, that you consented to the data processing in question.

 

Should you assert data subject rights under the GDPR against us, we will also process and store your data to demonstrate, within our accountability obligation pursuant to Art. 5 (2) GDPR, that we complied with the GDPR when addressing your enquiry.

 

If you assert your rights under the GDPR against us, your data may be transferred to our external data protection consultant (SCALELINE Datenschutz).

 

 

DATA PROCESSING WITHIN THE SCOPE OF APPLICATION PROCESSES   [ED3] 

To receive and manage job applications, and thus for the purpose of (potentially) establishing an employment relationship, you may submit your application documents to us via email. You can also submit application documents through job postings on career platforms. Where necessary, data protection agreements regarding the handling of personal data are in place with the platform providers.

During the application process, we only collect data from you that is necessary to establish the employment relationship with us. The legal basis for this data processing is Art. 6 (1) (b) GDPR.

Within our company, access to your personal data is restricted to individuals involved in the decision-making process. 

In the event of a successful application, your personal data will be stored for the duration of your employment. Following termination, your tax-relevant data will be archived in accordance with statutory retention periods. In the event of an unsuccessful application, your personal data will be deleted 7 months after the rejection.

Personal data of applicants is stored and processed in the Notion tool provided by Notion Labs, Inc., based in the USA. To the extent that personal data of contract partners is stored therein, data may be transferred to (sub-)processors of Notion in the USA. A data processing agreement pursuant to Art. 28 GDPR is in place with Notion, alongside valid certification under the Data Privacy Framework.

OPERATION OF SOCIAL MEDIA CHANNELS[ED4] [ED5] 

We maintain the following social media channels: 

LinkedIn: https://www.linkedin.com/company/turnus-ai/

YouTube: www.youtube.com/@turnus_ai

Data Processing by Us:

a.    Maintaining the aforementioned social media pages and running ads ("Advertisements")

Personal data entered on social media pages, such as comments, videos, images, likes, public messages, etc., is published by the respective social media platform. We reserve the right to delete content if necessary. Where appropriate, we share content on our page and contact you via the social media platform, for instance, via the integrated messaging features. We also regularly run advertisements ("Ads") via our social media pages. The legal basis for these data processing activities is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which lies in our public relations and communications strategy.

b.    Page Insights

Social media platforms provide anonymised statistics and insights that help us understand the types of actions people take on our page (known as "Page Insights"). These Page Insights are created based on specific information about individuals who have visited our page.

 

The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, which consists of obtaining information about activities on and visitors to our pages.

 

This processing of personal data is carried out by the social media platform and us as joint controllers pursuant to Art. 26 GDPR. In cases of joint controllership, a separate agreement must be concluded.

 

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

 

YouTube: https://business.safety.google/controllerterms/

 

If you wish to object to a specific data processing activity over which we have influence (e.g., deletion of comments), please contact us using the details provided above.

 

Note: The provision of your data is neither legally nor contractually mandatory, nor is it required for the conclusion of a contract. You are not obliged to provide your personal data. The consequence of not providing it is that you will not be able to communicate, interact with us via our social media pages, or participate in competitions. To contact us, please use the email address listed above.

 

Data Processing by the Social Media Platform Operator:

In addition to us, there is the operator of the social media platform itself. From a data protection perspective, the operator is also considered a data controller carrying out its own data processing. This means the operator is an independent responsible body under the GDPR. However, we have very limited influence over data processing by the operator. Where we can exercise influence (e.g. through parameter settings), we work within our capabilities to encourage data protection-compliant handling by the social media platform operator. In many areas, however, we cannot influence the data processing carried out by the operator of the social media platform and do not know precisely which data they process. The respective operator outlines its handling of personal data in its own privacy policy:

LinkedIn: https://de.linkedin.com/legal/privacy-policy?

YouTube: https://policies.google.com/privacy?hl=de

When using the platform, your personal data is typically also processed by the respective platform operator on servers in third countries, particularly in the USA. Certain third countries have been assigned an adequacy decision by the European Commission. This means that the level of protection for privacy in these countries is considered comparable to that in the EU or EEA. Further information on countries with a current adequacy decision can be found here. Certifications under the adequacy decision for the USA, the Data Privacy Framework, exist for Meta Platforms Inc. (Facebook, Instagram), LinkedIn, and Google (YouTube). In all other cases, we conclude standard contractual clauses with platform operators for transferring personal data to third countries.

 

Note: The social media platform operator utilizes web tracking methods. Web tracking can occur regardless of whether you are logged in or registered on the social media platform. As stated, we have virtually no influence over the web tracking methods used by the social media platform. We cannot disable them. Please be aware: it cannot be excluded that the social media platform provider uses your profile and behavioral data, for instance, to evaluate your habits, personal relationships, or preferences. We have no influence on how the social media platform provider processes your data.

 

COMMUNICATION VIA MICROSOFT TEAMS (VIDEO CONFERENCING)

We use "Microsoft Teams" to conduct telephone conferences, online meetings, and video conferences. You can access scheduled appointments via a link provided by email. By clicking the link, you can enter the video room. Before joining, you can decide whether to enable your video. You are muted by default and must manually unmute your microphone if you wish to speak. If you enable your camera and/or microphone, your microphone and video data will be processed during the meeting.

If you participate in an online meeting as an external attendee, you will receive an access link from the host via email. When logging into the online meeting, you must enter your name and, if necessary, your email address.

Further data may be processed depending on the nature and scope of actual usage:

·      Personal details (e.g. first and last name, email address, profile picture)

·      Meeting metadata (e.g. date, time, duration of communication, meeting name, participant IP address)

·      Device/hardware data (e.g. IP addresses, MAC addresses, client version)

·      Text, audio, and video data (e.g. chat logs, video, audio, and presentation recordings)

·      Connection data (e.g. telephone numbers, country names, start and end times, IP addresses)

Furthermore, personal data that you share during the meeting may be processed, depending on your use of the chat or whiteboard features.

We explicitly point out that information shared by you during the meeting will be processed at least for the duration of the meeting.

Legal Basis

The legal basis for data processing for direct contractual partners is Art. 6 (1) (b) GDPR; for business partners or contact persons at external bodies, it is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Our legitimate interest lies in the organisation of virtual communication and web conferences.

Microsoft Teams is a service of Microsoft Corporation. For more information regarding data processing when using "Teams", please see: https://privacy.microsoft.com/en-gb/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot rule out that data routing also occurs via servers located outside the EU or EEA. For data transfers to Microsoft in the USA, the adequacy decision for the USA applies. You can view Microsoft's certification here.

The provider Microsoft necessarily receives knowledge of the aforementioned data, as contractually regulated within our data processing agreement pursuant to Art. 28 GDPR. No other recipients exist.

You are under no obligation to communicate with us via Microsoft Teams. Alternatively, meetings can be conducted by telephone.

We generally delete personal data as soon as there is no further requirement for its storage.

 

CREATING TRANSCRIPTIONS AND MINUTES OF ONLINE CONFERENCES

For documentation purposes and efficient minutes of online conferences, we utilize AI-powered transcription software provided by Microsoft.

 

What data is processed?

Transcripts are created using Artificial Intelligence (AI) and stored in HubSpot. The following data is saved:

·      User-generated content

·      Text summaries

 

How is the data processed?

Minutes are generated through the transcription of the audio files of live video conferences. Using the automation tool n8n, operated by n8n GmbH in Berlin, these minutes are transferred into our HubSpot CRM and assigned to the relevant conversation partner.

 

What is the legal basis?

We obtain your consent for the data processing described above upon sending the meeting invitation and through your acceptance of the appointment pursuant to Art. 6 (1) (a) GDPR prior to its first use. You can withdraw this consent at any time with future effect. If you do not wish to have a transcription, no transcript will be created.

 

 

DATA SUBJECT RIGHTS

YOU HAVE THE RIGHT UNDER ART. 15 (1) GDPR TO OBTAIN FREE INFORMATION UPON REQUEST REGARDING THE PERSONAL DATA STORED ABOUT YOU. FURTHERMORE, WHERE THE STATUTORY REQUIREMENTS ARE MET, YOU HAVE A RIGHT TO RECTIFICATION (ART. 16 GDPR), ERASURE (ART. 17 GDPR), AND RESTRICTION OF PROCESSING (ART. 18 GDPR) OF YOUR PERSONAL DATA. IF YOU PROVIDED THE PROCESSED DATA YOURSELF, YOU HAVE THE RIGHT TO DATA PORTABILITY UNDER ART. 20 GDPR.

IF DATA PROCESSING IS BASED ON ART. 6 (1) (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT UNDER ART. 21 GDPR. IF YOU OBJECT TO DATA PROCESSING, IT WILL CEASE FOR THE FUTURE UNLESS THE CONTROLLER CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR FURTHER PROCESSING THAT OVERRIDE THE INTERESTS OF THE DATA SUBJECT IN THE OBJECTION.

IF DATA PROCESSING IS BASED ON CONSENT PURSUANT TO ART. 6 (1) (A), ART. 9 (2) (A), OR ART. 49 (1) (A) GDPR, YOU CAN WITHDRAW YOUR CONSENT AT ANY TIME WITH FUTURE EFFECT, WITHOUT AFFECTING THE LAWFULNESS OF PROCESSING CONDUCTED PRIOR TO WITHDRAWAL.

 

ADDITIONALLY, YOU HAVE THE RIGHT TO LODGE A COMPLAINT WITH A DATA PROTECTION SUPERVISORY AUTHORITY. THE COMPLAINT MAY BE LODGED IN PARTICULAR WITH A SUPERVISORY AUTHORITY IN THE EU MEMBER STATE OF YOUR RESIDENCE, PLACE OF WORK, OR THE PLACE OF THE ALLEGED INFRINGEMENT.

Contact details for the competent data protection authority:

Der Landesbeauftragte für den Datenschutz Niedersachsen

Prinzenstraße 5, 30159 Hanover

Telephone: +49 (0511) 120 45 00

Fax: +49 (0511) 120 45 99

Email: poststelle@lfd.niedersachsen.de

 

NO AUTOMATED DECISION-MAKING

We do not engage in automated decision-making or profiling.

PROVISION

Unless otherwise stated in the preceding sections, providing personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. Non-provision of your personal data may result, for example, in us being unable to respond to your enquiries.

 

This privacy policy was drafted in collaboration with the consultancy SCALELINE Datenschutz. The legal texts are subject to copyright.