Status: January 2025
The following information tells you what happens to your personal data when you visit our website. Personal data is all data with which you can be personally identified.
The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the applicable data protection regulations, in particular the provisions of the General Data Protection Regulation (GDPR) and this privacy policy.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible when using electronic services.
Name and Contact Details of the Person responsible
The person responsible for data processing is:
Trinity Management Systems GmbH
Hansaallee 154
60320 Frankfurt am Main
Germany
Phone: +49 69 95 11 17 0
E-mail: info@trinitytms.com
The external data protection officer can be contacted via :
SCHIEDERMAIR Beratungsgesellschaft für Datenschutz mbH
Eschersheimer Landstraße 60
60322 Frankfurt am Main
E-mail: .info@schiedermair-datenschutz.com
Use of Cookies on the Website
Cookies are used on the website. Cookies do not damage your computer and do not contain viruses. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
When you visit our website, you will be informed about the use of cookies via a cookie consent management tool. Technically necessary cookies are required for the operation of the website and the provision of functions. This applies, for example, to the language selection. They cannot be deactivated. Other cookies for the purpose of analysing usage and displaying advertisements are only used if you have given your consent. The Cookie Consent Management Tool is a service provided by Borlabs GmbH, Hamburg. A technically necessary Borlabs cookie is set to save your cookie consent. The Borlabs cookie does not process any personal data. You can access the Cookie Consent Management Tool at any time via "Cookie Settings" and revoke your consent and change settings.
You can also set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the purposes described above for the use of technically necessary cookies. When using cookies for analysis and marketing purposes, the legal basis for data processing is your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
Google Tag Manager
We use Google Tag Manager on our website. The provider of the service for the European region is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Tag Manager is a tool that we use to integrate and organise statistical or marketing services on our website. The Google Tag Manager itself does not collect any data, does not create any user analyses or profiles and does not use cookies. It is only used to manage and display the tools integrated via it.
The Google Tag Manager records the IP address you use, which - in abbreviated form - can also be transmitted to the Group company, Google LLC, based in the USA. Google LLC (Menlo Park, California, USA) is certified to participate in the EU-U.S. Data Privacy Framework.
The Google Tag Manager is used on the basis of your consent in accordance with Section 25 (1) TDDDG, Art. 6 (1) (a) GDPR.
Google Ads
Subject to your consent, we use the online advertising programme Google Ads. This service enables us to run online campaigns via the Google search engine and to control and analyse them using specific search terms. The provider of Google Ads for Europe is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
Google Ads uses cookies to analyse the success of online campaigns. In this context, we receive a summary of, among other things, whether and at what time our website is visited via Google campaigns, which end devices are used, as well as the gender, age group and rough locations of users. This data is not assigned to specific users.
The group headquarters Google LLC is certified to participate in the EU-U.S. Data Privacy Framework.
The legal basis for the use of Google Ads is your consent in accordance with § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR.
Usage Analysis via Matomo
Subject to your consent, we use the open source software tool Matomo on our website to analyse the surfing behaviour of our users. The software places a cookie on the user's computer. If individual pages of our website are accessed, the following data is stored:
- Two bytes of the IP address of the user's calling system
- The website called up
- The website from which the user accessed the website (referrer)
- The subpages that are accessed from the accessed website
- The time spent on the website
- The frequency of visits to the website.
The service runs exclusively on the servers of our website. Users' personal data is only stored there. The data is not passed on to third parties. We have configured the service so that the IP addresses are not stored in full, but 2 bytes of the IP address are masked. In this way, it is no longer possible to assign the shortened IP address to the calling computer.
The legal basis for the processing is your consent in accordance with § 25 para. 1 TDDDG, Art. 6 para. 1 lit. a GDPR.
The processing of the data enables us to analyse the usage behaviour of website visitors. By analysing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.
The data is deleted as soon as it is no longer required for our recording purposes. The deletion takes place after 15 months.
Provision of the Website and Creation of Server Log Files
Each time you visit our website, information is automatically recorded in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address.
This data is not merged with other personal data of users.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The temporary storage of the data, including the IP address, is necessary for the delivery and functionality of the website. We also use the data for the technical optimisation of the website and to ensure the security of our information technology systems. In this context, the data is not evaluated for usage behaviour or marketing purposes. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. This is usually the case when the session ends, but at the latest after seven days.
The collection of data is absolutely necessary for the operation of the website. Therefore, there is no possibility to object.
Contact Form and Contact by E-mail or Telephone
If you send us enquiries via the contact form, email or telephone, the data you provide in the enquiry form or by email or telephone, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. At the time of sending an enquiry via our contact form on the website, your IP address and the date and time are also stored.
The legal basis for the processing of the data is the protection of our legitimate interests, Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in processing your enquiry and - when using the contact form - in preventing misuse of the form and ensuring the security of our information technology systems. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The sole purpose of data processing is to process your enquiry.
The data you provide will remain with us until the purpose for data storage no longer applies. This is the case when the processing of your enquiry, i.e. the conversation with you, has finally ended, unless you have consented to the further storage of your data, for example for the purpose of contacting you at a later date, or the deletion is prevented by mandatory statutory retention obligations, for example due to an ongoing contractual relationship. The data collected when you send the contact form will be deleted after a period of seven days at the latest.
You have the option to object to the processing of your data with effect for the future. In such a case, the processing of your enquiry cannot be continued in case of doubt. You can send your objection to us using the contact options provided.
Registration on this Website
You can register on our website in order to use additional functions and offers from us. The data provided via the input form will be stored by us. At the time of registration, your IP address and the date and time are also stored.
If the registration serves the implementation of pre-contractual measures or the fulfilment of a contract, e.g. participation in an event, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Otherwise, the legal basis is Art. 6 para. f GDPR. Our legitimate interest lies in the fulfilment of the offer you have requested or in the provision of the function you have requested. The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.
Sending of Information, Newsletters
If we have received your e-mail address in connection with the sale of our services, we will send you information about similar services and offers from us. You can object to this use of your e-mail address at any time without giving reasons with effect for the future, without incurring any costs other than the transmission costs according to the basic rates.
We will obtain your separate consent to send you additional information or a regular newsletter by e-mail. If you register for our newsletter, we will verify your e-mail address as part of a so-called double opt-in procedure. For this purpose, you will receive an e-mail in which you can confirm the accuracy of the e-mail address provided and your consent to receive the newsletter.
To send information, we use the services of Pipedrive OÜ, Tallinn, Estonia, which operates in accordance with our instructions on the basis of an order processing contract. Pipedrive uses pixels to process so-called opening and click rates in order to find out whether the emails arrive, can be opened and which actions are carried out after the emails are opened. We receive statistical overviews of this tracking from Pipedrive, without any personal reference.
The legal basis for data processing is our legitimate interest in direct marketing, Art. 6 para. 1 lit. f GDPR in conjunction with. § Section 7 (3) of the Act against Unfair Competition. If we obtain your consent to receive information and/or our newsletter, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time, for example via a corresponding link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation. The processing of opening and click rates is also permitted to safeguard our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, as this ensures the delivery of our emails and high delivery rates. It is not possible to deactivate the opening and click rates. However, you can object to receiving our emails at any time with effect for the future via the contact options mentioned and the unsubscribe link in each email.
The data we have stored will be stored by us until you unsubscribe from the newsletter distribution list or object to receiving information by e-mail. Data stored by us for other purposes remains unaffected by this.
Social Media
Social Media Plugins with Shariff
Plugins from social media are used on our pages (XING, LinkedIn).
You can usually recognise the plugins by the respective social media logos. To ensure data protection on our website, we only use these plugins together with the so-called "Shariff" solution. This application prevents the plugins integrated on our website from transferring data to the respective provider the first time you enter the website.
A direct connection to the provider's server is only established when you activate the respective plugin by clicking on the corresponding button. As soon as you activate the plugin, the respective provider receives the information that you have visited our website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign the visit to our website to your user account.
We use plugins from LinkedIn (service provider for the European region: LinkedIn Ireland Unlimited Company, Dublin, Ireland) and XING (service provider: New Work SE, Hamburg, Germany). In the case of LinkedIn, data transfer to countries outside the EU, in particular to the USA, cannot be ruled out. In some of these third countries, there is no level of data protection comparable to that in the EU, or confirmation of the adequacy of the level of data protection is dependent on other requirements, such as certification under the EU-U.S. Data Privacy Framework in the USA. The corporate headquarters LinkedIn Corporation, California, USA, is certified to participate in the EU-U.S. Data Privacy Framework.
Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy and at https://www.linkedin.com/legal/cookie-policy and at XING at https://privacy.xing.com/de/datenschutzerklaerung.
Our Presence on Social Media
You can find us on various social media channels. When you visit one of our social media sites, the respective provider processes your data in order to create statistical analyses and to operate and improve its own services and offers. In some cases, data processing takes place regardless of whether or not you are registered and logged in to the platform you are visiting.
Some providers provide us with evaluations of the use of our websites, which we can use to analyse our offers and the needs of our users. For this purpose, the reach of our posts, the number of views of our videos and the development of our subscriber numbers are analysed. We receive the analyses completely without personal reference. The anonymised data summarised according to groups/categories includes Age, gender, users' place of residence (country and region/city), time and location of use, total number of users of individual functions/areas, interactions (e.g. comments, click rate, views, shares), video usage duration, devices used, operating systems, software, usage history (referring web offers), language, interests/topics accessed.
Anonymised evaluations are updated daily and made available for an evaluation period including the previous day.
We have no influence on whether and to what extent the service providers collect personal data. We are also unaware of the scope, purpose and storage period of data collection. It must be assumed that at least the IP address and device-related information is collected and used. It is also possible that the operators use cookies and similar technologies with which the usage behaviour on the platforms and other services of the provider can be tracked and evaluated.
Please note that some social media providers are based outside the EU and the European Economic Area (EEA), in particular in the USA, and that some of these countries do not have an adequate level of data protection or that confirmation of the adequacy of the level of data protection is dependent on further requirements (e.g. certification of participation in the EU-U.S. Data Privacy Framework). We cannot rule out the possibility that, even if social media providers are based in the EU, personal data may also be transferred to group companies in the USA or another country outside the EU or the EEA and/or stored on servers in the USA or another country outside the EU or the EEA. In some third countries, for example in the USA, public authorities have far-reaching access rights to data from companies based in these third countries.
Insofar as we receive statistical analyses from the individual providers of the social media channels about the use of our websites, we and the respective provider of the social media channel are jointly responsible for these associated data processing operations.
Further information on the providers of social media channels where we maintain a profile:
LinkedIn: The service provider for the European region is LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland). Further information on data protection can be found in LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy and in the cookie policy at https://www.linkedin.com/legal/cookie-policy. For the processing operations for which we are jointly responsible with LinkedIn, the following joint responsibility agreement applies: https://legal.linkedin.com/pages-joint-controller-addendum. The corporate headquarters LinkedIn Corporation, California, USA, is certified under the EU-U.S. Data Privacy Framework.
XING: The service provider is New Work SE (Am Strandkai 1, 20457 Hamburg). Further information on data protection can be found at https://privacy.xing.com/de.
Integration of Videos via YouTube
From time to time, you can watch videos on our website that are integrated via YouTube. The provider of the services for the European region is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
When you access a website with an embedded video, YouTube automatically processes system data about the device you are using and the browser you are using (IP address, browser type used, device information, operating system used).
We use YouTube in extended data protection mode, with which videos are embedded via the "nocookies" domain. According to YouTube, this mode means that YouTube does not use cookies for user tracking, i.e. it does not store any information about visitors to this website. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube can establish a connection to the Google DoubleClick network when a video is opened.
After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is in the interest of an appealing presentation of our offers and a secure retrieval of video material on our website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR
The system data is transmitted solely for the purpose of providing the videos you have retrieved.
We do not store any personal data in connection with the integration and display of videos via YouTube.
You can find further information on data protection at YouTube in their privacy policy at: https://policies.google.com/privacy?hl=de. It cannot be ruled out that Google will also process your data in the USA. The corporate headquarters Google LLC, California, USA, is certified under the EU-U.S. Data Privacy Framework.
Applications
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. Depending on the information you provide, your documents may also contain special categories of data in accordance with Art. 9 GDPR.
If we do not enter into an employment relationship with you, but would like to keep your documents for other future vacancies in order to contact you, we will obtain your express consent to keep your application documents.
The legal basis for this is § 26 Federal Data Protection Act (BDSG), Art. 6 para. 1 lit. b GDPR. If you consent to the longer storage of your application documents, Art. 6 para. 1 lit. a GDPR is the legal basis for data processing.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.
We process your data to determine your suitability for the position for which you have applied and to contact you.
If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored for a maximum of three months after completion of the application process.
After the retention period has expired, the data will be deleted unless there is a statutory retention obligation or another legal reason for further storage. If it is evident that it will be necessary to store your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted once it has become irrelevant. Other statutory retention obligations remain unaffected.
Automated Decision-making including Profiling
We do not use any means of automated decision-making, including profiling.
Your Rights
Revocation of your Consent to Data Processing
Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to Object (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Right to lodge a Complaint with the Competent Supervisory Authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint is without prejudice to any other administrative or judicial remedy. The supervisory authority responsible for us is: The Hessian Data Protection Officer, Wiesbaden, e-mail: Poststelle@datenschutz-hessen.de
Right to Data Portability
In accordance with Art. 20 GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
Right to Information, Erasure and Rectification
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of data processing (Art. 15 GDPR) and, if applicable, a right to rectification (Art. 16 GDPR) or erasure of this data (Art. 17 GDPR) at any time. You can contact us or our data protection officer at any time at the address given in the legal notice if you have any further questions on the subject of data processing.
Right to Restriction of Processing
In accordance with Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice.