Privacy policy

We, topi GmbH and topi Asset GmbH, operate the website www.topi.eu, our customer checkout ("topi Hosted Checkout") and our customer portal ("topi Portal") and collect certain data from our visitors and customers to the extent necessary. In the following privacy policy, you will learn what we do with your data, so-called personal data, and why we do this. We also tell you how we protect your data, when the data is deleted and what rights you have thanks to data protection.

Who can I contact?

Responsible for this website is:

topi GmbH

Friedrichstrasse 125

10117 Berlin‍

support@topi.eu‍

You can also reach our data protection officer or another contact relevant to data protection via these contact details. Please contact us at any time if you have specific questions about your data, its deletion or your rights.

What are my rights?

You can contact us at any time if you have questions about your data protection rights or wish to assert your rights below:

    • Right to withdraw consent pursuant to Art. 7 (3) GDPR (e.g. you can contact us if you wish to withdraw consent you have previously given for a newsletter)
    • Right to information in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
    • Correction in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and we should replace the old e-mail address)
    • Deletion in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
    • Right to restriction of processing in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to use it to send essential e-mails)
    • Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data stored by us in a compressed format, e.g. because you want to make the data available to another website)
    • Objection pursuant to Art. 21 GDPR (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures specified here.
    • Right to lodge a complaint with the competent supervisory authority pursuant to Art. 77 (1) GDPR (e.g. you can also contact the data protection supervisory authority in your federal state directly with complaints:https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Deletion of data and storage duration

Unless otherwise stated, we will delete your data as soon as it is no longer required, e.g. your e-mail address after you have unsubscribed from our newsletter. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract. Certain data may have to be stored for longer for legal reasons. You can of course request information about the stored data at any time.

Visit the website

If you merely wish to browse our website, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website, first and foremost:

  • IP address (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
  • Approximate location based on IP range (e.g. Berlin & surrounding area)
  • Internet provider (e.g. Vodafone Kabel Deutschland or Deutsche Telekom)
  • Date and time (e.g. 11:45 on 25.05.2018)
  • Last visited website (e.g. google.de)
  • Browser (e.g. Chrome or Safari)
  • Operating system (e.g. Mac OS)
  • Hardware (e.g. Intel processor)

As a protective measure for your privacy, we delete or anonymize the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and is only used for anonymous, statistical purposes to optimize our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing a connection and the correct, error-free display of our website. The IP address and the aforementioned technical data are required to display the website, to avoid display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures and in accordance with the European data protection requirements under Art. 6 para. 1 lit. f) GDPR.

Registration on the website

You also have the option of registering on our website and then logging in with a user account at any time. The following data is required to register with us:

  • Company name
  • First/last name
  • Address
  • Contact details (such as telephone number, business e-mail address)

As a protective measure, the data you enter is transmitted via an encrypted connection, just like the rest of the website. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the requested data is to create a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements of Art. 6 para. 1 lit. a) GDPR.

Registration in topi Hosted Checkout

As part of the ordering process, it is necessary to register as a customer in topi Hosted Checkout. You can then log in with a user account at any time. The following data is required to register with us:

  • Company name
  • First/last name
  • Invoice address
  • Delivery address
  • Contact details (such as telephone number, business e-mail address)
  • Sales tax ID (optional)

As a protective measure, the data you enter is transmitted via an encrypted connection, just like the rest of the website. After successful confirmation, your data will be stored until you decide to delete individual data or the entire user account. The purpose of the requested data is to create a user account for the use of extended functions on the website. Registration is voluntary and can be revoked or the user data deleted at any time. The legal basis is your consent in accordance with the European data protection requirements of Art. 6 para. 1 lit. a) GDPR.

Registration in the topi portal

In order to view and manage your rental devices, we offer you the option of logging into our customer portal. We need your e-mail address for this. You will then receive a code by e-mail which you can use to log in.

As a protective measure, the data you enter is transmitted via an encrypted connection. Your data will be stored until you decide to delete it. The purpose of the requested data is the management of your rental equipment and the use of other functions (e.g. viewing invoices). The legal basis is the mutual fulfillment of the contract in accordance with the European data protection requirements of Art. 6 para. 1 lit. b) GDPR.

Contact form for dealers

You have the option of contacting us via our contact form. You can provide us with the following data:

  • Company name
  • First name/last name
  • E-mail address
  • Subject line
  • Message

As a protective measure, contact is made via an encrypted connection, just like the rest of the website. Once contact has been successfully established and the contact request completed, your data will be deleted immediately. The sole purpose of the data requested is to make contact or communicate with you, which is why the data is only used for this purpose. The legal basis is the so-called legitimate interest, which has been examined for the pursuit of the purpose and in the context of the aforementioned protective measures and in accordance with the European data protection requirements from Art. 6 para. 1 lit. f) GDPR.

Contact lists

You have the option of entering your e-mail address in our contact list. The data from this list is forwarded to the service provider Webflow for processing and merged into a "contact list". The service provider HubSpot then receives the collected data. As a security measure, the data you provide is transmitted via an encrypted connection. The service providers HubSpot and Webflow are US companies. In order to ensure a level of data protection comparable to the European standard, we have concluded an order processing agreement with each of the service providers and undertake to comply with the terms of the standard contractual clauses as an additional guarantee. Further information can be found here in HubSpot's privacy policy and Webflow's privacy policy. The purpose of the data requested from the waiting list is to check which services can be made available to the corresponding customer. The legal basis is your consent in accordance with the European data protection requirements of Art. 6 para. 1 lit. a) GDPR.

Fraud prevention

In order to protect ourselves and our customers from fraud attempts, we use the service provider SEON Technologies Kft (SEON) from Hungary, among others. In order to carry out effective fraud prevention, the following service data is collected:

  • Name
  • Cell phone number
  • E-mail address
  • IP address

As a protective measure, the data you enter is transmitted via an encrypted connection. The purpose of the data requested is to be able to create a fraud assessment that is as reliable as possible. The data is stored in the European Union. Further information can be found in SEON's privacy policy. The legal basis is the so-called legitimate interest, which has been examined for the pursuit of the purpose and in the context of the aforementioned protective measures and in accordance with the European data protection requirements under Art. 6 para. 1 lit. f) GDPR.

Identity and credit check

As part of the ordering process, we will pass on your data to service providers for an identity and credit check in order to check and grant a credit line. This involves the data entered during registration, which is compared with the service provider's databases. The service providers we use are the following companies:

  • CRIF GmbH, Friesenweg 22, 22763 Hamburg, Germany
  • Creditreform Berlin Brandenburg, Wolfram GmbH & Co KG, Karl-Heinrich-Ulrichs-Str. 1, 10787 Berlin, Germany
  • Creditsafe Deutschland GmbH, Schreiberhauer Str. 30, 10317 Berlin, Germany
  • finAPI GmbH, Adams-Lehmann-Str. 44, 80797 Munich, Germany
  • Kreditschutzverband von 1870, Wagenseilgasse 7, 1120 Vienna, Austria
  • Ondato UAB, Lvivo g. 25-104, 09320 Vilnius, Lithuania
  • Provenir (UK) Limited, 76 Charlotte Street, London W1T 4QS, United Kingdom
  • Schufa Holding AG, Kormoranweg 5, 65201 Wiesbaden

The credit checks may include probability values (score values), which are calculated on the basis of scientifically recognized mathematical-statistical procedures and also include address data in their calculation. If the legal requirements are met, we also transmit information about payment delays or any bad debt losses to credit agencies cooperating with us.

The purpose of the aforementioned procedures is to check and grant an individual credit line in order to ensure that you are provided with the desired product and that payment is made correctly. The legal basis is the legitimate interest that has been examined for the pursuit of the purpose and in the context of the aforementioned protective measures and in accordance with the European data protection requirements under Art. 6 para. 1 lit. f) GDPR. In addition, this credit check is necessary for the establishment and execution of the contract concluded with us.

Use of payment service providers

If you wish to rent a device from one of our partners, we will ask for further data required for order and payment processing. This data is treated confidentially and is only processed by us, the payment service provider and the shipping service provider. At least the following data is required for this:

  • Company name
  • First name / surname
  • Address
  • Contact details (such as telephone number, business e-mail address)
  • Payment data (IBAN, BIC, credit institution)

We use the following payment service providers for the payment process:

  • GoCardless SAS, 7 Rue de Madrid, 75008 Paris France
  • Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, Grand Canal Dock Dublin, D02 H210, Ireland

As a protective measure, the data you enter is transmitted via an encrypted connection, just like the rest of the website. The purpose of the requested data is order and payment processing in order to provide you with the desired product. The legal basis is the mutual fulfillment of the contract in accordance with the European data protection requirements of Art. 6 para. 1 lit. b) GDPR.

Trade-in provider

At the end of the rental period, topi devices can be sold to a trade-in provider. In this case, the items will be sent directly by you to our trade-in provider without us having to take the rented equipment back from you at the end of the rental period. For this purpose, the trade-in provider receives the following personal data in order to be able to send you shipping labels and packaging material if necessary. This is the following data:

  • First and last name
  • Name of the company
  • Collection address
  • E-mail address
  • Serial number of the rented device
  • Product designation (type, model, capacity, etc.)

The legal basis for processing and forwarding this data to the trade-in provider is Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the continued use of the rental items after the end of the rental period.

The trade-in providers that receive the personal data for the above-mentioned purposes are the following companies:

  • Gebrauchtmacs.de GmbH, Bettinghauser Weg 6, 59505 Bad Sassendorf, Germany
  • AfB gemeinnützige GmbH, Carl-Metz-Straße 4, 76275 Ettlingen, Germany

Newsletter

If you are interested in news about our company or our product, you can subscribe to our newsletter. You will then receive an e-mail in which you must click on a link to confirm that you wish to receive the newsletter. We will then store your e-mail address until you unsubscribe from the newsletter. You will find a link to unsubscribe in every newsletter e-mail. The newsletter is delivered by HubSpot Inc.

As a protective measure, we request the so-called "double opt-in" to ensure that the e-mail address entered actually belongs to you. Furthermore, we have concluded a data protection contract (order processing) with the commissioned service provider. You also have the option of unsubscribing from the newsletter at any time and thus deleting your e-mail address from the service provider's database. The purpose of data collection is to send the newsletter to your business e-mail address in order to comply with your request for news about our company or our products. The legal basis is your consent in accordance with the European data protection requirements under Art. 6 para. 1 lit. a) GDPR.

Newsletter tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, we can recognize whether and when an email was opened by the recipient and which links in the email were accessed. Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. This personal data will not be passed on to third parties. You are entitled to revoke the separate declaration of consent given via the double opt-in procedure at any time. After revocation, this personal data will be deleted by us. Unsubscribing from the newsletter is automatically interpreted as a revocation.

Applications

We collect and process the personal data of applicants for the purpose of handling the application process. To process the applications, we use the service provider Greenhouse Software Inc, 228 Park Ave. S PMB 14744 New York, New York 10003-1502, US(Greenhouse). Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents by e-mail or via a web form.

If an employment contract is concluded, the transmitted data will be stored for the purpose of implementing the employment relationship - in compliance with the statutory provisions. If no employment contract is concluded, the application documents will be (automatically) deleted no later than six months after the end of the application process, provided that deletion does not conflict with our legitimate interests or you have not given your explicit consent to longer storage (applicant pool).

As a protective measure, the data you provide is transmitted via an encrypted connection. The service provider Greenhouse is a US company. In order to ensure a level of data protection comparable to the European standard, we have concluded an order processing contract with the service provider and undertake to comply with the terms of the standard contractual clauses as an additional guarantee. Further information can be found in Greenhouse's privacy policy.

We also ensure that only the persons entrusted with the application process have access to your application documents. We also ensure that the data is always deleted, as described above. The purpose of the data requested is to carry out the application process and the associated recruitment decision. The legal basis for the processing is the decision on the establishment and implementation of an employment relationship pursuant to Art. 6 para. 1 lit. b), Art. 88 GDPR in conjunction with Section 26 BDSG.

Cookies and other technologies

Our website sometimes uses so-called cookies. Cookies are small text files that are usually stored in a folder in your browser. Cookies contain information about the current or last visit to the website:

  • Name of the website
  • Expiration date of the cookie
  • Any value

If cookies do not contain an exact expiration date, they are only stored temporarily and automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date remain stored even if you close your browser or restart your device. Such cookies are only deleted on the specified date or when you delete them manually.

  • We use the following three types of cookies on our website:
    • Required cookies (we need these, e.g. to display the website correctly for you and to temporarily store certain settings)
    • Functional and performance-related cookies (these help us, for example, to evaluate technical data of your visit and thus avoid error messages)
    • Advertising and analytics cookies (these ensure that, for example, advertisements for shoes are displayed if you have previously searched for shoes)

You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. 

When you visit our website, content from third-party providers who provide these functions and content is loaded. As a result, the third-party provider receives the information that you have accessed our site, as well as the usage data technically required in this context. 

The legal basis for the use of cookies/tracking and analysis by third-party providers is consent in accordance with Art. 6 (1) (a) GDPR, which we obtain via the consent banner when you visit the website. The third-party providers we use and therefore recipients of the associated personal data are as follows

  • Chatbase
    Chatbase, operated by Chatbase.co Inc Chatbase, 4700 Keele Street, 215 Bergeron Centre, Toronto, ON, Canada, M3J 1P3. As a merchant, you have the option of using our AI chatbot. This is used to provide information and answer general questions. No personal data is processed beyond the use of the chatbot. If the chatbot does not have an answer, you can also contact us by email. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in Chatbase's privacy policy.
  • Cloudflare
    Cloudflare, operated by Cloudflare Germany GmbH, Rosenthal 7, c/o Mindspace, 80331 Munich. This is the hosting provider of our website. Depending on your location, the data is processed either within the European Union or the USA. Further information can be found in Cloudflare's privacy policy.
  • Google Analytics and Google Tag Manager
    Google Analytics and Google Tag Manager, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This is a tool that provides us with information about the use of our website by users. We use this data to make improvements to our website. Depending on your location, the data is usually processed in the USA. Further information can be found in Google's privacy policy.
  • Google Fonts
    Google Fonts, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), is a collection of fonts from Google to visually improve the typeface. To make this possible, a request is sent to domains such as fonts.googleapis.com or fonts.gstatic.com, which contains your IP address for technical reasons. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in Google's privacy policy.
  • HubSpot
    HubSpot, operated by HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. This is a program (CRM tool) that supports the management and maintenance of all customer relationships from initial contact to live integration. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in HubSpot's privacy policy.
  • LinkedIn
    LinkedIn, operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. LinkedIn is a professional networking platform that allows users to connect with others in their industry, discover job opportunities, share content and showcase their skills and work experience. Depending on your location, data is processed either within the European Union or the USA. Further information can be found in LinkedIn's privacy policy.
  • Segment.io
    Segment.io, Inc. (part of Twilio, Inc.), San Francisco, CA 94105, is a platform for the management of customer data. Depending on your location, the data is stored either in the European Union or the USA. Further information on this can be found in Twilio's privacy policy.
  • SEON
    SEON, operated by SEON Technologies Kft, Rákóczi út 42, 1072 Budapest, Hungary. This is a program that supports us in fraud prevention. The data is stored in the European Union. Further information on this can be found in SEON's privacy policy.
  • Webflow
    Webflow, operated by Webflow Inc, 398 11th Street, 2nd Floor, San Francisco, CA 94103, is an online editor platform for the creation of our website. Depending on your location, the data is stored either in the European Union or the USA. Further information on this can be found in Webflow's privacy policy.
  • Zapier
    Zapier, operated by Zapier, Inc, 548 Market St. 62411, San Francisco, CA 94104-5401, is a program that makes it possible to link various applications, such as the contact list and newsletter dispatch. Depending on your location, the data is stored either in the European Union or the USA. Further information on this can be found in Zapier's privacy policy.
  • Zendesk
    Zendesk, operated by Zendesk GmbH c/o TaylorWessing, Neue Schönhauser Straße 3 - 5, 10178 Berlin. This is a program (CRM tool) that supports the management and maintenance of all customer relationships from initial contact to live integration. Depending on your location, the data is stored either in the European Union or the USA. Further information can be found in Zendesk's privacy policy.

We have concluded data processing agreements with all external recipients in order to comply with European legal requirements. Depending on your location, some of the above-mentioned service providers - if specified - will also transfer your data to the United States. The European Court of Justice has ruled that the United States has an equivalent level of data protection. In order to meet all requirements, we have concluded additional data processing agreements called standard contractual clauses. We also check every service provider together with our data protection officer and ensure that additional security measures are available, such as strong data encryption.

Automated decision-making in individual cases

In the context of establishing contractual relationships, we use fully automated decision-making within the meaning of Art. 22 para. 1 GDPR, taking into account the creditworthiness data transmitted by credit agencies and the score value determined by our own analyses for the detection of abuse and fraud. This is necessary for the conclusion of the contract within the meaning of Art. 22 para. 2 lit. a) GDPR: Automated decision-making enables greater consistency and fairness, the risk of non-payment due to lack of solvency, abuse or fraud is minimized and we can make decisions within shorter timeframes and increase our efficiency. All of this is essential in our high-volume and time-critical online business. We may therefore automatically reject your order based on the creditworthiness determined or the probability of abuse or fraud. If you do not agree with our decision, you can us in writing or by e-mail to support@topi.eu and explain your point of view. An employee will then review the decision again, taking your point of view into account, and correct it if necessary.

Status of the privacy policy: February 2025