Privacy Policy

Information on data protection

This data protection information provides you with details of how we handle your personal data and your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). Unless otherwise stated below, ALFRED E. TIEFENBACHER GmbH & Co. KG (hereinafter referred to as “we” or “us”) is responsible for data processing.

Our privacy policy consists of two parts. In Part A, you will find general information about data protection at ALFRED E. TIEFENBACHER and learn, among other things, what rights you have and where you can assert them. Part B is dedicated to the various groups of data subjects and explains in detail what data we collect and process about you. In doing so, we address you in your role as:

a. Visitors to our websites;

b. Social media visitors;

c. Contact persons at service providers, suppliers and business partners;

d. Applicants;

e. Visitors located in Switzerland.

A. General information

1. Contact details

If you have any questions or suggestions regarding this information or would like to exercise your rights, please send your enquiry to

ALFRED E. TIEFENBACHER GmbH & Co. KG

Van-der-Smissen-Strasse 1

22767 Hamburg

Email info@tiefenbacher.com

Tel +49 (0) 40 – 44 18 09 – 0

2. On what basis do we process your data?

The data protection term “personal data” refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. We only process data on a legal basis. We only process personal data with your consent (Art. 6 (1) (a) GDPR), to fulfil a contract to which you are a party or at your request to take pre-contractual measures (Art. 6 (1) (b) GDPR), to fulfil a legal obligation (Art. 6 (1) (c) GDPR) or if processing is necessary to safeguard our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail (Art. 6 (1) (f) GDPR).

If you apply for a vacant position in our company, we will also process your personal data for the purpose of deciding whether to establish an employment relationship (Section 26 (1) sentence 1 BDSG).

3. Your rights

You control your data! As a data subject, you therefore have the right to assert your rights against us. Within the framework of the data protection laws applicable to you, you have the following rights:

• In accordance with Art. 15 GDPR and Section 34 BDSG, you have the right to access information about whether and, if so, to what extent we process personal data relating to you.
• You have the right to request that we correct your data in accordance with Art. 16 GDPR.
• You have the right to request that we delete your personal data in accordance with Art. 17 GDPR and § 35 BDSG.
• You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
• In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller.
• If you have given us separate consent to data processing, you may revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such revocation does not affect the lawfulness of the processing that took place on the basis of the consent until revocation.
• If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR for reasons arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to this processing in accordance with Art. 21 (2) and (3) GDPR.

If you exercise your rights under Articles 15 to 22 of the GDPR, we will process the personal data you provide to us in order to implement these rights and provide evidence of doing so. We will only process data stored for the purpose of providing information and preparing it accordingly, as well as for data protection control purposes. Otherwise, processing will be restricted in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and § 34 (2) BDSG.

4. Where do we process your data?

As a matter of principle, we process your data on European servers with the highest security standards. In providing our services, we are supported by external service providers to whom we send your data. Some data processing may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable law. Such transfers are permitted if the European Commission has determined that an adequate level of data protection is provided in such a third country. This applies to all transfers to countries on this list: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

If no such adequacy decision has been made by the European Commission, personal data will only be transferred to a third country if appropriate safeguards are in place in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

If no adequacy decision has been made and unless otherwise specified below, we use the EU standard contractual clauses as appropriate safeguards for the transfer of personal data from the scope of the GDPR to third countries. You have the option of obtaining a copy of these EU standard contractual clauses or viewing them. To do so, please contact us at the address provided under Contact. 

If you consent to the transfer of personal data to third countries, the transfer will be carried out on the legal basis of Art. 49(1)(a) GDPR.

5. To whom and why do we pass on your personal data?

In order to provide our services and operate as a business, we use various external companies to which we transfer personal data in some cases. If further specific recipients contain personal data for some groups of data subjects, we will inform you of this in Part B.

• Hosting providers: We commission certified service providers to host our data, who have the highest security standards.
• IT service providers and SaaS providers: We use the services of various service providers who support us as processors and simplify and optimise our processes.
• Advertising and marketing providers: With the help of various advertising and marketing providers, we aim to increase our brand awareness, promote demand for our products and increase customer loyalty. To this end, campaigns are planned, implemented and their success measured and analysed. These providers are also usually processors.
• Business partners and shipping service providers: We may transfer your personal data to fulfilment service providers, postal and delivery services, and business partners in order to offer and deliver our goods to you.
• Affiliated companies: We are a group of companies, which means that data transfers between the companies cannot be ruled out.
• Administration and authorities: Further transfers may take place in order to comply with legal requirements or to respond to court orders or other similar official requests. This also includes transfers to the tax authorities and to tax consultancy/auditing companies.

6. How long do we store your data?

Unless otherwise specified in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such legal storage obligations may arise in particular from commercial or tax law regulations. From the end of the calendar year in which the data was collected, we will store such personal data contained in our accounting data for eight years and store personal data contained in commercial letters and contracts for six years. In addition, we will retain data relating to consents subject to proof and to complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

7. How do we use cookies and other tracking technologies?

We use cookies and similar technologies on our websites. We have compiled more information about how we use these technologies in our cookie banners. The banner can be accessed via the fingerprint-button on our websites. There you will also find a list of other companies that place cookies on our websites and process data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR, a list of cookies that we place, and an explanation of how you can reject certain types of cookies.

8. How can you contact our data protection officer?

You can contact our data protection officer using the following contact details:

Email: dpo@tiefenbacher.com

Herting Oberbeck Datenschutz GmbH

www.datenschutzkanzlei.de

B. Special section – How and why we process your data

a. Visitors to our website

1. We process pseudonymous information about the device and browser you use, server log files, your network connection and your IP address for the following purposes:

• Ensuring the security, operability and stability of our websites, including defence against attacks;
• Integration of third-party content.

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the proper functionality and stability of the website.

2. We process information about how you behave on the website. This includes the IP address and user IDs, some of which are assigned by third-party providers, and is done for the following purposes:

• Reach measurement and analysis of visitor behaviour to optimise our websites, increase customer satisfaction and analyse errors;
• (Conversion) tracking to measure reach and determine commissions for our affiliate partners and influencers;
• Remarketing to acquire new customers through personalised advertising.

Legal basis: Consent in accordance with Art. 6 (1) (a) GDPR, which we obtain via the consent banner on our website and which you can revoke or adjust at any time via the footer of the website.

b. Social media visitors

1. Controllership of social media providers

When you visit our social media pages (Instagram, LinkedIn, YouTube) where we present our company, certain information about you as a visitor is processed.

Further information:

LinkedIn: Privacy policy of LinkedIn Ireland Unlimited Company

XING: Privacy Policy of New Work SE

2. Joint controllership of social media providers and Alfred E. Tiefenbacher (joint controllers)

Social media providers collect and process event data and send us anonymised statistics and data for our pages, which help us to gain insights into the various activities that visitors carry out on our site (so-called “page insights”). These page insights are created on the basis of certain information about individuals who have visited our site(s).

Further information:

LinkedIn:

• Joint Controller Agreement
• Data subject rights can be exercised via this contact form at LinkedIn. You can contact LinkedIn’s data protection officer via this link.
• LinkedIn and Alfred E. Tiefenbacher have agreed that the Irish Data Protection Commission is the competent supervisory authority that monitors the processing of Page Insights. You can submit your complaint to the Irish Data Protection Commission (see data protection.ie) or to another supervisory authority.

 XING:

• Joint Controller Agreement
• Information on exercising your rights as a data subject at New Work SE can be found here.

3. Under the controllership of Alfred E. Tiefenbacher

We process information that you have provided to us via our social media channels on the respective social media platform. This information may include the name used, contact information or a message to us.

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in communicating with interested parties and followers.

c. Contact persons at service providers/suppliers/business partners

1. We process data that you provide to us about yourself and the company you work for, such as your name, email address and telephone number, for the following purposes:

• Fulfilment of the contract with the company in which you work (this includes contract management, documentation of ongoing cooperation, billing and communication).

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in the fulfilment of the contract between the company you work for and us.

2. We may use the email address you provided during registration or when placing an order to inform you about similar products and services we offer.

Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) German Unfair Competition Act (Gesetz gegen den Unlauteren Wettbewerb – UWG). You can object to this at any time without incurring any costs other than the transmission costs according to the basic tariffs. To do so, you can unsubscribe by clicking on the unsubscribe link contained in every mailing or by sending an email to the Contact details above.

d. Applicants

Data that you provide to us in the course of your application or that a recruitment agency sends us about you. This includes information about your CV, your career to date and other data, which we process for the following purposes:

• Determining whether employment is possible;
• Initiating an employment relationship.

Legal basis: Contract initiation in accordance with Art. 6 (1) (b) GDPR and Section 26 (1) (1) BDSG.

• Fulfilment of statutory retention obligations or defence against legal claims.

Legal basis: Compliance with legal obligations pursuant to Art. 6 (1) (c) GDPR.

• Inclusion in our talent pool for later re-contact if no employment relationship is established for the time being.

Legal basis: Consent pursuant to Art. 6 (1) (a) GDPR, which you may revoke at any time by contacting us using the contact details above.

If we are unable to offer you employment, we will retain the application documents you have submitted for up to six months after any rejection for the purpose of answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of providing evidence, or if you have expressly consented to longer storage.

e. Visitors located in Switzerland

If you are a data subject within the scope of the Swiss Federal Act on Data Protection (Bundesgesetzes über den Datenschutz – DSG), the information provided under this point also applies.

The legal references made in this privacy policy are directed at data subjects in Switzerland in accordance with the comparable provisions of the DSG. This applies in particular to the applicable rights of data subjects under Articles 25-29 and 32 of the DSG.

Data processing also takes place in the following countries outside Switzerland:

• Countries within the EU or the EEA
• USA

We guarantee an adequate level of data protection. This is ensured by:

• An established adequate level of data protection in accordance with Art. 16 (1) DSG for the recipient country;
• Standard data protection clauses that have been previously approved, issued or recognised by the EDÖB, in particular the standard contractual clauses of the European Commission;
• certification in accordance with the principles of the Data Privacy Framework between Switzerland and the USA, if the data processing is carried out by an organisation in the USA that is certified under this framework;
• an international treaty regulating an adequate level of data protection.

Status: December 2025