twenty20 Logo
twenty20 logo

Data protection

Thank you for visiting our website and for your interest in what we do with your data. It is important to us to protect this data and to be open and transparent in order to create clarity. We would therefore like to inform you below which data from your visit we use for which purposes. If you have any further questions about how we handle your personal data, our data protection officer will be happy to help.

Person responsible

The controller within the meaning of the General Data Protection Regulation (GDPR) is TWENTY |20 GmbH & Co. KG, Hausinger Straße 6 in 40764 Langenfeld, Germany. You can find more information in our legal notice.

We will revise this data protection notice in the event of changes to this website or other occasions that make this necessary. The current status is December 2023.

What data do we process when you visit our website?

The IP address of your end device is processed to display our website in your browser. Further information about the browser on your device is also processed.

We are also obliged under data protection law to guarantee the confidentiality and integrity of the personal data processed with our IT systems.

For this purpose, the following data is logged and can be viewed by our IT staff:

  • IP address of the accessing computer for a maximum of 7 days
  • Operating system of the calling computer
  • Browser version of the calling computer
  • Name of the retrieved file
  • Date and time of retrieval
  • Amount of data transferred
  • Referring URL

The IP address is deleted from all systems used in connection with the operation of our website after 7 days at the latest. We can then no longer establish a personal reference from the remaining data.

The data is also used to correct errors on the website.

The legal basis for this data processing is Article 6(1f) GDPR. Our interest within the meaning of this legal basis is the operation of our website and the implementation of the protection goals of confidentiality, integrity and availability of the data.

We have listed further processed data, information and legal bases separately below.

Cookies

Cookies are used on our website. Cookies are small pieces of text information that are stored on your end device via your browser. The cookies are necessary to enable certain functions of our website. We only use session cookies, which are deleted from your browser immediately after the end of your visit to the website.

You have the option of preventing the setting of cookies by making the appropriate settings in your browser. It may be that the use of our website is then only possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.

The legal basis for this data processing is Article 6(1f) GDPR in conjunction with Section 15 TMG. Our interest is the operation of this website.

Tip: You can declare a general objection to the use of cookies for online marketing purposes for a large number of services - especially in the case of tracking - via the US website http://optout.aboutads.info/?c=2&lang=EN or the EU website http://www.youronlinechoices.com.

Contact form, hello@ and jobs@

We consider connections, relationships and exchange to be very valuable. In our contact form, we offer you various topics on which you can get in touch with us. The data you provide us with will be processed.

If you contact us directly via hallo@twenty20.de, we will also process the information you provide. In this case, we may process additional information that you provide voluntarily.

Would you like to apply for a job with us? Wonderful! Then you have used our e-mail address jobs@twenty20.de to write to us. We have provided this exclusively for applications in order to prevent application letters from being sent to our archiving system. In this case, too, we will process the data you have provided, including the option of processing information you have provided voluntarily.

We also swim in the waters of Microsoft Office and use this application to collaborate and carry out our business processes with each other, but also with our interested parties and partners. For you, this use means that a transfer of personal data to a third country cannot be ruled out, even though we have chosen the EU as the data storage location. You are welcome to find out more:
Privacy policy of Microsoft
Standard contractual clauses of the EU
The service is provided by Microsoft Ireland

The e-mail inbox is regularly checked to see whether data can be deleted. If your data is no longer required in the context of a relationship of interest or if a conflicting interest on your part prevails, we will delete the data concerned, provided that there are no statutory retention periods to the contrary

The legal basis for this data processing is Article 6(1f) of the GDPR. Our interest within the meaning of this legal basis is communication with interested parties.

If the purpose of your contact is to initiate business, the legal basis in this case is Article 6(1b) of the GDPR.

For job applications, the legal basis is §26 BDSG paragraph 1 - permissibility of the processing of data required in connection with the decision on the establishment of an employment relationship. If consent is given for inclusion in our applicant pool, this is based on Article 6 (1a).

If you voluntarily provide us with data when you contact us and this is not necessary for the fulfillment of our contractual obligations, we assume that processing and use is in your interest.

Reach measurement Google Analytics 4

If you have given your consent, Google Analytics 4, a web analysis service of Google LLC, is used on this website. The controller for users in the EU, the EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Nature and purpose of processing

Google Analytics uses cookies to help the website analyze how users use the site. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the User ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices. We also use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. During your visit to the website, your user behavior is recorded in the form of "events". Events can be

  • Page views
  • First visit to the website
  • Start of the session
  • Websites visited
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the end of the page (90%))
  • Clicks on external links
  • internal search queries
  • Interaction with videos
  • File downloads
  • Viewed / clicked ads
  • Language setting

Also recorded:

  • Your approximate location (region)
  • Date and time of the visit
  • Your IP address (in abbreviated form)
  • technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your Internet provider
  • the referrer URL (via which website/advertising medium you came to this website)

Purposes of the processing

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Receiver

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer

For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with the provider.

Storage duration

The data sent by us and linked to cookies is automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TTDSG.

Revocation

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by clicking

a. Do not give your consent to the setting of cookies or b. Download and install the browser add-on to deactivate Google Analytics HERE.

You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

Online presence in social media

We are present on various social platforms and networks to report on things that are important to us. To communicate with you, answer inquiries and collect feedback. We have included links to the platforms on our homepage so that you can get to know us better.

When visiting these platforms and networks, personal data may be processed outside the EU. This may result in risks for users because, for example, it may be more difficult to enforce users' rights.

As a rule, user data is processed for market research and advertising purposes. This means, for example, that the user can be shown targeted advertising based on the user profiles created - both within and outside the platforms.

By transferring data to the USA, there is a risk of secret access by US authorities and use of the data for surveillance purposes (possibly also without legal remedies).

Our legal basis for this data processing is Article 6(1f) of the GDPR. Our legitimate interest lies in providing comprehensive information to interested parties, making twenty20 accessible and networking. If users are asked by the respective platform providers for their consent to data processing, the legal basis for processing is Article 6(1a) and Article 7 of the GDPR. In the case of contract performance and pre-contractual inquiries, the legal basis is Article 6(1b) of the GDPR.

For a detailed description of the respective processing, the possibilities of various settings, opt-out options and information, please follow the links listed. In the case of requests for information and the assertion of user rights, we also ask that you contact the providers directly. We do not have access to user data.

CRM

A CRM system (Customer Relationship Management) stands for the strategy of shaping and maintaining potential and existing customer relationships. Customers are also a key pillar of twenty20 for us. However, we want to go one step further and offer our customers added value. We don't go out and sell a product "just because we have it on offer", but first talk about the customer's needs and strive to find a joint solution that really helps the customer.

In order to achieve this, we use - in addition to personal contact - various tools in which we store information about our interested parties and customers. We also use the contact option described above on our website. Our Digital Workplace comprises various technologies that together offer us perfect collaboration, communication and information collection in order to map our business processes.

We host and operate all technologies used - exclusively Microsoft products - on German servers with our partner Telekom. Your data will not be passed on to third parties. Our Digital Workplace is regularly checked to see whether data can be deleted. If your data is no longer required in the context of a relationship of interest or if a conflicting interest on your part prevails, we will delete the data in question, provided that there are no legal retention periods to the contrary.

The legal basis for this data processing is Article 6(1b) in the case of business initiations and relationships and Article 6(1f) of the GDPR. Our interest within the meaning of this legal basis lies in networking with interested people and acquiring new customers.

Data processing outside the EU, the EEA or the Swiss Confederation

Except in the aforementioned cases, we do not process data outside the EU.

Recipients / disclosure of data / cooperation with processors and third parties

Your data will not be passed on to third parties. In particular, your data will not be passed on to third parties for their advertising purposes.

However, we may use service providers to complete our offer. In this case, it is possible that they may gain knowledge of personal data. We select our service providers carefully, particularly with regard to data protection and data security, and take all measures required under data protection law to ensure permissible data processing.

If we disclose your data to service providers as part of our processing, this is done on the basis of legal permission. Article 6(1b) GDPR is the basis for the fulfillment of the contract; processing may also be based on your consent (Article 6(1a)) or in our legitimate interest (Article 6(1f)). If we commission service providers on the basis of an order processing contract, this is done on the basis of Article 28 GDPR.

Consent

If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Data protection officer

Our data protection officer is Heike Gienau. You can contact Heike for all data protection issues relating to TWENTY |20 and any reports of data breaches at

TWENTY |20 GmbH & Co. KG
Heike Gienau
Hausinger Straße 6
40764 Langenfeld
E-mail: datenschutz@twenty20.de

When you contact us, we process the information that you voluntarily provide to us. If you contact us by email, this will be stored on their Exchange servers due to the use of Microsoft Office. For you, this use means that a transfer of personal data to a third country cannot be ruled out, although we have chosen the EU as the data storage location. Further information on this:
Privacy policy of Microsoft
Standard contractual clauses of the EU
The service is provided by Microsoft Ireland

Only members of our data protection team have access to your e-mail. The e-mail inbox is regularly checked to see whether data can be deleted. If your data is no longer required in the context of a relationship of interest or if a conflicting interest on your part prevails, we will delete the data in question, provided there are no statutory retention periods to the contrary.

The legal basis for this data processing is Article 6 (1c) of the GDPR.

Your rights as a data subject

You have the right to information about the personal data concerning you. You are welcome to contact our data protection officer or us directly for information.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

You have the right to rectification or erasure or to restriction of processing to the extent that you are legally entitled to do so.

You have the right to object to the processing within the framework of the legal requirements. The same applies to the right to data portability.

You can contact us by e-mail at datenschutz@twenty20.de.

Right to lodge a complaint with a supervisory authority

You have the right to complain to a data protection supervisory authority about the processing of personal data by us.

You can do this, for example, at the supervisory authority responsible for TWENTY |20 GmbH & Co. KG, for example:

The State Commissioner for Data Protection of North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf

Website with further contact details: https://www.ldi.nrw.de

DE EN FR IT
hallo@twenty20.de jobs@twenty20.de

twenty20 GmbH & Co. KG

Hausinger Straße 6
40764 Langenfeld
+49 (0) 2173 167 00 50

Facebook
Instagram
LinkedIn

Privacy Policy
Cookie settings
Imprint

twenty20 Logo