Last updated
Aug 13, 2024
Below we inform you about the processing of your personal data in the context of the use of our online offer. This translations of these privacy policy into englisch serve as a reading aid. In the event of any discrepancies between the language versions, the German text shall take precedence.
Responsible Party:
Tomorrow Things GmbH
Martin-Luther-King-Straße 24
53175 Bonn
Telephone: +49 228 763 698 99
Mail: info@tomorrowthings.com
Contact person
If you have any questions about data protection, please use the contact details:
Nils Volmer, LL.M.
meibers.datenschutz GmbH
Haus Sentmaring 9
48151 Münster
Telephone: 0251 203197-0
Fax: 0251 203197-99
Mail: info@meibers-datenschutz.de
Storage period
We generally delete your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed.
If we have asked for your consent and you have given it, we will erase your personal data if you withdraw your consent and there is no other legal basis for the processing.
We will erase your personal data if you object to the processing and there are no overriding legitimate grounds for the processing or if you object to the processing for the purposes of direct marketing or related profiling.
If erasure is not possible because processing is still necessary for compliance with a legal obligation (statutory retention periods, etc.) to which we are subject or for the establishment, exercise or defense of legal claims, we will restrict the processing of your personal data.
Further information on the storage period can also be found in the following passages.
Your rights
You have the following rights with regard to your personal data:
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction of processing
- Right to object to the processing
- Right to data portability
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. We will then no longer process your personal data for these purposes.
You have the right to withdraw your consent to the processing of your personal data at any time if you have given us such consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
You have the right to complain to a supervisory authority about the processing of your personal data by us.
Provision of your personal data
The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are generally not obliged to provide your personal data. Should this nevertheless be the case, we will point this out to you separately when collecting your personal data (e.g. by marking the mandatory fields on input forms).
Failure to provide your personal data regularly means that we will not process your personal data for one of the purposes described below and you will not be able to take advantage of an offer associated with the respective processing (example: you will not receive our newsletter without providing your e-mail address).
Web hosting
We use external services for web hosting. These services may have access to personal data that is processed as part of the use of our online offering. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services can be found in the further information on the services we use at the end of this passage and under the links provided there.
Amazon Web Services
Provider: Amazon Web Services EMEA SARL, Luxembourg.
Website: https://aws.amazon.com/de/websites/
Further information & data protection: https://aws.amazon.com/de/legal/
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
Framer
Provider: Framer B.V., Netherlands
Website: https://www.framer.com/
Further information & data protection: https://www.framer.com/legal/privacy-statement/
Web server log files
We process your personal data in order to be able to display our online offering to you and to ensure the stability and security of our online offering. Information (e.g. requested element, URL called up, operating system, date and time of the request, browser type and version used, IP address, protocol used, amount of data transferred, user agent, referrer URL, time zone difference to Greenwich Mean Time (GMT) and/or HTTP status code) is stored in so-called log files (access log, error log, etc.).
If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the proper display of our online offering and ensuring the stability and security of our online offering.
Security
For security reasons and to protect the transmission of your personal data and other confidential content, we use encryption on our domain. You can recognize this in the browser line by the character string "https://" and the lock symbol.
Contacting us
If you contact us, we will process your personal data in order to process your contact.
If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the processing of your contact. If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 para. 1 lit. b GDPR.
We use external services to provide and maintain our email inboxes and to process your data after you have contacted us. These services may have access to personal data that is processed when you contact us.
We use support systems (video conferencing software, appointment booking systems, live chats, ticket systems or helpdesks, etc.) and use external services to support the processing of your contact. These services may have access to personal data that is processed when you contact us via a support system. Further information on the services used, the scope of data processing and the technologies and procedures for using the respective services can be found below in the further information on the services we use and under the links provided there:
HubSpot
Provider: HubSpot, Inc., United States of America.
Website: https://www.hubspot.de/
Further information & data protection: https://legal.hubspot.com/de/legal-stuff and https://legal.hubspot.com/de/privacy-policy
Guarantees: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
Teams
Provider: Microsoft Corporation, United States of America.
Website: https://www.teams.com
Further information & data protection: https://privacy.microsoft.com/de-de/ and
https://www.microsoft.com/de-de/trust-center/privacy
Guarantees: EU-U.S. Data Privacy Framework and EU Standard Contractual Clauses. You can request a copy of the EU standard contractual clauses from us.
Zendesk
Provider: Zendesk, Inc., United States of America.
Website: https://www.zendesk.com
Further information & data protection: https://www.zendesk.de/company/agreements-and-terms/privacy-notice/
Guarantees: Data Privacy Framework ("EU-U.S. Data Privacy Framework ("EU-U.S. DPF") and the UK extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework ("Swiss-U.S. DPF and EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.
ZITADEL
Provider: ZITADEL (CAOS Ltd.), Switzerland.
Website: https://zitadel.com
Further information & data protection: https://zitadel.com/docs/legal/policies/privacy-policy
Guarantees: ZITADEL process personal data in accordance with Swiss data protection law. In addition, they process - to the extent and insofar as the EU Data Protection Regulation is applicable - personal data in accordance with the legal bases within the meaning of Art. 6 (1) DSGVO. You can request a copy of the EU standard contractual clauses from us.
Cookies are used.
Cookies are text information that is stored on your end device. A distinction is made between session cookies, which are deleted immediately after you close your browser, and persistent cookies, which are only deleted after a certain period of time.
In addition to cookies, similar technologies (tracking pixels, web beacons, etc.) may also be used. The following information on cookies also applies to similar technologies. These statements also apply to further processing in connection with cookies and similar technologies (analysis & marketing, etc.). This also applies in particular to any consent you may have given for the use of cookies. This also extends to other technologies and to further processing in connection with cookies and similar technologies.
Cookies can be used to enable the use of certain functions. Cookies can also be used to measure the reach of our online offer, to design it in line with requirements and interests and thus to optimize our online offer and our marketing. Cookies can be used by us and by external services.
We use a consent tool to manage the cookies used and the related consents. Details on the cookies used (purpose, storage period, external service, if applicable, etc.) and the consent tool can be found in the following pages.
If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies used and the related consents. Depending on the purpose of the processing, our legitimate interests can be found in the following passages.
You can prevent the storage of cookies by setting your browser accordingly. Below we provide you with links for typical browsers where you can find further information on managing cookie settings:
- Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
- Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
- Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
- Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
- Opera: https://help.opera.com/de/latest/web-preferences/#cookies
- Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html
You can find further objection options under the following links:
https://www.youronlinechoices.eu/
https://youradchoices.ca/en/tools
https://optout.aboutads.info/?c=2&lang=EN
https://optout.networkadvertising.org/?c=1.
If you prevent cookies from being saved, this may impair the proper functioning of our online offering. If you delete all cookies, the above-mentioned settings will also be lost and must be made again.
Furthermore, you can activate the "Do-Not-Track" function of your browser to indicate that you do not wish to be tracked. Below you will find links for typical browsers where you can find further information on the "Do-Not-Track" setting:
- Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
- Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
- Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/verwenden-von-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
- Opera: https://help.opera.com/de/latest/security-and-privacy/
- Safari no longer supports the "Do-Not-Track" function since February 2019. The following link can be used to prevent cross-site tracking in Safari: https://support.apple.com/de-de/guide/safari/sfri40732/12.0/mac
- Yandex: https://yandex.com/support/browser/personal-data-protection/ytp.html
You can also revoke or manage your consent with regard to the cookies used in the consent tool we use.
SaaS services
As part of the IoT software solutions provided by us as Software-as-a-Service, we process your personal data in order to provide our services, to process the contract concluded with you and to comply with the associated rights and obligations.
If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the processing and handling of your order. If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 para. 1 lit. b GDPR.
Recipients of your personal data may be third parties (IT service providers, shipping or transport service providers, banks, tax consultants, lawyers, authorities, etc.), insofar as this is necessary for the processing and handling of the provision of and the associated rights and obligations.
We use external services to process payments. We transmit your personal data to these services insofar as this is necessary for the processing of payments. Further information on the services used, the scope of data processing and the technologies and procedures for using the respective services can be found in the further information in the ordering process and at the end of this passage under the links provided there.
Chargebee
Provider: Chargebee, Inc, United States of America.
Website: https://www.chargebee.com/
Further information & data protection: https://www.chargebee.com/privacy/
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.
GoCardless
Provider: GoCardless Ltd, United Kingdom.
Website: https://gocardless.com/
Further information & data protection: https://gocardless.com/privacy/
Adequate level of data protection for transfers of personal data to the United Kingdom: Adequacy decision of the EU Commission.
PayPal
Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.
Website: https://www.paypal.com/de/home/
Further information & data protection: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
Stripe
Provider: Stripe Payments Europe, Ltd, Ireland. Stripe Payments Europe, Ltd. is a subsidiary of Stripe, Inc., United States of America.
Website: https://stripe.com/de
Further information & data protection: https://stripe.com/de/privacy
Guarantee: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
Newsletter
If we have asked for your consent and you have given it, we will process your e-mail address in order to carry out e-mail marketing and, if necessary, other personal data in order to address you personally. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR. The content of the email marketing is specifically described when your consent is obtained. The email marketing also contains information about us, our goods and services.
We use the so-called double opt-in procedure to prevent possible misuse of your personal data. For this purpose, after collecting your e-mail address, we will send you an e-mail to the e-mail address you have provided, in which we ask you to confirm that you actually wish to receive e-mail marketing. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the legally compliant implementation of email marketing.
We log the time at which you give your consent and the time of your confirmation as well as your IP address and the content of your declaration of consent in order to be able to prove that your consent has been obtained in accordance with the law. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the legally compliant implementation of email marketing.
You can withdraw your consent at any time. The withdrawal of your consent does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, you can use the link provided for this purpose in the emails or contact us using the contact details provided above.
If you have withdrawn your consent, we reserve the right to process your personal data in a so-called blacklist/blocklist in order to ensure that no further email marketing is carried out in connection with this personal data in the future. The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the avoidance of unwanted email marketing.
Marketing to existing customers - advertising by e-mail
If we have received your email address in connection with the sale of a product or service and you have not objected to this, we will process your email address in order to conduct email marketing for our own similar goods or services and, if necessary, other personal data in order to address you personally. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is direct advertising.
You have the right to object to the processing of your personal data for the purpose of email marketing at any time without incurring any costs other than the transmission costs according to the basic rates. We will then no longer process your personal data for the purpose of email marketing. To object to the processing of your personal data for the purpose of email marketing, you can use the link provided for this purpose in the emails or contact us using the contact details provided above.
If you have objected to the processing of your personal data for the purpose of email marketing, we reserve the right to process your personal data in a so-called blacklist/blocklist in order to ensure that no further email marketing is carried out in connection with this personal data in the future. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the avoidance of unwanted email marketing.
Analysis & marketing
We process your personal data in order to measure the reach of our online offering, to design it in line with your needs and interests and thus to optimize our online offering and our marketing.
If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the optimization of our online offer and our marketing.
We use external services for analysis and marketing. This may also involve profiling (for the purposes of advertising, personalized information, etc.). Profiling can also take place across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services, as well as whether profiling takes place when using the respective services and, if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the further information on the services we use at the end of this passage and under the links provided there.
Further information on cookies & similar technologies can be found above.
Google Ads
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/google-ads/answer/1722022?hl=de
Further information & data protection: https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, insofar as these are offered by Google. Further information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU standard contractual clauses there. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
Google Analytics
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://marketingplatform.google.com/intl/de/about/analytics/
Further information & data protection: https://support.google.com/analytics/answer/6004245?hl=de and https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, insofar as these are offered by Google. Further information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU standard contractual clauses there. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
Google Tag Manager
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://support.google.com/tagmanager/answer/6102821?hl=de
Further information & data protection: https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, insofar as these are offered by Google. Further information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU standard contractual clauses there. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
LinkedIn Insight Tag
Provider: If you are located in the EU, the European Economic Area (EEA) or Switzerland, this service is provided by LinkedIn Ireland Unlimited Company, Ireland. If you are located outside the EU, the European Economic Area (EEA) or Switzerland, this service is provided by LinkedIn Corporation, United States of America.
Website: https://business.linkedin.com/de-de/marketing-solutions/insight-tag
Further information & data protection: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
and https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
Warranty: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.
Social media presences
We maintain social media presences on external services in order to be able to communicate with users there and thus optimize our online offer and our marketing.
This privacy policy also applies to the following social media presences
- LinkedIn: https://de.linkedin.com/company/tomorrowthings
If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the optimization of our online offer and our marketing.
Profiling (for the purposes of advertising, personalized information, etc.) may also occur as part of the use of external services. Profiling can also take place across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services, as well as whether profiling takes place when using the respective services and, if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the further information on the services we use at the end of this passage and under the links provided there.
Provider: If you are located in the EU, the European Economic Area (EEA) or Switzerland, this service is provided by LinkedIn Ireland Unlimited Company, Ireland. If you are located outside the EU, the European Economic Area (EEA) or Switzerland, this service is provided by LinkedIn Corporation, United States of America.
Website: https://www.linkedin.com
Further information & data protection: https://de.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy and https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy
Warranty: EU standard contractual clauses. You can request a copy of the EU standard contractual clauses from us.
Social media content/plugins
We use social media content/plugins from external services to show you content and functions of the external services and thus optimize our online offering and our marketing.
If we have asked you for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the optimization of our online offer and our marketing.
Profiling (for the purposes of advertising, personalized information, etc.) may also occur as part of the use of external services. Profiling can also take place across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services, as well as whether profiling takes place when using the respective services and, if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the further information on the services we use at the end of this passage and under the links provided there.
YouTube
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://www.youtube.com
Further information & data protection: https://policies.google.com/?hl=de
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, insofar as these are offered by Google. Further information on this and Google's responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU standard contractual clauses there. The provider has signed up to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.
Superiority:
This is a translated version of the official Datenschutzerklärung policy which can be found on our website or requested from info@tomorrowthings.com. Should any conflicts between this translated version and the official policy document (Datenschutzerklärung) arise, the German version (Datenschutzerklärung) shall prevail.