Privacy
Status: 09.02.2021
The protection of information relating to you, such as your name, your telephone number, and your e-mail or IP address (so-called “personal data”), is important to us. Therefore, we operate this Digital Platform and services offered by us on it (locker rental) in accordance with the applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This data protection notice covers the processing of personal data on the website www.trisor.de, the landing pages at www.lp.trisor.de or similar, in our registration funnel and customer portal, and in the context of locker activation and locker rental. You will find below an explanation of how we handle your personal data in this context.
1. who is responsible?
Responsible for this website and the services offered on it is
Trisor Ltd.
represented by the managing directors:
Marco Wild, Dr. Justus Westerburg
Bachstraße 12
10555 Berlin
Germany
support@trisor.de
Data Protection Officer: Tomislav Divic
2. what do we do with your personal data on our website?
As part of providing our services, we operate, among other things, the website www.trisor.de. In the following, we would like to inform you about how we handle your personal data in the process.
a) If you use our website or contact us via our support service
The provision of this website requires the processing of personal data, such as your IP address. This processing is necessary for the retrieval of the content presented on this website (including its functions) and due to IT security measures.
You also have the option of contacting us via our so-called support (request a callback, live chat or message). For this purpose, we collect the personal data that you provide in the course of communication.
(1) Legal basis
The processing of your personal data for the provision of this website and for communication via this website is based on our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO). For the provision of this website, it is technically necessary that we process certain personal data (e.g. the IP address). For your communication with us it is necessary that we handle your respective personal data.
(2) Weighing of interests
Within the framework of the necessary balancing of interests, we have weighed up your interest in confidentiality and our interests in providing this website and contacting you in each case. In each case, your interest in confidentiality takes a back seat. We would not otherwise be able to provide you with this website or respond to your contact request.
b) If you apply for a job with us
You have the opportunity to apply for jobs through our website. For this purpose, you can use the contact options provided there. We process the data provided as part of your application for the purpose of reviewing your application and suitability for the advertised position.
(1) Legal basis
The processing of your personal data in the context of your application is based on Art. 6 para. 1 lit. b DSGVO and § 26 para. 1 P. 1 BDSG. The transmission of photos is voluntary.
c) If you order our newsletter
You can register for our newsletters on our website by giving the appropriate consent. For this purpose, we collect the personal data that you enter in the registration form.
Your consent is the legal basis for our data processing. You can revoke your consent at any time with effect for the future.
d) Logging during the use of our website
When you access our website or download data from the website or one of its subpages, information about this is processed in a log file. Depending on the access protocol used, the log record contains information with the following content:
● Name of the requested file, the date and time of the page request.
● IP address of the requesting computer
● Access methods/functions requested by the requesting computer.
● the web page accessed or the name of the file accessed
● Operating system and browser type or settings.
● The amount of data transferred and the message whether the access/retrieval was successful.
There is no possibility for us to link IP address and possibly existing personal data if you use our website without being logged into your customer account. The stored data is used exclusively for the purpose of identifying and tracking unauthorized access attempts/accesses to the web server as well as for statistical evaluations such as visitor numbers and page popularity and to improve our online offering. This data is used exclusively by us. The data will not be passed on to third parties.
(1) Legal basis
The processing of your personal data in the context of calling up our website and downloading content from our website is based on our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO). For the improvement of this website it is necessary that we process certain personal data (e.g. the IP address).
(2) Weighing of interests
Within the framework of the necessary balancing of interests, we have weighed up your interest in confidentiality and our interests in providing this website and contacting you in each case. In each case, your interest in confidentiality takes a back seat. Otherwise, we would not be able to continuously improve this website and make it available to you in a user-friendly manner.
e) If you follow us on Facebook and on other social media platforms of third party service providers
You have the option to follow us on Facebook and on other social media platforms of third party service providers (e.g. LinkedIn). For this purpose, we handle the personal data that you provide to us in each case or which is provided to us by the respective platform operator about you, insofar as it is made available to us. You can control the privacy setting yourself within the framework of a social media platform.
(1) Legal basis
We process your personal data within the scope of our social media offerings on the basis of our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. For the provision of our social media offers, it is technically necessary for us to process certain personal data (e.g., your IP address; personal data that you have provided to the respective platform operator). As part of the necessary balancing of interests, we have weighed up your interest in confidentiality against our interest in providing our social media offerings. Your interest in confidentiality takes a back seat. Otherwise, we would not be able to offer you our social media services.
(2) Recipient categories
The data you transmit to us as part of our social media offerings is also automatically transmitted to the respective social media platform operators.
f) Use of cookies on our website
So-called cookies are used on our website. Cookies are data records that are stored by a web server on the end device (e.g. computer, smartphone, tablet) of the user. These are sent back to our website (“first party cookies”) or to another website (“third party cookies”) when you visit our website again with the same terminal device.
We use this information to improve the performance and attractiveness of our website through statistical analysis. Any storage of personal data beyond the aforementioned information will only take place with your express consent. Turning off the cookie function in your browser does not restrict the use of our website and the services offered.
(1) Legal basis for the use of cookies
The legal basis for this is in principle our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO). In order to evaluate the performance and attractiveness of the website, it is necessary to process personal data.
(2) Weighing of interests for the use of cookies
As part of the necessary balancing of interests, we have in each case weighed up your interest in confidentiality against our interest in providing this website (including its functions). Your interest in confidentiality takes a back seat. We would otherwise not be able to provide you with the features of our website.
g) Use of analysis tools
(1) Google Analytics
We use Google Analytics on our website, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
Google Analytics uses cookies that are stored on your terminal device and that enable an analysis of your use of the websites. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymization, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can find Google’s privacy policy at: https://www.google.com/policies/privacy
(2) Google Tag Manager
We use Google Tag Manager on our website, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Tag Manager places so-called tags on our website in order to integrate and manage the Google analysis and marketing services on our website.
For more information about Google’s use of data for marketing purposes, please see the overview page: https://www.google.com/policies/technologies/ads.
You can find Google’s privacy policy at: https://www.google.com/policies/privacy
If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
(3) Facebook Pixel
In addition, we use so-called Facebook Pixel of Facebook Inc. on our website. (1601 S. California Ave, Palo Alto, CA 94304, USA). With its help, we can track users’ actions after they have seen or clicked on a Facebook ad. Personal data about the user’s activities, device and browser information, data about displayed advertisements may be processed.
In addition, data may be transmitted to Facebook servers in the USA. You can find Facebook’s privacy policy at: https://de-de.facebook.com/policy.php
(4) LinkedIn
We use LinkedIn Insight Tag (registered office within the EU: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). Integrating the Insight tag on our website allows us to optimize campaigns, retarget website visitors, and learn more about your target audience. Personal data such as your IP address, device and browser properties, and timestamps are processed in the process. The direct identification of users is removed or pseudonymized after seven days.
For more information on Insight Day, visit: https://www.linkedin.com/help/linkedin/answer/65521
You can find LinkedIn’s privacy notice at: https://www.linkedin.com/legal/privacy-policy?src=or-search&veh=www.google.com
(5) Hotjar
We use the web analytics service Hotjar from Hotjar Ltd, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. Among other things, Hotjar uses cookies that are stored locally in the cache of your web browser on your terminal device and that enable an analysis of your use of our online presence. This allows personal data to be stored and analyzed, in particular the user’s activity (in particular which pages have been visited and which elements have been clicked on), device and browser information (in particular the IP address and operating system) and a tracking code (pseudonymized user ID). The information collected in this way is transmitted by Hotjar to a server in Ireland and stored there anonymously.
You can find Facebook’s privacy policy at: https://www.hotjar.com/legal/policies/privacy
(6) Legal basis for the use of the aforementioned analysis tools
Your consent is the legal basis for our data processing. You can revoke your consent at any time with effect for the future. This does not affect the lawfulness of the previous data processing.
Data transmission and data processing in the USA:
There may also be data processing in the USA. The basis for this data transfer is your consent given via the cookie consent banner (Art. 49 para. 1 lit. a) DSGVO). The level of data protection in the USA is not comparable to that in Europe. It is possible that government agencies may access personal information without our or your knowledge. Legal action may not be promising. You can revoke your consent at any time with effect for the future via the cookie settings in the footer.
h) Further use of tools on the website
The use of the following tools is based on our overriding legitimate interest:
(1) Zendesk
For communication with you, we use the chat function of the provider Zendesk Inc. (989 Market St San Francisco, CA 94103). Using Zendesk allows you to contact us directly and quickly through the website.
You can find Zendesk’s privacy notice at: https://www.zendesk.de/company/customers-partners/privacy-policy/
(2) Unbounce
In order to provide our customers and interested parties with the best possible information, we use the analysis service of Unbounce Marketing Solutions Inc., Unit 415 -375 Water Street, Vancouver, BC, Canada V5T 4R4 (hereinafter: “Unbounce”) on various landing pages for A/B testing, namely for the optimization and needs-based design of our actions and advertising campaigns, on the basis of Art. 6 (1) f) DSGVO. In doing so, individual platforms are hosted by Unbounce and used by us for our promotions and advertising campaigns. If you visit these landing pages, your browser communicates directly with Unbounce’s servers so that technical and statistical information about these servers can be processed and cookies can be set. We then receive an anonymous statistical analysis of the users’ activities on the platforms we use. This data processing by Unbounce allows us to improve our landing pages and our products, which is our legitimate interest. We have concluded a contract with Unbounce on commissioned processing in accordance with Art. 28 DSGVO, in which Unbounce undertakes to process the data received only in accordance with our instructions and to comply with the EU level of data protection. In addition, the EU Commission has classified Canada as a safe third country, so that a level of data protection in line with the European standard is guaranteed for this data processing. For more information about Unbounce and data protection at Unbounce, please see the provider’s privacy policy https://unbounce.com/privacy/.
(3) Cookieconsent Pro
To obtain effective user consent for cookies and cookie-based applications that require consent, we use the “Cookie Pro” tool, a service provided by OneTrust LLC, 1200 Abernathy Rd NE, Sandy Springs, GA 30328, USA. By integrating a corresponding JavaScript code, the user is shown a banner when accessing the page, in which consent to certain cookies or analysis tools can be obtained by ticking the appropriate box.
(4) Zapier
For the integration of various tools, we use Zapier, a service of Zapier Inc, 548 Market St #62411 San Francisco, CA 94104. USA. Zapier is used in the interest of efficient structuring of the tools we use.
(5) Legal basis
The legal basis for the use of these tools is our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO). The use is made in particular from the motivation and the goal to provide a user-friendly website.
(6) Weighing of interests for the use of the tools
As part of the necessary balancing of interests, we have in each case weighed up your interest in confidentiality against our interest in providing this website and its functions. Your interest in confidentiality takes a back seat. We would otherwise not be able to provide you with these functions on this website.
(7) Data transmission to the USA
There may also be data processing in the USA. The basis for this data transfer is your consent given via the cookie consent banner (Art. 49 para. 1 lit. a) DSGVO). The level of data protection in the USA is not comparable to that in Europe. It is possible that government agencies may access personal information without our or your knowledge. Legal action may not be promising. You can revoke your consent at any time with effect for the future via the cookie settings in the footer.
3. what we do with your personal data within the scope of the registration funnel and customer portal
If you wish to reserve a locker, you must first log in through our registration tunnel. How and which personal data is processed in the process is explained to you below.
b) Registration FunnelAnalysis Tools
(1) When you register on our Digital Platform and reserve a locker
To be able to rent a digitally controlled safe deposit box, you must first register via the so-called registration tunnel. We collect those personal data that are necessary for the registration (title, name, first name, e-mail address, payment interval, payment method, payment data).
To reserve a safe deposit box, you must also select a location of the safe deposit box (branch selection) and the size of the safe deposit box. After entering the data, they will be summarized again and must be confirmed by you to make a reservation. Following the confirmation, a reservation confirmation will be displayed on the screen and sent to you again by e-mail.
In addition, you have the possibility to use our customer portal after registration. After initial login (customer identification and appointment booking for activation), you can manage general information and functions (such as personal data, payment data, support, card and key related actions or add authorized persons). In addition, you have the option to take out a higher insurance.
(i) Legal basis and balancing of interests
We process personal data in the context of registration and activation by natural persons for the initiation, implementation and execution of the corresponding rental contract, as well as the transfer of your data to increase the associated of the insurance sum requested by you (Art. 6 para. 1 lit. b) DSGVO). We process personal data in the context of registration and activation by legal entities for the conclusion and execution of the respective rental contract (Art. 6 para. 1 lit. b) DSGVO) and due to our overriding legitimate interest (communication with customer-relevant contacts; Art. 6 para. 1 lit. f) DSGVO). Within the framework of the necessary balancing of interests, we have in each case weighed up the confidentiality interests of the customer-relevant contact persons and our interest in customer-related communication. The confidentiality interests of the customer-relevant contact persons take a back seat. We would not be able to fulfill our lease otherwise.
(ii) Mandatory information
If you do not provide this personal data, we cannot conclude the respective contractual relationship.
(iii) Categories of recipients
We use service providers for the provision and implementation of the registration process. These are: Amazon Web Services (AWS) for data storage, SendGrid (a customer communication platform for transactional and marketing emails), Stripe (an online payment service), PayPal (for payment processing), and Amazon Cognito (registration and login).
The legal basis for the use of these service providers is, as already described above, our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO). In addition, we have concluded an order processing agreement with all service providers.
In the event of an increase in the sum insured, your corresponding data will be transmitted to the insurance intermediaries designated for this purpose.
Data transfer and data processing in the USA
There may also be data processing in the USA. The basis for this data transfer is your consent given via the cookie consent banner (Art. 49 para. 1 lit. a) DSGVO). There is no comparable level of data protection in the U.S. as in Europe. It is possible that government agencies may access personal information without our or your knowledge. Legal action may not be promising. You can revoke the consent at any time with effect for the future via the cookie settings in the footer
(2) If you use our registration tunnel
So-called cookies are used in our registration tunnel. Here we use technically necessary cookies. These serve to provide the registration funnel and are necessary for its retrieval of the content presented there (including its functions) as well as due to IT security measures.
(i) Legal basis for the use of cookies
The legal basis for this is in each case our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO).
(ii) Balancing of interests for the use of cookies
As part of the necessary balancing of interests, we have in each case weighed up your interest in confidentiality against our interest in providing this registration funnel (including its functions). Your interest in confidentiality takes a back seat. We would otherwise not be able to provide you with the features of our registration funnel.
(3) Use of Google Analytics
We use Google Analytics on our website, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies that are stored on your terminal device and that enable an analysis of your use of the websites. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization, Google will truncate your IP address beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can find Google’s privacy policy at: https://www.google.com/policies/privacy Legal basis for the use of the aforementioned analysis tools Your consent is the legal basis for our data processing. You can revoke your consent at any time with effect for the future. This does not affect the legality of the previous data processing. Data transfer and data processing in the USA There may also be data processing in the USA. The basis for this data transfer is your consent given via the cookie consent banner (Art. 49 (1) a) DSGVO). In the USA, there is no comparable level of data protection as in Europe. It is possible that government agencies access personal data without us or you knowing about it. Legal prosecution may not be promising. You can revoke your consent at any time with effect for the future via the cookie settings in the footer.
2. if you want to have your safe deposit box unlocked
To activate the locker, an ID check, the selection of an activation date and the creation of a customer card are required.
(1) ID check
If you want to have your safe deposit box unlocked, you must first perform an ID check as defined by the Money Laundering Act. This requires a copy of the ID, name, date and place of birth and address. You can choose from different variants for the ID check. An on-site ID check can also be arranged. Legal basis We process your personal data within the framework of the locker activation for the initiation, implementation and processing of the corresponding rental agreement (Art. 6 para. 1 lit. b) GDPR). We are obliged to process your personal data in the ID procedure in accordance with the Money Laundering Act (Art. 6 para. 1 lit. (c) GDPR). Recipients We use service providers to perform ID verification. We transmit personal data to these service providers for this purpose. These service providers are contractually obligated by us to exercise the same care in handling personal data as we do ourselves.
(1) Legal basis
We process your personal data within the framework of the locker activation for the initiation, implementation and processing of the corresponding rental agreement (Art. 6 para. 1 lit. b) GDPR). We are obliged to process your personal data in the ID procedure in accordance with the Money Laundering Act (Art. 6 para. 1 lit. (c) GDPR).
(2) Receiver
We use service providers to perform ID verification. We transmit personal data to these service providers for this purpose. These service providers are contractually obligated by us to exercise the same care in handling personal data as we do ourselves.
(2) Locker activation
As part of the locker activation process, your fingerprint is captured by an electronic scanner the first time you access the locker and stored on your customer card with an additional PIN. You will need this customer card to gain access to the self-service terminal room and your locker. The fingerprint is stored exclusively on your customer card.
(1) Legal basis
We process your personal data within the framework of the locker activation for the initiation, implementation and processing of the corresponding rental agreement (Art. 6 para. 1 lit. b) DSGVO; Art. 6 para. 1 lit. f) GDPR). We process your fingerprint as biometric data on the basis of your prior consent given for this purpose (Art. 9 (2) a) DSGVO).
(2) Recipient categories
We may disclose your personal data to third parties if this is necessary for the performance of the contract.
c) Access to the leased property
We process your personal data when you authenticate yourself at the terminal area (where the self-service terminal for accessing the locker is set up) using your customer card and the fingerprint stored on it.
(1) Legal basis
We process your personal data in the context of authentication at the self-service terminal for the initiation, execution and settlement of the corresponding rental agreement (Art. 6 para. 1 lit. b) DSGVO; Art. 6 para. 1 lit. f) GDPR). We process your fingerprint as biometric data on the basis of your consent given in advance for this purpose (Art. 9 (2) a) DSGVO).
(2) Recipient categories
We may disclose your personal data to third parties if this is necessary for the performance of the contract.
d) Obligations to keep records and provide information on our part
We process your personal data within the scope of our obligation to keep records and provide information. Before activating the safe deposit box, we are obliged to obtain certainty about the person and address of each authorized disposer and each beneficial owner within the meaning of the German Money Laundering Act (GWG) and to provide the information required for this purpose in a suitable form, e.g., in the form of an electronic signature. files, to record. For this purpose, the personal data that the customer has provided in this regard prior to the activation date will be processed. An alphabetical list of the names of the authorized signatories and beneficial owners is kept.
(1) Legal basis
We process your personal data in order to comply with the legal obligations to which we are subject (record-keeping and disclosure obligations pursuant to Section 154 para. 1 German Fiscal Code (AO)).
(2) Recipient categories
Legally competent authorities may at any time request information about the right of disposal of the lockers. For this purpose, we have to provide the necessary information.
e) Video surveillance of our sites
All our locations are secured by video recording outside and inside. Inside, people entering the foyer and terminal areas are recorded, but not the insertion or removal of items from the lockbox. Video surveillance is necessary to enable the detection and prevention of crimes and the protection of business premises.
(1) Legal basis
We process your personal data based on our overriding legitimate interest (Art. 6 para. 1 lit. f) DSGVO). For the investigation and prevention of criminal acts as well as the protection of business premises, it is necessary that we record persons entering the terminal area.
(2) Weighing of interests
As part of the necessary balancing of interests, we have weighed up your interest in the respective confidentiality of your personal data and our interest in monitoring and securing the terminal area. Their interest in secrecy takes a back seat. Otherwise, we would not be able to ensure the investigation and prevention of criminal acts and the protection of business premises.
(3) Storage period
As part of the necessary balancing of interests, we have weighed up your interest in the respective confidentiality of your personal data and our interest in monitoring and securing the terminal area. Their interest in secrecy takes a back seat. Otherwise, we would not be able to ensure the investigation and prevention of criminal acts and the protection of business premises.
2. how long do we store your personal data in all other cases?
We delete your personal data when the respective purpose of storage ceases to apply and no statutory provision requires retention.
3. what are your data subject rights?
To exercise your rights and withdraw your consent, please contact us using the contact details above.
a) You have the right to request information about all personal data we process about you at any time.
b) If your personal data is incorrect or incomplete, you have the right to have it corrected and completed.
c) You may request the deletion of your personal data at any time, unless we are legally obligated or entitled to continue processing your data.
d) If the legal requirements are met, you may request restriction of the processing of your personal data.
e) You have the right to object to the processing insofar as the data processing is carried out for the purpose of direct marketing or profiling. If the processing is carried out on the basis of a balancing of interests, you may object to the processing by stating the reasons arising from your particular situation.
f) If the data processing is carried out on the basis of your consent or within the framework of a contract, you have a right to the transfer of the data provided by you, provided that this does not affect the rights and freedoms of other persons.
g) If we process your data on the basis of a declaration of consent, you have the right to revoke this consent at any time with effect for the future. The processing carried out before a revocation remains unaffected by the revocation.
h) You also have the right to lodge a complaint with a data protection supervisory authority at any time if you believe that data processing has been carried out in breach of applicable law.
4. in what context do we create automatic profiles?
No automatic profiles are created.
5. data security
We take appropriate technical and organizational security measures to protect the personal data we process against accidental or intentional manipulation, loss, destruction or against unauthorized access.