Privacy Policy
last updated 15.11.2024, V1.23
Data Controller
The data controller within the meaning of Art. 4 (1) of the Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) as well as national data protection laws and the provider of the digital service within the meaning of the Telecommunications and Digital Services Data Protection Act (TDDDG), is:
Trusc GmbH
Lübecker Str. 89
23843 Bad Oldesloe
Email: info@trusc.com
Managing Directors: Michael Frautz, David Ender
For further details, please refer to the legal notice.
Data Protection Officer Contact Details
The Data Protection Officer of Trusc GmbH is:
Oscar Nissen (NNW Consulting GmbH)
Lübecker Straße 89
D-23843 Bad Oldesloe
Email: privacy_infosec@trusc.io
For any questions or concerns regarding data protection, please contact our Data Protection Officer directly.
1. Introduction
We prioritize the protection of your personal data. This Privacy Policy informs you about how we collect, use, and protect your data, in compliance with applicable data protection laws, particularly the GDPR and TDDDG.
2. What Data We Collect and Why
a) When Using the Website
Upon each visit to our website, general technical data and information are collected. These include:
– Usage Data: Information about how you use our website (e.g. pages visited, time spent, click behavior).
– Technical Data: Information about your device, browser and IP address.
This data is processed and partially stored in server log files for up to seven days, without drawing conclusions about the individual. The data is used to deliver website content correctly, ensure the IT system’s functionality, prevent attacks, and assist law enforcement in cases of cyber-attacks. It is processed under Art. 6 (1) (b) and (c) GDPR (partly in conjunction with Art. 32 GDPR) and § 25 (2) TDDDG.
b) When Contacting Us
When contacting Trusc GmbH via the contact form, email, or appointment scheduling, the data you provide is processed to respond to your inquiry and stored for follow-up if necessary. This processing is based on Art. 6 (1) (b) and (c) GDPR, and § 25 (2) TDDDG. We will only further process or share this data with your consent under Art. 6 (1) (a) GDPR.
3. Recipients
Data is shared with external recipients only if technical necessary, required by law or if you have given consent. These recipients may include public authorities, hosting providers, or other service providers. Data may also be shared with external parties (e.g., lawyers) if needed to protect legal interests.
4. Cookies and Tracking Tools Used
Our website uses cookies that are necessary to maintain the functionality of the website and others, that are described below (for analytics and marketing purposes). These cookies are set and read based on § 25 (2) 2 TDDDG or based on your consent and therefore based on § 25 (1) TDDDG and/or Art. 6 (1) (a) GDPR. The subsequent processing of this information is based on Art. 6 (1) (a) and, if applicable, (c) in conjunction with Art. 32 GDPR.
a) Essential Tools (Necessary)
| Application | Anchor |
| I. WordPress: Supports our website with necessary cookies (e.g., session management, security). | https://trusc.com/en/privacy-policy#wordpress |
| II. Dogado: Our hosting provider, which securely hosts the website in Germany. | https://trusc.com/en/privacy-policy#dogado |
| III. CookieFirst: Manages cookie consents, allowing users to adjust settings at any time. | https://trusc.com/en/privacy-policy#cookiefirst |
| IV. Matomo Tag Manager: Matomo Tag Manager allows for the efficient management of tags and code snippets on our website. It facilitates the integration and control of marketing and analytics tools without storing personal data itself. | https://trusc.com/en/privacy-policy#mtm |
b) Marketing and Analysis Tools (only after prior consent):
| Application | Anchor |
| I. Hotjar: Helps analyze user behavior for site improvement, used only with your consent. | https://trusc.com/en/privacy-policy#hotjar |
| II. Calendly: Allows for online appointment scheduling. | https://trusc.com/en/privacy-policy#calendly |
| III. Dealfront: Analyzes visitor behavior, focusing on B2B visits, with IP anonymization enabled. | https://trusc.com/en/privacy-policy#dealfront |
| IV. LinkedIn Ads + Insight Tag: Enables us to analyze and optimize our ads on LinkedIn. We only access your data with your explicit consent. | https://trusc.com/en/privacy-policy#linkedin |
| V. Google Ads + Conversion Tag: Used to measure the effectiveness of our ads on Google. We can only track the actions you have taken after clicking on an ad with your consent. | https://trusc.com/en/privacy-policy#googleads |
| VI. Matomo Analytics: Matomo Analytics helps us analyze and understand user behavior on our website. It is used only with your consent. Data such as page views, duration of visits, and interactions are collected in an anonymized form to optimize user experience. | https://trusc.com/en/privacy-policy#matomo |
Cookie settings can be managed via our cookie consent page, with consents adjustable anytime.
a) Essential Tools (Necessary)
I. WordPress
WordPress is the content management system (CMS) on which our website is based. It stores essential information to ensure the functionality of the website, including technically necessary cookies for session management and security tools to prevent malicious activities. No user behavior analysis is conducted.
Legal basis:
Processing is based on Art. 6 (1) (f) GDPR, as it is necessary to safeguard our legitimate interest in a secure and functional website. The information is not processed for advertising or analytics purposes.
Storage duration:
Session cookies are automatically deleted at the end of the browser session.
II. Dogado
Our website is hosted by Dogado GmbH, a reliable hosting provider, situated in the EU (Germany). Dogado provides us with the technical resources needed to offer our website securely and efficiently. This includes storing and processing user data on Dogado servers, such as IP addresses required for accessing our website and additional technical information necessary for site operation (e.g. log files).
Legal Basis:
Data processing by Dogado is based on Art. 6 (1) (f) GDPR, as it is required to ensure the provision and secure operation of our website. We have a legitimate interest in providing a secure and stable website.
Location of Servers and Data Security:
Dogado’s servers are located within the European Union, Germany. Dogado uses advanced security measures to protect your data from unauthorized access, loss, or destruction. All data is processed exclusively in highly secure data centers protected by state of the art firewalls and encryption technologies.
Data Transmission to Third Parties:
Dogado processes data solely under our instructions and does not share this data with third parties unless legally required.
Storage Duration:
Log files containing technical data such as IP addresses are stored for a maximum of seven days and then deleted unless a security-related event requires longer retention.
III. CookieFirst
CookieFirst is our tool for managing cookie and tracking tool consents. It ensures that your consents are observed at all times and gives you the option to adjust your preferences. Using CookieFirst, we ensure that no unnecessary cookies are set without your express consent.
Legal Basis:
CookieFirst is used to fulfill our legal obligation under Art. 6 para. 1 (c) GDPR to obtain and document consents properly. Storing your consents is also based on Art. 6 para. 1 (c) GDPR.
Processed Data Categories:
1. Your consent(s) or withdrawal of consent(s)
2. Your IP address
3. Browser information
4. Device information
5. The time of your website visit
Storage Duration:
Consent data is stored as long as necessary to meet our legal obligations, generally up to 12 months.
Contact Information:
Provider of this technology is Digital Data Solution B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands.
Further Documentation:
CookieFirst Privacy Policy: https://cookiefirst.com/legal/privacy-policy/
IV. Matomo Tag Manager
Matomo Tag Manager is a tool that allows us to centrally manage various tags and code snippets on our website. This simplifies the integration and management of marketing and analytics tools without having to directly modify the source code. The Matomo Tag Manager itself does not set cookies or collect personal data. It is solely used to manage and trigger tags that may collect data. The tools embedded through the use of the Tag Manager collect data in accordance with their own privacy policies. For more information, please refer to the relevant sections of our privacy policy.
Please note that the integration of the Matomo Tag Manager may activate additional services that collect data. For detailed information, please consult the relevant sections of this privacy policy.
Legal Basis:
The use of the Matomo Tag Manager is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. Our interest lies in the efficient management and integration of tags to ensure the functionality and performance of our website.
Contact Information:
Provider is the InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand
Further Documentation:
Matomo Privacy Policy: https://policies.google.com/privacy
b) Marketing and Analysis Tools (Consent Required):
I. Hotjar
Hotjar helps us understand user behavior on the website by anonymously recording interactions like clicks, mouse movements, and scrolling behavior. The data collected by Hotjar provides valuable insights into our site’s usability, enabling us to improve it. Hotjar does not use personally identifiable data and automatically masks sensitive information such as password fields.
Opt-out: If you wish to disable Hotjar data collection, please click on the following link and follow the instructions: https://www.hotjar.com/opt-out.
Legal Basis:
Hotjar data processing is based on your consent under Art. 6 para. 1 (a) GDPR. No data recording occurs without your consent.
Processed Data Categories:
1. Your computer’s IP address (collected and stored anonymously)
2. Screen size
3. Browser information (browser type, version, etc.)
4. Your location (country only)
5. Preferred language setting
6. Visited web pages (subpages)
7. Date and time of accessing one of our web pages
Storage Duration:
Data collected by Hotjar is stored for up to 365 days, after which it is automatically deleted.
Contact Information:
Provider is Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.
Further Documentation:
Hotjar Privacy Policy: https://www.hotjar.com/de/datenschutz/
II. Calendly
Calendly is an online appointment scheduling service that allows users to book appointments with us easily and efficiently. When using this service, personal data such as name and email address is processed to enable and confirm appointment scheduling.
Appointment booking via Calendly is optional. If you prefer not to have your data processed by Calendly, you can also contact us via email, phone, or mail.
Legal Basis:
Processing is based on Art. 6 para. 1 (b) GDPR, as it is necessary to fulfill a contract or conduct pre-contractual measures at your request.
Data Transmission:
Data is transferred to our data processor, Calendly, Inc., 115 E Main St., Ste. A1B, Buford, GA 30518, USA, represented by DPO Centre Europe, Friedrichstraße 88, 10117 Berlin, Germany, eurep@calendly.com. This may involve transferring personal data to a non-EU country. Data transfer to the USA is based on Art. 45 GDPR in conjunction with the European Commission’s adequacy decision C(2023) 4745, as the data recipient complies with the principles of the Data Privacy Framework (DPF).
Storage Duration:
User and customer data stored during appointment booking is deleted once the purpose of processing is fulfilled, at the latest, seven days after the agreed appointment.
Further Documentation:
Calendly Privacy Policy: https://calendly.com/pages/privacy
Data Processing Appendix: https://calendly.com/legal/data-processing-addendum
III. Dealfront
Our website uses Dealfront’s technology (Dealfront Finland Oy as part of the Dealfront Group GmbH) to analyze visitor behavior. The IP address of a visitor is processed for this purpose, enabling us to understand which companies (B2B) are visiting our site by enriching IP addresses with relevant company information such as company name or industry.
To enhance visitor privacy, we have enabled “IP address anonymization,” so only truncated values are stored instead of actual IP addresses. When this function is active, the actual IP address is not stored in our systems, including logs, preventing external IP address data from being linked and preventing individual identification.
Legal Basis:
Processing is based on Art. 6 para. 1 (a) GDPR, as it is necessary to safeguard our legitimate interest in optimizing our products, services, sales, and marketing activities. To ensure compliance with data protection standards, we have concluded a data processing agreement with Dealfront.
Storage Duration:
Data is deleted once it is no longer required to fulfill the purpose of its collection. Legal retention obligations may lead to longer retention of the data in question.
Further Documentation:
Data Processing Addendum: https://marketing.dealfront.com/inside-and-outside-eea-data-processing-agreement-dealfront-de.pdf
IV. LinkedIn Ads + Insight Tag
LinkedIn Ads and the LinkedIn Insight Tag help us optimize our advertising campaigns and measure the effectiveness of our marketing efforts. The Insight Tag is a code snippet integrated into our website to enable conversion tracking, retargeting, and the analysis of visitor data.
This provides us with detailed statistical information about user behavior on our website, allowing us to draw insights from how our offerings are used.
We use LinkedIn Insights to ensure continuous optimization and a user-centric design. This way, we aim to tailor our offerings as effectively as possible for our users. Additionally, we statistically evaluate the use of our services to optimally adapt our offerings.
With the help of the LinkedIn Insight Tag, we receive information about our website visitors. If a website visitor is registered on LinkedIn and has navigated directly to our website from one of our LinkedIn ads, we can, among other things, analyze cumulative professional details (e.g., career level, company size, country, location, industry, and job title) of our website visitors to better align our site with the respective target groups. Furthermore, we can measure whether visitors to our website make a purchase or take another action (conversion tracking), which can also occur across devices (e.g., from PC to tablet). LinkedIn Insight Tag also offers a retargeting feature that allows us to display targeted advertising to visitors of our website outside of our site, without identifying the advertising target according to LinkedIn.
LinkedIn also collects so-called log files (URL, referrer URL, IP address, device and browser properties, and access time). The IP addresses are truncated or hashed (pseudonymized) if they are used to reach LinkedIn members across devices. The direct identifiers of LinkedIn members are deleted by LinkedIn after seven days.
You can opt-out of the analysis of your usage behavior and targeted advertising by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Furthermore, LinkedIn members can manage the use of their personal data for advertising purposes in their account settings. To prevent LinkedIn from linking data collected on our website to your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Legal Basis:
The processing of your data is based on your consent in accordance with Art. 6 para. 1 (a) GDPR. Without your consent, no data will be collected.
Data Transmission:
LinkedIn is a global company headquartered in the United States. Therefore, the collected data may be transferred to and processed in countries outside the European Economic Area (EEA). LinkedIn ensures that appropriate safeguards are in place for such data transfers to comply with applicable data protection laws and maintain an adequate level of protection. For more information, please refer to LinkedIn’s
Privacy Policy.
Further Information Provided by LinkedIn: https://www.linkedin.com/help/linkedin/answer/a1343190
Categories of Data Processed:
1. IP address of your computer (stored in anonymized form)
2. Information about your web browser and device type
3. Time zone and location data (country only)
4. Visited web pages (sub-pages) and interactions
5. Date and time of the visit
6. Actions, such as page views or clicks on content linked to LinkedIn ads
Storage Duration:
Data collected via the LinkedIn Insight Tag is typically anonymized within seven days and deleted within 180 days.
Contact Information:
Provider: LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, USA
Further Documentation:
LinkedIn Privacy Policy: https://www.linkedin.com/legal/privacy-policy
Data Processing Addendum: https://legal.linkedin.com/pages-joint-controller-addendum
V. Google Ads + Conversion Tag
This website uses the online marketing tool Google Ads from Google. Google Ads uses cookies to display relevant ads to users, improve reports on campaign performance, and prevent users from seeing the same ads multiple times. By assigning a cookie ID, Google tracks which ads are shown in which browser and can thereby avoid displaying ads repeatedly. Additionally, Google Ads can use cookie IDs to track conversions related to ad requests, such as when a user views a Google Ads ad and later visits the advertiser’s website using the same browser and makes a purchase. According to Google, Google Ads cookies do not contain any personally identifiable information.
Due to the marketing tools used, your browser automatically establishes a direct connection to Google’s server. By integrating Google Ads, Google receives information that you have accessed a specific part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or not logged in, it is still possible for Google to obtain and store your IP address.
You can prevent participation in this tracking process in several ways:
a) By adjusting your browser settings to block third-party cookies, which will prevent you from receiving ads from third-party providers;
b) By deactivating interest-based ads from providers participating in the self-regulation campaign “About Ads” via the link https://www.aboutads.info/choices, noting that this setting will be reset if you delete your cookies;
c) By permanently deactivating ads in your browsers (Firefox, Internet Explorer, or Google Chrome) at https://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use all features of this website to their full extent.
Legal Basis:
The processing of your data is based on your consent in accordance with Article 6(1)(a) GDPR. No data collection will occur without your consent.
Data Transmission:
Google is a global company headquartered in the United States. Therefore, the collected data may be transferred to and processed in countries outside the European Economic Area (EEA). Google ensures that appropriate safeguards are in place for such transfers to comply with applicable data protection laws and maintain a high level of data protection. For more information, please refer to Google’s Privacy Policy.
Categories of Data Processed:
1. Anonymized IP address of your computer
2. Information about your web browser and device type
3. Location data (country only) and time zone
4. Visited pages (sub-pages) and interactions performed
5. Date and time of the visit
6. Actions, such as clicks or page views related to Google Ads
Storage Duration:
Data collected through conversion tracking is typically anonymized within 30 days and deleted within a maximum of 180 days.
Contact Information:
Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Further Documentation:
Google Privacy Policy: https://policies.google.com/privacy
VI. Matomo Analytics
Matomo Analytics is a web analytics tool that helps us understand and analyze user behavior on our website. By collecting data such as page views, duration of visits, and interactions, we can continuously optimize our content and offerings. We use the cloud version of Matomo, with data stored on servers within the European Union. The data is collected in an anonymized form, making it impossible to identify individual users.
Legal Basis:
The processing of your data is based on your consent pursuant to Art. 6 (1) lit. a GDPR. Without your consent, no data collection will be conducted through Matomo Analytics.
Categories of Data Processed:
1. Anonymized IP address of your computer
2. Information about your web browser and device type
3. Location data (country only) and time zone
4. Visited webpages (subpages) and interactions
5. Date and time of visit
6. Duration of stay on individual pages and actions, such as clicks and downloads
Storage Duration:
The collected data is typically anonymized within 90 days and retained for analytical purposes for a maximum of 365 days before being deleted.
Contact Information:
Provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand
Further Documentation:
Matomo Privacy Policy: https://matomo.org/privacy-policy/
5. Data Storage and Deletion
Data is stored only as long as necessary for the intended purpose or as legally required. Business-related data is retained for the duration of the relationship, following retention and documentation obligations per the Commercial Code (HGB) and Fiscal Code (AO), and based on applicable statutory limitation periods.
6. Security of Processing
Trusc GmbH implements security measures per Art. 32 GDPR to protect personal data, including encryption and routine security evaluations.
7. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy as needed. The current version is always available on our website.
8. Data Subject Rights
You, as the data subject, have the following rights under the General Data Protection Regulation (GDPR):
– Right to Access (Art. 15 GDPR)
– Right to Rectification (Art. 16 GDPR)
– Right of Erasure (Art. 17 GDPR)
– Right to Restriction of Processing (Art. 18 GDPR)
– Right to Data Portability (Art. 20 GDPR)
– Right to Object (Art. 21 GDPR)
Should we process data to safeguard our legitimate interests, you may object to this processing at any time for reasons arising from your particular situation. The objection will be effective going forward.
Under the GDPR and the Federal Data Protection Act (BDSG), certain limitations apply to the right of access under Art. 15 GDPR and the right to erasure under Art. 17 GDPR. Specifically, the restrictions in Sections 34 and 35 of the BDSG apply.
To exercise your rights, you may contact our Data Protection Officer or Trusc GmbH at any time using the contact details provided.
Additionally, you have the right to file a complaint with a data protection supervisory authority (in accordance with Art. 77 GDPR in conjunction with § 19 BDSG).
The supervisory authority responsible for us is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstraße 98
24103 Kiel
Telefon: +49 431 988-1200
Email: mail@datenschutzzentrum.de
9. Right to Withdraw Consent for Tracking
You have the right to withdraw your consent to the use of cookies and tracking tools at any time with future effect. You can manage and change your consent settings by visiting our Cookie Consent page, which ais managed by CookieFirst. Here, you can adjust your preferences, update your consent choices, or fully withdraw consent.
10. Contact
If you have questions about our information offerings or wish to exercise your rights, you may contact us through our contact form on the TRUSC website or by emailing us directly at info@trusc.com.
last changed 31.10.2024, V1.2
Let us hear from you!
Do you have any questions or would you like to find out more about TRUSC? We are here for you and look forward to contact with you!
Note: The data provided in the contact form will be processed for the purpose of handling your request and further communication in accordance with Art. 6 para. 1 lit. a GDPR. Further information concerning data processing can be found in our privacy policy.