Data Privacy
Privacy Policy of Tacto Technology GmbH in accordance with the GDPR. The controller responsible for data protection is Tacto Technology GmbH, Sandstraße 33, 80335 Munich, Germany. Data subjects may contact the Data Protection Officer at any time with questions regarding data protection at datenschutz@tacto.ai.
The controller responsible for data protection is:
Tacto Technology GmbH
Sandstraße 33
80335 Munich, Germany
Email: datenschutz@tacto.ai
Data subjects may contact the Data Protection Officer at any time with questions regarding data protection at the above address.
2.1 Legal Bases for Processing Personal Data
Personal data is collected and processed in accordance with the EU General Data Protection Regulation (GDPR) and European as well as national data protection laws.
Legal bases are:
2.2 Storage and Deletion of Data
Personal data is only stored for as long as the purpose of storage requires. After the purpose ceases to apply, the data is deleted or processing is restricted. European and national retention periods may require longer storage.
2.3 Recipients of Data
Personal data is only shared with service providers, business partners, and third parties in accordance with applicable data protection laws.
Web Hosting by Webflow
Our Tacto website and thus your data are hosted, among others, by Webflow Inc., 11th Street 398, 94103 San Francisco, CA. Webflow may only access data within the scope of instructions (commissioned processing). Webflow is certified under the EU-U.S. Data Privacy Framework and ensures an adequate level of data protection. Further information: https://webflow.com/legal/dpa
Other categories of recipients:
As a data subject, you have the following rights:
Right of Access: You may request information about the processing of your data at any time (Art. 15 GDPR).
Right to Rectification: Inaccurate or incomplete data may be corrected (Art. 16 GDPR).
Right to Restriction of Processing: You may request restriction of processing (Art. 18 GDPR).
Right to Erasure: You may request deletion of personal data, provided the legal requirements are met (Art. 17 GDPR).
Right to Notification: In the event of rectification, erasure, or restriction of processing, recipients must be notified (Art. 19 GDPR).
Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (Art. 20 GDPR).
Right to Object: You may object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR).
Objection to Advertising: In the case of direct marketing, you may object at any time (Art. 21(2) GDPR).
Objections can be sent to: datenschutz@tacto.ai
Right to Withdraw Consent: Consent may be withdrawn at any time with future effect (Art. 7 GDPR).
Right to Lodge a Complaint: You may file a complaint with a data protection supervisory authority, particularly in your Member State.
We have implemented appropriate physical, technical, and administrative security measures to protect personal data against loss, misuse, alteration, or destruction. Service providers are contractually obligated to maintain confidentiality. All website visits are conducted via a secure TLS connection. Data transmission is TLS-encrypted.
This privacy policy may be updated from time to time to reflect legal requirements or changes to our services. Last updated: April 25, 2024.
Each time the website is accessed, the following data is automatically collected:
This data is stored in log files, generally not together with other personal data.
Legal basis: Art. 6(1)(1)(f) GDPR
Purpose: Website delivery, optimization, functionality, and IT system security. No analysis for marketing purposes.
Retention period: Data is only processed as long as necessary for the collection purpose. For system security reasons, data may be retained until misuse, security, or disruption incidents are resolved.
2.1 General
Cookies are small text files stored on end devices. Tracking pixels are invisible 1x1 pixel images for tracking events. Device and browser fingerprinting attempts to identify website visitors based on specific browser settings.
Legal bases:
Technically required cookies cannot be disabled without compromising functionality. External content cookies (maps, videos) can optionally be disabled but may limit functionality. Marketing cookies for statistical collection and optimization are optional.
2.2 Consent Management Platform – Finsweet
Processing company: Finsweet Inc., Harbor Rd Merrick 2774, 11566-4608 NY, United States
Data processing purposes: Cookie management, compliance with legal obligations, storage of consent.
Technology used: Cookies, Local Storage, JavaScript
Data collected: Consent ID, consent type, date and time of consent, device information, browser information (HTTP agent, HTTP referrer, browser type, language, version, resolution), anonymized IP address, log file data, processor ID, opt-in and opt-out data, JavaScript objects, user/visitor inputs and settings.
Legal basis: § 25(2) No. 2 TTDSG, Art. 6(1)(c) GDPR. Processing location: Worldwide. Transfer to third countries: Yes.
Privacy policy: https://finsweet.com/privacy
2.3 Objection/Revocation
Users may delete or disable cookies at any time through browser settings. Full cookie deactivation may cause functionality limitations. Cookie settings can be adjusted directly on the website via the cookie banner.
2.4 Third-Party Services
Dreamdata collects, merges, and cleanses B2B revenue-related data to provide transparent analyses of marketing and sales effectiveness.
Processing company: Dreamdata.io ApS, Kalvebod Brygge 39-41, 1560 Copenhagen, Denmark
Data processing purposes: Marketing tracking. Technology used: Cookies, JavaScript, Local Storage, tracking pixels, device and browser fingerprinting.
Data collected: Time spent on site, date and time of request, geographic location, user behavior (mouse movements, keystrokes), pages visited, referrer URL, source URL, device information, cookie ID, smartphone ID, device type, device operating system, browser type, browser settings, browser information.
Legal basis: § 25(1) TTDSG, § 25(2) TTDSG, Art. 6(1)(a) GDPR, Art. 6(1)(f) GDPR. Processing location: European Union/EEA. Transfer to third countries: No.
Privacy policy: https://dreamdata.io/privacy-policy
Advertising service for placing ads in Google Search, YouTube, and other websites. Data transmission occurs regardless of whether a Google user account exists. If an account exists, data may be linked. Cross-device tracking is possible.
Processing company: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland (EEA and Switzerland) / Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (outside EEA and Switzerland)
Data processing purposes: Display of relevant advertising, analytics, prevention of click fraud, creation of statistics. Technology used: Cookies.
Data collected: Viewed and displayed ads, cookie ID, date and time of visit, device information, geographic location, IP address, search terms, Publisher Provided Identifiers (PPID), Ad ID (within mobile applications), impressions, browser information (type, language).
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Retention period: IP address anonymized after 9 months. Cookie and personal identifiers anonymized or deleted after 18 months.
Data recipients: Alphabet Inc., Google LLC, Google Ireland Limited. Transfer to third countries: United States, Singapore, Taiwan, Chile.
Privacy policy: https://business.safety.google/adsprocessorterms/
Conversion tracking records what happens after a click on a Google Ads advertisement when users subsequently visit our website. It measures whether users perform certain actions after clicking an ad (orders, contact requests).
Processing company: Google Ireland Limited / Google LLC (as above)
Data processing purposes: Measurement of advertising success (conversion tracking), analysis of advertising campaigns. Technology used: Cookies, tracking pixels, tracking code (tags and code snippets).
Data collected: Browser type, clicked advertising, cookie ID, browser language, user behavior (clicks, newsletter sign-ups, other actions), date and time of visit, IP address, web request, referrer URL.
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Privacy policy: https://business.safety.google/adscontrollerterms/
With remarketing, users are targeted with interest-based advertising on other websites in the Google Display Network based on their interactions.
Processing company: Google Ireland Limited / Google LLC (as above)
Data processing purposes: Display of interest-based advertising in the Google Display Network, tracking of user behavior. Technology used: Cookies.
Data collected: Duration of visit, IP address, pages visited, content of interest, website usage, referrer URL, Ad ID (for mobile apps), date and time of visit, device information, browser information (type, language).
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Privacy policy: https://business.safety.google/adscontrollerterms/
Web analytics service for measuring advertising ROI and tracking user behavior with websites and applications.
Processing company: Google Ireland Limited / Google LLC (as above)
Data processing purposes: Marketing, analytics. Technology used: Cookies, tags (JavaScript code snippets), pixels, browser fingerprinting.
Data collected: Click path, date and time of visit, hostname, browser language settings, browser type, screen resolution, Flash/JavaScript support info, additional browser information, device used, operating system, additional device information, visitor interactions, user behavior, URL of visited website, referrer URL, pages visited, IP address, location information.
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Retention period: Depends on the type of stored data and individual customer settings. Each Google Analytics customer determines the retention period.
Opt-out: https://tools.google.com/dlpage/gaoptout
Data recipients: Alphabet Inc., Google LLC, Google Ireland Limited. Transfer to third countries: United States, Singapore, Taiwan, Chile.
Privacy policy: https://business.safety.google/adsprocessorterms/
Collection of fonts for commercial and personal use. Fonts are embedded locally, not via API. No connection to Google servers, no data processing.
Integrated map service. Data transmission occurs regardless of whether a Google user account exists. If an account exists, data is attributed. Google may use data for product improvement.
Processing company: Google Ireland Limited / Google LLC (as above)
Data processing purposes: Display of maps. Technology used: API.
Data collected: Location information, date and time of visit, IP address, URL, usage data, search terms, latitude/longitude coordinates.
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Note: Map display cannot be used if disabled.
Privacy policy: https://policies.google.com/privacy
Checks whether data is entered by humans or automated programs. Google uses data for improvement and security. Data is not used for Google advertising.
Processing company: Google Ireland Limited / Google LLC (as above)
Data processing purposes: Bot protection, spam protection, detection of fraudulent activities (automated attacks). Technology used: Cookies, script tags, code snippets.
Data collected: Browser language, browser plug-ins, device information (language, location, OS), click path, date and time of visit, IP address, user behavior (mouse movements, keystrokes), time spent on a page, user inputs.
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Privacy policy: https://policies.google.com/privacy
Tag management system for centrally integrating tags via a user interface. Tags are small code sections for activity tracking. According to Google, GTM does not process personal data itself.
Processing company: Google Ireland Limited / Google LLC (as above)
Data processing purposes: Tag management. Technology used: Tags. Data collected: Aggregated data on tag firing.
Legal basis: § 25(2) TTDSG, Art. 6(1)(f) GDPR. Processing location: European Union, United States, Singapore, Taiwan, Chile.
Privacy policy: https://policies.google.com/privacy
Web analytics service for collecting data on user behavior. May process information provided by users in surveys and feedback features. Stores information in pseudonymized user profiles.
Processing company: Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta. Hotjar processes as a data processor. Data processing agreement pursuant to Art. 28 GDPR concluded.
Data processing purposes: Analytics, feedback. Technology used: Cookies, scripts.
Data collected: Device type, unique device identifiers, device screen resolution, operating system, anonymized IP address, geographic location (country only), browser type, mouse movements, mouse position on website, clicks performed, keystrokes (automatically suppressed in input fields), date and time of access, pages visited, referrer URL, domain, unique user identifier (UUID), language information, user inputs in surveys.
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: Worldwide.
Retention period: Visit data usually retained for 365 days, then automatically deleted. Survey and feedback data may be retained longer.
Opt-out: https://www.hotjar.com/de/legal/policies/do-not-track/
Data recipients: Hotjar Ltd., Amazon Web Services EMEA SARL, Datadog Inc., Functional Software, Inc. Transfer to third countries: United States.
Privacy policy: https://www.hotjar.com/legal/policies/privacy/
Service for conversion tracking and retargeting. Tracks user interactions after ad clicks. Retargeting shows personalized advertising based on collected data. LinkedIn insights do not allow linking to individual profiles without consent.
Processing company: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Data processing purposes: Marketing, analysis of marketing activities, retargeting of website visitors, conversion tracking, cross-device tracking, measurement of advertising campaign success. Technology used: Cookies, JavaScript code, pixels (event-specific).
Data collected: Device type, device ID, operating system, additional device information, browser type, installed browser add-ons, additional browser information, proxy server used, IP address (truncated or hashed for cross-device tracking), website URL, referrer URL, timestamp, user behavior on website, LinkedIn profile information (profile, employer, title, industry, country, job), LinkedIn usage data (search history, feed, content read, connections, groups, pages, videos).
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: Worldwide.
Retention period: LinkedIn member identifiers removed within 7 days. Pseudonymized data deleted after 180 days.
Data recipients: LinkedIn Ireland, LinkedIn Singapore, Microsoft companies, additional LinkedIn subsidiaries. Transfer to third countries: United States, Singapore, China.
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Tracking technology by Meta. Tracks interactions ("events") after ad clicks ("conversion"). Based on tracked events, Custom Audiences can be created. Conversions API enables retargeting. Meta may use data for its own purposes (product improvement, R&D).
Processing company: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (EU/EEA) / Meta Platforms, Inc., 1601 Willow Rd, Menlo Park, CA 94025 (all other countries)
Data processing purposes: Marketing, analytics, retargeting, conversion tracking, personalized advertising. Technology used: Cookies, pixels.
Data collected: Displayed ads, viewed content, operating system, device ID, additional device information, geographic location, HTTP headers, website storage location, interactions with advertising, services, and products, IP address, clicked elements, marketing information, pages visited, pixel ID, usage data, referrer URL, user behavior, Facebook user ID, Facebook cookie information, usage/click behavior, user agent (browser, email, newsreader), browser type, additional browser information.
Legal basis: § 25(1) TTDSG, Art. 6(1)(a) GDPR. Processing location: Worldwide.
Retention period: Interactions stored for a maximum of 2 years.
Data recipients: Meta Platforms Inc., Meta Platforms Ireland Limited. Transfer to third countries: United States, Singapore.
Privacy policy: https://www.facebook.com/privacy/explanation
Connection between website and Facebook. Enables "Like" button, "Share" function, and content embedding (posts, videos, comments). The browser establishes a direct connection with Meta servers. Plugin content is transmitted directly by Meta.
Meta receives information regardless of whether the user has an account or is logged in. If Meta cookies exist, Meta can read cookie information. For Facebook accounts, interactions can be attributed to the account and displayed to other members.
Meta may use data for its own purposes (product improvement, conducting advertising). Meta plugins: https://developers.facebook.com/docs/plugins