I. NAME AND ADDRESS OF THE DATA CONTROLLER

The data controller pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

Txeya Limited, 7 Bell Yard, London WC2A 2JR.

E-mail: wayne.dam@txeya.com
Website: https://txeya.com/

II. GENERAL INFORMATION ON DATA PROCESSING

The purpose of this privacy policy is to inform you about how we process personal data relating to you as a data controller in the context of our services and website and what rights you have in this respect.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. As a matter of principle, personal data relating to you will only be processed by us insofar as you provide it to us (also by contacting us and communicating via the external service provider you have chosen to communicate with) or the processing of which is necessary for our functioning content or due to legal obligations.

Any (special) personal data relating to you that you voluntarily provide to us will only be used for market research or statistical purposes with your consent (see sections V., VI and VII.).

III. THIRD PARTIES / SERVICE PROVIDERS

We work with various external service providers for the technical implementation of our services and website. Data processing agreements are concluded with all these service providers, which also ensure data protection with our service providers.

To ensure the functioning of our website, where you can register for our services, as well as for web analysis and marketing purposes, we use various external service providers:

IV. USE OF COOKIES

Our website uses cookies. Cookies are text files that are stored by the website on your computer system. When you visit a website, a cookie may be stored on your operating system. This cookie contains a characteristic string of characters that enables unique identification when you call up the website again.

Cookies are stored on your terminal device and transmitted to us by it. Therefore, you also have full control over the use of cookies. You can delete cookies already stored in your browser at any time.

TECHNICALLY NECESSARY COOKIES

We use cookies to make our services user-friendly. The purpose of using technically necessary cookies is to simplify the use of websites. Certain functions of our software cannot be offered without the use of cookies. For these, it is necessary that we can recognise you as a user even after a page change. The data collected through these technically necessary cookies are not used to create user profiles.

The following cookies are set:

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR. The aforementioned purposes are also our legitimate interest in processing the personal data according to Art. 6 (1) lit. f GDPR. The setting and evaluation of technically necessary cookies is based on Section 25 (2) New German Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG).

COOKIE REQUIRING CONSENT

We also use cookies to analyse and improve our services and to enable targeted marketing. However, this is only done if you have consented to this via our cookie settings when you access the site.

The following cookies are set:

The legal basis for the processing of personal data using non-required cookies is your consent in accordance with Art. 6 (1) lit. a GDPR. The setting and evaluation of these cookies is based on your consent in accordance with Section 25 (1) New German Telecommunications-Telemedia Data Protection Act (abbreviated in German to TTDSG). You can revoke your consent at any time with effect for the future, for example via our cookie settings (for more details on revoking consent, see section XI.).

V. ENTRY OF PERSONAL DATA IN THE WAITING LIST PHASE

On our website, we offer users the opportunity to register by providing personal data. Registration serves to initiate a possible business relationship with the user and to analyse who is interested in our services.

The data is entered into an input mask, transmitted to us and stored. The data is not passed on to third parties. The following data is collected as part of the registration process:

– E-mail address
– Personal data, such as name, profession, company affiliation,
– Diversity-related data, such as gender identity, sexual orientation and ethnicity
– IP address
– Date and time of registration

However, you can choose what data you want to share with us other than your email address and name.
As part of the registration process, we obtain the user’s consent to the processing of diversity-related data, which can be revoked at any time with future effect (for more details on revocation, see section III.).

Deletion and restriction of processing

The data will be deleted or anonymised as soon as they are no longer necessary to achieve the purpose for which they were collected. This is the case for the data collected during the registration process when the registration on our website is cancelled or modified.
As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time. To do so, please contact us by e-mail.

Notes on legal basis

The legal basis for the processing of data is the user’s consent in accordance with Art. 6 Para. 1 lit. a GDPR and in the case of special categories of data (Art. 9 Para. 1 GDPR) such as gender identity, sexual orientation or ethnicity in accordance with Art. 9 Para. 2 lit. a GDPR.

TRACKING OF USER BEHAVIOUR ON THE WEBSITE

1. WEB ANALYSIS

We use Google Analytics and Plausible Analytics (for information on the service providers, see section III. above) to analyse user behaviour on our website. In the case of Plausible Analytics, no cookies are set and no personal data is stored. The following information relates solely to the use of Google Analytics.

The following data can be processed via Google Analytics:

• Pages visited
• The achievement of “website goals” (e.g. contact enquiries and newsletter registrations)
• Your behaviour on the pages (for example, dwell time, clicks, scrolling behaviour)
• Your approximate location (country and city)
• Your IP address (in shortened form, so that no clear allocation is possible)
• Technical information such as browser, internet provider, terminal device and screen resolution
• Source of origin of your visit (i.e. via which website or advertising material you came to us)

Deletion and restriction of processing:

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remain stored in aggregated form indefinitely.

If you do not consent to the use of Google Analytics, you can prevent it by installing the browser add-ons once to deactivate Google Analytics in general or by rejecting cookies via our cookie settings for our website. By deleting the cookies in your browser and via our cookie settings, you can also change your consent at any time with effect for the future (see also section VIII.).

Notes on legal basis:

The processing of data on user behaviour is based on your consent pursuant to Art. 6 (1) lit. a GDPR. The interaction with your terminal device also takes place on the basis of your consent pursuant to Section 25 (1) TTDSG.

2 MARKETING

This website uses marketing tools from Facebook and Instagram, including the Facebook Pixel from Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (“Facebook”).

Cookies or other technologies may be set via the Facebook Pixel with your consent (see section IV. above). The Facebook Pixel is therefore only used if you have consented via our cookie settings. When you visit the website, no data is initially transmitted to Facebook without your consent.

We use the Facebook Pixel via Facebook Website Custom Audiences to measure the success of our ads on Facebook and Instagram, as well as to target those interested in our website and similar target groups with our ads.

If you do not want Facebook to be able to assign the data collected via our website to your account, you must log out of Facebook / Instagram before visiting our website. Through the transmission to Facebook, a third country transfer may take place via Facebook. However, Facebook ensures that the European level of data protection is guaranteed during the third country transfer. More information on data processing by Facebook and the purpose and scope of data collection and further processing and use of the data by Facebook, as well as your rights in this regard and setting options for protecting your privacy, can be found in the privacy policy at https://www.facebook.com/help/568137493302217

Deletion and restriction of processing:

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 3 months. Other data remains stored in aggregated form indefinitely.

If you would like to refuse the use of Facebook Website Custom Audiences, you can make changes to already granted consents to the use of the pixel via our cookie settings as well as the via settings in your Facebook account at:

https://www.facebook.com/ads/website_custom_audiences/. We are jointly responsible with Facebook for advertising on Facebook and Instagram under data protection law. You can find more information at: https://www.facebook.com/legal/controller_addendum and https://www.facebook.com/legal/terms/businesstools_jointprocessing as well as in Facebook’s privacy policy

Notes on legal basis:

The processing of data for marketing purposes is based on your consent pursuant to Art. 6 (1) lit. a GDPR. The interaction with your terminal device also takes place on the basis of your consent pursuant to Section 25 (1) TTDSG.

VII. PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA

We process your voluntarily provided data on gender identity, sexual orientation and ethnicity.

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data uniquely identifying a natural person, health data or data concerning a natural person’s sex life or sexual orientation are specifically protected by the GDPR.

Therefore, we only process this data from you if you have given your express consent to do so, Art. 9 (2) lit. a GDPR.

You give us your express consent by ticking the box for the processing of this data for the purpose of opening a user account and for the internal and anonymous analysis of those interested in the services we offer, which you can revoke at any time with effect for the future (for more information on revoking consent, see section XI).

VIII. E-MAIL-NEWSLETTER

We send our news and other electronic notifications via e-mail only with your consent.

To sign up for our newsletter, it is sufficient in general if you provide your e-mail address. However, we may ask you to provide a name, for the purpose of personal address or in the process, other personal information. You also have the option to respond to the messages you receive.

During the registration process, you will be asked for consent to receive newsletters and to give this consent by placing a check mark, which you can revoke at any time with effect for the future (for more information on revoking consent, please refer to section XI.).

Deletion and restriction of processing:

We may store unsubscribed e-mail addresses for up to three years based on our legitimate interests before deleting them to be able to prove consent formerly given. The processing of this data will be limited to the purpose of possible exercise, defense or enforcement of legal claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time. In the event of obligations to permanently observe objections, we reserve the right to store the e-mail address in a blacklist for this purpose alone.

The logging of the registration process takes place on the basis of our legitimate interests for the purposes of proving its proper course.

Notes on legal basis:

The messages are sent on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Insofar as we process personal data for the exercise, defense or assertion of legal claims, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law.

IX. LEGAL BASIS

We process your data in particular on the following legal bases:

• Insofar as you give your consent for processing operations of the personal data concerning you, Art. 6 Para. 1 lit. a GDPR serves as the legal basis. Insofar as special categories of data are involved, we process them on the basis of explicit consent pursuant to Art. 9 Para. 2 lit. a GDPR.
• When processing the personal data concerning you and the personal data required for the performance of a contract to which you are a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
• Insofar as processing of the personal data concerning you is necessary for compliance with a legal obligation to which we are subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.
• In the event that your vital interests or those of another natural person make processing of personal data relating to you necessary, Art. 6 Para. 1 lit. d GDPR serves as the legal basis.
• If the processing is necessary to protect a legitimate interest of us or a third party and your interests, fundamental rights and freedoms do not override the former interest, Art. 6 Para. 1 lit. f GDPR serves as the legal basis for the processing.

Unless expressly stated in this privacy policy, personal data concerning you will generally be deleted or blocked as soon as the purpose for storing it no longer applies. Storage may also take place if this has been provided by the European or national legislator in EU regulations, laws or other provisions to which we are subject as the responsible party. Data will be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

In principle, you are neither legally nor contractually obliged to provide us with your data. However, it may not be possible for us to provide certain services – such as the use of communication via the external messenger provider – without you providing us with your data. We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR, which has legal effect on you or which may significantly affect you in a similar way.

X. RECIPIENTS OF DATA / PROCESSING IN THIRD COUNTRIES

We partially cooperate with common external service providers (e.g. IT service providers) and external services for communication, if it is necessary for data transfer and communication related to our services. Otherwise, only persons within our company have access to personal data that they need for their internal tasks.

Processing of your personal data in countries outside the European Economic Area (so-called third countries) only takes place if this is necessary for the provision of an agreed service.

Some third countries are certified by the European Commission through so-called adequacy decisions to have a level of data protection comparable to the EEA standard (a list of these countries as well as a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

XI. DATA SUBJECT RIGHTS

If personal data concerning you is processed, you are the data subject within the meaning of the GDPR, i.e. the person who can be identified from the data. You are entitled to the following rights towards us:

1. RIGHT OF ACCESS (ART. 15 GDPR)

You may request confirmation from us as to whether personal data relating to you is being processed by us. If such processing is taking place, you may request information from us about the following:

• The purposes for which the personal data is processed;
• the categories of personal data which are processed;
• the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;
• the planned duration of the storage of the personal data concerning you or, if concrete information on this is not possible, criteria for determining the storage period;
• the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
• the existence of a right of appeal to a supervisory authority;
• any available information about the origin of the data, if the personal data is not collected from the data subject;
• the existence of automated decision-making, including profiling, pursuant to Article 22 Para. 1 and 4 of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
• You also have the right to request information about whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. RIGHT OF RECTIFICATION (ART. 16 GDPR)

Sie haben uns gegenüber ein Recht auf Berichtigung und / oder Vervollständigung, sofern die verarbeiteten Sie betreffenden personenbezogenen Daten unrichtig oder unvollständig sind. Wir haben die Berichtigung unverzüglich vorzunehmen.

3. RIGHT TO ERASURE (ART. 17 GDPR)

Obligation to erase

You may request us to delete the personal data concerning you without undue delay. We are obliged to delete this data immediately if one of the following reasons applies:

• Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
• You revoke your consent on which the processing was based pursuant to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for the processing.
• You object to the processing pursuant to Art. 21 Para. 1 GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
• The personal data concerning you has been processed unlawfully.
• The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8 Para. 1 GDPR.
• If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 Para. 1 of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, has requested that they erase all links to or copies or replications of such personal data.

Exceptions

The right to erasure does not exist insofar as the processing is necessary:

• for the exercise of the right to freedom of expression and information;
• for compliance with a legal obligation which requires processing under EU or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• for reasons of public interest in the area of public health pursuant to Art. 9 Para. 2 lit. h and lit. i and Art. 9 Para. 3 GDPR;
• for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, insofar as the right referred to under obligation to erase is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
• for the assertion, exercise or defense of legal claims.

4. RIGHT TO RESTRICT PROCESSING (ART. 18 GDPR).

You may request the restriction of the processing of personal data concerning you under the following conditions:

• if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
• the controller no longer needs the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or
• if you have objected to the processing pursuant to Article 21 Para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.
• If the processing of personal data relating to you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State. If the restriction of processing is lifted according to the above conditions, you will be informed by the controller before the restriction is lifted.

5. RIGHT TO DATA PORTABILITY (ART. 20 GDPR)

You have the right to receive personal data relating to you that you have provided to us based on consent in a structured, commonly used and machine-readable format or to request that it be transferred to another controller.

6. RIGHT TO OBJECT (ART. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 Para. 1 lit. e or lit. f of the GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, in particular where the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

7. RIGHT TO REVOKE YOUR DATA PROTECTION CONSENT (ART. 7 PARA. 3 GDPR)

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

8. RIGHT OF COMPLAINT TO A SUPERVISORY AUTHORITY (ART. 77 GDPR)

You have the right to complain to a supervisory authority. For this purpose, you can contact the supervisory authority of your place of residence or workplace or the supervisory authority responsible for us.

XII. UPDATING OF THE PRIVACY POLICY

We update our privacy policy from time to time and therefore ask you to inform yourself about the current status of the privacy policy. In the event of significant changes to the purposes of the processing, we will inform you, provided that you are connected to us by contract or through your consent that we have your contact details.