Privacy Notice (short version)
- While using the trestle.com website (by default):
- IP address (stored separately)
- Date and time of access
- Browser name/version
- URL of previously visited webpage
- Amount of data sent
- Language preferences
- Aggregated analytics data
- When contacting us via our form or by sending us an email (voluntarily):
- Email address
- Company name
- Communication data
- Optional: phone number
- When using the Trestle platform (log in required)
- Email address
How do we collect data?
- Log files
- Contact form
- Customer relation management tool
How and why do we process your data?
- To provide our services to you.
- For technical purposes, such as, but not limited to, preventing security attacks.
- If requested by you, to communicate with you and/or negotiate potential partnerships.
- To improve and optimize our website.
- For A/B testing.
How long do we keep data?
- Website logs for 30 days
- Analytics data for 14 months
- Contact data:
- As long as necessary in order to communicate with you
- If we have entered into a partnership agreement, until the end of the legal obligation to retain the contract data
What is the legal basis of data processing?
We process your personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the applicable EU laws and German national data protection laws.
We collect as little data as possible. As far as anonymous or pseudonymous use is possible we anonymize or pseudonymize your data.
What rights do you have?
- Receive information about the personal data processed by us and how we process your data as well as to gain access to such data.
- Rectify inaccurate personal data and restrictive details.
- Receive all your personal data in a structured, commonly used and machine-readable format, as well as having such data transmitted to another controller.
- Request erasure of your data, unless such data needs to be retained for legal purposes.
- Object to the processing of your data.
- Withdraw your consent at any time, when you have provided us with your consent to the processing of your personal data.
- Lodge a complaint with the respective supervisory authority.
Contact our Data Protection Officer, Cornelius Witt, via email at firstname.lastname@example.org or by phone at +49 (0) 221 / 64306371.
Who is responsible for the data collection and processing (contacts)?
The legal person responsible for the collection, processing and/or use of personal data in connection with trestle.com (“Controller”) is:
eyeo GmbH Lichtstr. 25 50825 Cologne Germany
If you have any questions regarding your personal data, please do not hesitate to contact our Data Protection Officer:
Phone +49 (0) 221 / 64306371 Email email@example.com Fax +49 (0) 221 / 64306372
What is personal data?
The purpose of data protection is to protect personal data. Personal data means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This information includes, for example, details such as name, postal address, email address or telephone number but also nicknames, certificates and information about your interests.
What kind of data do we collect and process and how?
Automatically collected and processed information:
While using the trestle.com website, we automatically record website logs and thereby collect the following data for technical and security reasons:
- IP address (stored separately)
- Date and time of access
- Browser name/version 1
- URL of previously visited webpage 2
- Amount of data sent
This data is stored purely for technical reasons and cannot be linked to any individual person. We do not combine website log data with any other information about you.
Information you give us on a voluntary basis
Contact and communication data
We process contact and communication data sent by you in the respective message you are providing to us by using our contact form or sending us an email to respond, and to communicate, and to discuss potential partnerships with you. Contact data includes:
- Email address
- When using the form:
- Company name
- Optional: phone number
Data you provide to us in connection with the use of the Trestle platform
We are offering our partners to manage campaigns on the Trestle platform. Therefore, you have to register by adding your first and last name, an email address and choosing a password.
We may use your email address to verify it, to respond to your requests, send you reports, transfer subscription payments, etc.
To create your account, you also need to enter your name and, if applicable, the name of your business, date of birth, nationality and your country of residence. This data is needed for Processing transactions.
Information you provide us with your consent
For non-EU/EEA users only: Google Analytics
You can revoke consent by following these instructions:
- https://tools.google.com/dlpage/gaoptout?hl=en (browser add-on) https://adssettings.google.com/ (setting for advertisements).
For non-EU/EEA users only: Google Tag Manager
Our website uses Google Tag Manager for the implementation of Google Analytics. Google Tag Manager, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”), is a solution that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated. These tags then may register data under certain deactivated domains or on a cookie level. This setting will remain in place for all tracking tags implemented with Google Tag Manager.
For non-EU/EEA users only: Google Optimize
By accepting the cookies of Google Optimize on our website you consent to our use of the web analysis and optimization service Google Optimize provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google”). We use the Google Optimize service to increase the attractiveness, content and functionality of our website by playing new features and content to a percentage of our users and statistically evaluating the usage change (A/B testing). Google Optimize is a sub-service of Google Analytics.
What is the legal basis?
We process personal data in compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the applicable German national data protection laws:
Processing is necessary for taking steps prior to entering into a contract (Art. 6 (1) b GDPR)
The collection and processing of your personal data may be necessary for the performance of a contract to which you may be a party. Prior to entering into such a contract, the collection and processing of your personal data may also be necessary in order to take steps at your request.
Collection and processing is necessary for compliance with a legal obligation to which the controller is subject – Art. 6 (1) c GDPR
Collection and processing of your personal data may be necessary for compliance with a legal obligation to which we are subject under EU laws or the laws of a EU Member State.
Processing is necessary for the purposes of eyeo’s legitimate interests (Art. 6 (1) f GDPR)
The collection and processing may be necessary for the purposes of our legitimate interests.
- We collect and process website logs for technical reasons, such as, but not limited to, preventing denial of service attacks. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. Preventing such overloads of our systems and any security issues by denial of service attacks is in your and our vital interest and therefore we use the website logs.
- We use website log data (with anonymized IP addresses) for analyzing purposes to help us improve our website.
- To recognize signed-in users or to store your privacy preferences.
Processing is based on your consent (Art. 6 (1) a, Art. 7 GDPR)
We will always ask for your consent to collect and process your personal data for the aforementioned specific purposes, unless the collection and processing of your personal data is permitted by statutory laws. Where you have provided us with your consent to the collection and processing of your personal data for the aforementioned specific purposes, you have the right to withdraw your consent at any time.
Do we disclose any personal data?
We will not transfer your personal data to third parties as a matter of course without letting you know in advance or asking for your prior permission. We may only transfer your personal data to third parties without informing you separately beforehand in the following exceptional cases as explained below:
- If required for legal proceedings/investigations, personal data will be transferred to the criminal investigation authorities and, if appropriate, to injured third parties. We will only do this if there are concrete indications of illegal and/or abusive behaviour. We are also legally obliged to give certain public authorities information. These are criminal investigation authorities, public authorities which prosecute administrative offences entailing fines and the German finance authorities.
International data transfers
For proving the Trestle platform we use an external service provider, BeeswaxIO Corporation, 275 7th Avenue, 21st Floor, New York, NY 10001, USA. In order to ensure an adequate level of data protection, we have entered into a data processing agreement with BeeswaxIO Corporation that includes the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can request a copy of the agreement by sending an email to firstname.lastname@example.org.
We use an external service provider tool for email (GSuite) and for web analytics and A/B testing (Google Analytics and Google Optimize). These services are provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. In order to ensure an adequate level of data protection, we have entered into a data processing agreement including the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can access a copy of this agreement here.
In addition, we use the customer relation management tool from Copper CRM, Inc., 301 Howard Street #600, San Francisco, California 94105, USA, and the web integration of Copper’s CRM from Zapier, Inc., 548 Market Street #62411, San Francisco, California 94104, USA, for customer relation management and its web integration. In order to ensure an adequate level of data protection, we have entered into a data processing agreement with Copper CRM, Inc. and Zapier, Inc. that includes the EU Standard Contractual Clauses (processors) – Commission Decision C(2010)593. You can request a copy of the Copper agreement by sending an email to email@example.com and access a copy of the Zapier agreement here.
Detailed website logs are retained for a period of 30 days, after which only the aggregated usage statistics that cannot be connected to a single user remain. Everything else is deleted.
Contact and communication data will be deleted as soon as they are not necessary for communication with you.
Analytics data is retained for 14 months.
Any personal data in connection with a partnership will be stored until the end of the legal obligation to retain contract data (6 or 10 years after the end of the calendar year in which the contractual relationship was terminated). After this term, the data will be deleted, unless we can prove that continued retention is necessary for compliance with any obligation in accordance with GDPR Art. 6(1)(c). Such obligations may include, but are not limited to, tax and commercial-legal storage and documentation obligations under the German Commercial Code (HGB), the German Criminal Act (StGB), or the German Revenue Code (AO). Storage terms exceeding 6 or 10 years after the termination of a contract may also apply if agreed to in writing (GDPR Art. 6(1)(a)).
What rights do you have?
In compliance with the GDPR and the applicable EU laws and German national data protection laws and to the extent legally permitted, you have the following rights to protect your personal data collected and processed by us:
Information, access, rectification and restriction rights
You have the right to receive, upon request, information about the personal data stored by us about you and information about how we collect and process your personal data. Where that is the case, you have the right to gain access to such personal data stored by us. You have the right to request from us the rectification of inaccurate personal data, if any. Taking into account the purposes of collecting and processing your data, you have the right to have incomplete personal data completed. You also have the right to request restriction of processing.
You also have the right (1) to receive all personal data concerning you and which you have provided to us, in a structured, commonly used and machine-readable format and (2) to transmit those data to another controller.
Erasure of your data
You have the right to demand from us the erasure of your personal data, where – inter alia – one of the following grounds applies:
- If we no longer need your personal data for the aforementioned purposes.
- If you withdraw your consent on which the collection and processing is based on Article 6 (1) a GDPR and where there are no other legal grounds for collection and processing.
- If you object to the collection and processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for collection and processing. Please note, if data needs to be retained for legal purposes we will restrict the respective data.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the collection and processing of personal data relating to you infringes the GDPR.
Right to object to the processing of your data
You have the right to object at any time to the collection and/or processing of your personal data on grounds relating to your particular situation, where collection and processing is based on our legitimate interest (Art. 6 (1) f GDPR).
Right to withdraw your consent at any time
You have the right to withdraw your consent at any time, if you have provided us with your consent to the collection and processing of your personal data for one or more specific purposes. The withdrawal of your consent does not affect the lawfulness of processing based on the consent before its withdrawal.
How to exercise your rights
To exercise your rights, please contact us via email or mail to:
eyeo GmbH Lichtstr. 25 50825 Cologne Germany
Our social media presence
In order to communicate with you, and to inform you about our activities and offers on social networks, we are active on LinkedIn and Twitter. Therefore, we still inform you about the data processing processes in connection with our presence on the respective social network as follows.
If you follow our respective online presence on one or more of the social networks used by us, please note that your data may be processed outside the European Union / the European Economic Area. However, all the networks we use have agreed to comply with EU data protection standards.
The social networks we use also process your data regularly for market research and advertising purposes. Based on your usage behavior and interests, the networks may create usage profiles which are used, for example, to place advertisements corresponding to your potential interests within and outside the networks. For these purposes, cookies, which store your usage behavior and interests, as well as possibly also the devices you use, are regularly stored on your computer.
For a detailed overview of the respective processing operations and opt-out options, please visit the website of each social network, listed below. For the assertion of your rights and requests for information, we also refer you to the respective social networks, where you can exercise your rights most effectively. This is because the social networks have access to your data and can therefore directly take appropriate measures and provide you with the respective information:
California Privacy Notice
This section only applies to California residents. It explains how we collect and use Personal Information as well as the rights available to California residents under the California Consumer Protection Act (“CCPA”). The words in this section have the same meaning given to them in the CCPA. Please note that the words as described under the CCPA may be broader than their common meaning.
“Personal Information,” for example, refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you or your household. Personal Information does not include information that is aggregated or information that cannot be reasonably linked to you.
What Personal Information we collect and how we use it
In order to enable and facilitate your use of our websites, we must process certain Personal Information about you. We do not sell any of your Personal Information, and we never will. For a detailed explanation about the kinds of information that we collect and how we use it, please review the information provided above. Here is a summary of the CCPA categories of Personal Information that we may have collected about you over the past 12 months:
- Internet or other electronic network activity information, including information about your browser and your interaction with our websites;
- Contact Information, if provided by you;
- Information drawn from other Personal Information about you, which may include your preferences and interests so as to personalize your experience.
We may have collected these categories of Personal Information for the following business purposes:
- To communicate with you about our services, products and partnership opportunities;
- To facilitate advertising, market research and other business services;
- To ensure the security and functionality of our websites; and
- To perform other business purposes.
How we share Personal Information
- Service providers that facilitate customer relation management; and
Additionally, we may also share your Personal Information with law enforcement or other third parties as necessary to comply with legal requirements.
Sources from which we collect Personal Information
We receive Personal Information from you, your interaction with our website and application forms, and our external service providers. The categories of sources from which we have collected or received Personal Information include:
- You: We collect information that you volunteer, such as contact information and other information that you provide to us in connection with contacting us.
- Our Website: We collect information about how you interact with and use our website.
- Service Providers: We engage vendors to perform business purposes on our behalf and share information with them to provide us with such business purposes including customer relation data processing purposes.
What are your rights under the CCPA?
The CCPA provides you with the following rights:
- Right to Know: you have the right to request that we disclose to you the categories of Personal Information that we have collected, the categories of sources from which we have collected the Personal Information, the business purpose for collecting Personal Information, the categories of third parties with whom we have shared Personal Information, and the specific pieces of Personal Information about you that we have collected;
- Right to Request Deletion: you have the right to request that we delete any Personal Information about you that we have collected; and
- Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.
Please note that we have a duty to verify your identity whenever you exercise your Right to Know and/or your Right to Request Deletion. In order to do so, we will request Personal Information from you to match against the Personal Information in our records. In some cases, we may also request additional documentation to verify your identity.
Please also note that the CCPA allows you to exercise these rights yourself or to designate an authorized agent who will exercise these rights on your behalf. In the event that an authorized agent exercises rights on your behalf, we may request a written permission from you that establishes the individual as your authorized agent as well as other information necessary to verify the identity of the authorized agent.
To exercise any of these rights, please submit a request to firstname.lastname@example.org.
Contact for more information
If you have any questions about this section or how to exercise your rights under the CCPA, please contact us.