Privacy Policy

The controller responsible for data processing on this website is:

Tallence AG
Neue Gröningerstraße 13
20457 Hamburg Germany

Phone: +49 40 36 09 35 100 
E-Mail: info@tallence.com

If you have any questions about data protection, you can contact our Data Protection Officer at any time:

Contact details of the Data Protection Officer

Stefan Köster eConsulting / www.koester-eConsulting.com

Stefan Köster 
Op de Elg 13a
22393 Hamburg

E-Mail: stefan@koester-eConsulting.com

This website can generally be used without providing personal data.

Where personal data (e.g. name or email address) is collected on our pages, this is done on a voluntary basis wherever possible.

Your data will only be shared with third parties where this is necessary to provide our services, where we are legally required to do so, or where you have given your explicit consent. Where we use external service providers, this is done on the basis of data processing agreements.

Please note that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is technically not possible.

Website provision and server log files

When you access our website, your browser automatically transmits information to our server, which is temporarily stored. This includes in particular:

Processed data

• IP address
• Date and time of access
• Pages or files accessed
• Referrer URL (previously visited website)
• Browser type and operating system used
• HTTP status code (e.g. successful request or error message)
• Volume of data transmitted

Purpose of processing

Ensuring the secure and stable operation of the website and analysing security incidents.

Legal basis

• Art. 6(1)(f) GDPR

Retention period

Data is deleted after a maximum of 14 days.

An objection is not possible here due to the technical necessity of the processing.

Our website is hosted by an external service provider:

Amazon Web Services EMEA SARL, Luxembourg

A data processing agreement in accordance with Art. 28 GDPR has been concluded with the provider.

Processed data

The technical access data referred to in Section 4 is processed as part of the hosting.

Purpose of processing

Operation, provision and ensuring the availability of our website.

Legal basis

• Art. 6(1)(f) GDPR (legitimate interest in operating the website)

Retention period

Data is stored for as long as necessary for the stated purposes, unless legal retention obligations prevent earlier deletion.

Our website uses cookies and similar technologies. Cookies are small text files stored on your device.

To manage your consents, we use a consent management tool:

Cookiebot (Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark)

Cookiebot allows us to collect, manage and document your consent.

Non-essential cookies are only set after your explicit consent.

We distinguish between the following categories:

• Necessary cookies – required for the website to function properly (e.g. navigation or access to secure areas). Without these cookies, the website cannot operate correctly.
• Preference cookies – allow the website to remember settings such as language or region.
• Statistics cookies – help us understand how users interact with the website (e.g. Matomo).
• Marketing cookies – used to follow visitors across websites and display relevant content or advertising.
• Unclassified cookies – currently being analysed and categorised.

Processed data

• Consent status
• IP address (truncated)
• Timestamp of consent
• Browser used

Purpose of processing

Managing, collecting and documenting the consents of website visitors for the use of cookies and similar technologies.

Legal bases

• § 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR (necessary cookies)
• § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent-based cookies)

You can adjust or withdraw your consent at any time via the cookie banner. Some services may involve data processing outside the EU. In such cases, we ensure an adequate level of data protection.

Retention period

Data is stored for as long as necessary for the stated purposes, unless legal retention obligations prevent earlier deletion.

We use Matomo for analysing the use of our website, a service provided by:

InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand

Matomo uses cookies to enable analysis of website usage. To enrich visit data (e.g. geographic origin), the full IP address is briefly processed internally prior to anonymisation but is not stored. Permanent storage takes place exclusively in anonymised form.

Processed data

• Full IP address (briefly processed for geolocation enrichment, not stored)
• Truncated IP address (permanently stored)
• Pages accessed and times of access
• Referrer URL (previously visited page)
• Browser, operating system and device information
• Time spent on individual pages

The collected data is stored exclusively on our own servers and is not shared with third parties.

Purpose of processing

Analysing the use of our website to improve our offering.

Legal basis

• Art. 6(1)(a) GDPR (consent)

Retention period

Data is stored for as long as necessary for the stated purposes, unless legal retention obligations prevent earlier deletion.

International data transfers

New Zealand has been granted an adequacy decision by the European Commission under Art. 45 GDPR.

For managing contact data and for marketing and communication purposes, we use HubSpot, a service provided by:

HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA

HubSpot is used in particular for:

• Processing contact requests via our contact forms
• Managing contact data in the context of projects
• Sending newsletters and marketing communications

Processed data

• Name
• Email address
• Any further contact details provided voluntarily
• Communication content

Purpose of processing

Managing contact data, processing enquiries and carrying out marketing and communication activities.

Legal bases

The applicable legal basis depends on how your data was submitted:

• General contact requests via the contact form: Art. 6(1)(f) GDPR (legitimate interest in processing your enquiry) or Art. 6(1)(b) GDPR (pre-contractual measures), where your enquiry is aimed at entering into a contract
• Project-related contact forms and further communication: Art. 6(1)(a) GDPR (consent)
• Newsletter and marketing communications: Art. 6(1)(a) GDPR (consent)

Newsletters are sent exclusively using a double opt-in process.

Retention period

Data is stored for as long as necessary for the stated purposes, unless legal retention obligations prevent earlier deletion.

International data transfers

Personal data may also be processed in the USA. HubSpot is certified under the EU-U.S. Data Privacy Framework. In addition, Standard Contractual Clauses (SCCs) are used as additional appropriate safeguards.

You can get in touch with us in various ways.

General contact enquiries

When you contact us via the contact form on our website or by email, we process the data you provide.

Processed data

• Name
• Email address
• Content of your enquiry

Contact requests submitted via our web form are processed through the CRM system HubSpot. For further information on data processing by HubSpot, please see Section 8.

Purpose of processing

Processing your enquiry and handling any follow-up questions.

Legal bases

• Art. 6(1)(f) GDPR (legitimate interest in processing your enquiry)
• Art. 6(1)(b) GDPR (pre-contractual measures), where your enquiry is aimed at entering into a contract

Retention period

Data is stored for as long as necessary for the stated purposes, unless legal retention obligations prevent earlier deletion.

Project-related contact forms (HubSpot)

For certain content or projects, we offer dedicated contact forms. In these cases, your data is processed via the CRM system HubSpot. Before submitting your data, you will be asked for your explicit consent.

The processing is carried out for the purpose of handling your enquiry and, where you have given separate consent, for further communication in the context of projects or marketing activities.

Processed data

• Name
• Email address
• Content of your enquiry

Purpose of processing

Processing your enquiry and, where separately consented to, further communication in the context of projects or marketing activities.

Legal basis

• Art. 6(1)(a) GDPR (consent)

For further information on data processing by HubSpot, please see Section 8.

Retention period

Data is stored for as long as necessary for the stated purposes, unless legal retention obligations prevent earlier deletion.

Note on the provision of your data

The provision of your personal data is required to process your enquiry. If you do not provide this data, we will not be able to handle your request.

When you apply for a position with us, we process your personal data for the purpose of conducting the application process.

Processed data

• Name
• Contact details (email, phone, address)
• Application documents (CV, certificates, cover letter)
• Any further information provided voluntarily during the application process

Purpose of processing

Conducting the application process and assessing suitability for a position.

Legal basis

• Art. 6(1)(b) GDPR

Retention period

If no employment contract is concluded, your application documents will be deleted no later than six months after the conclusion of the application process, unless legitimate interests prevent earlier deletion.

Such a legitimate interest may in particular arise from an obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

In the course of working with external service providers, freelancers and business partners, we process personal data of the relevant contact persons.

Processed data

• Name, contact details (email, phone)
• Bank details where required for fee processing
• Communication content in the context of the collaboration

Purpose of processing

Contract initiation and fulfilment, communication, accounting and compliance with statutory retention obligations.

Legal bases

• Art. 6(1)(b) GDPR (performance of a contract)
• Art. 6(1)(c) GDPR (legal obligations)
• Art. 6(1)(f) GDPR (legitimate interests)

Retention period

For as long as the business relationship exists and thereafter in accordance with applicable statutory retention obligations.

We only share your personal data with third parties where this is necessary and a legal basis exists.

Sharing may take place in particular where:

• it is necessary for the performance of contractual or pre-contractual measures (Art. 6(1)(b) GDPR)
• you have consented to the sharing (Art. 6(1)(a) GDPR)
• we are legally required to do so (Art. 6(1)(c) GDPR)
• sharing is necessary for the establishment, exercise or defence of legal claims (Art. 6(1)(f) GDPR)

We also engage external service providers, for example for hosting, IT operations or communication services. These service providers process your data solely on our instructions and on the basis of data processing agreements under Art. 28 GDPR.

Processing of your personal data outside the European Union (EU) or the European Economic Area (EEA) only takes place where required in connection with the use of certain services.

In such cases, we ensure that an adequate level of data protection is maintained, in particular through:

• Adequacy decisions of the European Commission
• The EU-U.S. Data Privacy Framework
• Standard Contractual Clauses (SCCs)

Where an international transfer takes place, this is indicated in the relevant sections of this Privacy Policy.

In connection with the processing of your personal data, you have the following rights:

Access (Art. 15 GDPR)

You have the right to request information about whether and what personal data we process about you, including information on processing purposes, data categories, recipients, retention periods and your further rights.

Rectification (Art. 16 GDPR)

You have the right to request the immediate correction of inaccurate or the completion of incomplete personal data stored by us.

Erasure (Art. 17 GDPR)

You may request the deletion of your personal data, provided no legal retention obligations or other legal grounds prevent erasure.

Restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing of your personal data, e.g. where you dispute the accuracy of the data or the processing is unlawful.

Data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format, or to have it transferred to another controller.

Withdrawal of consent (Art. 7(3) GDPR)

You may withdraw any consent you have given at any time with effect for the future. The lawfulness of processing carried out prior to withdrawal is not affected.

Right to object (Art. 21 GDPR)

Where we process your personal data on the basis of legitimate interests, you may object on grounds relating to your particular situation.

Where your data is used for direct marketing, you have an unconditional right to object without giving reasons.

Right to lodge a complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority. You can generally contact the authority in your place of residence, place of work or our place of establishment.

To exercise your rights, an email to the following address is sufficient: datenschutz@tallence.com

No automated decision-making, including profiling within the meaning of Art. 22 GDPR, takes place.

We implement appropriate technical and organisational measures to protect your personal data against loss, manipulation or unauthorised access.

Our website uses SSL/TLS encryption. You can identify an encrypted connection by the "https://" prefix in your browser's address bar and the padlock symbol.

This Privacy Policy is updated as necessary to reflect legal requirements or changes to our services.

The current version applies at all times.

Last updated: May 2026