It must be..

Data Privacy

Data privacy

TLGG Consulting GmbH (“TLGG Consulting”) takes the protection of personal data very seriously and ensures compliance with the data protection regulations by both the company and external service providers. In the following, we inform you of how we will process your personal data and about the claims and rights that you have in accordance with the data protection regulations. Personal data means any information relating to an identified or identifiable person (“Personal Data“).

The terms used in this Data Privacy Statement have the meanings attached to them in the General Data Protection Regulation (“GDPR“).

  1. Who is responsible for the processing of the Personal Data and how can I contact TLGG’s data protection officer?

The controller of the Personal Data is:

TLGG Consulting GmbH

Paul-Lincke-Ufer 39-40

10999 Berlin


If you have questions regarding data privacy, you can contact our data protection officer at any time at the following address:

  1. In what way do we collect and process Personal Data and what is the purpose and legal basis for this?

We will collect and process your Personal Data for the purposes mentioned in this Data Privacy Statement, in particular to offer you access to our website, add you to our emailing list and give you access to our job offers.

  1. Legal bases

1.1 Consent, Art. 6 (1) (a) GDPR

If you have given us your consent to the processing of Personal Data for specific purposes, such processing is lawful based on your consent. This consent can be withdrawn at any time with future effect.

Please note that any withdrawal will only have future effect. It does not affect any processing that has taken place before the withdrawal.

For your withdrawal, please use the contact details provided at Section I. above.

1.2 Weighing of interests, Art. 6 (1) (f) GDPR

To the extent this is necessary, we will process your data also to protect our legitimate interests or that of a third party. Examples include:

  • Advertising or market and opinion research, unless you have objected to the use of your data
  • Assertion of legal claims and defence in legal disputes
  • Guaranteeing IT security
  • Crime prevention and detection
  • Business management measures and development of products and services

1.3 Legal obligations, Art. 6 (1) (c) GDPR or public interest, Art. 6 (1) (e) GDPR

Where we are under a legal obligation to process your data, processing will take place also on that basis. This may, for instance, include obligations to produce proof to a tax office or other public authority.

  1. Visits to this website

If you use our website exclusively for information purposes, we will, for the purpose of the system security of temporary connection data by means of so-called log files, collect and use only those data that your internet browser sends us automatically. These data include:

  • Date and time of your access to our website;
  • the browser type you use;
  • the browser settings;
  • the operating system you use;
  • the page you have visited previously;
  • the amount of data transmitted and the access status (e.g., file transferred, file not found etc.);
  • the loading time of our website; and
  • your IP address.

We only store pseudonymised IP addresses of visitors to our website. At the web server level, this is done by storing in the log file, as standard, an IP address 123.123.123.XXX if, for example, the actual IP address of the visitor is, where XXX is a random value between 1 and 254. The address can thus not be related to an individual.

We collect and use these data to enable you to use our website, to improve our internet offering and for statistical and marketing purposes.

The basis for the processing of your Personal Data for these purposes is our legitimate interest (Art. 6 (1). (f) GDPR). Our legitimate interest results from the purposes of data collection itemised above.

The data specified above will be deleted automatically after one month.

Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person. In addition to this, we use cookies and analysis services when you visit our website. More detailed information about this is provided in Sections II.5 and II.6 of this Data Privacy Statement.


  1. Contact form and newsletter using Typeform

To provide contact forms and also to send newsletters and emails, we use the “Typeform” service, an emailing platform of the Spanish service provider TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 – Barcelona (Spain). This allows us to offer you a simple option to contact us.

For this purpose, Typeform will process the following Personal Data:

  • Email address*
  • Given name*
  • Surname*
  • Company name*
  • Function*

Mandatory information is marked with an asterisk (*).

Typeform is the recipient of your Personal Data and works for us as a processor. The processing of the data specified in this section will be stored exclusively for the purpose of transmitting and replying to requests. The mandatory information is used to assign and reply to your request.

In addition to this, Typeform collects the following Personal Data with the help of cookies: Information about your terminal device (IP address, device information, operating system, browser settings). Furthermore, usage data will be collected, such as date and time of your use of the contact form. Typeform needs these data to ensure the display of the contact form and its functionality. This is covered by Typeform’s legitimate interest (in accordance with Art. 6 (1) (f) GDPR) and serves the purpose of performing the contract, i.e., the handling of your request (in accordance with Art. 6 (1) (b) GDPR). More information is available at

More information about your options of objection and elimination and the complete Typeform data privacy statement are available at

Typeform in turn uses the support of its subsidiary TYPEFORM US LLC (370 Brannan Street, San Francisco, CA 94107, United States of America) and of other sources. Where Typeform transfers your Personal Data to Typeform US LLC, this is done based on the EU Standard Contractual Clauses agreed between Typeform and Typeform US LLC (Art. 46 (2) GDPR).

With the help of Typeform, we can analyse our email dispatch. When you open an email sent via Typeform, a file contained in the email (so-called web beacon) connects to the Typeform servers. In this way, it can be detected whether an email message was opened and which links have been clicked, if any. Moreover, technical information is collected (e.g., time of retrieval, IP address, browser type and operating system). This information cannot be assigned to the individual email recipient. It is used exclusively for the statistical analysis of the email dispatch. The results of these analyses can be used to better match dispatched emails with the interests of the recipients.

The legal basis for this processing is your consent given in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your Personal Data at any time. For the withdrawal, you can use the contact options mentioned in Section I. of this Data Privacy Statement. Your data will be processed as long as the appropriate consent is available. The declaration of withdrawal does not affect the lawfulness of any previous processing. Data that we store for other purposes will not be affected by this. The same goes for data to which longer storage periods apply for legal reasons.

  1. Contact form and newsletter via Mailchimp

We use Mailchimp, a service provided by The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA 30308 USA (“Mailchimp”) to provide contact forms and to send newsletters and emails. This allows us to provide you with an easy way to contact us and to contact registered newsletter recipients directly. In addition to this, we analyse your user behaviour to optimise our offer.

For this purpose, we transmit the following Personal Data to Mailchimp or it is processed by Mailchimp:

Email address
Given name
Company Name

Mailchimp is the recipient of your Personal Data and works for us as a processor. The processing of the data specified in this section is not prescribed, neither by contract nor by law. Without your consent and the transmission of your Personal Data, we cannot send any e-mails or  newsletters to you.

In addition to this, Mailchimp collects the following Personal Data with the help of cookies and other tracking methods: Information about your terminal device (IP address, device information, operating system, browser ID, information about the application you use to read your emails and other information about hardware and internet connection. Furthermore, usage data will be collected, such as date and time when you open the email/campaign and browser activities (e.g., which emails/websites were opened). Mailchimp needs these data to ensure the security and reliability of the systems and compliance with the terms of use and to prevent misuse. This is covered by Mailchimp’s legitimate interest (in accordance with Art. 6 (1) (f) GDPR) and serves the purpose of performing the contract (in accordance with Art. 6 (1) (b) GDPR). Moreover, Mailchimp will evaluate performance data, such as email delivery statistics and other communication data. This information will be used to prepare usage and performance statistics of the services.

In addition to this, Mailchimp will collect information about you from other sources. In a period of time and to an extent not further specified, Personal Data will be collected via social media and other third-party data providers. We have no influence on this process.

More information about your options of objection and elimination vis-à-vis Mailchimp is available at

The legal basis for this processing is your consent given in accordance with Art. 6 (1) (a) GDPR. You can withdraw your consent to the processing of your Personal Data at any time. All messages sent contain a link for doing this. For the withdrawal, you can also use the contact options mentioned. The declaration of withdrawal does not affect the lawfulness of any previous processing.

Your data will be processed as long as the appropriate consent is available. Apart from this, they will be deleted when the contract between us and Mailchimp is terminated, unless continued storage is required due to legal regulations.

Mailchimp has implemented compliance measures for international data transfers. They apply to all activities worldwide where Mailchimp processes Personal Data of natural persons within the EU. These measures are based on the Standard Contractual Clauses (SCC). More information is available at

  1. Cookies

We use cookies on our website. Cookies are text files which our web server sends to your browser in the context of your visit to our website and which your browser stores on your terminal device for retrieval at a later time.

You can make settings in your browser yourself to determine whether cookies can be placed and retrieved. For example, you can completely deactivate the storing of cookies in your browser, limit storage to specific websites or configure your browser to automatically notify and ask you for confirmation when a cookie is about to be placed. However, this may result in some of the functions of our websites being impaired and no longer being fully functioning.

We use technically necessary cookies that are necessary for operating the website. They ensure functions without which you would not be able to use the website as intended.

The legal basis for the processing is our legitimate interest in providing a functioning website and thus the result of a weighing of interests in accordance with Art. 6 (1) (f), first sentence, GDPR.

Moreover, we use optional cookies for the purpose of website analysis and tracking. The analysis and tracking tools used on this website and the optional cookies associated with this are described in detail at No. 5.

We will use optional cookies only with your prior consent (Art. 6 (1) (a), first sentence, GDPR). When you visit our website for the first time, a banner is displayed asking you to give your consent to the use of optional cookies.

If you give your consent, we will store a cookie on your computer and the banner will not appear again for the lifetime of the cookie. After that, or if you actively delete that cookie previously, the banner will be displayed again upon your next visit to our website to obtain your consent again.


  1. Analysis and Tracking tools

The purpose of the tracking measures used by us and detailed below is to ensure a need-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically register the use of our website and to analyse that use for the purpose of optimising our offering and of displaying interest-based advertisements for you. Your Personal Data will be processed only on the basis of the consent you may have given us via our cookie pop-up in accordance with Art. 6 (1) (a), first sentence, GDPR and, in the case of international data transfer to a third country not providing sufficient guarantees, in accordance with Art. 49 (1) (a) GDPR. Where processing is based on your consent, you have the right to withdraw your consent at any time without this affecting the lawfulness of any processing done based on your consent prior to the withdrawal.


The individual purposes of the processing and the categories of Personal Data are presented below in connection with the relevant tracking tools:


Google Analytics


This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google“). Google Analytics uses so-called cookies which are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website (including the shortened IP address) is usually transmitted to and stored on a Google server, which may also involve transmission to the servers of Google LLC in the USA. The information is used to evaluate the use of the website, compile reports on the website activities and provide further services associated with website use and internet use for the purposes of market research and need-based design of this website. Such information may also be transmitted to third parties if this is required by law or a third party processes these data under a contract.


IP anonymization is activated on this website. This means that Google will – within the member states of the European Union and other contracting states of the Treaty on the European Economic Area – truncate your IP address prior to transmission to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated only there. This truncating makes it impossible to refer your IP address to a person. The IP address transmitted by your browser in the context of Google Analytics will not be linked with other data held by Google.


You can prevent the storage of cookies by making appropriate settings in your browser. However, please note that if you do this you may not be able to use the full functionality of this website.


In addition, you can prevent acquisition of the data generated by the cookie that relate to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing a browser add-on linked here.


As an alternative to the browser add-on, in particular in the case of browsers on mobile terminal equipment, you can prevent acquisition by Google Analytics by clicking on this link. An opt-out cookie will be set that prevents acquisition of your data in the future when you visit this website. The opt-out cookie is valid only on this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you need to set the opt-out cookie again.


For the case of transfer of Personal Data to the U.S.-based Google LLC, we have agreed EU Standard Contractual Clauses with Google that guarantee the safety of the Personal Data.


More information about data privacy in connection with Google Analytics can be found in the Google Analytics help and about Google data privacy in general at


Facebook Pixel (Website Facebook Custom Audiences /Conversion)

This website uses the so-called “Facebook Pixel” of Meta, the provider of the social network “Facebook”, for the following purposes:

Facebook (website) Custom Audiences

We use the Facebook pixel for remarketing purposes in order to be able to contact you again within 180 days. This enables us to display interest-based advertisements (“Facebook Ads”) to users of our website when they visit the social network “Facebook” or other websites also utilizing this tool. By doing so, we aim to only display advertisements that are of interest to you in order to make our website or offers more suitable for you.

Facebook conversion

We also use the Facebook Pixel to ensure that our Facebook Ads comply with the potential interest of our users and are not bothering. By using Facebook Pixel, we can track the effectiveness of Facebook Ads for statistical and market research purposes by learning if users were redirected to our website after clicking on a Facebook Ad (“conversion”).

Due to these tools, your browser automatically establishes a direct connection with the Facebook server as soon as you have agreed to the use of cookies in accordance with our cookie consent pop-up. Through the integration of the Facebook pixel, Meta receives the information that you have visited our website or clicked on an advertisement from us. If you are registered with a Facebook service, Meta can assign the visit to your account.
The processing of this data by Meta takes place within the framework of Meta’s data policy. Special information and details about the Facebook pixel and its functionality can also be found in the Facebook help area.

We are jointly responsible with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transfer of data in this process. This applies to the following purposes:

  • The creation of individualized or suitable ads, as well as for their optimization and
  • Delivery of commercial and transaction-related messages (e.g. via Messenger)

Insofar, the following processes do not fall under the joint controllership:

  • Processes that take place after the collection and transmission are within the sole responsibility of Meta.
  • The creation of reports and analyses in aggregated and anonymized form is carried out by Meta as a Processor and is therefore within our responsibility.

We have concluded a corresponding agreement with Meta for joint controllership, which can be accessed here: This agreement defines the respective responsibilities for complying with the requirements of the GDPR regarding joint controllership.

The contact details of the Controller and the data protection officer of Meta can be found here:

You may use Meta as a contact point for the exercise of data subject rights. However, this does not in any way limit any Rights of Data Subjects and their enforcement.

Additional information on how Meta processes personal data, including its legal basis and further information on the rights of data subjects can be found here: We transfer the data within the scope of joint controllership and while Meta is acting as Processor based on your consent provided by accepting the cookies via our Cookie pop-up pursuant to Art. 6 (1) a GDPR.

Information on the data security conditions can be found here. and on processing based on EU Standard Contractual Clauses can be found here:


The “Facebook Custom Audiences” function can be deactivated in the [COOKIE SETTINGS] and for users logged in at


  1. Social media

We operate corporate (fan) pages within social networks and in this context process Personal Data of the users to communicate with the users active there or to offer information about us.

We point out that in this process Personal Data of the users may be processed outside of the territory of the European Union. This may result in risks to the users because sometimes an adequate level of protection of Personal Data is not provided (e.g., in the USA) and this may make it difficult for users to enforce their rights.

Moreover, the Personal Data of the users may be processed within social networks for market research and advertising purposes. This makes it possible to create usage profiles, e.g., based on user behaviour and the resulting interests of the user. The usage profiles may in turn be used to place advertisements inside and outside of the social networks which presumably meet the user’s interests. For these purposes, cookies that store the user’s behaviour and interests are usually stored on the user’s computer. In addition to this, Personal Data may be stored in the usage profiles even independently of the terminal devices used by the user (primarily if the user is a member of the social network in question and is logged on to it).

For a detailed description of the respective processing activities and the opt-out options please see the data privacy statements and information provided by the operators of the respective social network.

The most effective way to request information and to assert rights of data subjects is directly with the providers because only the providers have in each case access to the data of the users and can directly take the appropriate measures and provide information. Of course, however, we will support you if you need help nevertheless.

Facebook: Jointly with Meta Platforms Ireland Ltd., we are responsible for the collection (but not the further processing) of data of the visitors to our Facebook page (so-called “fan page”). These data include information about the types of content that users view or interact with, or the actions they take (see under “Things that you and others do and provide” in the Meta data policy:, as well as information about the devices they use (e.g., IP addresses, operating system, browser type, language settings, cookie data; see “Device information” in the Meta data policy: As explained in the Meta data policy under “How do we use this information?”, Meta also collects and uses information to provide analytics services, so-called “page insights,” to website operators to help them understand how people interact with their pages and the content associated with them. We have concluded a special agreement with Meta (“Information about page insights”, which in particular defines the security measures that Meta must comply with and under which Meta has agreed to observe the rights of the data subjects (e.g., users can address their requests for information or erasure directly to Meta). The users’ rights (in particular the rights of access, to erasure, to object and to lodge complaints with a competent supervisory authority) are not restricted by the agreements with Meta. For more information go to “Information about page insights” (

Moreover, as the providers of the information service, we also process those data from your use of our service that you provide voluntarily on the fan page (e.g., in a comment) for the purposes of replying to your requests, communicating with you and publishing information concerning the contents offered on the Facebook pages or our company. The legal basis for the processing is Art. 6 (1) (b) and (f) GDPR. Our legitimate interest is to efficiently inform users, customers and interested parties and to communicate with them.

Being a joint controller with respect to the processing of Personal Data in the course of the provision of these contents on Facebook, we assure to act with the greatest possible degree of responsibility as regards the processing of Personal Data, in compliance with the other stated contents of this Data Privacy Statement. However, we also point out that we do not know the precise extent or content of the processing activities performed by Facebook and that we have no influence on them.

All details of the social network providers that we use are provided below:

  1. Processing of application data

In case of an application, we will process the Personal Data you voluntarily provide to us for the purpose of carrying out and handling the application process. The only recipients of the Personal Data are the members of our human resources department who are in charge of the application process and the members of the departments who are responsible for making a decision about the application and can forward your application to other group companies if you have addressed your application directly to these group companies or we believe that your application might be of interest to one of our group companies. The legal basis for this is Art. 6 (1) (b) GDPR.

We only acquire and use those Personal Data that are necessary in the context of our application processes or that enable us to inform you and/or to reply to your requests.

Specifically, this includes the following data of our applicants:

  • Identification data, such as surname, given name
  • Contact details, such as postal address, email address, telephone number
  • Application documents (curriculum vitae, reference letters, certificates and the like)
  • If applicable, information about severe disabilities or equality

If your application is rejected, the storage period will be six months, starting at the time of completion of the application process. This storage period is due to the possibility of claims being raised under the AGG [German General Act on Equal Treatment] and our associated legitimate interest of being able to defend ourselves against such claims. The legal basis for this is Art. 6 (1) (f) GDPR.

If you have given your consent freely to being included in our pool of candidates, we may, with your approval, also agree on a different time limit. You can withdraw your consent at any time with future effect. The legal basis for this is Art. 6 (1) (a) GDPR.

III. Who will have access to my data?

Your Personal Data will be transferred to any third party exclusively for the purposes specified above.

For the purpose of providing this website and to achieve other purposes of the processing mentioned in this Data Privacy Statement, your data will be transferred to technical service providers (e.g., hosting service providers, support, quality assurance or mail services) which, of course, we have carefully selected and commissioned in writing. These service providers are bound to our instructions, act on our behalf and are supervised by us on a regular basis.

Data will be transferred to any recipient outside of our company only if this is required by a statutory regulation, you have given your consent or we are authorised to provide information. Subject to these conditions, recipients of Personal Data may include:

  • Public bodies and institutions (such as supervisory authorities) if a legal or regulatory obligation exists.

However, unless otherwise regulated in this Data Privacy Statement, we will, apart from this, transfer your Personal Data to any third party only if you have given us your prior consent to this.

  1. Will data be transferred to a third country or an international organisation?

Except for the cases expressly mentioned in this Data Privacy Statement, data will be transferred to third countries (states outside of the European Economic Area (EEA)) only if you have given us your consent. Where our processors transfer data to a third country not having an adequate level of protection of Personal Data (such as the USA) and your consent to this is not available, this will be done exclusively on the basis of the EU Standard Contractual Clauses in accordance with Art. 46.2 (c) GDPR agreed between us and our processors and, if necessary, supplemented by additionally required safeguards for the protection of your Personal Data. The Standard Contractual Clauses of the European Commission can be found at

  1. For how long will my Personal Data be kept?

We will keep your Personal Data for as long as this is necessary to achieve the purposes of the processing specified in this Data Privacy Statement.

Specific statements in this Data Privacy Statement or legal requirements regarding the storage and erasure of Personal Data, in particular of Personal Data that we need to keep for reasons of tax law, remain unaffected.


  1. What precautions does TLGG Consulting take with respect to data security?

We have taken appropriate precautions to protect the Personal Data acquired against loss, misuse, unauthorised access, disclosure, alteration or destruction, which includes contractual, administrative, physical and technical measures. The technical measures include the use of firewalls and encryption technologies. You can recognise encrypted connections by the https:// prefix in your browser’s address bar.

Nevertheless, data transmission via the internet, in particular by email, or via other networks cannot be guaranteed to be 100% secure. Accordingly, we cannot guarantee the security of information that is transmitted via this website, although we strive to protect such information. Therefore, data is transmitted at your own risk.


VII. What rights do I have as a data subject?

  1. Right to information

You have the right to obtain from us on request at any time information about the Personal Data concerning you that we process, to the extent regulated in Art. 15 GDPR. You can send your request by post or email using the contact details provided in Section I. above.

  1. Right to rectification of inaccurate data

You have the right to obtain from us without undue delay the rectification of Personal Data concerning you if they are inaccurate. To assert your right, please use the contact details provided in Section I. above.

  1. Right to erasure

Subject to the conditions described in Art. 17 GDPR, you have the right to obtain from us the erasure of Personal Data concerning you. These conditions in particular provide for a right to erasure if the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and in cases of unlawful processing, objection, existence of an obligation to erase under Union or Member State law to which we are subject. To assert your right to erasure, please use the contact details provided in Section I. above.

  1. Right to restriction of processing

You have the right to obtain from us restriction of processing in accordance with Art. 18 GDPR. This right exists in particular if the accuracy of the Personal Data is disputed between the user and us, for the period of time necessary to verify accuracy, and in the case that the user demands restricted processing instead of erasure if a right to erasure exists; furthermore in the case that we no longer need the data for the purposes pursued by us but they are required by the user for the establishment, exercise or defence of legal claims and in the case that successful exercise of an objection is still disputed between the user and us. To assert your right to restriction of processing, please use the contact details provided in Section I. above.

  1. Right to data portability

You have the right to receive from us the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. To assert your right to data portability, please use the contact details provided in Section I. above.








  1. Information about your right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you which is based on Art. 6 (1) (f) GDPR, including profiling based on those provisions.

Furthermore, you can object at any time – without stating a reason – to the processing of your Personal Data for purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing.

To exercise your right to object, please use the contact details provided in Section I.


  1. Right to lodge a complaint

Furthermore, you have the right to lodge a complaint with a supervisory authority.

VIII. Am I under an obligation to provide data?

In the context of our business relationship, you only need to provide those Personal Data that are necessary to establish, maintain and terminate a business relationship or that we are required to collect by law. Without these data, we will usually have to refuse to conclude a contract or to execute an order or will no longer be able to perform, or may have to terminate, an existing contract.

Moreover, we are compelled to request additional data to provide pay services and, e.g., to process the payment method you wish to use.

To subscribe to our newsletter, we need your email address to be able to deliver the newsletter. We use a double confirmation procedure to confirm your email address when your register for our newsletter (double opt-in).

However, in compliance with the above, you are basically free to provide Personal Data.


  1. To what extent is automated decision-making used in an individual case?

Automated decision-making processes on the basis of Personal Data are not carried out.

  1. Links to other websites

In the case of links to other websites, we have no influence on and no control over the linked contents and the data protection regulations of the linked sites. We recommend checking the data privacy statements of any linked websites that you visit to find out whether and to what extent Personal Data are acquired, processed, used or made accessible to third parties.

  1. Current state of and changes to this Data Privacy Statement

This Data Privacy Statement is presently valid and its version is January 2022.

The further development of our website and the services offered on it, or changes of legislation or official requirements, may make it necessary to amend this Data Privacy Statement. The up-to-date Data Privacy Statement is available on our website at any time here: Data Privacy Statement