Privacy Policy

General Information

This Privacy Policy explains how Taktile GmbH, and its affiliates (“Taktile” “we” “us” and “our”) collect, use, share and process Personal Data, defined by the General Data Protection Regulation (GDPR) as “any information related to an identified or identifiable natural person” and that Taktile uses to manage the business and business relationships with customers, users, visitors, applicants, event attendees, etc.”

Under the prerequisite that we act as Controller, this Privacy Policy applies when you:

- visit our website,

- access or use any of our applications, including our cloud environment,

- register and/or attend to any events hosted or attended by Taktile,

- contact our customer support,

- do business with us, or

- otherwise interact or communicate with us.

These services are hereinafter collectively referred to as the “Services”.

If you decline to provide your Personal Data or ask us to delete it, you may not be able to access or use the Services. If you are a candidate for potential employment with Taktile, the dedicated Privacy Policy for the application process can be found in Section 4.5.

Name of Controller and Data Protection Officer

When we refer to “Taktile” or “we” in this Privacy Policy, we mean the Taktile entity that is responsible for the means and purposes of the processing and therefore acts as the Controller of your Personal Data, as follows: 

Taktile GmbH if you are located outside North America and for all website activities
Address: Taktile GmbH, Schönhauser Allee 9, 10119 Berlin, Germany
Legal representative: Maik Taro Wehmeyer
Contact details of Data Protection Officer: datenschutzbeauftragter@datenschutzexperte.de 

Taktile, LLC, if you are located in North America
Address: Brookfield Place, 200 Vesey Street, New York, NY 10281
USA Legal representative: Maik Taro Wehmeyer
Contact: privacy@taktile.com

Any requests or questions related to data protection may be addressed to privacy@taktile.com, phone: +49 89 250039222.

The operational data protection officer can be reached as follows:

PROLIANCE GmbH
Leopoldstraße 21, 80802 Munich, Germany
datenschutzbeauftragter@datenschutzexperte.de

Definitions

Our Privacy Policy should be simple and understandable for everyone. For this reason, our Privacy Policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

Data Categories

The categories of data we process depend on your interactions with us and may include one or more of the following data categories.

Contact Data

Taktile processes the following categories of Personal Data as contact data: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers, and your relationship history with Taktile.

Personal data related to the business relationship with Taktile

In the context of established business relationships, Taktile may process the business partners company name, industry, size of the organization, your job title and role, department and function and your company’s relationship history with Taktile. When you register to use our Services, we may collect your Personal Data (like name and contact details).

Personal Data related to statutory law or regulation

If required by statutory law or regulation, Taktile may process the following data categories: geolocation, business partners’ names and addresses, IP addresses, business partner relevant information about significant litigation or other legal proceedings, and other custom compliance relevant information.

Data generated through your use of Taktile’s website

When you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during a running connection for communication between your internet browser and our web server:

- visited domain

- the date and time of the request

- page from which the file was requested

- access status (file transferred, file not found, etc.)

- the web browser, system language, operating system and device type used

- IP address of the requesting computer

- the amount of data transferred

We collect the listed data to ensure a smooth connection to the website and to enable a comfortable use of our website. In addition, the log file serves the purpose of evaluating system security and stability, as well as providing administrative functions. The legal basis for the temporary storage of data or log files is Art. 6(1)(f) GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

Form to Obtain Offers

We provide a webform on our website for you to contact us and request a demo of our services. The transfer of Personal Data via the webform is encrypted. If you make use of the form, the entered data will be transferred to us and stored. These data are: email address, first and last name as well as your phone number if you enter it voluntarily. The following data will also be stored at the time the message is sent: date and time.

The data will only be processed within the scope of the specified purpose - sending a demo access and contacting via email or telephone. The legal basis for processing the data, which are transmitted in the course of sending an email, is the performance of pre-contractual measures or a contract pursuant to Art. 6(1)(b) GDPR or your consent pursuant to Art. 6(1)(a) GDPR.

Your Personal Data will be deleted as soon as they are no longer required for the purpose for which they were collected. The collected Personal Data will be deleted as soon as the demo access has been sent and contact via email or phone was established or unsuccessful. Data will only be continuously processed if they are necessary in the context of an initiation and completion of a contract, respectively for the fulfilment of resulting contractual measures.

Recruiting and Onboarding

We collect application relevant documentation provided by candidates. In general, this includes name, surname, e-mail address, address, phone number, a cover letter and the CV and a link to the applicant’s LinkedIn profile or website. Moreover, certain information can be provided for self-identification under local US law (gender, race or ethnicity, veteran status, disability). Do disregard this section unless it is required by local law.

Depending on whether your application is successful, we need further information to enter into an agreement/employment relationship with you. This may be: date of birth, bank account details, insurance number, work-permits, disabilities if legally required under local law etc. We will also conduct automated checks against applicable sanctions-party lists.

Please do not include in your CV and cover letter information about political opinions, religious beliefs, and similar sensitive data. They are not required for your application.

The legal basis for data processing activities during the recruitment process is the respective national employment law or Article 6(1)(b) GDPR (i.e., the processing is necessary for entering into or the performance of a contract with you).

If you provide any information in relation to e.g. referees, you are responsible for obtaining their consent and ensuring that they are aware that their details can be forwarded.

Where we obtain publicly available information about you from business- and employment-oriented social networks or websites the legal basis is Art. 6(1)(f) GDPR. Our legitimate interests follow from the fact that we wish to conduct a proper assessment of an applicant.

When we do a video interview with you it might happen that we ask for a recording. We will always ask for your consent whether to record or not, pursuant to Article 6(1)(a) GDPR. Please note – whether you consent is totally up to you. You have the right to revoke your consent at any time without reasons with effect for the future.

Taktile uses an applicant tracking system and recruiting software for its hiring process. It is used to coordinate the application process, to monitor the status of applications and to communicate with candidates and within the team. Only Taktile employees who are involved in the application process for the respective position have access to the candidate’s data.

If you’re based in Germany, your applicant data will be deleted by us six months after the end of the respective application procedure, unless you have been hired by us. This is necessary for the burden of proof in the event of a legal claim based on the German General Equal Treatment Act (AGG).

Personal Data received by third parties, including publicly available sources

Taktile generally aims to collect Personal Data directly from the data subjects. If you or applicable law allows Taktile to do so, Taktile may obtain Personal Data also from third party sources. These third-party sources may include:

- your employer in the context of its business dealings with Taktile,

- third parties you directed to share your Personal Data with Taktile,

- third party sources and publicly available sources like business-oriented social networks or information brokers.

When we collect Personal Data from third party sources, established internal controls aim to ensure that the third-party source was permitted to provide this information to Taktile and that we may use it for this purpose. Taktile will treat this Personal Data according to this Privacy Policy, plus any additional restrictions imposed by the third party that provided the Personal Data to Taktile or by applicable national law.

Contact via email

If you send us requests via email, your details from the email, including the contact data you have provided there, will be stored for the purpose of processing the request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR and, if applicable, Art. 6(1)(b) GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your Personal Data at any time in the case of Art. 6(1)(f) GDPR.

Origin of Data

In most cases, you provide the Personal Data directly to us by accessing our websites or by registering and/or using the Services. We may also obtain Personal Data from your employer in the context of providing the Services or from third party suppliers, social networks, or partners. To enable collection of data we might use cookies, web beacons or similar technologies (see additional information provided in our Cookie Declaration).

Purposes for Processing

We use the Personal Data collected as described in this Privacy Policy, as specified in any agreement that incorporates this Privacy Policy, or as disclosed to you in connection with the Services. We do not carry out any statistical evaluation of a data subject’s behavior (profiling); in particular, there is no automated decision-making (see Art. 22(1) and (4) GDPR and Art. 6(1)(b) GDPR). 

Providing the requested service 

We process your Personal Data to fulfill our contractual obligations to you, including to:

- provide and deliver products and services (including updates thereto);

- operate and improve our operations, systems, products and services; 

- understand your preferences to enhance your experience; and

- provide service and support, such as sending confirmations, invoices, technical notices, updates, security alerts and administrative messages and providing customer support and troubleshooting.

Comments and questions 

If you contact us via our website, via email or in any other way, we process your Personal Data to understand and respond to your request and to provide customer service. In such circumstances, your request might be internally forwarded to the responsible department at Taktile.

Sales & Marketing activities 

We may use your email address for direct advertising, to communicate news about upcoming events, products, and services, and for surveys. We also use your email address, which we receive in connection with the sale of a product or service, for direct advertising of products or services similar to the ones you ordered. Our marketing emails permit you to opt-out of receiving further communications by selecting the “unsubscribe” link. In addition, you may opt-out from marketing communication at any time by contacting privacy@taktile.com.

Statistics 

To improve performance of the Services, to assess and improve the customer and user experience, to identify future opportunities for development of the Services, and to assess capacity requirements, we may analyze aggregated, anonymized or statistical information based on Personal Data.

Security and Compliance 

We may analyze your Personal Data to maintain the security of the Services and facilities, to enforce our terms and conditions, to protect against, investigate and deter fraudulent, unauthorized, or illegal activity and to avoid and detect attacks on our website or applications or misuse of our Services.

How Taktile Shares Information

We do not sell your Personal Data to third parties. Your Personal Data will not be passed on to third parties unless

- we have explicitly indicated this in the description of the respective data processing;

- you have given your explicit consent in accordance with Art. 6(1)(a) GDPR;

- the disclosure pursuant to Art. 6(1)(f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an outright interest worthy of protection in not disclosing your data;

- that a legal obligation exists for the transfer pursuant to Art. 6(1)(c) GDPR; and

- this is required under Art. 6(1)(b) GDPR for the processing of contractual relationships with you.

With Taktile Companies

Taktile may transfer customer and user Personal Data to other Taktile entities in the U.S. and worldwide for the purposes outlined in this Privacy Policy. Taktile protects Personal Data per this Policy wherever it is processed and takes appropriate measures to protect Personal Data under applicable laws, including implementing the European Commission’s standard contractual clauses and relying on the European Commission’s adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.

With Service Providers

We also use external service providers, which we have carefully selected and commissioned in writing, to carry out the Services. They are bound by our instructions and are regularly checked by us. With which we have concluded data processing agreements in accordance with Art. 28 GDPR, if necessary. These are service providers for web hosting, sending emails and maintaining our IT systems, etc.

A user’s Personal Data may be accessed, stored, transferred to and processed in countries other than the country in which the person resides. As an internationally operating company, Taktile processes Personal Data in countries outside the European Economic Area (“EEA“), including the United States of America. These countries may have data protection laws that differ from the laws of the country where the person resides. We have taken adequate security precautions to ensure that such Personal Data remains protected in accordance with this Policy and we have established adequate mechanisms to protect Personal Data in agreements with Taktile’s service providers such as the use of standard contractual clauses of the EU Commission in accordance with Art. 46 (2)(c) GDPR.

With Competent Authorities

Taktile may share customer and user Personal Data when believed, in good faith, that Taktile is: (i) responding accordingly to authorized requests by law enforcement agencies, regulators, courts, and other public authorities; (ii) comply with any law, regulation, subpoena, or court order; (iii) investigate and assist in preventing security threats, fraud or other criminal or malicious activity; (iv) enforce/protect the rights and properties of Taktile and its affiliates; or (v) protect the rights or personal safety of Taktile’s and its affiliates’ employees, and third parties on or using Taktile property in line with the requirements of applicable law.

Legal Basis for Processing Information

Taktile only uses customer and user Personal Data in a lawful, apparent, and reasonable manner. Taktile relies on the following legal bases:

- consistent with user-specific, revocable consents in accordance with Art. 6(1)(a) GDPR;

- to prepare, enter into or fulfill a contract in accordance with Art. 6(1)(b) GDPR, as necessary;

- to comply with legal obligations, in accordance with Art. 6(1)(c) GDPR, as necessary;

- to protect customer and user vital interests or those of others; and

- as necessary for Taktile’s legitimate interests in accordance with Art. 6(1)(f) GDPR, such as customer management, to facilitate and evaluate the use of online properties, business operations, marketing and advertising (if applicable), research, development or security.

Cookies

We use session-based and persistent “cookies” and similar technologies such as web beacons to increase user-friendliness and compile information about the usage of our websites and applications. Cookies are created either by us (first-party cookies) or by third-party providers determined by us (third-party cookies). See Taktile’s Cookie Declaration for detailed information on Taktile’s use of cookies when providing the Services.

Data Security

In accordance with Art. 32 GDPR and having regard to the latest state of the art, the costs of implementation, the type, scope, circumstances and purpose of the processing as well as various probabilities of occurrence and severity of risks for rights and freedoms for natural persons, we take suitable technical and organizational measures in order to guarantee an appropriate level of protection. This website uses SSL-encryption for safety reasons and in order to secure the transfer of confidential content. However, as no electronic transmission or storage of information can be entirely secure, we can make no guarantees as to the security or privacy of your information. Our staff who may have access to your information are required to keep that information confidential.

Data Retention

Your Personal Data will be deleted upon your request or as soon as it is no longer required to achieve the purpose for which the Personal Data has been collected, namely, to provide the requested Services. If legal regulations apply the duration of the storage of Personal Data may be determined by the relevant legal retention periods (e.g. from commercial law and tax law). After expiry of the respective period, the corresponding data is routinely deleted. 

Your Rights and Choices

You have the right to

- request information about your Personal Data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of Personal Data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if they have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information regarding their details.

- immediately request the correction of incorrect or incomplete Personal Data stored by us in accordance with Art. 16 GDPR.

- request the deletion of your Personal Data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

- pursuant to Art. 18 GDPR, to demand the restriction of the processing of your Personal Data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

- receive your Personal Data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible in accordance with Art. 20 GDPR.

- complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of work or usual residence.

- revoke consent granted at any time with effect for the future pursuant to Art. 7 para. 3 GDPR. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation.

At your request, and as required by law, Taktile will:

- inform of what Personal Data is on file;

- amend or correct Personal Data or any previous privacy preferences the customer or user selected; and/or

- delete Personal Data.

To exercise your rights, please contact Taktile via privacy@taktile.com. Taktile uses reasonable efforts to delete Personal Data as required and retains records necessary to comply with governmental authority or applicable federal, state, or local laws. Where legally permitted, Taktile may decline to process requests that are excessively repetitive or methodical, require unreasonable technical effort, or risk the privacy of others.

If Taktile is unable to resolve your concerns, users have the right to contact their local data privacy supervisory authority or seek a remedy through the courts if the users believes his or her requests to exercise privacy rights have not been honored.

Right of Objection

If your Personal Data is processed by us on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your Personal Data in accordance with Art. 21 GDPR, insofar as this is for reasons resulting from your particular situation. If the objection is directed against the processing of Personal Data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.

If you would like to make use of your right of withdrawal or objection, simply send an email to privacy@taktile.com.

California Privacy Rights

This section provides additional details about the Personal Data we collect about California residents and the rights afforded to them under the California Consumer Privacy Act or “CCPA.” We are extending the same rights to all residents of the U.S. For a description of all of our data collection, use and disclosure practices, please read this Privacy Policy in its entirety. For purposes of the CCPA, the defined term “Personal Data” is the same as the term “Personal Information” as such term is defined in the CCPA. For more details about the Personal Data, we have collected over the last 12 months, including the categories of sources, please see respective sections above. We collect this information for the business and commercial purposes described above. We share this information with the categories of third parties described above. We do not sell, as such term is defined in the CCPA, the Personal Data we collect and will not use it without providing a right to opt out. However, we do use third-party cookies for our advertising purposes as further described in our Cookie Declaration. Further, we sometimes share Personal Data with our partners, or they share your Personal Data with us, but only if you have consented to have such information be shared. Subject to certain limitations, the CCPA provides you the right to request to know more details about the categories or specific pieces of Personal Data we collect (including how we use and disclose this information), to delete your Personal Data, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights. In addition, Taktile does not have actual knowledge that it sells or shares Personal Data of users under 16 years of age.

You may make a request pursuant to your rights under the CCPA by contacting us at privacy@taktile.com. We will verify your request using the information associated with your account (if any), including email address. Government identification may be required. You can also designate an authorized agent to exercise these rights on your behalf.

Subject to Alterations

We reserve the right to change this Privacy Policy at any time in accordance with the law. In this way, we can adapt it to current legal requirements and take changes in our services into account, e.g. when introducing new services. The most current version applies to your visit. If we materially change the ways in which we use or share personal data previously collected from you, we will notify you through the website, by email, or other communication.

Last update: 31 October 2023