Any collection, use, storage, deletion or other use (hereinafter referred to as "processing") of data takes place solely for the purpose of providing our services. tink GmbH's services have been designed with the aim of using as little personal data as possible. In this context, "personal data" (hereinafter also referred to as "data") means any individual information relating to the personal or factual circumstances of an identified or identifiable natural person (the so-called data subject).
The following data protection statements describe the types of personal data that are processed when you visit our website, what happens to these personal data and how you can object to the data processing if necessary.
General information about data processing on this website
Responsible person
The responsible party under the EU General Data Protection Regulation (GDPR) is:
We have taken technical and organisational measures to ensure that the provisions of the GDPR are complied with both by us and by external service providers working for us.
If we cooperate with other companies, e.g. email and server providers, to provide our services, this is only done after a comprehensive selection process. In this selection process, each individual service provider is carefully selected to assess its suitability in terms of technical and organisational capacity for data protection. This selection process is documented in writing and a contract under Article 28(3) of the GDPR for the processing of personal data on behalf is only concluded if it meets the requirements of Article 28 of the GDPR.
Your data is stored on specially protected servers. Only a few specially authorised persons can access it.
Our website is SSL/TLS encrypted, which you can recognise by the "https://" at the beginning of the URL.
Deletion of personal data
We process personal data only for as long as necessary. Once the purpose of the data processing has been fulfilled, blocking and erasure will take place in accordance with the standards for erasure set out here, unless legal provisions prevent erasure.
Data processing on this website and creation of log files
Description and scope of data processing
When you visit our website, our web servers temporarily store each access in a log file. In the process, the following personal data is collected and stored until it is automatically deleted:
IP address of the requesting computer
Date and time of access
Name and URL of the downloaded file
Message on whether the download was successful.
Identification data of the browser and operating system used
Site from which the access was made
The name of your internet service provider
In addition to this personal data, further personal data may be collected by us and our partners, more on this below.
Legal basis for data processing
The processing of this data is based on Article 6(1)(1)(f) of the GDPR. Our legitimate interest is based on making our website accessible to you.
Purpose of the data processing
The data processing is carried out for the purpose of enabling the use of the website (establishment of connection). It is used for system security, technical management of the network infrastructure and optimisation of the internet offer. The IP address is only evaluated in the event of an attack on our network infrastructure or the network infrastructure of our Internet service provider.
Duration of storage
The personal data will be deleted as soon as it is no longer needed for the above purposes. This is the case when you close the website. Our hosting provider may use the data for statistical surveys. However, the data will be anonymised for this purpose. Our hosting provider will delete the data after three months.
Possibility for the data subject to withdraw from the data
The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the functioning of the website. Consequently, there is no possibility for the user to object.
Use of cookies
Description and scope of data processing
Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using and through which certain information is passed to us or to the body that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They are used by us to allow you to log in and to analyse the use of our website in an anonymous or pseudonymous form and to present interesting offers on the website.
Various data may be transmitted in this way:
Frequency of visits to the website
Which functions of the website are used by you
Search terms used
Your cookie settings
Your language settings
The contents of your shopping cart
When you visit the website, there is a cookie banner informing you about the use of cookies and referring you to the privacy statement.
Legal basis for data processing
The legal basis for the processing of data using cookies, which does not exclusively serve the functionality of our website, is Article 6(1)(1)(a) of the GDPR.
The legal basis for the processing of data for cookies that exclusively serve the functionality of this website is Article 6.1 S.1 f) of the GDPR.
Purpose of data processing
Our legitimate interest is to ensure a smooth connection and a comfortable use of our website as well as to evaluate the security and stability of the system. The data processing is also carried out to enable a statistical evaluation of the use of the website.
Duration of storage
There are two types of cookies. Both are used on this website:
Temporary cookies (for this a)
Persistent cookies (to this b)
a) Temporary cookies are automatically deleted when you close your browser. These include in particular session cookies. These store a so-called session ID, with which different requests from your browser can be attributed to a common session. This allows your computer to be recognised when you return to our site. Session cookies are deleted when you log out or close your browser.
b) Permanent cookies are automatically deleted after a certain period of time, which may vary depending on the cookie.
Possibility for the data subject to delete data
You have the possibility to withdraw your consent to data processing at any time. You can also delete cookies at any time in your browser's security settings. We would like to point out that you may not be able to use all features of this website. You can also prevent cookies from being set at any time by making the appropriate settings in your browser.
Contact
Description and scope of data processing
On our website, it is possible to contact us via e-mail or a contact form. In order to respond to your request, various data are required from you, which are automatically stored for processing. The following data are collected as a minimum (marked as mandatory) within the framework of the contact form:
E-mail address
You may also voluntarily provide the following information:
Name
The data will not be passed on to third parties.
Legal basis for data processing
The legal basis used here is Article 6(1)(1)(b) of the GDPR.
Purpose of data processing
We process your data exclusively for the purpose of processing your contact request.
Duration of data storage
We delete your data immediately after we have responded to your request. However, in rare cases, we may keep your data for a longer period of time. This may be due to legal or contractual obligations.
Possibility for the data subject to delete the data
You can contact us at any time and object to the continued processing of your data. In this case, we will unfortunately not be able to continue communicating with you. In this case, all personal data processed by us in connection with contacting you will be deleted, unless the deletion conflicts with legal obligations to retain your data.
Registration on the website
Description and scope of data processing
You can register on our website. For this, it is necessary that the data subject enters personal data in the registration mask. For this purpose, at least the following data is collected:
E-mail address
First name
Surname
Address
Gender
The data provided by the data subject in the registration form will be used only for processing and will in principle not be disclosed to third parties.
Legal basis for data processing
If you provide personal data belonging to the mandatory input masks in the field, the data processing is based on Article 6(1), first sentence 1(b) of the GDPR. If you also provide personal data in the other (optional) input fields, the data processing is based on Article 6(1), first sentence 1(a) of the GDPR.
Purpose of data processing
We process your data solely to complete your registration and to manage your online account with us.
Data retention period
The data is deleted as soon as it is no longer needed to achieve the purpose for which it was collected. This is the case when you close your account with us and no legal or official retention periods prevent deletion.
Possibility for the data subject to withdraw
Both during and after registration, the data subject has the right to amend, correct or delete the personal data provided.
Processing of data in the context of job applications.
Description and scope of data processing
Via our website, it is possible to apply via the Workable application portal. For this purpose, personal data is processed and stored for further processing in the respective application procedure.
Legal basis for data processing
The legal bases for the data processing are Article 88 GDPR and Section 26 BDSG (2018).
Purpose of data processing
We process your data solely for the purpose of carrying out the application procedure.
Data retention period
If the application leads to the commencement of an employment relationship, the personal data will be stored in accordance with the statutory provisions. If the applicant's application is not considered for the selection of a potential candidate, it will be deleted in accordance with the rules of this deletion concept, taking into account the provisions of the Public Procurement Act, in particular the existing obligation to provide evidence in accordance with Section 22 of the Public Procurement Act.
This does not apply if legal provisions prevent deletion or if you have given your consent to longer storage. In this case, the continued storage of your personal data is based on Article 6(1)(1)(c) or (a) of the GDPR.
Possibility for the data subject to withdraw from the data
You may contact us at any time and object to the further processing of your data. All personal data processed by us during the application process will be deleted in this case, unless mandatory legal provisions prevent deletion.
Newsletter
Newsletter tink
Description and scope of data processing
On our website we offer the possibility to subscribe to our general tink newsletter. When subscribing to the newsletter, you are asked to provide personal data for processing. This is the data requested in the newsletter input screen. Input fields marked with an "*" are mandatory:
E-mail address
This mandatory field is necessary to send the newsletter to you. All other fields can be filled in voluntarily, it being explicitly pointed out that these fields do not contain any compulsory information (first name, last name).
The newsletter will be sent by e-mail and will only be sent to you once you have registered for the newsletter. In order to comply with the requirements of the GDPR, we use the so-called DOI procedure ("double opt-in"). If you have signed up for our newsletter, you will receive a confirmation email to the electronic mailbox you have specified in the input field. The e-mail contains a confirmation link which you must click on. After this procedure, you have registered for the newsletter. To complete the procedure, the IP address, date and time of registration are stored. This is to prevent misuse. In principle, the data will not be passed on to third parties.
Legal basis for data processing
The legal basis for the data processing is your consent in accordance with Article 6(1) S.1 lit. a of the GDPR. Existing customers may receive newsletters from us if they have not given their explicit consent. However, this is only done within the narrow limits of Section 7 Paragraph 3 UWG, which in light of Article 95 GDPR is to be understood as a mirror image of Article 6(1) S.1(f) GDPR. Our legitimate interest is to inform our existing customers about our products through promotional emails and thus maintain contact with these customers.
Purpose of the data processing
The purpose of the newsletter is to regularly inform you about offers and news from us.
Duration of data storage
We will only process your data for as long as it is necessary to fulfil the purpose for which it was collected and as long as there are no legal or official obligations to retain the data.
Possibility for the data subject to withdraw from the data
Consent to the processing of personal data in connection with the ordering of newsletters may be withdrawn at any time. To do so, you can click on the unsubscribe link provided in each newsletter or notify us that you are withdrawing your consent by other means.
Newsletters Next by tink
Description and scope of data processing
In addition, we offer a second newsletter informing about new articles and posts on our blog https://www.tink.de/blog/. When you order the Next by tink newsletter, we request the following personal data from you for processing:
E-mail address
This mandatory field is necessary in order to send you the newsletter. The newsletter will be sent by email. You will receive the newsletter only if you have registered for the newsletter. In order to comply with the requirements of the GDPR, we use the so-called DOI procedure ("double opt-in"). If you have signed up for our newsletter, you will receive a confirmation email to the electronic mailbox you have specified in the input field. The email will contain a confirmation link which you must click to confirm your subscription to the newsletter. After this procedure, you will have subscribed to the newsletter. To complete the procedure, the IP address, date and time of registration are stored. This is to prevent misuse. In principle, the data will not be passed on to third parties.
Legal basis for data processing
The legal basis for the data processing is your consent in accordance with Article 6(1) S.1 lit. a of the GDPR.
Purpose of data processing
The purpose of the newsletter is to inform you about new contributions from us at regular intervals.
Duration of data storage
We process your data only for as long as is necessary to fulfil the purpose and no legal or official obligations to retain data prevent deletion.
Possibility for the data subject to withdraw from the data
Consent to the processing of personal data in connection with the ordering of newsletters can be withdrawn at any time. To do so, you can click on the unsubscribe link provided in each newsletter or notify us that you are withdrawing your consent by other means.
Buy and rent via the online shop
Description and scope of data processing
If you buy or rent from us and a delivery has been agreed, we process your name, address, telephone number and e-mail address. In the case of parcel deliveries, we also provide your name, address, telephone number and e-mail address to our contractual order processors and service providers.
We only transfer personal data if this is permitted under German or European data protection legislation. We work closely with external service providers, e.g. for our customer service, technical service providers (e.g. data centre operation) or logistics companies (e.g. postal services such as DHL). These service providers may only process your data on our behalf under specific conditions. If we engage them as processors, they will only have access to your data for the time and to the extent necessary to provide the service in question. As soon as the user orders goods from a tink partner, we transfer some of the user's purchase data to this partner (name and delivery address as well as order details for the goods) so that the tink partner can send the ordered goods to the user.
Lawfulness of the processing of data
The lawfulness of the related data processing is Article 6, paragraph 1, sentence 1, point b of the GDPR, which means that the processing of your data is necessary for the implementation of the purchase agreements and delivery arrangements.
Purpose of the data processing
We process your data to conclude the purchase agreement with you (including the delivery agreement), to process (including invoicing by email or post, as well as receipt and payment), to ensure punctual delivery and to inform you of delivery dates and/or changes.
We transfer your data to our service providers so that they can manage the delivery and, if necessary, communicate with you to notify and coordinate the delivery of your ordered goods.
Duration of storage
Your data will only be stored for as long as is necessary for the purpose for which it was collected and for as long as we are required by law to store your data.
Possibility for the data subject to erase data
The data processing is absolutely necessary for the processing of your purchase contract. It can therefore not be waived. Therefore, there is no possibility of erasure.
As a user, you have the possibility to object to the transfer of your personal data to third parties. For this purpose, it is sufficient to inform our data protection officer informally by e-mail. If you object to the transfer of your data to third parties before the goods are delivered to you, the goods cannot be delivered.
Mail order companies
For the delivery of orders, we cooperate with an external mail order company (e.g. DHL). This mail order company receives the following data from us in order to carry out the delivery:
Your name
Your delivery address
Your postcode if required (if you want the order to be delivered by a DHL parcel station).
Your e-mail address if necessary (if the courier wants to inform you of the expected delivery date by e-mail).
The lawfulness of the processing in this case is Article 6(1)(b) of the GDPR. The processing of personal data serves the performance of the contract. The transfer to third parties is necessary to ensure the delivery of the goods you ordered.
The data are deleted as soon as the purpose for which they were collected has been fulfilled, in this case as soon as the consignment has been delivered to you.
Payment services
In order to offer you various payment methods, we cooperate with several payment service providers via the Braintree plugin.
Braintree is a PayPal company: PayPal (Europe) S.à.r.l. et Cie, S.C.A.; 22-24 Boulevard Royal; L-2449 Luxembourg.
We have integrated the social media platforms Facebook, Instagram, LinkedIn and YouTube into our Services via links, which may result in the social media providers receiving data from you. Clicking on the social media link will open the website of the respective social media provider. When you call up the website of the respective social media provider via our Services, the respective reference data is transmitted to the respective social media provider. The social media provider is thus informed that you have visited us.
Note on data processing in the USA: If you click on a link to a social media provider, data about you may be processed by the respective provider in the USA. According to the European Court of Justice, data protection standards in the USA are inadequate and there is a risk that your data will be processed by the US authorities for control and monitoring purposes, possibly without any judicial review. If you do not click on the links provided by the social media providers, no data will be transferred.
More information on data processing by social media providers can be found here:
On our website, we have integrated social media platforms via links, which means that social media providers may receive data from you. We explain these in detail below.
Tracking and analysis tools
We use the following analytics tools to continuously improve our website. Below we explain what data is processed in which situation and how you can contact the respective service provider:
Advertising and marketing tools
Our website also contains tools to ensure that our website appears as a relevant search result or advertisement when you search for something on the Internet. Below is a breakdown of the tools used on our website:
Affiliate Marketing
We use Affiliate Marketing to generate new customers. For this purpose, our advertising partners use certain affiliate links on their websites that point to us. The affiliates receive compensation if users follow the affiliate link and then perform a certain predefined action on our website (e.g. place an order).
Matches
Description and scope of data processing
For participation in competitions, we process the following data:
Name
E-mail address
Only when the user wins a competition, his or her address details are processed in order to send the prize. Users' answers to surveys are not passed on to third parties and are not published. We do not store the answers to our surveys, nor do we store the e-mail address or personal data of the person concerned.
Lawfulness of data processing
It is not possible to participate in a contest without providing your personal data as a user. The processing is lawful on the basis of your consent under Article 6, paragraph 1, sentence 1, point (a) of the GDPR. Statistical data is also collected only if you have given your consent.
Purpose of the data processing
Competitions are a way of promoting us and help us strengthen ties with our customers.
Duration of data retention
The data is deleted as soon as it is no longer needed for the purpose for which it was collected. The user's data is stored for the duration of the competition and for as long as it is necessary for the possible dispatch of the prize.
Possibility for the data subject to delete data.
You have the right to withdraw your consent to data processing at any time. For this purpose, it is sufficient to send a message to the contact details indicated in point 1 (e.g. by e-mail or letter).
Additional third party tools
We also use third-party providers to help us with the design and functionality of our website. An overview of these third parties is provided below:
Transfer of data to a third country
In order to provide our services, we use service providers from both European countries and third countries. In order to ensure the protection of your personal data also in case of transfer of data to a third country, we enter into specific processing agreements with each of the carefully selected service providers. All service providers we rely on have sufficient evidence that they guarantee data security through appropriate technical and organisational measures. Our third country service providers are located in countries with an adequate level of data protection recognised by the European Commission (Article 45 of the GDPR) or have provided appropriate safeguards (Article 46 of the GDPR). Below is an overview of the categories of service providers, the countries where they are headquartered and the corresponding guarantees:
Consent: a transfer of data to a third country without an adequate level of protection will only take place if you have given us your consent in accordance with Article 49(1)(a) of the GDPR.
Instagram, social media provider, US, EU standard contractual clauses Apple, payment provider, US and EU standard contractual clauses Braintree, payment service provider, US, EU standard contractual clauses Google, provider of marketing and analytics tools, social media, payment service provider, fonts, US and EU standard contractual clauses Facebook, advertising and marketing tools, social media, US, EU standard contractual clauses LinkedIn, social media, US and Singapore, EU standard contractual clauses Microsoft, provider of advertising and marketing tools, US, EU standard contractual clauses Amazon Web Services, hosting provider, US, EU standard contractual clauses Klaviyo, provider of shipping and analytics tools, US, EU standard contractual clauses Binding Corporate Rules: Article 47 of the GDPR provides for the possibility to ensure data protection when data is transferred to a third country through binding internal data protection rules. These are reviewed and approved by the competent supervisory authorities in accordance with the single procedure set out in Article 63 of the GDPR. More information is available here: PayPal, US and Europe, Binding Corporate Rules: \ https://www.paypal.com/se/webapps/mpp/ua/bcr
Your rights
You have the following rights against us in relation to your personal data:
The right to withdraw your consent (see Article 7 of the GDPR).
If you have given your consent to the processing of your data, you can withdraw it at any time. Such withdrawal affects the possibility of processing your personal data in the future after you have notified us. This can be done verbally (by telephone) or in writing (by post or email).
Right of inspection (see Article 15 of the GDPR)
In case of an access request, you must be able to prove your identity and that the information belongs to you. This applies to the following information:
The purposes for which the personal data are processed;
The categories of personal data being processed ;
The recipients, or categories of recipients, to whom the personal data concerning you has been or will be disclosed;
The intended retention period of your personal data or, if specific information cannot be provided, the criteria for determining the retention period;
The existence of a right to rectification or erasure of the personal data concerning you, a right to have processing restricted by the controller or a right to object to such processing;
the existence of a right to appeal to a supervisory authority;
Any available information on the origin of the data when the personal data is not collected from the data subject;
The existence of automated decision-making (as well as profiling) within the meaning of Article 22(1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.
Right of rectification or erasure (Articles 16 and 17 of the GDPR)
You have the right to request rectification and/or erasure from us as the responsible party if the personal data processed about you is inaccurate or incomplete. The controller must carry out the rectification without delay.
You may also request the erasure of your personal data if any of the following reasons apply to you:
The personal data concerning you is no longer necessary for the purposes for which it was collected or processed.
You withdraw your consent on which the processing was based under Article 6(1) sentence 1(a) or Article 9(2)(a) of the GDPR.
You object to the processing under Article 21(1) of the GDPR and there are no legitimate grounds for processing that take precedence, or you object to the processing under Article 21(2) of the GDPR.
The personal data relating to you have been unlawfully processed.
The erasure of your personal data is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
The personal data concerning you has been collected in the context of the information society services offered, in accordance with Article 8(1) of the GDPR.
If we have published personal data about you and are required to erase it under Article 17(1) of the GDPR, we will take all appropriate steps to inform other data controllers that you have requested that any links to that personal data or copies or replicas of that personal data be erased.
The right to erasure does not exist to the extent that processing is necessary:
To exercise the right to freedom of expression and information;
To comply with a legal obligation to which the processing is subject under Union or national law to which the controller is subject, or to perform a task carried out.
In the public interest or for the exercise of an official authority vested in the controller;
For reasons of public interest in the field of public health in accordance with Article 9(1)(h) and (i) and Article 9(3) of the GDPR;
For archiving, scientific or historical research in the public interest or for statistical purposes in accordance with Article 89(1) of the GDPR, to the extent that the aforementioned law allows these objectives to be achieved.
the purposes of such processing are impossible or seriously prejudicial; or
For the establishment, exercise or defence of a right.
Right to restrict processing (see Article 18 of the GDPR).
Under the following conditions, you may request that we restrict the processing of your personal data:
If you contest the accuracy of the personal data relating to you for a period of time that allows us to verify the accuracy of your personal data;
If the processing is unlawful and you refuse to erase the personal data and instead request that we restrict the use of the personal data;
If we no longer need the personal data for the purpose of the processing but you need the personal data to establish, exercise or defend a right; or
If you have objected to the processing under Article 21(1) of the GDPR and it has not yet been determined whether our legitimate grounds outweigh your grounds.
Where the processing of personal data relating to you is restricted, such data may - in addition to being stored - only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or protecting the rights of a natural or legal person or on grounds of an important public interest of the Union or of a Member State.
If the restriction of processing is limited to the above conditions, you will be notified by us before the restriction is lifted.
Obligation to notify (see Article 19 of the GDPR)
If you have asserted your right to rectification, erasure or restriction of data processing against us, we are obliged to notify all recipients of your personal data about the rectification, erasure or restriction of data processing. This applies only to the extent that such notification is not impossible or involves a disproportionate effort.
You have the right to know which recipients have received your data.
Right to transfer data (see Article 20 of the GDPR).
You have the right to receive your personal data from us in an ordinary and machine-readable form and have the right to transfer it to another controller if necessary if:
The processing is based on consent pursuant to Article 6(1) sentence 1(a) or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1) sentence 1(b) of the GDPR; and
The processing is carried out by automated means .
When exercising your right to data portability, you have the right to request that the personal data is transferred directly from us to another controller if this is technically feasible.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Right to object to processing (see Article 21 of the GDPR).
To the extent that we base the processing of your personal data on a legitimate interest on our part (in accordance with Article 6(1), sentence 1(f) of the GDPR), you may object to the processing. The same applies if we base the processing of data on Article 6(1), sentence 1, point (e) of the GDPR.
If you make such an objection, please explain why we should not process your personal data in the same way as before. If this is a justified objection, we will investigate the facts of the case and either cease or amend the data processing or show our compelling reasons why we continue the processing.
8 Right to complain to a supervisory authority (see Article 77 of the GDPR).
Without prejudice to any other means of administrative appeal or judicial review, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside, where you have your place of work or where the breach has occurred, if you consider that the processing of your personal data is in breach of the Regulation.
The supervisory authority to which the complaint is lodged will inform you of the progress and outcome of the complaint and of possible remedies in accordance with Article 78 of the GDPR.
How to exercise your rights
If you wish to exercise these rights, you may contact our Data Protection Officer:
WS Datenschutz GmbH Meinekestraße 13 D-10719 Berlin
Reservation of changes
We reserve the right to amend this data protection declaration in accordance with legal provisions.
Status July 2021
x
Alla produkterna är testade av tink
För oss på tink är kundservice högsta prioritet. Vi vill se till att alla dina tink-produkter är installerade och fungerar korrekt!
Så här fungerar det:
Om du har problem med installationen av dina produkter hjälper vårt serviceteam dig gärna! Du kan skicka dina frågor till vår kundsupport.
Du kan alltid returnera produkterna kostnadsfritt inom 14 dagar efter mottagandet. Mer information finns på vår sida om Ångerrätt eller under fliken "Mina returer" i ditt konto för att se hur du returnerar dina produkter.
Vi hjälper dig gärna med alla dina frågor via vår kundsupport
x
Deine Einwilligung kannst Du jederzeit kostenfrei per Link im Newsletter für die Zukunft widerrufen, ohne dass dies Auswirkungen auf die Rechtmäßigkeit der bis zum Widerruf erfolgten Verarbeitung hat. Hierzu kannst Du auch jederzeit unseren Kundenservice kontaktieren