Data protection

The protection of your personal data is important to us, TRIOVEGA GmbH (“we”). We only process your personal data in accordance with the statutory regulations, in particular Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”) and the German Federal Data Protection Act (BDSG).

This privacy notice informs you about the processing of your personal data and your rights as a data subject if

you use our website (www.triovega.com);
you visit our social media sites;
you contact us in other ways for business purposes
and when you apply for a position in our company.

You will also find more detailed information below about the use of so-called “cookies” on our website.

1. Data Controller and contact to the Data Protection Officer

The controller under data protection law for the data processing described in this privacy policy is

TRIOVEGA GmbH,
Kaninchenborn 31
23560 Lübeck, Germany
Phone: +49 451 39771 0
E-Mail: info@triovega.com

You can reach our company data protection officer using the following contact details:

PLANIT // LEGAL Rechtsanwaltsgesellschaft mbH
Dr. Sebastian Heep
Jungfernstieg 1
20095 Hamburg, Germany

Phone: +49 40 609 44 190
E-Mail: datenschutz@triovega.com

2. Purposes and legal basis of our data processing

2.1 Data processing when using our website

When you use our website, we may process the following types of data. This data may be personal data.

2.1.1 Internet connection data

When you access our website, we collect and process your so-called Internet connection data (e.g. date and time of access, name of the page accessed, amount of data transferred and the requesting provider and your IP address), which your browser automatically transmits to our server when you access our website. We need this information to enable you to use our website, for example by adapting the website to the technical requirements of your end device. We store this data for a period of up to six months in order to identify and rectify any malfunctions of our website. The legal basis for this data processing is our legitimate interest in ensuring the security and usability of our website, Art. 6 para. 1 letter f) GDPR.

2.1.2 ALTCHA

We use the ALTCHA service to protect our website from automated attacks. We may use a spam filter that collects and analyses your IP address. You can find more information about how ALTCHA works here: https://altcha.org/de/docs/faq/. The legal basis for processing your IP address is our legitimate interest in protecting our website from external attacks, Art. 6 para. 1, sentence 1 letter f) GDPR.

2.1.3 Access and storage on your end device (“cookies”)

We use tracking technologies on our website that enable us or our service providers to collect data relating to the use of our website. These tracking technologies are usually referred to as cookies, which is why we also use this term below. However, the following explanations also apply accordingly to other tracking technologies or file formats, such as local storage, pixels, beacons or tags. What such technologies have in common is that when they are used, information can be stored or read on your end device (e.g. in the browser you use on your computer).

In certain cases, the storage of information on your end device or access to information already stored on your end device is absolutely necessary so that we can make our website available to you for use (“technically necessary cookies”). The legal basis for the use of such cookies is Section 25(2)(2) of the Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDDG). Insofar as this information has a personal reference and is further processed by us in our IT systems, the legal basis for this data processing is our legitimate interest in providing our website and ensuring data security, Art. 6 para. 1 letter f) GDPR.

We only use cookies that are not technically necessary (“optional cookies”) with your consent. When you visit our website for the first time, we display a so-called cookie banner to inform you about the tracking technologies we use and to give you the choice of which optional cookies you would like to consent to. If you click on the corresponding button in the banner, you consent to the storage and reading of all technically unnecessary cookies on your device (Section 25 (1) TDDDG) and to the processing of your personal data stored for the cookie (Art. 6 (1) (a) GDPR). Your consent is voluntary. You can also reject all optional cookies instead by clicking on “Reject”. Finally, you can also select or deselect individual categories of cookies or services.

You can revoke your consent at any time, but only with effect for the future. To do this, please click on the “Cookies” tab at the bottom of our website. In the consent settings, you have the option of revoking the consent you have already given (Reject) or granting new consent (Accept all). You can also deselect or select individual cookies or services there.

2.1.3.1 LinkedIn Insight Tag

If you consent to this in the cookie banner (see above), we use the Insight Tag of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland on our website. With the help of the LinkedIn Insight Tag, we receive information about visitors to our website. If a website visitor is registered with LinkedIn, we can, among other things, analyse the key professional data (e.g. career level, company size, country, location, industry and job title) of our website visitors and thus better tailor our site to the respective target groups. We can also use LinkedIn Insight Tags to measure whether visitors to our websites make a purchase or take another action (conversion measurement). Conversion measurement can also be carried out across devices (e.g. from PC to tablet). LinkedIn Insight Tag also offers a retargeting function that allows us to display targeted advertising to visitors to our website outside the website. However, the data collected by LinkedIn cannot be assigned to specific individuals by us as the website operator.

LinkedIn itself also collects so-called log files (URL, referrer URL, IP address, device and browser properties and time of access). The IP addresses are shortened or (if they are used to reach LinkedIn members across devices) hashed (pseudonymised). The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days. The remaining pseudonymised data is then deleted by LinkedIn within 180 days. You can object to the analysis of usage behaviour and targeted advertising by LinkedIn at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Furthermore, LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.

Further information about data processing by LinkedIn can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy#choices-oblig%20.

LinkedIn will store the personal data collected from website visitors on its servers in the USA. The transfer of your personal data to the USA takes place on the basis of the adequacy decision of the EU Commission of 10 July 2023 for the USA and, alternatively, on the basis of the current European Standard Contractual Clauses under data protection law. The LinkedIn Corporation is certified under the “EU-US Data Privacy Framework” (DPF).

2.1.3.2 Matomo

If you consent to this in the cookie banner (see above under 2.1.3), we use cookies for the use of the web analysis service “Matomo” from the third-party provider InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. Innocraft stores a pseudonymous identifier for this cookie, which enables us to analyse user behaviour on our website. In particular, we use the identifier to collect information about which third-party websites the pseudonymous user has come to our website from, which parts of our website the user visits and how the user interacts with it (e.g. which clicks the user makes or which events the user triggers). Your IP address is not merged with this data.

2.1.4 Social networks

Our website contains links to social networks. These services are operated exclusively by third-party providers. If you follow the links, information may be transmitted to these providers. The purpose and scope of the data collection and the further processing and use of the data by the provider as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information of the respective provider. You can find it here:

LinkedIn: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA

http://www.linkedin.com/legal/privacy-policy/

Kununu: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

https://privacy.xing.com/de/datenschutzerklaerung

2.1.5 Contact form

You have the option of sending us enquiries via the contact form on our website. In this case, we collect your name, the name of your company, your e-mail address, your request and – if you wish – your telephone number and your preferred form of address. We process your data in order to answer your enquiry.

If your enquiry is made in connection with the performance of a contract concluded with you or for the initiation of such a contract, the legal basis for our data processing is Art. 6 para. 1 lit. b) GDPR. Otherwise, the legal basis is our legitimate interest in the efficient processing of your enquiry addressed to us (Art. 6 para. 1 lit. f) GDPR). You can object to this data processing under the conditions of Art. 21 para. 1 GDPR.

2.1.6 Newsletter

You have the option of subscribing to our newsletter on our website. In this case, we collect and process your name, the name of your company, your email address and – if you wish – your preferred form of address for direct marketing purposes. The legal basis for our data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future.

2.2 Data processing for other business contacts

If you contact us by means other than our website, for example by email, telephone, post or at trade fairs and other events, we will collect your contact details, including your position in your company if applicable. We store this data in our CRM system and process your data in order to contact you.

We may manage your personal data in a CRM system provided to us by our processor salesforce.com, Inc ., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Salesforce.com, Inc. is certified under the “EU-US Data Privacy Framework” (DPF).

2.2.1 Processing the data of applicants

You have the option of applying for a job with us by post, email or via the online form provided by our processor Personio on our website. If you apply for a position with us, we collect, store and process your applicant data. This applicant data includes your contact details, your salary expectations and information on your availability, your application documents including any cover letters you have enclosed, your CV, certificates and supporting documents, data relating to your job interviews and, if applicable, notes that we have taken during job interviews.

If your application is successful, we will store and process your data on the basis of Art. 6 para. 1 lit. b) GDPR for the purpose of implementing the employment relationship.

If we are unable to make you a job offer, you reject a job offer or withdraw your application, we will store your data for a period of up to six months from the end of the application process. This storage is in our legitimate interest (Art. 6 para. 1 lit. f) GDPR) to be able to prove compliance with legal regulations for the application process, in particular those of the AGG. At the end of this period, we will anonymise your data on the basis of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in the statistical evaluation and optimisation of our application processes. You can object to this data processing under the conditions of Art. 21 para. 1 GDPR.

If we are not currently making you a job offer, we may offer to include you in our applicant pool in order to offer you a position at a later date. We will only include you in the applicant pool if you consent to this (Art. 6 para. 1 lit. a) GDPR). In this case, we will store your applicant data for a period of up to two years. You can revoke your consent at any time with effect for the future.

2.2.2 Processing for IT security purposes

Your personal data may be subject to rolling data backups. We create such backups in pursuit of our legitimate interest (Art. 6 para. 1 lit. f) GDPR) in ensuring data security and the recoverability of data in the event of malfunctions or external attacks. You can object to this data processing under the conditions of Art. 21 para. 1 GDPR.

3. recipients of your personal data and third country transfers

We use various technical service providers as processors who process your personal data on the basis of an order processing contract concluded with us pursuant to Art. 28 GDPR in accordance with our instructions. These processors include the following companies

Hetzner Online AG (Hosting of this website)
Rapidmail GmbH (newsletter mailing services)
salesforce.com, Inc (customer data management)
InnoCraft Ltd (provision of the web analysis tool Matomo).

In this context, we may transfer your personal data to processors or sub-processors in countries outside the European Union (“EU”) and the European Economic Area, namely the USA. These data transfers take place on the basis of the adequacy decision of the EU Commission of July 10, 2023 (C(2023) 4745). The service providers we use in the USA are certified under the Data Privacy Framework.

4. Deletion of your personal data

We delete your personal data as soon as its processing is no longer required for the purposes explained in this privacy policy. If and as long as statutory retention obligations prevent deletion, we restrict the processing of your data to this archiving purpose (so-called data blocking) and delete your data when the retention period expires. Such retention obligations exist under German commercial and tax law, in particular for business letters for six years at the end of the year and for accounting-related documents for eight years at the end of the year.

5. Your rights

As a data subject of our company’s data processing, you have the following rights under the respective legal requirements:

The right to confirmation as to whether we are processing personal data relating to you (Art. 15 GDPR)
The right to information about your personal data processed by us and to a copy of the data (Art. 15 GDPR)
The right to rectification in the event that your personal data is incorrect (Art. 16 GDPR).
The right to erasure of your personal data (Art. 17 GDPR).
The right to restriction (blocking) of your personal data (Art. 18 GDPR).
The right to data portability (Art. 20 GDPR).

If your personal data is processed on the basis of Art. 6 (1) (e) or (f) GDPR, you can also object to the processing in question under the conditions of Art. 21 (1) GDPR.

You can object to the processing of your personal data for direct marketing purposes at any time and without giving reasons with effect for the future (Art. 21 (2) GDPR).

If the processing is based on your consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR, you can withdraw your consent at any time with effect for the future (Art. 7 (3) GDPR).

You also have the right to contact the competent data protection supervisory authority (Art. 77 GDPR).

6. No automated decision in individual cases

Your personal data will not be used for automated individual case decisions within the meaning of Art. 22 para. 1 GDPR.

7. Amendment of the privacy policy

New legal requirements, business decisions or technical developments may require changes to this privacy policy. The privacy policy will then be adapted accordingly. You will always find the latest version on our website.

Status: June 2025