Tom Capital's approach to privacy
(DATA PROTECTION DECLARATION)
Tom Capital AG
We appreciate your interest in our websites (our "site") or our app (our "app"). Privacy protection is very important to us and we are committed to protecting you and respecting your privacy. This privacy notice sets out information about how we collect, store, process, transfer, share and use data that identifies or is associated with you (hereinafter "personal information"). It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “Accessing and Correcting your personal information” section.
For the purposes of the applicable data protection legislation (including the General Data Protection Regulation), Tom Capital AG is the data controller of personal information we hold about you. The contact details of the Data Protection Officer of Tom Capital AG are as follows: Marco Rancan,
1 INFORMATION REGARDING DATA CONTROLLERS AND DATA PROTECTION OFFICERS
Below we will inform you regarding the collection of personal data during marketing campaigns, events, use of Website, App and our platform. Personal data are all data which can be traced back to you, such as name, address, e-mail addresses or your user behaviour on all our websites.
2 INFORMATION REGARDING THE PURPOSE OF THE PROCESSING AND THE RECIPIENTS OF PERSONAL DATA
We collect personal information about you when you voluntarily submit information directly to us, our websites or our app. This can include information you provide to us when you apply to become a member, complete a form, correspond with us, subscribe to our mailing lists, newsletters or other forms of marketing communications, respond to a survey, enter a promotion or use some other feature of our website or app.
We also collect personal information from you indirectly such as information about the pages you look at on our site or our app or the device you use to view our site or connect to our app with.
The list below sets out the categories of personal information we collect about you and how we use that information.
Contact details: We collect contact information such as your name, your email address, your telephone number and physical addresses associated with your account or any subscriptions your place using our service.
Comments and opinions: When you contact us directly, e.g. by email, phone, post or by completing an online form we will record your comments and opinions.
Website and app login details: Where you create an account with us we will hold your user name and password details so that we can keep your account secure. Where you are provided with the option to log-in using a social network, for example using Facebook, we will not be provided with your password or other account login details for those accounts. We will only be provided with your email and name. We will not post to your social network or to your friends, followers or contacts without your consent.
Your preferences: We hold information about the preferences you set for notifications, marketing communications and how our site and app are displayed to you.
Information about how you use and connect to our site or our app: We collect information about how you use our site or our app such as the pages you view on our site or our app, the time you access our site or our app and how long you use it for, the website from where you came to our site or our app or go to after leaving our site or our app and any selections and choices you make when using our site or our app.
We also collect information about the computer, tablet, smartphone or other electronic device you use to connect to our site or our app. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers and applications connected to our site or our app through the device, your Internet service provider or mobile network, your IP address and your device's telephone number (if it has one).
Typically, the information we collect about how you use or connect to our site is associated with your device and not you as a named individual. However, if you are logged into a registered account you have with us this information may also be associated with you directly.
Information about your location: Other than information you choose to provide to us, we do not collect information about your precise location. Your device's IP address may help us determine an approximate location. We will not collect or track your exact location without your consent. Where necessary we will seek your consent before using information about your exact location.
All personal information: We will use all the personal information we collect to monitor and improve our site, our app and our procedures and processes. Our use of your personal information in this way will not result in information that was not previously publicly available being made public on our site or through our app.
At various places on our site or our app you may be requested to enter certain personal information. Personal information that must be provided in order to avail of the booking services offered will be indicated at the time of collection. Other personal information that you are not required to provide in order to receive our services may be voluntarily given and you are free to decide not to give such personal information.
Marketing and Advertising
Most marketing messages we send will be by email but occasionally we may also contact you by post or phone. If you are using our website or app we may also send you push notifications if you accept to receive them. If you do not want to receive, or wish to reduce, marketing messages from us, you will be able to tell us by changing your marketing preferences in your account.
You can also change you marketing preferences at any time by following the instructions outlined below.
Email – click on the unsubscribe link at the bottom of our marketing emails. If you have an online account with us you can also opt-out of marketing emails through your account settings. You can also visit the “your account” section of our site to manage the frequency of our communications to you. In the “your subscriptions” tab of the “your account” section of the site, you can choose to opt out of receiving communications for a period of time by clicking on the relevant slider. You can also choose to receive reduce the frequency of our emails by choosing the summaries option on the mail preferences slider. You can also unsubscribe here. Once you have chosen your mail preferences, please click “Save Changes” button to let us know of your preferences.
App push notifications – you can change your push notification preferences at any time in the account settings for the app. If you receive marketing from us through other channels e.g. post or by phone, and you no longer want to receive such messages, you can tell us to stop marketing to you by post or phone by using our contact details at the end of this privacy notice. Please note that most marketing messages we send will be by email.
We, or our advertising partners, may show advertisements to you on our site, our app or on other websites or apps. To do this we, or our advertising partners, may collect information about how you use or connect to our site, our app or the types of other web pages, social media services, content and ads you, or others who are using the device you connect to our site or app with, interact with, visit or view. The information collected might also include the IP address of the device you connect to our site or our app and a de-identified, non-human readable version of your email address which may be match to other data about you to improve the relevance of online advertising and personalization. At no time is your actual email address shared with these partners.
3 DURATION OF STORAGE
As a rule, we store your personal data only as long as required for the purposes for which they were collected in accordance with this data protection declaration. However, it may occur that we are legally obliged to store certain data for a longer period. In this case, we will ensure that your personal data are treated in accordance with this data protection declaration for the entire period.
4 YOUR RIGHTS
You are entitled to request at any time and without charge information from us regarding your personal data stored by us, their origin, recipients or categories of recipients to whom this personal data is disclosed and the purpose of the storage.
You are entitled to request at any time that we revise, erase or restrict the processing of your personal data. In addition, you have the right to data portability.
You are also entitled at any time to refuse to allow your personal data to be processed by us.
If you have consented to the use of your personal data, you may revoke this at any time and without providing a reason.
If you wish to exercise the above rights, please contact us by e-mail at or in writing to the address shown in section “Tom Capital`s approach to privacy”.
5 DATA SECURITY
We maintain up-to-date technical measures for providing data security, in particular for the protection of your personal data from the risks during data transferral and to prevent third parties from obtaining knowledge of such data. These are regularly updated in order to comply with state-of-the-art standards.
6 COLLECTION OF INFORMATION DURING USAGE OF OUR SERVICES
For the purely informational use of the website (i.e. if you do not log in or register to use the website, or otherwise transfer information to us), we collect no personal data, except for the data transferred by your browser which allow you to visit the website.
These data include:
• IP address
• Date and time of the query
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• The quantity of data transferred each time
• Website from which the request originated
• Operating system and its interface
• Language and version of the browser software
In addition to this, if you log in to our website client section or our app, we collect data in regard to your usage behaviour of our service. This data is solely used to improve our service offering and can include:
• Access dates and times
• Pages and features accessed
• App crashes or other system activity
Our website and our app use so-called cookies. These are small text files which are stored on your terminal with the aid of your browser. The cookies do not cause any damage.
We only use them to make our service more user-friendly. Some cookies remain stored on your terminal until you delete them. They allow your browser to be recognised at the next visit.
If you do not want this, you can set up your browser so that it informs you of the placement of cookies and allows you to accept them on a case-by-case basis. However, please note that in this case you may not be able to use the full functionality of this website.
We regularly revise our data protection declaration as part of the continuing technical development of our services and the legal framework. Changes to the data protection declaration are published on our website. Therefore, please read the current version of the data protection declaration at regularly. Subject to the applicable legal provisions, all changes to the data protection declaration come into effect as soon as the updated data protection declaration is published. If we have already recorded data from you and/or are subject to a legal duty to provide information, we will also inform you regarding significant changes to our data protection declaration and will request your consent if this is required by law.
1 DATA PROTECTION FOR APPLICATIONS AND DURING APPLICATION PROCEDURES
The data controller collects and processes the personal data of applicants for the purpose of the application procedure. The processing may also occur electronically. This is especially the case if an applicant has transferred relevant application documents to the data controller electronically, for example by e-mail or via a web form located on the website. If the data controller enters into an employment contract with an applicant, the data transferred will be stored for the purpose of executing the employment relationship, having regard to legal provisions. If the data controller does not enter into an employment contract with the applicant, the application documents will be erased two months following notification of the rejection decision, provided no other legitimate interests of the data controller prevent erasure. For the purposes of this provision, other legitimate interests may be, for example, a burden of proof in a procedure pursuant to the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).
2 DATA PROTECTION PROVISIONS FOR THE INTEGRATION AND USE OF FACEBOOK
The data controller has integrated components of Facebook on this website. Facebook is a social network.
A social network is a social meeting point operated in the Internet, an online community which generally allows users to communicate with each other and to interact in a virtual space. A social network can operate as a platform for the exchange of opinions and experiences, or allow the Internet community to share personal or company-related information. Facebook allows the users of the social network to create private profiles, upload photos and form networks via friendship requests, among other things.
The operating company of Facebook is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. For data subjects residing outside the USA or Canada, the data controller responsible for personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For each visit to an individual page of this website operated by the data controller and on which a Facebook component has been integrated (Facebook plug-in), the relevant Facebook component will automatically cause an image of the corresponding Facebook component to be downloaded from Facebook onto the Internet browser on the data subject’s IT system. An overview of all Facebook plug-ins can be downloaded from
https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical procedure, Facebook receives information regarding the specific subpages of our website visited by the data subject.
If the data subject is logged into Facebook at the same time, the specific subpages of our website visited by the data subject are recognised by Facebook for each visit to our website and for the total duration of each visit to our website. This information is collected by the Facebook component and allocated by Facebook to the corresponding Facebook account of the data subject. If the data subject activates one of the Facebook buttons integrated in our website, such as the “Like” button, or the data subject leaves a comment, Facebook allocates this information to the personal Facebook user account of the data subject and stores this personal data.
If the data subject is logged into Facebook at the same time as visiting our website, Facebook then always receives information via the Facebook component that the data subject has visited our website; this occurs independently of whether the data subject has clicked the Facebook component or not. If the data subject does not want such a transfer of information to Facebook, they can prevent the transfer by logging out of their Facebook account before visiting our website.
The data policy published by Facebook is available at https://en-gb.facebook.com/about/privacy/. This describes the collection, processing and use of personal data by Facebook. It also explains the set-up options Facebook offers for the protection of the data subject’s privacy. In addition, various applications are available which can prevent data transfer to Facebook.