Privacy policy

We, topi GmbH and topi Asset GmbH, operate the website www.topi.eu and collect certain data from our visitors and customers as necessary. In the following data protection declaration you will learn what we do with your data, so-called personal data, and why we do this. We will also tell you how we protect your data, when the data is deleted and what rights you have thanks to data protection.

Who can I contact?

Responsible for this website is:

topi GmbH

Friedrichstrasse 125

10117 Berlin

Germany

[email protected]

You can also reach our data protection officer or another data protection-related contact via these contact details. Please contact us at any time if you have specific questions about your data, its deletion or your rights.

What are my rights?

You can contact us at any time if you have questions about your data protection rights or wish to assert your rights below:

  • Right to withdraw consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to withdraw consent previously given for a newsletter)
  • Right to information in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
  • Rectification in accordance with Art. 16 GDPR (e.g. you can contact us if your email address has changed and you want us to replace the old email address)
  • Erasure in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to erase certain data that we have stored about you)
  • Right to restriction of processing in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your email address, but only to use it to send absolutely necessary emails)
  • Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data stored by us in a compressed format, e.g. because you want to make the data available to another website)
  • Objection pursuant to Art. 21 GDPR (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures specified here)
  • Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 para. 1 GDPR (e.g. you can also contact the data protection supervisory authority in your federal state directly in the event of complaints: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html)

Deletion of data and storage duration

Unless otherwise stated, we will delete your data as soon as it is no longer required, e.g. your e-mail address after you have unsubscribed from our newsletter. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. Certain data may have to be stored for longer for legal reasons. You can of course request information about the stored data at any time.

Visiting the website

If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website, in particular

  • IP address (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
  • Approximate location based on IP range (e.g. Berlin & surrounding area)
  • Internet provider (e.g. Vodafone Kabel Deutschland or Deutsche Telekom)
  • Internet speed (e.g. 120 Mbit)
  • Date and time (e.g. 11:45 on 25.05.2018)
  • Last website visited (e.g. google.de)
  • Browser (e.g. Chrome or Safari)
  • Operating system (e.g. Mac OS)
  • Hardware (e.g. Intel processor)

****As a protective measure in favour of your privacy, we delete or anonymise the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and are only used for anonymous, statistical purposes to optimise our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing the connection and, on the other hand, the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, to prevent display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 Para. 1 lit. f) GDPR.

Contact form for sellers

You have the option of contacting us via our contact form. You can provide us with the following data:

  • Company name
  • First name/last name
  • e-mail address
  • Subject line
  • Message

****As a protective measure, contact is established - just like the visit to the rest of the website - via an encrypted connection. After successful contact and completion of the contact request, your data will be deleted immediately. The sole purpose of the data requested is to contact or communicate with you, which is why the data is only used for this purpose. The legal basis is the so-called legitimate interest, which has been examined in order to pursue the purpose and within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f) GDPR.

Contact lists

You have the option of entering your e-mail address in our contact list. The data from this list is forwarded to the service provider Webflow for processing and merged into a "contact list". The service provider HubSpot then receives the collected data.

As a protective measure, the data you provide is transmitted via an encrypted connection. The service providers HubSpot and Webflow are US companies. In order to ensure a level of data protection comparable to the European standard, we have concluded an order processing agreement with each of the service providers and undertake to comply with the terms of the standard contractual clauses as an additional guarantee. Further information can be found here in HubSpot's privacy policy and Webflow's privacy policy. The purpose of the data requested from the waiting list is to check which services can be made available to the respective customer. The legal basis is your consent in accordance with the European data protection requirements of Art. 6 para. 1 lit. a) GDPR.

Fraud prevention

In order to protect ourselves and our customers from fraud attempts, we use the service provider SEON Technologies Kft (SEON) from Hungary, among others. In order to carry out effective fraud prevention, the following service data is collected:

  • Name
  • Cell phone number
  • e-mail address
  • IP address

As a protective measure, the data you enter is transmitted via an encrypted connection. The purpose of the data requested is to be able to create a fraud assessment that is as reliable as possible. The data is stored in the European Union. Further information can be found in SEON's privacy policy. The legal basis is the so-called legitimate interest, which has been examined for the pursuit of the purpose and in the context of the aforementioned protective measures and in accordance with the European data protection requirements from Art. 6 para. 1 lit. f) GDPR.

Registration

You also have the option of registering on our website and then logging in with a user account at any time. The following data is required to register with us:

  • Company name
  • First name/last name
  • Company address
  • Contact details (such as telephone number, business e-mail address

As a security measure, the data you enter is transmitted via an encrypted connection, just like the rest of the website. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the requested data is to create a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a) GDPR.

Identity and credit check

As part of the ordering process, we will pass on your data to service providers for an identity and credit check in order to check and grant a credit line. This involves the data entered during registration, which is compared with the service provider's databases. The service providers we use are the following companies:

  • CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich
  • Creditreform Berlin Brandenburg, Wolfram GmbH & Co. KG, Karl-Heinrich-Ulrichs-Str. 1, 10787 Berlin
  • Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden

The credit checks may contain probability values (score values) that are calculated on the basis of scientifically recognized mathematical-statistical procedures and also include address data in their calculation. If the legal requirements are met, we also transmit information on payment delays or any bad debt losses to credit agencies cooperating with us.

The purpose of the aforementioned procedures is to check and grant an individual credit line in order to ensure that the desired product is provided to you on the one hand and that proper payment is made on the other. The legal basis is the legitimate interest that has been verified for the pursuit of the purpose and in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f) GDPR. In addition, this credit check is necessary for the establishment and performance of the contract concluded with us.

Registration in the customer portal (topi Portal)

In order to view and manage your rental devices, we offer you the option of logging into our customer portal. We need your e-mail address for this. You will then receive a code by e-mail which you can use to log in.

As a security measure, the data you enter is transmitted via an encrypted connection. Your data will be stored until you decide to delete it. The purpose of the data requested is to manage your rental equipment. The legal basis is the mutual fulfilment of the contract in accordance with the European data protection requirements of Art. 6 para. 1 lit. b) GDPR.

Use of payment service providers

If you wish to rent a device from one of our partners, we will request further data required for order and payment processing. This data is treated confidentially and is only processed by us, the payment service provider and the shipping service provider. At least the following data is required for this:

  • Company name
  • First name / surname
  • Company address
  • Contact details (such as telephone number, business e-mail address)
  • Payment data (IBAN, BIC, credit institution)

We use the following payment service providers for the payment process:

  • GoCardless SAS, 7 Rue de Madrid, 75008 Paris France
  • Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock Dublin, D02 H210, Ireland

As a security measure, the data you enter is transmitted via an encrypted connection, just like the rest of the website. The purpose of the requested data is to process the payment and order of the product you desire. The legal basis is the mutual fulfilment of the contract in accordance with the European data protection requirements of Art. 6 para. 1 lit. b) GDPR.

Newsletter

If you are interested in news about our company or our product, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm that you wish to receive the newsletter. We will then store your e-mail address until you unsubscribe from the newsletter. You will find a link to unsubscribe in every newsletter e-mail. The newsletter is delivered by a specialized service provider.

As a protective measure, we request the so-called "double opt-in" to ensure that the e-mail address entered actually belongs to you. Furthermore, we have concluded a data protection contract (order processing) with the commissioned service provider. You also have the option of unsubscribing from the newsletter at any time and thus deleting your e-mail address from the service provider's database. The purpose of data collection is to send the newsletter to your business e-mail address in order to comply with your request for news about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a) GDPR.

Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Using the embedded tracking pixel, we can recognize whether and when an email was opened by the recipient and which links in the email were accessed. Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. This personal data will not be passed on to third parties. You are entitled to revoke the separate declaration of consent given via the double opt-in procedure at any time. After revocation, this personal data will be deleted by us. Unsubscribing from the newsletter is automatically interpreted as a revocation.

Job applications

We collect and process the personal data of applicants for the purpose of handling the application process. We use the service provider Greenhouse Software Inc (Greenhouse) to process applications. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents by e-mail or via a web form.

If an employment contract is concluded, the transmitted data will be stored for the purpose of implementing the employment relationship - in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be (automatically) deleted no later than six months after the end of the application process, provided that deletion does not conflict with our legitimate interests or you have not given your explicit consent to longer storage (applicant pool).

As a protective measure, the data you provide is transmitted via an encrypted connection. The service provider Greenhouse is a US company. In order to ensure a level of data protection comparable to the European standard, we have concluded an order processing contract with the service provider and undertake to comply with the terms of the standard contractual clauses as an additional guarantee. Further information can be found here in Greenhouse's privacy policy.

We also ensure that only the persons entrusted with the application process have access to your application documents. We also ensure that the data is always deleted, as described above. The purpose of the data requested is to carry out the application process and the associated recruitment decision. The legal basis for the processing is the decision on the establishment and implementation of an employment relationship pursuant to Art. 6 para. 1 lit. b), Art. 88 GDPR in conjunction with Section 26 BDSG.

Cookies and other technologies

Our website sometimes uses so-called cookies. Cookies are small text files that are usually stored in a folder in your browser. Cookies contain information about the current or last visit to the website:

  • Name of the website
  • Expiration date of the cookie
  • Any value

If cookies do not contain an exact expiration date, they are only stored temporarily and automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date remain stored even if you close your browser or restart your device. Such cookies are only deleted on the specified date or when you delete them manually.

We use the following three types of cookies on our website:

Required cookies (we need these, e.g. to display the website correctly for you and to cache certain settings)

Functional and performance-related cookies (these help us, for example, to evaluate technical data of your visit and thus avoid error messages)

Advertising and analysis-related cookies (these ensure that, for example, advertisements for shoes are displayed if you have previously searched for shoes)

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. The Federal Office for Information Security provides helpful information and instructions for the most common browsers: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html.

When you visit our website, content from the third-party provider that provides these functions and content is loaded. As a result, the third-party provider receives the information that you have accessed our site and the usage data technically required in this context. The legal basis for the use of cookies/tracking and analysis by third-party providers is the consent that we obtain via the consent banner when you visit the website. The third-party providers we use and therefore recipients of the associated personal data are:

  • Chatbase, operated by Chatbase.co Inc Chatbase, 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada, M3J 1P3. As a merchant, you have the option of using our AI chatbot. This is used to provide information and answer general questions. No personal data is processed beyond the use of the chatbot. If the chatbot does not have an answer, you can also contact us by email. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in Chatbase's privacy policy.
  • Cloudflare, operated by Cloudflare Germany GmbH, Rosenthal 7, c/o Mindspace, 80331 Munich, Germany. This is the hosting provider of our website. Depending on your location, the data is processed either within the European Union or the USA. Further information can be found in Cloudflare's privacy policy
  • Google Analytics and Google Tag Manager Google Analytics and Google Tag Manager, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is a tool that provides us with information about the use of our website by users. We use this data to make improvements to our website. Depending on your location, the data is usually processed in the USA. Further information can be found in Google's privacy policy.
  • Google Fonts, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), is a font collection from Google to visually improve the typeface. To make this possible, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com, which contains your IP address for technical reasons. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in Google's privacy policy
  • HubSpot HubSpot, operated by HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. This is a program (CRM tool) that supports the management and maintenance of all customer relationships from initial contact to live integration. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in HubSpot's privacy policy.
  • LinkedIn, operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn is a professional networking platform that allows users to connect with others in their industry, discover job opportunities, share content and showcase their skills and work experience. Depending on your location, data is processed either within the European Union or the USA. For more information, please see LinkedIn's privacy policy
  • Segment ‍Segment.io, Inc. (part of Twilio, Inc.), San Francisco, CA 94105, is a platform for the management of customer data. Depending on your location, the data is stored either in the European Union or the USA. Further information on this can be found in Twilio's privacy policy
  • SEON, operated by SEON Technologies Kft, Rákóczi út 42, 1072 Budapest, Hungary. This is a program that supports us in fraud prevention. The data is stored in the European Union. Further information on this can be found in SEON's privacy policy.
  • Webflow, operated by Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, is an online editor platform for the creation of our website. Depending on your location, the data is stored either in the European Union or the USA. Further information on this can be found in Webflow's privacy policy.
  • Zapier, operated by Zapier, Inc, 548 Market St. 62411, San Francisco, CA 94104-5401, is a program that makes it possible to link various applications, such as the waiting list and newsletter dispatch. Depending on your location, the data is stored either in the European Union or the USA. Further information on this can be found in Zapier's privacy policy.
  • Zendesk, operated by Zendesk GmbH c/o TaylorWessing, Neue Schönhauser Straße 3 - 5, 10178 Berlin. This is a program (CRM tool) that supports the management and maintenance of all customer relationships from initial contact to live integration. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in Zendesk's privacy policy.

We have also concluded data processing agreements with all external recipients in order to comply with European legal requirements. Depending on your location, some of the above-mentioned service providers - if indicated - will also transfer your data to the United States. The European Court of Justice has ruled that the United States has an equivalent level of data protection. In order to fulfill all requirements, we have concluded additional contracts for order processing, called standard contractual clauses. We also check each service provider together with our data protection officer and ensure that additional security measures are available, such as strong data encryption.

Automated decision-making in individual cases

As part of the establishment of contractual relationships, we use fully automated decision-making within the meaning of Art. 22 (1) GDPR, taking into account the creditworthiness data transmitted by credit agencies and the score value determined by our own analyses for the detection of abuse and fraud. This is necessary for the conclusion of the contract within the meaning of Art. 22 para. 2 lit. a) GDPR: automated decision-making enables greater consistency and fairness, the risk of payment defaults due to lack of solvency, abuse or fraud is minimized and we can make decisions within shorter periods of time and increase our efficiency. All of this is essential in our high-volume and time-critical online business. We may therefore automatically reject your order based on the creditworthiness determined or the probability of abuse or fraud. If you do not agree with our decision, you can inform us in writing or by e-mail to [email protected] and explain your point of view. An employee will then review the decision again, taking your point of view into account, and correct it if necessary.

Status of the privacy policy: April 2024