Our Data protection Policy

Table of contents

1.      General information and principles of data processing
2.      Controller
3.      Provision and use of the website / server log files
4.      Use of cookies (Cookie policy)
5.      Categories of recipients of the personal data,
6.      Contact options by e-mail
7.      Data security and security measures
8.      Your rights (as a data subject)
9.      Changes to this privacy policy

1.     General information and principles of data processing

We are pleased that you are visiting our website. The protection of your privacy and the protection of your personal data, the so-called personal data, is an important concern to us.
In accordance with Article 4(1) GDPR, personal data means any information relating to an identified or identifiable natural person. This includes, for example, information such as first and last name, address, telephone number, email address, but also an IP address.

Data that cannot be linked to your person, for example through anonymization, is not personal data. Processing of personal data (e.g. collection, storage, readout, retrieval, use, transmission, deletion or destruction) pursuant to Article 4(2) GDPR always requires a legal basis or a consent. Processed personal data must be deleted as soon as the purpose of their processing has been achieved, and there are no longer any legally prescribed retention obligations.

Here you will find information on the handling of your personal data upon visiting our website. In order to provide the functions and services of our website, it is necessary for us to collect your personal data.

In the following, we explain the type and scope, purpose, legal basis and storage period of the respective data processing.

This data protection policy only applies to this particular website. It does not apply for other websites which are merely referenced via hyperlink. We cannot assume responsibility for the confidential handling of your personal data on these third-party websites, since we do not have any influence in the data protection compliance by these companies. Please inform yourself on the handling of personal data by these companies directly on their websites.

2. Controller

Responsible for the processing of personal data on this website (see imprint) is:

The Thursday Company GmbH
Kronenstrasse 18
10117 Berlin
E-Mail: mail@thursday.company
Tel.: +49 30 499 518 15

3. Provision and use of the website / server log files

a)    Type and extent of data processing
When you access our website (i.e. when you merely view it without registering and without otherwise providing us with information), we process the following personal data, which your browser automatically transmits to our server:

·       Date and time of the request
·       Time zone difference to Greenwich Mean Time (GMT)
·       Content of the request (visited page)
·       Access status/HTTP status code
·       Amount of transferred data
·       Web address from which the page or file was accessed or the requested function was initiated (referrer URL)
·       IP-address
·       Browser
·       Language and version of the browser software
·       Operating system[RF1]

b)    Purpose of data processing
This data described above is technically necessary to enable you to use our website. In addition, the data is technically necessary to ensure the stability of the website and IT security, in particular to protect our IT systems from misuse and to defend against attacks.

c)    Legal basis
Legal basis for the processing of the data is Article 6(1)(f) GDPR.

d)    Storage period
The aforementioned data will be recorded for the duration of the communication process. 
To guarantee IT security, the IP-address will be saved for an additional short period of time of no more than seven calendar days[RF2] .

e)    Right of objection

If your personal data is processed in accordance with Article 6(1)(f) GDPR you have a right of objection in accordance with Article 21 GDPR. However, in the case of the specific data processing operation, we have compelling legitimate grounds for the processing the data that are necessary for the protection of these data, because without the processing of these data we cannot provide and operate our website.

4. Use of cookies (Cookie policy) [RF3] 

We use cookies. Cookies are small files that are placed on your computer and stored by your browser. Some functions of our website cannot be offered without the use of technically necessary cookies, whereas other cookies allow us to perform various analyses. For example, some cookies can recognize the browser you are using when returning to our website and transmit various information to us. We use cookies in order to facilitate and improve the use of our website. For instance, through cookies we can create a more user-friendly and effective web offer for you, for example by retracing your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, this information will be directly collected via your browser. Cookies do not cause any damage to your terminal device. The cookies can neither run programs nor contain viruses. Various types of cookies are used on our website, their type and function are explained in the following.

If cookies or cookie-like technologies are used in the context of data processing on this website, the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of user is based on your consent pursuant to Section 25(1) Telecommunications Telemedia Data Protection Act (TTDSG) in conjunction with the requirements of consent under data protection law pursuant to Article 4(11), 7 GDPR.

If the sole purpose of storing information or gaining access or information stored in the terminal equipment of users is a technical storage or access of carrying out or facilitating the transmission of a communication over an electronic communications network or is strictly necessary in order to provide an information society service explicitly requested by the user the data processing on this website is carried out on the basis of cookies or cookie-like technologies on the basis of Section 25 (2) TTDSG and a consent is not required.

For the following processing of personal data, the general requirements of the GDPR pursuant to Article 6(1) GDPR must be observed:

–      if you have given your consent, the legal basis for the subsequent processing of personal data is Article 6 (1)(a) GDPR.
–      if the processing of personal data is necessary due to our legitimate interest, the legal basis for the subsequent processing of personal data is Article 6 (1)(f) GDPR.

a)    Temporary cookies/ session cookies
Our website uses so-called temporary cookies or session cookies, which are automatically deleted when you close your browser. Through this type of cookies, it is possible to record your session ID. This allows various requests from your browser to be assigned to a common session and makes it possible to recognize your terminal device during subsequent visits to the website. These session cookies expire at the end of the session.

b)    Persistent cookies
Our website uses so-called persistent cookies. Persistent cookies are cookies that are stored in your browser over a longer period of time and can transmit information. The respective storage period varies depending on the cookie. Permanent cookies may be deleted independently via your browser settings.

c)    Configuration of browser settings
Most web browsers are pre-set to accept cookies automatically. However, you can configure your browser to only accept only certain or reject all cookies. Having said this, we would like to point out that you may then no longer be able to use all of our website’s functions. Additionally, you can use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set up your browser in such a way that you are informed before cookies are stored. Since the different browsers may vary in their respective functions, we ask you to use the help menu of your browser for the corresponding configuration options. Disabling the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will have to set it again for it to remain effective.

d)    Categories of cookies
We use the following categories of cookies:

Required cookies
Required cookies ensure functions that are essential to use our website as intended. These absolutely necessary cookies are used, for example, to ensure that registered users remain logged in when accessing various subpages. These are so-called first party cookies are only used by us. The legal basis for the data processing is Section 25(2) TTDSG respectively Article 6(1)(f) GDPR, as we have a legitimate interest in maintaining the functionality of our website. You have a right of objection pursuant to Article 21 GDPR. In the case of technically necessary cookies, however, we have compelling reasons worthy of protection for processing the data, because without processing this data we cannot properly provide our website or the respective functionality of the website.
As soon as the cookies are no longer required for the purposes described, they are deleted.[RF4]

5. Categories of recipients of the personal data

We only pass on your personal data to third parties if:

a)    you have given your explicit consent to do so in accordance with Article 6(1)(a) GDPR.
b)    this is legally permissible and, in accordance with Article 6(1)(b) GDPR, is necessary for the fulfilment of a contractual relationship with you or the implementation of pre-contractual measures.
c)    there is a legal obligation under Article 6(1)(c) GDPR for the transfer.
We are legally obliged to transfer data to state authorities, e.g. tax authorities, social security carriers, health insurances, supervisory authorities and law enforcement agencies.
d)    the disclosure in accordance with Article 6(1)(f) GDPR is necessary to safeguard legitimate corporate interests and to assert, exercise or defend legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.
e)    we use external service providers (so-called processors) to process personal data in accordance with Article 28(3) GDPR. These processors have been carefully selected by us and are obliged by a data processing agreement to handle personal data in accordance with data protection regulations. We use such external service providers in the following areas:
·         IT
·         Telecommunications

When transferring personal data to so-called third countries, i.e. outside the EU or EEA, we ensure that your personal data is treated with the same care as within the EU or EEA. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of data protection or where we have ensured the careful handling of personal data by contractual agreements or other suitable guarantees.

6. Contact options by e-mail

a)    Type and scope of data processing
You can contact us by e-mail. Our data collection is limited to the e-mail address of the e-mail account used by you to contact us as well as to the personal data provided by you in the course of contacting us. If you send us an e-mail without encryption, the e-mail is not protected against unauthorized access or modification by third parties during transmission.

b)    Purpose of data processing
The purpose of data processing is to be able to answer your request appropriately.

c)    Legal basis
The legal basis for this is Article 6(1)(f) GDPR. There is a legitimate interest in the processing of the above-mentioned personal data in order to be able to process your request appropriately, e.g. to answer your inquiry or to fulfil your request for information.

d)    Storage period
The duration of the storage of the above-mentioned data depends on the background of your contact. Your personal data will be deleted on a regular basis if the intended purpose of the communication ceases to apply and storage is no longer necessary. This may result, for example, from processing your request.

7. Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. For this prupose, we take extensive technical and organisational security precautions, which are regularly checked and adapted to technological progress.
These include the use of recognised encryption procedures (SSL or TLS). Unencrypted data, e.g. when sent by unencrypted e-mail, may be read by third parties. We have no influence on this. It is the responsibility of the respective user to protect the data provided by him/her against misuse by means of encryption or in any other way.

8. Your rights (as a data subject)

Here you will find your rights regarding your personal data. Details of this are set out in Articles 7, 15-22 and 77 of the GDPR. You can contact the controller (Section 2) in this regard.

a)    Right to withdraw your data protection consent in accordance with Article 7(3) GDPR
You can withdraw your consent to the processing of your personal data at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

b)    Right of access pursuant to Article 15 GDPR in conjunction with § 34 BDSG
You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to be informed about your personal data and to receive further information, e.g. the purposes of processing, the categories of personal data processed, the recipients and the planned duration of storage or the criteria for determining the duration.

c)    Right to rectification and completion under Article 16 GDPR
You have the right to demand the correction of incorrect data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

d)    Right to erasure (“right to be forgotten”) in accordance with Article 17 GDPR in conjunction with § 35 BDSG
You have the right of erasure, as far as the processing is not necessary. 
This is the case, for example, if your data are no longer necessary for the original purposes, if you have withdrawn your declaration of consent under data protection law or if the data was processed unlawfully.

e)    Right to restriction of processing in accordance with Article 18 GDPR
You have the right to limit the processing, for example if you believe that personal data is incorrect.

f)      Right to data portability pursuant to Article 20 GDPR
You have the right to receive personal data concerning you in a structured, common and machine-readable format.

g)    Right to object pursuant to Article 21 GDPR
You have the right to object to data processing on grounds relating to particular situations. However, this only applies in cases where we process data to fulfill a legitimate interest.
If you can present such a reason and we cannot assert compelling legitimate grounds for the processing which override your interests, we will no longer process this data for the respective purpose.

h)    Automated individual decision-making, including profiling in accordance with Article 22 GDPR
You will not be subject to any decision based solely on automated processing of your data, including profiling, which produces legal effects concerning you or similarly significantly affects you.

i)      Right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR
You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations.

Competent supervisory authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin
Tel.: 030 13889-0
Fax: 030 2155050
E-Mail: mailbox@datenschutz-berlin.de
Homepage: https://www.datenschutz-berlin.de

9. Changes to this privacy policy 
Our privacy policy serves the fulfilment of legal information duties. We update our data protection declaration as far as this becomes necessary.