Cartoon Charakter einer jungen blonden Frau mit Headset in gelbem Oberteil
DATA PROTECTION

Privacy Policy

The following privacy policy applies to the use of our online offering at www.tuleva.de (hereinafter referred to as "website").

We place great importance on data protection. The collection and processing of your personal data is carried out in accordance with the applicable data protection regulations, especially the General Data Protection Regulation (GDPR).

1. Data Controller

The controller responsible for the collection, processing, and use of your personal data according to Article 4 No. 7 GDPR is:

Tuleva AG
Arndtstr. 16
22085 Hamburg
Tel.: +49 (0) 40 41433 43-0
E-Mail: info@tuleva.de

2. Name and Address of the Data Protection Officer

You can contact our designated Data Protection Officer at:
Christian Weirich / Centrias GmbH
Email: datenschutz@tuleva.de

3. General Purposes of Data Processing

3.1 Hosting
We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files, including your IP addresses.

Webflow is a tool for creating and hosting websites. Webflow stores cookies or other recognition technologies that are necessary for the display of the website, for the provision of certain website functions, and for ensuring security (necessary cookies). For more details, please refer to Webflow's Privacy Policy: https://webflow.com/legal/eu-privacy-policy

The use of Webflow is based on Article 6(1)(f) of the GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time. Data transfers to the USA are based on the EU Commission’s standard contractual clauses. Details can be found here: https://webflow.com/legal/eu-privacy-policy

Data Processing Agreement: We have entered into a Data Processing Agreement (DPA) with the aforementioned provider. This is a data protection-related contract required by law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

3.2 Access Data

  • Name and URL of the retrieved file
  • Date and time of access
  • Amount of data transferred
  • Notification of successful retrieval (HTTP response code)
  • Browser type and version
  • Operating system
  • Referrer URL (i.e., the previously visited page)
  • Websites accessed by the user's system through our website
  • User's Internet service provider
  • IP address and requesting provider

We use this log data without linking it to your person or creating a profile for statistical evaluations with the purpose of operating, securing, and optimizing our website. It is also used for the anonymous collection of visitor numbers (traffic), as well as for the scope and type of usage of our website and services, and for billing purposes, for example, to measure the number of clicks received from partners. Based on this information, we can provide personalized and location-based content, analyze traffic, identify and fix errors, and improve our services.

This constitutes our legitimate interest according to Article 6(1)(f) of the GDPR.

We reserve the right to review log data later if there are specific indications of a legitimate suspicion of unlawful use. We store IP addresses in log files for a limited period when necessary for security purposes, or for service provision or billing purposes, such as when you use one of our offers. After the completion of an order process or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if there is a specific suspicion of a criminal offense in connection with the use of our website. Additionally, we store the date of your last visit as part of your account (e.g., upon registration, login, or clicking on links).

3.3 Cookies
We use so-called session cookies to optimize our website. A session cookie is a small text file that is sent by the respective servers when visiting a website and temporarily stored on your hard drive. This file contains a session ID, which allows various requests from your browser to be assigned to the same session. This enables your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They are used, for example, to allow you to use the shopping cart function across multiple pages.

We also use a limited number of persistent cookies (also small text files stored on your device) that remain on your device and enable us to recognize your browser during your next visit. These cookies are stored on your hard drive and automatically delete themselves after a specified period. Their lifespan ranges from 1 month to 10 years. This allows us to present our offerings in a more user-friendly, efficient, and secure manner and, for example, to display information on the site that is tailored to your interests.

Our legitimate interest in using cookies, according to Article 6(1)(f) of the GDPR, lies in making our website more user-friendly, efficient, and secure.

The following data and information are typically stored in cookies:

  • Login information
  • Language settings
  • Entered search terms
  • Information about the number of visits to our website as well as the use of individual features of our online presence

When the cookie is activated, it is assigned an identification number, and no association of your personal data with this identification number is made. Your name, IP address, or similar data that would allow the cookie to be linked to you are not stored in the cookie. Based on cookie technology, we receive only pseudonymized information, such as which pages of our store were visited, which products were viewed, etc.

You can configure your browser to inform you in advance about the setting of cookies and decide on a case-by-case basis whether to accept cookies for specific situations or in general, or to prevent cookies entirely. This may limit the functionality of the website.

3.4 Data for Fulfilling Our Contractual Obligations
We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, ordered products, billing, and payment data. The collection of this data is necessary for entering into the contract.

The data will be deleted after the expiration of warranty periods and statutory retention periods. Data linked to a user account (see below) will be retained for as long as the account is active.

The legal basis for processing this data is Article 6(1)(f) of the GDPR, as this data is necessary for us to fulfill our contractual obligations towards you.

3.5 Newsletter
To sign up for the newsletter, the data requested during the registration process is required. The newsletter registration is logged. After signing up, you will receive an email at the address provided, asking you to confirm your subscription ("Double Opt-in"). This is necessary to prevent third parties from signing up with your email address.

You can revoke your consent to receive the newsletter at any time and unsubscribe from it.

We store the registration data as long as it is needed for sending the newsletter. The logging of the registration and the email address used for sending are stored as long as there is an interest in proving the original consent, typically for the duration of the civil statute of limitations, which is a maximum of three years.

The legal basis for sending the newsletter is your consent pursuant to Article 6(1)(a) in conjunction with Article 7 of the GDPR and Section 7(2) No. 3 of the UWG (German Act Against Unfair Competition). The legal basis for logging the registration is our legitimate interest in proving that the newsletter was sent with your consent.

You can cancel the registration at any time, without incurring any costs other than the transmission costs according to the base rates. A simple message in text form to the contact details listed in Section 1 (e.g., email, fax, letter) is sufficient. Of course, you will also find an unsubscribe link in every newsletter.

3.6 Data Security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.

Your personal data is transmitted to us in encrypted form. This applies to your orders as well as to customer logins. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission over the internet (e.g., communication via email) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

To safeguard your data, we maintain technical and organizational security measures in accordance with Article 32 of the GDPR, which we regularly adapt to the latest technological standards.

We also cannot guarantee that our services will be available at all times; disruptions, interruptions, or outages cannot be completely ruled out. The servers we use are regularly and carefully secured.

3.7 Email Contact
When you contact us (e.g., via contact form or email), we process your information to handle your inquiry and in case follow-up questions arise.

If the data processing is carried out to take pre-contractual measures at your request, or if you are already our customer and the processing is necessary for the execution of the contract, the legal basis for this data processing is Article 6(1)(b) of the GDPR.

We process additional personal data only if you give your consent (Article 6(1)(a) of the GDPR) or if we have a legitimate interest in processing your data (Article 6(1)(f) of the GDPR). A legitimate interest, for example, is responding to your email.

4. Web Fonts by Adobe Typekit

This site uses so-called web fonts provided by Adobe Typekit to ensure a consistent display of fonts. When you access a page, your browser loads the required web fonts into its browser cache to display texts and fonts correctly.

For this purpose, the browser you are using must connect to Adobe Typekit’s servers. This allows Adobe Typekit to know that our website was accessed via your IP address. The use of Adobe Typekit web fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR.

If your browser does not support web fonts, a default font from your computer will be used.

For more information on Adobe Typekit web fonts, please visit https://typekit.com/ and review Adobe Typekit’s privacy policy at https://www.adobe.com/de/privacy/policies/typekit.html.

5. Google Analytics

We use Google Analytics for statistical analysis. Google Analytics is a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland ("Google"). Google Analytics uses cookies, among other things, for its analyses. Cookies are text files that are stored on your computer and allow an analysis of your use of the online services. The type and scope of the use and analysis of cookies are largely determined by Google. The information generated by the cookies about your use of the online service is usually transmitted to a Google server and stored there. It is possible that data may be transmitted to the USA and may be accessed by governmental authorities.

If IP anonymization is activated on this website, Google will shorten your IP address before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. On behalf of the operator of the online service, Google uses this information to evaluate your use of the website, compile reports on website activities, and provide other services related to website and internet usage to the website operator. Additionally, Google may use the data for its own purposes, such as creating user behavior profiles or linking the data with other user data, for example, with an existing Google account. We have no influence over these data processing operations.

For more information, please refer to Google's privacy policy linked below. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. You can prevent the storage of cookies by adjusting your browser settings, but please note that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting and processing the data generated by the cookie related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Weitere Informationen dazu finden Sie unter http://tools.google.com/dlpage/gaoptout?hl=de bzw.  Google Marketing Platform - Unified Advertising and Analytics (allgemeine Informationen zu Google Analytics und Datenschutz). Wir weisen Sie darauf hin, dass auf unseren Internetseiten Google Analytics um den Code „anonymizeIp();“ erweitert wurde, um die IP-Adressen zu anonymisieren, wobei das letzte Oktett gelöscht wird.

Unsere Rechtsgrundlage für den Einsatz von Google Analytics ist Ihre Einwilligung gemäß Art. 6 Abs. 1 lit. a) DSGVO.

6. Google Tag Manager

Our website uses Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed via an interface. Google Tag Manager itself only implements tags, meaning no cookies are set, and no personal data is collected. Google Tag Manager only triggers other tags that may collect data. However, Google Tag Manager does not access this data. If deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags implemented via Google Tag Manager.

For more information about Google Tag Manager, please refer to the provider's privacy policy: https://support.google.com/tagmanager/answer/9323295?hl=de.

7. YouTube

This website integrates videos from YouTube. The operator of the site is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our pages that includes a YouTube video, a connection to YouTube’s servers is established. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended data protection mode. According to YouTube, videos played in extended data protection mode are not used for personalizing browsing on YouTube. Ads shown in extended data protection mode are also not personalized. In extended data protection mode, no cookies are set. However, local storage elements are stored in the user’s browser, which function similarly to cookies and can contain personal data used for recognition purposes. For details about extended data protection mode, see: https://support.google.com/youtube/answer/171780.

After activating a YouTube video, further data processing operations may be triggered, over which we have no control.

The use of YouTube is in the interest of providing an attractive presentation of our online offerings. This constitutes a legitimate interest under Article 6(1)(f) of the GDPR. If consent has been requested, processing is carried out exclusively based on Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TTDSG. Consent can be revoked at any time.

For more information on YouTube's data protection practices, please refer to their privacy policy at: https://policies.google.com/privacy?hl=de.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the U.S. Every company certified under the DPF is committed to adhering to these standards. You can find more information about this from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active.

8. Zapier for Email Dispatch

We use "Zapier" to connect different web apps. This allows us to automate actions between various web apps. Zapier is a service provided by Zapier Inc., 548 Market St #6241, San Francisco, CA 94104, USA. When using Zapier, it is possible that data may be transferred to Zapier's servers in the USA. We have entered into a Data Processing Agreement (DPA) with Zapier. Additionally, data processing is safeguarded through the EU Standard Contractual Clauses. We use Zapier to automate actions between different apps, which helps improve our website and makes our operations more time-efficient. This constitutes our legitimate interest under Article 6(1)(f) of the GDPR.

For more information about data protection at Zapier, please visit: https://zapier.com/privacy/.

9. Use of YourGPT.ai

We use the chat service YourGPT.ai, provided by Delta4 Infotech Pvt. Ltd., F 126, Phase 7, Industrial Area, Sector 73, Sahibzada Ajit Singh Nagar, Punjab 160055, India, on our website to enable interactive and personalized communication with you.

When you use the YourGPT.ai service, the content of your communication as well as metadata (e.g., IP address, time of interaction, browser type) is processed. This data processing is carried out to provide the YourGPT.ai service and to respond to your inquiries (legal basis: Article 6(1)(b) GDPR). In addition, this data may be used for internal analysis purposes to improve the quality of our service (legal basis: Article 6(1)(f) GDPR). YourGPT.ai, as a technology provider, may have access to this data.

YourGPT.ai processes the data in accordance with their GDPR policy (https://docs.yourgpt.ai/gdpr) and privacy policy (https://yourgpt.ai/privacy). The service terms of YourGPT.ai (https://yourgpt.ai/terms) reference the Data Processing Addendum (https://yourgpt.ai/data-processing-agreement).

We recommend not using the service to share internal company or other personal data.

10. Privacy Policy Regarding the Use of Social Bookmarks

The website of Tuleva AG integrates components from Xing, Facebook, and LinkedIn. Social bookmarks are internet bookmarks that allow users of such services to collect links and news articles. These are embedded on our website solely as links to the respective services. After clicking the embedded graphic, you will be redirected to the provider's page, meaning that user information will only be transmitted to the provider at that point. For information on how your personal data is handled when using these websites, please refer to the respective privacy policies of the providers:

Xing
The operator of Xing is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. The privacy policy published by Xing, available at https://www.xing.com/privacy, provides information about the collection, processing, and use of personal data by Xing. Additionally, Xing has published privacy notices for the XING Share Button at https://www.xing.com/app/share?op=data_protection.

LinkedIn
The operator of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn's privacy policy is available at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

Facebook
The operator and data controller for Facebook is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. The data policy published by Facebook, available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the privacy settings Facebook offers to protect user privacy. Additionally, there are various applications available that allow users to prevent data transmission to Facebook. Such applications can be used by users to block the transfer of data to Facebook.

Vimeo
The operator of Vimeo is Vimeo.com Inc, 330 West 34th Street, 5th Floor, New York, New York, USA. Vimeo's privacy policy is available at https://vimeo.com/privacy.

YouTube
The video platform YouTube is operated by Google. The applicable privacy policy of Google can be found at https://policies.google.com/privacy?hl=de.

hCaptcha
hCaptcha is a solution for detecting bots, such as during data entry in online forms, and for preventing spam. No cookies in the technical sense are set on the user's device, but technical and personal data, such as the IP address, is transmitted from the client to the server of the service provider to enable the use of the service. The operator of hCaptcha is Intuition Machines, Inc. The applicable privacy policy of hCaptcha is available at https://www.hcaptcha.com/privacy.

11. Retention Period

Unless specifically stated otherwise, we store personal data only for as long as necessary to fulfill the purposes pursued.

In some cases, the law requires the retention of personal data, such as in tax or commercial law. In these cases, the data is stored by us solely for these legal purposes, but not processed for any other purposes, and it is deleted after the statutory retention period expires.

12. Your Rights as a Data Subject

12.1 Right to Information, Deletion, Blocking
You have the right at any time to request free information about your stored personal data, their origin, recipients, and the purpose of data processing. You also have the right to request the correction, blocking, or deletion of these data. Excluded from the right to deletion are billing data or information required for accounting or tax purposes, or data where the associated business purpose has not yet lapsed. Data collected based on consent for a specific purpose will be deleted once the purpose of the consent no longer applies.

12.2 Right to Withdraw Consent
You have the right to object at any time to the processing of your personal data if it is based on our legitimate interests pursuant to Article 6(1)(f) of the GDPR and if reasons arise from your particular situation that oppose this processing. In such a case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

12.3 Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
(The Hamburg Commissioner for Data Protection and Freedom of Information)
Ludwig-Erhard-Str. 22
20459 Hamburg

CONTACT

Contact Form

Thank you very much! We will get back to you soon.

We have received your message and will get back to you as soon as possible. Our team is committed to providing you with the best support, and we thank you for your patience.

Hoppla! Da hat etwas nicht funktioniert...

Tuleva means Future.

DESIGN THE FUTURE

Contact us!

>>
Use the form
>>
Write us to info@tuleva.de or
>>
Just call us: +49 40 4143343-0
Made in Webflow