Privacy Policy

This privacy policy applies to the use of the website twentyzen.com and is provided by twentyZEN GmbH.

Our Approach to Data Protection

Data protection law is part of our fundamental right to privacy. Especially in our constantly evolving and interconnected world, the importance of these rights must not be underestimated. For me, data protection law in all its forms and requirements holds great importance; therefore, we take the protection of your data very seriously and always strive to maintain an appropriate level of protection on our website, twentyzen.com.

You are free to use this website without providing any personal data. However, if you wish to use one of our services (e.g. product inquiries) via this website, it may become necessary to collect and process your data. If this is the case and there is no legal basis for such processing, we will always obtain your consent for the respective process.

The processing of your personal data—such as your name, address, e-mail address, or telephone number—always takes place in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to us. We aim to inform you and the public clearly about the type, scope, and purpose of the personal data we collect, use, and process, to provide full transparency regarding data protection.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most comprehensive protection possible for personal data processed through this website. Nevertheless, due to the nature of data transmission over the Internet, absolute protection cannot be fully guaranteed. Therefore, you are free to transmit your personal data to us via alternative means, such as by telephone.

Data Protection Details

1. Definitions according to the GDPR

This privacy policy is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, among others:

a) Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing. In case of doubt, you are a data subject.

c) Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.

e) Controller or controller responsible for processing

Controller or controller responsible for processing means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

f) Recipient

Recipient means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

g) Third party

Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

h) Consent

Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection is:

twentyZEN GmbH
Loschwitzer Str. 15A
01309 Dresden

Tel.: +49 351 79 99 – 50 10
contact@twentyZEN.com
www.twentyZEN.com

twentyZEN GmbH is represented by its managing directors Stefan Machleidt and Dirk Spannaus.

3. Collection of General Data and Information

When you access our website, a series of general data and information is collected and stored in the server’s log files. The following may be recorded:

(1) the browser types and versions used,

(2) the operating system used by the accessing system,

(3) the website from which an accessing system reaches our website (so-called referrer),

(4) the sub-websites accessed via an accessing system on our website,

(5) the date and time of access to the website,

(6) an Internet protocol address (IP address),

(7) the Internet service provider of the accessing system, and

(8) other similar data and information used to avert danger in the event of attacks on our IT systems.

When using these general data and information, no conclusions are drawn about you. This information is needed to:

(1) deliver the contents of our website correctly,

(2) optimize the content of our website and advertising for it,

(3) ensure the long-term functionality of our IT systems and website technology, and

(4) provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

These anonymously collected data and information are therefore evaluated statistically and with the aim of increasing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data you may provide.

4. Cookies

This website operates, among other things, through the use of cookies. Cookies are text files that are stored and saved on your computer system via your Internet browser.

Many websites and servers use cookies. Many cookies contain a so-called cookie ID, which is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can assign the specific Internet browser in which the cookie was stored. This enables visited websites and servers to distinguish your individual browser from others that contain different cookies. A particular Internet browser can thus be recognized and identified by its unique cookie ID.

Through the use of cookies, we can provide you with user-friendly services that would not be possible without cookie placement.

By means of a cookie, information and offers on our website can be optimized in your interest. Cookies enable us to recognize you. They are small files placed when you visit websites. Through them, your browser remembers that you have already visited this website.

The purpose of this recognition is to make the use of our website easier for you. For example, you do not have to re-enter your login data every time you visit, as this is handled by the website and the cookie stored on your computer system.

You can prevent the setting of cookies by our website at any time by adjusting your Internet browser settings accordingly and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via your Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in your Internet browser, not all functions of our website may be fully usable.

5. Contact Options via the Website

Due to legal requirements, our website contains information that enables quick electronic contact with our company, as well as direct communication with us, which also includes a general address of so-called electronic mail (email address).

If you contact us by email, the personal data you transmit will be stored automatically. Such voluntarily transmitted personal data are stored for the purpose of processing your request or contacting you. There is no transfer of this personal data to third parties.

6. Deletion and Blocking of Personal Data

Your personal data will only be processed for the period necessary to achieve the purpose of storage or as required by the European legislator or any other legislator in laws or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

7. Your Rights as a Data Subject

a) Right to confirmation

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed. If you wish to exercise this right, you may contact the data protection contact named below at any time.

b) Right of access

You have the right to obtain, at any time, free information about your stored personal data (e.g. the purpose of processing or the categories of data processed) and to receive a copy of this information.

You also have the right to know whether your personal data have been transferred to a third country or to an international organization. If this is the case, you are additionally entitled to be informed of the appropriate safeguards relating to the transfer.

If you wish to exercise this right of access, you may contact the data protection contact named below at any time.

c) Right to rectification

You have the right to request without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

If you wish to exercise this right to rectification, you may contact the data protection contact named below at any time.

d) Right to erasure (“right to be forgotten”)

You have the right to request the immediate deletion of your personal data. We are likewise obliged to delete personal data without delay if there is a reason that does not justify processing (e.g. the personal data are no longer necessary for the purposes for which they were collected or otherwise processed).

If one of the aforementioned reasons applies and you wish to have your personal data deleted, you may contact the data protection contact named below at any time.

If your personal data have been made public and we are obliged to delete them, we will take reasonable steps, taking account of available technology and implementation costs, including technical measures, to inform controllers processing the personal data that you have requested the erasure of any links to, or copies or replications of, those personal data.

e) Right to restriction of processing

You have the right to obtain restriction of processing where one of the following applies:

- You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful, you oppose the erasure of the personal data, and request the restriction of their use instead.
- We no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims.
- You have objected to processing pursuant to Article 21(1) GDPR, pending verification whether our legitimate grounds override yours.

If one of the above conditions applies and you wish to request restriction of processing of personal data stored by us, you may contact the data protection contact named below at any time.

We will notify you of any rectification or erasure of your personal data or restriction of processing unless this proves impossible or involves disproportionate effort. We will inform you of the recipients upon request.

f) Right to data portability

You have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used, and machine-readable format.

To exercise the right to data portability, you may contact the data protection contact named below at any time.

g) Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling to the extent that it is related to such direct marketing.

To exercise the right to object, you may contact the data protection contact named below directly.

h) Right to withdraw data-protection consent

You have the right to withdraw your consent to the processing of personal data at any time.

If you wish to exercise this right, please contact:

twentyZEN GmbH
Dirk Spannaus
Loschwitzer Str. 15A
01309 Dresden

Tel.: +49 351 79 99 – 50 10
contact@twentyZEN.com
www.twentyZEN.com

8. Data-Protection Provisions on the Use of Google Analytics (with Anonymization Function)

We have integrated the Google Analytics component (with anonymization function) on our website. Google Analytics is a web analysis service. Web analysis involves collecting, gathering, and evaluating data about the behavior of visitors to websites. A web analysis service collects, among other things, data about the website from which you came to a website (the so-called referrer), which subpages were accessed, or how often and for what duration a subpage was viewed. Web analysis is mainly used to optimize a website and to conduct cost-benefit analyses of online advertising.

The provider of Google Analytics is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use the add-on “_gat._anonymizeIp” for Google Analytics. By means of this add-on, the IP address of your Internet connection is truncated and anonymized by Google when access to our website originates from a Member State of the European Union or another contracting state to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor traffic on our website. Google uses the data and information obtained to evaluate the use of our website, to compile online reports showing activities on our websites for us, and to provide other services relating to the use of our website.

Google Analytics sets a cookie on your IT system. As explained above, cookies enable Google to analyze the use of our website. Each time one of the individual pages of this website on which a Google Analytics component is integrated is called up, the Internet browser on your IT system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. In the course of this technical procedure, Google gains knowledge of personal data, such as your IP address, which, among other things, enables Google to trace the origin of visitors and clicks and subsequently to facilitate commission settlements.

Through this measure, personal information such as the time of access, the location from which an access originated, and the frequency of your visits to our website may be stored. Each time you visit our website, your personal data, including the IP address of the Internet connection you use, may be transmitted to Google and stored there—possibly also in the United States of America. Google may pass on this personal data collected through technical procedures to third parties.

As described above, you can prevent the setting of cookies at any time by configuring your Internet browser accordingly and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on your IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, you can object to the collection of data generated by Google Analytics relating to the use of this website, as well as to the processing of this data by Google, and prevent such collection. To do so, you must download and install a browser add-on from https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection. If your IT system is later deleted, formatted, or reinstalled, you must reinstall the browser add-on to deactivate Google Analytics again. If the browser add-on is uninstalled or deactivated by you or another person under your control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable privacy policies of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at https://www.google.com/intl/de_de/analytics/.

9. Data-Protection Provisions on the Use of the Facebook Pixel

We have implemented the Facebook Pixel on our site. This is a conversion measurement tool from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). With its help, we can track user actions after they have seen or clicked a Facebook advertisement. This allows us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way are anonymous to us, meaning we do not see the personal data of individual users. However, Facebook stores and processes this data. At the same time, Facebook can use these data to define visitors to our website as its own advertising target group.

We refrain from extended matching with data such as email addresses or transaction data from online shops.

Facebook may also link this data to your Facebook account and use it for its own advertising purposes in accordance with its data use policy (https://www.facebook.com/about/privacy/). Facebook and its partners may enable the placement of advertisements on and outside Facebook. For these purposes, a cookie may be stored on your computer. Consent may only be declared by users older than 13 years. If you are younger, please consult your legal guardians. Please click here if you wish to withdraw your consent: https://www.facebook.com/settings/?tab=ads.

10. Data-Protection Provisions on the Use of Mautic

We use Mautic—an open-source tool for marketing automation—on this website. This is analytics and tracking software for attributing and storing usage data (including browser used, last page visited, duration of visit). The software uses this information to individualize our marketing activities and better tailor them to the interests of each user. It also helps us better evaluate the success of individual marketing measures.

Mautic is hosted by us on our own servers. No data is transferred to third parties. We collect and process data with Mautic only to the extent necessary to achieve the business objectives of webZunder with you.

Mautic operates as follows:

a. Email marketing and campaigns

In so-called email marketing, you receive personalized emails. These are partly based on user behavior on the website www.webzunder.com, on reading our emails, and on interacting with the links contained therein. We also send emails as part of campaigns.

b. Landing pages

Landing pages are special web pages defined as the target of advertising campaigns. They usually contain interaction options, e.g. for downloading white papers or checklists, and forms to collect information about you.

To attribute individual activities to anonymous profiles or—after prior consent—to the profiles of individual users, the software uses various technical procedures:

c. Tracking pixels

To detect, for example, whether an email has been opened, Mautic uses so-called tracking pixels. Through these, a small graphic is loaded from the provider’s server that was previously assigned to an individual user profile.

d. Personalized web links

To detect, for example, whether a user clicks a link in an email, Mautic adds a unique identifier to these links that was previously assigned to an individual user profile.

e. IP address

The IP address currently used by website visitors is transmitted to us every time our website is accessed. Mautic uses this to recognize users of the website.

The data collected include:

activity on our website
number of page views and duration of the website visit
the click path of the respective visitor
downloads of files provided via the website
visits to landing pages
opens of emails from newsletters and campaigns

As part of a registration on the website or the download of a white paper, the provider collects—through the use of Mautic—the following:

contact data (such as name, postal or email address, telephone or fax number)
business contact data (such as your job title, the name of my business, business email address, telephone or fax number)
the IP address of the device from which the use of the website takes place (a sequence of numbers that identifies your current Internet connection)

The data released are clearly recognizable to the user by filling out a form. It is indicated which data are necessary to submit the form.

Mautic is only used after you have expressly given your consent to the use of so-called “first-party cookies” during the initial use of our website. You can withdraw this consent at any time from the contact person named above. In this case, all tracking data collected via Mautic will be deleted without delay.

11. Data-Protection Provisions on the Use of Facebook

We have integrated components of the company Facebook on this website. Facebook is a social network.

A social network is a place for social encounters on the Internet, an online community that generally allows users to communicate and interact with each other in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook allows users of the social network to, among other things, create private profiles, upload photos, and connect through friend requests.

The operator of Facebook is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website, operated by us and into which a Facebook component (Facebook plug-in) has been integrated, is called up, your Internet browser is automatically prompted by the respective Facebook component to download a representation of the corresponding component from Facebook. An overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/. During this technical process, Facebook gains knowledge of which specific subpage of our website you have visited.

If you are logged in to Facebook at the same time, Facebook recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your stay on our website. This information is collected by the Facebook component and assigned by Facebook to your Facebook account. If you click on one of the Facebook buttons integrated on our website (for example the “Like” button) or submit a comment, Facebook assigns this information to your personal Facebook user account and stores this personal data.

Facebook always receives information via the Facebook component that you have visited our website if you are logged in to Facebook at the same time as accessing our website; this occurs regardless of whether you click on the Facebook component or not. If you do not want this information to be transmitted to Facebook, you can prevent this transmission by logging out of your Facebook account before accessing our website.

The data policy published by Facebook, which can be found at https://www.facebook.com/about/privacy/, provides information about the collection, processing, and use of personal data by Facebook. It also explains the settings Facebook offers to protect your privacy. Various applications are also available that allow you to suppress data transmission to Facebook, for example the Facebook blocker from Webgraph, which can be obtained at http://webgraph.com/resources/facebookblocker/. Such applications can be used to prevent data transfer to Facebook.

12. Data-Protection Provisions on the Use of Instagram

We have integrated components of the Instagram service on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to disseminate such data on other social networks.

The operator of Instagram’s services is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website, operated by us and containing an Instagram component (Insta button), is called up, your Internet browser automatically downloads a representation of the corresponding component from Instagram. During this technical process, Instagram gains knowledge of which specific subpage of our website you have visited.

If you are logged in to Instagram at the same time, Instagram recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your stay. This information is collected by the Instagram component and assigned by Instagram to your Instagram account. If you click one of the Instagram buttons integrated on our website, the data and information transferred are assigned to your personal Instagram user account and stored and processed by Instagram.

Instagram always receives information via the Instagram component that you have visited our website if you are logged in to Instagram at the same time as accessing our website; this occurs regardless of whether you click on the Instagram component or not. If you do not want this information to be transmitted to Instagram, you can prevent this transmission by logging out of your Instagram account before visiting our website.

Further information and Instagram’s applicable privacy policy can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

13. Data-Protection Provisions on the Use of Twitter

We have integrated components of Twitter on this website. Twitter is a multilingual, publicly accessible microblogging service where users can publish and distribute so-called tweets, i.e. short messages limited to 280 characters. These short messages are available to everyone, including those not registered with Twitter. The tweets are also displayed to the followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Twitter also enables a broad audience to be addressed via hashtags, links, or retweets.

The operator of Twitter is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Each time one of the individual pages of this website, operated by us and containing a Twitter component (Twitter button), is called up, your Internet browser automatically downloads a representation of the corresponding component from Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/de/resources/buttons. During this technical process, Twitter gains knowledge of which specific subpage of our website you have visited. The purpose of integrating the Twitter component is to enable our users to redistribute the content of this website, promote it in the digital world, and increase our visitor numbers.

If you are logged in to Twitter at the same time, Twitter recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your stay. This information is collected by the Twitter component and assigned by Twitter to your Twitter account. If you click one of the Twitter buttons integrated on our website, the data and information transferred are assigned to your personal Twitter user account and stored and processed by Twitter.

Twitter always receives information via the Twitter component that you have visited our website if you are logged in to Twitter at the same time as accessing our website; this occurs regardless of whether you click on the Twitter component or not. If you do not want this information to be transmitted to Twitter, you can prevent this transmission by logging out of your Twitter account before visiting our website.

Twitter’s applicable privacy policy can be found at https://twitter.com/privacy.

14. Data-Protection Provisions on the Use of LinkedIn

We have integrated components of LinkedIn Corporation on this website. LinkedIn is an Internet-based social network that allows users to connect with existing business contacts and establish new business relationships. Over 400 million registered individuals use LinkedIn in more than 200 countries, making LinkedIn the largest platform for business contacts and one of the most visited websites in the world.

The operator of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Each time one of the individual pages of this website, operated by us and containing a LinkedIn component (LinkedIn plug-in), is called up, your Internet browser automatically downloads a representation of the corresponding component from LinkedIn. Further information about LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins. During this technical process, LinkedIn gains knowledge of which specific subpage of our website you have visited.

If you are logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your stay. This information is collected by the LinkedIn component and assigned by LinkedIn to your LinkedIn account. If you click one of the LinkedIn buttons integrated on our website, LinkedIn assigns this information to your personal LinkedIn user account and stores this personal data.

LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged in to LinkedIn at the same time as accessing our website; this occurs regardless of whether you click on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent this transmission by logging out of your LinkedIn account before visiting our website.

At https://www.linkedin.com/psettings/guest-controls, LinkedIn offers the option to unsubscribe from email messages, SMS messages, and targeted ads, and to manage ad preferences. LinkedIn also uses service providers such as Eire, which may use cookies. LinkedIn’s applicable privacy policy is available at https://www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available at https://www.linkedin.com/legal/cookie-policy.

15. Data-Protection Provisions on the Use of XING

We have integrated components of XING on this website. XING is an Internet-based social network that allows users to connect with existing business contacts and establish new business relationships. Individual users can create a personal profile on XING, for example, with professional details. Companies can create corporate profiles or publish job offers on XING.

The operator of XING is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

Each time one of the individual pages of this website, operated by us and containing a XING component (XING plug-in), is called up, your Internet browser automatically downloads a representation of the corresponding component from XING. Further information about XING plug-ins can be found at https://dev.xing.com/plugins. During this technical process, XING gains knowledge of which specific subpage of our website you have visited.

If you are logged in to XING at the same time, XING recognizes which specific subpage of our website you are visiting each time you access our website and for the entire duration of your stay. This information is collected by the XING component and assigned by XING to your XING account. If you click one of the XING buttons integrated on our website, for example the “Share” button, XING assigns this information to your personal XING user account and stores this personal data.

XING always receives information via the XING component that you have visited our website if you are logged in to XING at the same time as accessing our website; this occurs regardless of whether you click on the XING component or not. If you do not want this information to be transmitted to XING, you can prevent this transmission by logging out of your XING account before visiting our website.

The data protection provisions published by XING, available at https://privacy.xing.com/en/privacy-policy, provide information about the collection, processing, and use of personal data by XING. XING also publishes privacy notices for the XING Share button at https://www.xing.com/app/share?op=data_protection.

16. Legal Basis for Processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which you are a party, such as for the delivery of goods or the provision of another service, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example, in the case of inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. For example, this could be the case if a visitor were injured in our company and their name, age, health insurance data, or other vital information had to be disclosed to a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations not covered by any of the aforementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. The legislator considered that a legitimate interest could be assumed if you are a client of the controller (Recital 47, Sentence 2 GDPR).

17. Legitimate Interests in Processing Pursued by the Controller or by a Third Party

If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business for the benefit of the well-being of all our employees and shareholders.

18. Period for Which the Personal Data Will Be Stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiration of the period, the corresponding data will be routinely deleted, provided they are no longer required for the performance of the contract or the initiation of a contract.

19. Provision of Personal Data as a Legal or Contractual Requirement; Requirement Necessary to Enter into a Contract; Obligation of the Data Subject to Provide the Personal Data; Possible Consequences of Failure to Provide Such Data

We clarify that the provision of personal data is sometimes required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information about the contractual partner).

In some cases, it may be necessary for you to provide us with personal data, which we subsequently need to conclude a contract with you. You are, for example, obliged to provide us with personal data if our company concludes a contract with you. Failure to provide personal data would mean that the contract with you could not be concluded.

Before providing personal data, you must contact one of our employees. Our employee will explain to you whether the provision of personal data is legally or contractually required, or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and the consequences of failing to provide personal data.

20. Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.

21. Security of Processing

We have implemented appropriate technical and organizational measures to ensure an adequate level of security for the processing of personal data. This includes measures to prevent unauthorized access, unauthorized disclosure, or loss of data. These measures are continuously reviewed and updated in line with technological progress.

In particular, the transmission of data via our website takes place using SSL/TLS encryption to protect communication between your browser and our servers.

22. Changes to This Privacy Policy

We reserve the right to modify this privacy policy to ensure it always complies with current legal requirements or to implement changes to our services in the privacy policy, such as when introducing new services. The new privacy policy will then apply to your next visit.

23. Responsible Supervisory Authority

If you believe that the processing of personal data concerning you violates data protection law, you have the right to lodge a complaint with a supervisory authority responsible for data protection.

The responsible supervisory authority for the federal state of Saxony is:

Saxon Data Protection Commissioner
Devrientstraße 1
01067 Dresden
Germany

Website: https://www.saechsdsb.de

24. Contact Details of the Data Controller

twentyZEN GmbH
Loschwitzer Str. 15A
01309 Dresden
Germany

Represented by the Managing Directors:
Stefan Machleidt and Dirk Spannaus

Tel.: +49 351 79 99 – 50 10
contact@twentyZEN.com
www.twentyZEN.com

25. Final Provisions

This English translation is provided for information purposes. In case of discrepancies or interpretation issues, the German version of this privacy policy shall prevail.

Last updated: October 2025