Privacy policy of TDSoftware GmbH

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. It is generally possible to use our website without providing personal data. If personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your express consent. We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible. We reserve the right to amend the content of this data protection notice from time to time. We therefore recommend that you read this document again at regular intervals.
TDSoftware-Logo
Written by
TDSoftware
July 21, 2025

Supplementary data protection notices apply to certain categories of data processing. Some of these are linked below.

  • Data protection notice for users of this website
  • Data protection notice for users of our video conferencing system
  • Data protection notice for applicants
  • Data protection notice for business partners of TDSoftware
  • Data protection notice for users of the TDSoftware LinkedIn fan page
  • Data protection notice for users of the TDSoftware Facebook fan page

Where necessary, we provide additional information on specific data processing operations at the relevant points, e.g. on certain forms. Please contact us if you have any questions, comments or concerns regarding this statement or our processing of your personal data.

1. General data protection notice

1.1 Who is responsible for data processing and who can I contact?

The responsible party within the meaning of the Datenschutz-Grundverordnung (DSGVO) is:

TDSoftware GmbH
Löbdergraben 29
07743 Jena
phone: +49 3641 6349688
Email: kontakt(at)tdsoftware.de

You can contact our data protection officer using the above contact details or by email at datenschutz(at)tdsoftware.de.

1.2 What data do we collect?

We typically process the following categories of personal data, among others:

  • Master data: name, address
  • Contact details: e.g. telephone number, e-mail address, any company affiliations
  • Contact preferences: e.g. preferred contact medium, advertising messages received
  • enquiries: e.g. offers, enquiries, expressions of interest, feedback
  • Customer data: e.g. correspondence, contracts, services, orders, joint appointments
  • Financial and payment data: e.g. bank account number, billing address, payments received
  • Application data: e.g. CV, references, cover letter, previous activities and positions in other organisations, education, professional qualifications, reference contact information, position preferences, salary expectations, interests and preferences, gender, marital status, age, information from publicly available sources, such as professional social media networks, all other information you provide to us, as well as any sensitive data such as origin, religion, health data and degree of disability, criminal convictions, sanctions from supervisory or professional organisations
  • device data: e.g. information about the devices you use to visit our website, such as the operating system used, browser type, language settings, IP address
  • Usage data: e.g. address of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version.

1.3 For what purposes do we collect, use and store this personal data?

We collect, use, store and process your personal data:

1.3.1 if you have given us your consent (Art. 6 Abs.1 lit.a DSGVO)

  • to receive information about TDSoftware offers by post, telephone, messenger or email.

If you give your consent to receive direct marketing, we always offer you the option to withdraw your consent.

1.3.2 to the extent necessary to fulfil contractual obligations and pre-contractual measures (Art. 6 Abs.1 lit.b DSGVO)

Processing your enquiries and contacting you in this regard, for example for specific, contract-related offers from TDSoftware, to decide on the establishment of an employment relationship in the case of job applications (the legal basis for this is Art. 6 Abs.1 lit.b DSGVO). In particular, we process the data you have sent us in connection with your application in order to assess your suitability for the position (or, if applicable, other open positions in our companies) and to carry out the application process, for example to execute an employment contract and for accounting purposes, or to contact you for these purposes by post, telephone, email or messenger service.

1.3. 3 insofar as the legitimate interests of us or third parties require it and no interests of data subjects worthy of protection prevail and you have not objected to the use (Art. 6 Abs.1 lit.f DSGVO)

  • for the purposes of maintenance, servicing and improvement of our IT systems and services, data protection control and data backup
  • to ensure data and operational security (visitor registration)
  • to uphold house rules, prevent criminal offences or collect evidence in the event of suspected criminal offences, video surveillance is carried out at some of our premises
  • to respond to other enquiries and complaints for internal administrative purposes
  • to photograph or film events
  • for the purposes of documentation and reporting, as well as for the possible publication of the recordings on our website, if applicable,
  • to detect, prevent or otherwise combat fraud, security deficiencies or technical problems,
  • to prevent or otherwise combat them, to provide law enforcement authorities with the information necessary for criminal prosecution in the event of suspected criminal offences.
  • to protect and safeguard our legitimate business interests, terms and conditions, and legal rights and obligations. This includes, among other things, the use of any personal data in connection with compliance, regulatory, audit and legal claims (including the disclosure of such information in connection with legal proceedings or disputes)
  • for direct marketing purposes outside the scope of consent, to the extent permitted by law. In connection with the sale of a service to you or your company, we may process your postal contact details outside the scope of specific consent in order to occasionally send you information about new offers (direct marketing). Under the legal requirements of § 7 Abs. 3 UWG, we are also entitled to use the email address you provided when purchasing a service for direct marketing of our own similar goods or services.

1.3.4 To the extent necessary to comply with a legal obligation (Art. 6 Abs.1 lit.c DSGVO)

  • for example to store the data collected for contract processing until the expiry of the statutory documentation and retention obligations, which also include the obligations to provide evidence regulated in Art. 5 Abs. 2 and Art. 7 Abs. 1 DSGVO.

1.4 Who receives your data?

1.4.1 Transfers to companies that provide services for us as processors

Your personal data will be disclosed to companies that provide services on our behalf in accordance with our instructions.

These are companies in the categories of IT services, including website hosts, (cloud) software providers, including Microsoft Corp., document processing, billing, data destruction, recruiting, and printing services.

When you communicate with us by e-mail, these e-mails are processed on cloud-based servers of our e-mail service provider Microsoft Corp. In this context, the processing of personal data in the so-called third country USA, i.e. outside the EEA, cannot be ruled out.

The EU Commission has recognised the level of data protection for certain companies from the USA as adequate (within the framework of the EU-US Data Privacy Framework) in its decision of 10 July 2023 pursuant to Art. 45 DSGVO. Microsoft Corp. has also been certified under the EU-US Data Privacy Framework.

1.4.2 Transfers to third parties

We will disclose your data to third parties if we are legally obliged to disclose your personal data or if we deem it necessary to protect the rights, property or safety of us, our customers or third parties. Transfers to authorities and/or law enforcement agencies are made to the extent required by law or when necessary to protect our legitimate interests in accordance with applicable laws.

Transfers to potential or actual purchasers of personal data are made in the event that TDSoftware GmbH sells one of its businesses or assets that contain personal data and this is legally permissible.

We will inform you separately about these transfers to third parties in accordance with Art. 13 - 14 DSGVO, for example in the context of consent given to us, insofar as this is required by law.

1.5 Am I obliged to provide data?

Within the scope of our business relationship, you must provide the personal data that is necessary for its initiation, implementation and fulfilment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to perform an existing contract and may have to terminate it.

1.6 How long do we store your data?

We only process and store personal data of data subjects for as long as the purpose pursued requires or is legally required. Commercial and tax law retention periods may prevent deletion. The retention and documentation periods specified therein are up to ten years. If the purpose for storage no longer applies or a statutory storage period expires, the personal data will be routinely deleted in accordance with the statutory provisions, unless it is required as evidence. We process applicant data for the duration of the application process. If your application is unsuccessful, we will store applicant data after notifying you of the rejection decision for as long as we need the data to clarify enquiries or disputes. As a rule, we delete your application data no later than 5 months after the end of the application process. If you have expressly consented to us considering your application for future job vacancies, your data may also be stored for a correspondingly longer period.

1.7 What data protection rights do you have?

Every person affected by our processing of personal data has the right to information under Art. 15 DSGVO, the right to rectification under Art. 16 DSGVO, the right to erasure under Art. 17 DSGVO, the right to restriction of processing under Art. 18 DSGVO, the right to object under Art. 21 DSGVO, and the right to data portability under Art. 20 DSGVO. The restrictions under $$ 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right to information and the right to erasure. In addition, you have the right to lodge a complaint with the supervisory authority for data protection, e.g. the data protection authority responsible for your place of residence, your place of work or the place where the data protection violation occurred. If you have any questions about this privacy policy or would like to contact us for any other reason regarding the processing of personal data, please contact us using the contact details provided at the beginning of this document.

1.7.1 Information about your right to object under Art. 21 DSGVO

1.7.1.1 Right to object in individual cases

You have the right to object, on grounds relating to your particular situation, object at any time to the processing of personal data concerning you that is carried out on the basis of Art. 6 Abs. 1 lit. e or f DSGVO (data processing based on a legal obligation or balancing of interests); this also applies, where applicable, to profiling based on this provision within the meaning of Art. 4 Abs. 4 DSGVO.

In individual cases, we also process your personal data for direct marketing purposes. You also have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. In cases of direct marketing by email, you can revoke your consent to receive such emails at any time without incurring any costs other than the transmission costs according to the basic rates. A notification in text form to the above contact details (e.g. email, letter) is sufficient for this purpose.

1.7.1.2 Revocation of consent

You may revoke your consent to us at any time. Revocation of consent does not affect the legality of processing based on consent prior to revocation.

1.8 Updates to this privacy policy

This privacy policy may be updated regularly. We will update the date at the end of this website accordingly and recommend that you check it for changes.

2. Supplementary data protection notice for users of this website

This separate data protection notice applies to users of this website and supplements the above general data protection notice of TDSoftware.

2.1 What additional data is collected, processed and shared when you use this website, and for what purposes?

2.1.1 Collection of usage and device data and processing in log files

We collect this data on the basis of our legitimate interests (Art. 6 Abs.1 lit. f DSGVO) in eliminating malfunctions, ensuring the correct delivery of the website, system security and the detection and tracking of unauthorised access or access attempts, we collect data about every access to the server on which the website is located (so-called usage data) in server log files. Usage data includes the address of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, and the referrer URL (the previously visited page). In addition, we automatically collect device data such as browser type and version, and information about the user's operating system.

Server log files are stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of 7 days and then deleted. Data that needs to be kept for evidence purposes is excluded from deletion until the respective incident has been finally clarified.

2.1.2 Collection of usage and device data via cookies

When you visit our website, it can retrieve information from your browser and save it using cookies, JavaScript or pixels (collectively "cookies"). This can be information about you, your settings or your device. This allows us to distinguish your web browser from those of other users of our website, learn more about your product interests and provide functions. Cookies enable the provision of basic functions and services, e.g. the system attempts to detect whether a user of our website is an automated bot or a natural person.

2.1.2.1 Consent Management Service

We use a so-called consent management tool (also known as a consent management service) that informs you about further consent-based data processing, registers your consent in this regard, and stores it on your device using cookies (category "Essential"). The legal basis for this is § 25 Abs.2 Nr.2 TDDDG and Art. 6 Abs. 1 lit. c DSGVO, the legal obligation.

Further information on data processing, including purpose, legal basis, recipient, and storage period, is linked at the end of our website – symbolized as a fingerprint. This particularly applies to our optional marketing and analysis services for which we request your consent. Your consent-related data is transmitted to our processor, Usercentrics GmbH.

Regardless of this, you can determine whether cookies should be set and accessed through the settings in your browser. For example, you can completely deactivate the storage of cookies in your browser, restrict it to certain websites, or configure your browser to automatically notify you as soon as a cookie is to be set and ask for your feedback.

The following information on the cookies used supplements the information in the consent management service.

2.1.2.2 Session cookies

We currently use technically necessary session cookies on the basis of § 25 Abs.2 Nr.2 TDDDG sowie Art. 6 Abs. 1 lit.f DSGVO, our legitimate interest in providing necessary functions (category “essential”). Session cookies are deleted when you have finished using our online offer and, for example, log out or close the browser. However, some cookies or information remain stored in the so-called local storage of the browser for a predefined period in order to use the information stored therein for repeated visits.

2.1.2.3 Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analysis service provided by Google LLC. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Google Analytics uses cookies that enable an analysis of your use of our website. The information collected through the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

During your website visit, your user behavior is recorded in the form of "events". Events can be:

  • Page views
  • First-time visit to the website
  • Start of the session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal searches
  • Interaction with videos
  • File downloads
  • Ads viewed/clicked
  • Language preference

Also recorded:

  • Your approximate location (region)
  • Your IP address (in abbreviated form)
  • Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
  • Your internet provider
  • The referrer URL (via which website/via which advertising medium you came to this website)

On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activities. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities will access the data stored by Google. If data is processed outside the EU/EEA and there is no data protection level corresponding to European standards, we have concluded EU standard contractual clauses with the service provider to ensure an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. Please therefore note the following notice.

The legal basis for this data processing is your consent within the meaning of § 25 Abs.1 TDDDG sowie Art. 6 Abs.1 lit.a DSGVO.

Processing of personal data in the so-called third country USA, i.e. outside the EEA, cannot be ruled out.

The EU Commission recognized the level of data protection for certain companies from the USA as adequate in its decision of July 10, 2023 in accordance with Art. 45 DSGVO (within the framework of the so-called EU-US Data Privacy Framework). Google LLC has also been certified under the so-called EU-US Data Privacy Framework.

The data we send and which is linked to cookies is automatically deleted after 2 months. Data whose retention period has been reached is automatically deleted once a month.

You can revoke your consent at any time with effect for the future by calling up the cookie settings at the bottom of the page and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent cookies from being saved in the first place by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in restricted functionality on this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by not consenting to the setting of cookies or by downloading and installing the browser add-on to deactivate Google Analytics HERE.

Further information on the terms of use of Google Analytics and Google's data protection can be found at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

2.1.2.4 Microsoft Clarity

Our website uses the Clarity service from Microsoft Ireland Ltd. (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521).

Microsoft Clarity enables the precise analysis of user behavior on our website by creating heat maps, i.e. visual representations of where users click, scroll, and pause most frequently. It also records user sessions and shows how visitors navigate through the website. In addition, typical analytics data is statistically processed into metrics such as page views, bounce rate, length of stay, browser compatibility, and where users may click on non-clickable elements. User input and other personally identifiable data are not collected.

Clarity uses technologies such as cookies and pixel tags to collect information about your visits to our and other websites in order to analyze and optimize this information using pseudonymous measurements and analyses of user behavior, including A/B tests (measurement of the popularity and user-friendliness of different content and functions), measurement and recording of click paths and interaction with content and functions of the online offering (so-called heat maps and recordings). All interactions in a user session are recorded, such as clicks, scrolling, window changes.

The recordings are stored for 30 days. User entries in input fields such as search masks and all directly personally identifiable information, including information in the contact form, are not recorded.

The data collected is pseudonymized, which means it is not directly linked to you, but assigned to a pseudonymous profile. In addition, your IP address is recorded in abbreviated form, technical information about your browser and the devices you use (e.g. language settings, screen resolution), your internet provider (device data), but also the referrer URL (which website/advertisement you used to access this website) is collected.

Microsoft can combine this information with similar data from other websites to create interest profiles. Microsoft acts as a third party in this process. The cookies used can be used to recognize users and link sessions.

You can generally object to the collection and use of data by Microsoft by visiting this link: https://optout.aboutads.info/ and following the opt-out instructions. Please note that after opting out, a new cookie will be set to save your objection. If you delete all cookies in your browser, you must repeat the opt-out process.

Further information on data processing by Microsoft can be found in their privacy policy: https://privacy.microsoft.com/privacystatement

The legal basis for this data processing is your consent in accordance with § 25 Abs.1 TDDDG and Art. 6 Abs.1 S.1 lit.a DSGVO. You can revoke your consent at any time with future effect in the cookie settings.

Processing of personal data in the so-called third country USA, i.e. outside the EEA, cannot be ruled out. The EU Commission recognized the level of data protection for certain companies from the USA as adequate in its decision of July 10, 2023 (within the framework of the so-called EU-US Data Privacy Framework) in accordance with Art. 45 DSGVO. Microsoft Corp. has also been certified under the so-called EU-US Data Privacy Framework.

2.2 External media

We use the Personio service, a service provided by Personio SE & Co. KG, Rundfunkplatz 4, 80335 Munich, to conduct our application process. Personio provides us with a recruiting platform through which applicants can apply directly for our advertised positions.

When the Personio service resources are loaded on the Jobs & Assignments subpage, device data is collected by the service provider. This is done exclusively on our behalf and in accordance with our instructions as a processor pursuant to Art. 28 DSGVO.

2.3 Links to third-party websites

Our website may contain links to third parties, e.g., the Appointment button on the Contact subpage. TDSoftware assumes no responsibility for the content of third-party websites linked to its website. If you visit a third-party website, it is your responsibility to ensure that you read the privacy policy and terms and conditions applicable to that website.

3. Supplementary data protection notice for the use of our video conferences

This separate data protection notice applies to users who use our video conferencing system together with us. It supplements the above general data protection notice of TDSoftware.

We use MS Teams for video conferences. The data processing takes place as part of your participation in our video conference or online event.

3.1 What additional data is collected, processed and shared when you use our video conferencing software?

3.1.1 Processing of content, usage and device data

In addition to image and sound, the following data is typically processed: name and IP address of the participant, name of the room, data on the device used. In addition, depending on usage, content from shared screens, chats, whiteboard contributions or status may be generated. Where available, telephone dial-in data may be processed: all voice communication and traffic data (telephone number, dial-in number, PIN, call duration). In the event of technical errors, the error ID and the affected device data are also saved.

Online events are typically not recorded. During such a video conference, all participants can see, read, and hear data from screen sharing, chats, videos, audio, and whiteboard contributions.

By participating in video conferences and possibly activating your device camera, you agree to the processing of your data.

Please note that this may also involve a transfer to the USA by Microsoft Corp.

3.2 Who receives your data?

3.2.1 Transfers to companies that provide services for us as processors

Your personal data will be passed on by a service provider who, subject to instructions, provides our video conferencing system on our behalf. The provider of our video conferencing system, Microsoft Corp., provides Microsoft Teams for us.

3.2.2. Transfers to third countries

If you use our video conferencing service together with us, certain connection data may be processed on cloud-based servers of the US service providers.

The transfer of personal data to the so-called third country USA, i.e. outside the EEA, cannot be ruled out.

The EU Commission recognized the level of data protection for certain US companies as adequate in its decision of July 10, 2023, pursuant to Art. 45 DSGVO (as part of the so-called EU-US Data Privacy Framework). Microsoft Corp. has also been certified under the so-called EU-US Data Privacy Framework.

We also strive to enable you to use such software in a data-efficient manner (e.g., participating in a video conference without registering your email address in MS Teams).

4. Supplementary Data Protection Notice for Applicants

This data protection notice applies to applicants who apply to TDSoftware GmbH and supplements the above General Data Protection Notice.

4.1 Which data do we process, for which purposes and on which legal basis?

When you apply to us, we will receive personal data from you and, where applicable, from third parties.

This information is, in particular, your personal details, including:

  • Contact details: e.g., name, telephone number, email address, private address
  • Application data: e.g., CV, certificates, cover letters, previous activities and positions in other organizations, education, professional qualifications, reference contact information, position preferences, willingness to relocate, salary expectations, interests and wishes
  • Sensitive information: e.g., gender, origin, religion, marital status, age, and, if applicable, health data and degree of disability
  • Convictions and sanctions: e.g., criminal convictions, sanctions from supervisory or professional organizations
  • Media information: e.g., information from publicly available sources Sources such as professional social media networks;
  • any other information you provide to us (during correspondence with us).

Personal data may also arise from interview documentation or assessment documents we prepare.

We may also receive personal data about you from third parties, such as:

  • from commissioned recruitment agencies;
  • from previous employers who provide us with references.

If we did not receive the aforementioned data from you yourself, it comes from publicly accessible sources (professional social networks). We will not sell or otherwise market your personal data to third parties.

4.1.1 Processing of your data based on pre-contractual measures (Art. 6 Abs. 1 lit. b DSGVO),

  • in particular for the implementation of the application process and
  • if agreed, reimbursement of travel expenses within the scope of the application process.

Should we conclude an employment contract with you, your personal data (i.e. your name, address, telephone number, references, etc.) may also be processed for the implementation of the employment relationship in compliance with the statutory provisions. In this case, we will inform you again about the processing of your personal data within the scope of the employment relationship.

4.1.2 Processing of your data based on a balance of interests (Art. 6 Abs. 1 lit. f DSGVO), provided your legitimate interests do not outweigh our legitimate business interests.

Under certain conditions, we carry out a security check as a prequalification procedure. In doing so, we determine whether we may enter into a business relationship with you, taking into account the provisions of § 17 ff AWG i.V.m. in conjunction with the EU sanctions lists, for example, pursuant to EU Regulations 753/2011, 2580/2001, and 881/2002.

Furthermore, we process your data to safeguard our or third parties' legitimate interests,

  • for or to protect our legitimate business interests and legal rights. This includes, but is not limited to, use in connection with legal claims, regulatory, audit-related, investigative purposes (including the disclosure of such information in connection with legal proceedings, insurance claims, or legal disputes), compliance reporting obligations,
  • business management,
  • or other correspondence.

4.1.3 Processing of your data due to legal obligation (Art. 6 Abs. 1 lit. c DSGVO)

We may collect information about your work and residence permit in accordance with §§ 39 AufenthG i.V.m. in conjunction with the Beschäftigungsverordnung and § 404 Abs. 2 Nr.5 SGB III.

4.2 Who receives your data?

Internally, the employees in the HR department responsible for carrying out the application process as well as colleagues from the respective specialist departments will have access to your data insofar as this is necessary to decide on establishing an employment relationship.

Your personal data may be disclosed to companies that provide services for TDSoftware on its behalf, such as

  • processors commissioned by us, including web service providers or IT hosting companies, in particular Personio SE & Co. KG and our recruiter SiebenWunderGmbH,
  • external legal advisors.

We regularly use email and cloud services from the provider Microsoft Corp., so that the processing of personal data in the so-called third country USA, i.e. outside the EEA, cannot be ruled out.

The EU Commission has recognized the level of data protection for certain companies from the USA as adequate in its decision of July 10, 2023 in accordance with Art. 45 DSGVO (within the framework of the so-called EU-US Data Privacy Framework). Microsoft Corp. is certified under the EU-US Data Privacy Framework.

4.3 Am I obliged to provide data?

As part of your application, you must provide the personal data that is necessary for its initiation, implementation, and fulfillment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the employment contract.

4.4 How long do we store your data?

We will only store your personal data to the extent and for as long as it is necessary for the purpose for which it was collected by us or provided to us by you. We therefore store your personal data as follows:

1. for the duration of the application process;
2. if your application was unsuccessful, after notification of the rejection decision, for as long as we need the data to clarify inquiries or disputes;
3. if you have expressly consented to us considering your application for future job advertisements, your data may also be stored for a correspondingly longer period;
4. If there is a corresponding legal obligation to store the data for a longer period, for the duration of this legal period.

After the storage purpose no longer applies or a legal storage period has expired, we will delete your personal data in accordance with the legal regulations (usually after 5 months).

5. Supplementary data protection notice for business partners

This data protection notice applies to suppliers and customers of TDSoftware GmbH and supplements the above general data protection information.

We hereby inform you about the processing of your personal data in connection with the contractual relationship between your employer and us, or with regard to our joint contractual relationship, should you, for example, be our direct contractual partner as a sole trader.

5.1 Which data do we process, for which purposes and on which legal basis?

5.1.1 Processing of your data due to contractual obligations or pre-contractual measures (Art. 6 Abs. 1 lit. b DSGVO)

We process your data in order to conclude, execute or terminate a contract with you or your employer. This data includes in particular

  • your name,
  • your work address,
  • your work contact details such as telephone number and email address as well as correspondence and contractual agreements with us,
  • performance metrics: e.g. information with which we can assess the performance of the supplier, including the supplier’s personnel, any feedback you may have on our services.

If you are our contractual partner, we will collect further data from you, such as your bank details.

If we have not received the aforementioned data from you, it comes from publicly accessible sources. We will neither sell your personal data to third parties nor market it in any other way.

5.1.2 Processing of your data based on a balance of interests (Art. 6 Abs. 1 lit. f DSGVO), provided that your interests worthy of protection do not outweigh our legitimate business interests

If you are our contractual partner, we will carry out a prequalification procedure when establishing contractual relationships under certain conditions. In doing so, we determine whether we may enter into a business relationship with you, taking into account the provisions of the Money Laundering Act and the EU sanctions lists, for example according to EU Regulations 2580/2001 and 881/2002.

In addition, we process your data to safeguard our legitimate interests or those of third parties,

  • to protect our legitimate business interests and statutory rights. This includes, but is not limited to, use in connection with legal claims, regulatory, audit-related, investigative purposes (including the disclosure of such information in connection with legal proceedings, insurance claims or legal disputes) and compliance reporting obligations.
  • Transfer of supplier data to our business partners as part of the quotation preparation and compliance checks of third parties.
  • Business management.
  • Providing you with information about our products, services, offers or technical developments (direct marketing) that you as our business partner request from us or that we believe may be of interest to you, where permitted by law.
  • If you have indicated a preference, for example regarding marketing communications, or to process follow-up inquiries, to improve our service,
  • for the purposes of customer satisfaction surveys, e.g. via online
  • form or other correspondence.

5.2 Who receives your data?

  • Public bodies and institutions (e.g. tax authorities, law enforcement authorities) if there is a legal or official obligation Creditors or insolvency administrators who make inquiries as part of a compulsory enforcement procedure
  • Auditor
  • Service providers that we use as part of order processing relationships
  • Suppliers to whom we disclose data about our other suppliers or sales partners as part of the review of standards, sanctions list checks and certifications
  • Other business partners

If you contact us via forms on our social media presences on Facebook or LinkedIn or via our contact form, we process your data in our email system and CRM HubSpot.

The processing of personal data by the service provider HubSpot Inc. in the so-called third country USA, i.e. outside the EEA, cannot be ruled out.

The EU Commission recognized the level of data protection for certain companies from the USA as adequate in its decision of July 10, 2023 in accordance with Art. 45 DSGVO (within the framework of the so-called EU-US Data Privacy Framework). HubSpot Inc. is certified under the EU-US Data Privacy Framework.

5.3 Am I obliged to provide data?

As part of our business relationship, you must provide the personal data that is necessary for its initiation, implementation and fulfillment of the associated contractual obligations, or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to execute an existing contract and may have to terminate it.

5.4 How long do we store your data?

As a rule, we only process and store the personal data of data subjects for as long as the purpose pursued requires it or is required by law.

Beyond the retention periods required by commercial and tax law, we process contact details of our business partners' contacts, as well as corresponding business and communication processes, for the duration of our business relationship. After the end of the collaboration, we retain the data for up to 15 years for internal administrative purposes, for example, to continue a previous collaboration.

6. Supplementary data protection notice for users of the TDSoftware company page on linkedin.com (www.linkedin.com/company/tdsoftware-gmbh)

This data protection notice applies to users of the TDSoftware company page on www.linkedin.com/company/tdsoftware-gmbh and supplements the above general data protection notice.

6.1 Who is responsible for data processing and who can I contact?

The following responsible bodies are jointly responsible within the meaning of Art. 26 of the DSGVO.

Operator of the LinkedIn platform:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland.

You can reach the company data protection officer of LinkedIn Ireland Unlimited Company using this form.

The editorial responsibility for the fan page on LinkedIn is:

TDSoftware GmbH
Löbdergraben 29
D-07743 Jena,
Email: kontakt(at)tdsoftware.de

6.2 What data do we process?

6.2.1 Data you provide to us for general inquiries via the message form

For messages sent to us, we process your platform user name as well as all other information that you provide when using the message form on the platform or that we obtain from your public profile. We process your inquiry or contributions in order to process them and, if necessary, respond to them. This includes, for example, information you provide when you:

  • submit an inquiry about a specific service;
  • ask a question or give us feedback.

This processing is based on our legitimate interest pursuant to Art. 6 Abs. 1 lit. f DSGVO to be able to contact you about your inquiries or contributions, as well as to recognize usage preferences (e.g. number of so-called followers, number of views of individual page areas, user statistics by age, geography and language) and to be able to improve and tailor the offering on our fan page to suit the target group as best as possible. As well as to assert legal claims and defend ourselves in legal disputes, support the authorities in the prosecution of criminal offenses, and provide you with information about our services or offers (direct marketing) that you, as our customer, request from us or that we believe may be of interest to you, insofar as this is legally permissible.

6.2.2 Statistical data that we evaluate

When you interact with our fan page or our content on LinkedIn, the platform operator collects usage data. We do not have direct access to this usage data, but we do have access to statistical information based on it.

We use the platform operator's Page Insights analytics service

  • to generate page statistics, including how many users we reached with which posts, how many responded, and how our fan page was interacted with;
  • to gain insight into the demographic characteristics of the target audience we reached.
  • if necessary, to measure the effectiveness and distribution of our advertisements.

This processing is based on our legitimate interest pursuant to Art. 6 Abs. 1 lit. f DSGVO to recognize acceptance and usage preferences (e.g. number of so-called followers, number of visits to individual page areas, user statistics by age, geography and language) and to be able to improve and tailor the offering on our fan page to suit the target group as best as possible.

6.3 Data that LinkedIn collects when you visit the fan page

When you visit our fan page on LinkedIn, the operator of the platform, as an additional controller, collects various personal information about you and your device and processes it for various purposes, including its own.

LinkedIn Ireland Unlimited Company ("LinkedIn") is generally responsible for the collection and further processing of personal user data on the platform. Please note that LinkedIn collects and processes certain information about your visit to our fan page even if you do not have a LinkedIn user account or are not logged in to LinkedIn.

Information on the processing of personal data by LinkedIn can be found in the respective data policy on the platform.

6.4 Personal data that can be assigned to other responsible parties

If you "share", "comment", "like" or "reply" to one of our posts, data processing takes place that can be assigned to you or the platform operator. We are not responsible for this data processing within the meaning of Art. 4 Nr. 7 DSGVO.

TDSoftware is not obliged to review the posts, comments or content uploaded, posted or submitted by users. However, TDSoftware reserves the right, in particular, to immediately reject, block or remove submitted posts, comments or content from blogs and forums - insofar as these are publicly accessible on the fan page - without prior notice, as soon as it becomes aware of their illegality.

6.5 Where do we store your personal data?

Processing of personal data in the so-called third country USA, i.e. outside the EEA, cannot be ruled out.

The EU Commission has (within the framework of the so-called EU-US Data Privacy Framework) set the level of data protection for certain companies from the USA in its decision of July 10, 2023 pursuant to Art. 45 DSGVO as adequate. LinkedIn Corp. has also been certified under the EU-US Data Privacy Framework.

Please note further information in LinkedIn's so-called privacy policy regarding additional legal bases for this third country transfer.

6.6 Your rights as a data subject

Every person affected by our personal data processing has the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Art. 16 DSGVO, the right to erasure pursuant to Ar. 17 DSGVO, the right to restriction of processing pursuant to Art. 18 DSGVO, the right to object pursuant to Art. 21 DSGVOR and the right to data portability pursuant to Ar. 20 DSGVO. The restrictions pursuant to §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 DSGVO in conjunction with § 19 BDSG. These rights can be exercised vis-à-vis both of the aforementioned responsible bodies. Would you like to To exercise your rights against LinkedIn Corp., please follow the instructions on the platforms.

6.6.1 Exercise of objection or revocation of granted consent

Your objection can be made informally and can also be sent to us by telephone.

LinkedIn Ireland Unlimited Company is generally responsible for the collection and further processing of personal user data on the LinkedIn platform.

7. Supplementary Privacy Notice for Users of the TDSoftware Fan Page on Facebook.com (www.facebook.com/tdsoftware)

This Privacy Notice applies to users of the TDSoftware fan page at www.facebook.com/tdsoftware and supplements the above General Privacy Notice.

7.1 Who is responsible for data processing and who can I contact?

We, together with Meta Platforms Technologies Ireland Ltd., are responsible for collecting (but not further processing) data from visitors to our Facebook page (so-called "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie data; see "Device Information"). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, so-called "Page Insights," to page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have entered into a specific agreement with Facebook ("Page Insights Information," https://www.facebook.com/legal/terms/page_controller_addendum), which specifically regulates the security measures Facebook must observe and in which Facebook has agreed to fulfill the rights of those affected (i.e., users of our fan page can, for example, submit information or deletion requests directly to Facebook). Users' rights (in particular, the right to information, deletion, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).

The following responsible bodies are jointly responsible within the meaning of Art. 26 of the DSGVO.

Operator of the Facebook platform:

Meta Platforms Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

You can reach the company data protection officer of Meta Platform Ireland Ltd. using this form.

The editorially responsible person for this fan page on Facebook is:

TDSoftware GmbH
Löbdergraben 29
07743 Jena
kontakt(at)tdsoftware.de
Tel.: +49 3641 6349688

7.2 What data do we process?

7.2.1 Data that you provide to us when making general inquiries via the message form

For messages sent to us, we process your Facebook user name and all other information that you provide when using the message form on the fan page or that we take from your public profile. We process your enquiry or contributions in order to process them and, if necessary, answer them. This includes information that you provide when you:

  • send us an enquiry about a specific service;
  • ask a question or give us feedback.

This processing is based on our legitimate interest pursuant to Art. 6 Abs. 1 lit. f DSGVO to be able to contact you about your enquiries or contributions, as well as to assert legal claims and defend ourselves in legal disputes, support the authorities in the prosecution of criminal offenses, and provide you with information about our services (direct marketing) that you, as our customer, request from us or that we believe may be of interest to you, insofar as this is legally permissible.

7.2.2 Statistical data that we evaluate

When you interact with our fan page or our content on Facebook, the operator of the Facebook platform collects usage data. We do not have direct access to this usage data, but we do have access to statistical information based on it.

We use the Insights analysis service provided by the Facebook platform operator

  • to generate page statistics, including how many users we reached with which posts, how many responded to them, and how our fan page is interacted with;
  • to gain information about the target group we reached in terms of their demographic characteristics;
  • and to measure the effectiveness and distribution of our advertisements on Facebook.

This processing is based on our legitimate interest pursuant to Art. 6 Abs.1 lit. f DSGVO to recognize acceptance and usage preferences (e.g. number of so-called followers, number of visits to individual page areas, user statistics by age, geography, and language) and to be able to improve and tailor the offering on our fan page to suit the target group as best as possible.

7.2.3 Data that Facebook collects when you visit this website

When you access our fan page, the operator of the Facebook platform, as another responsible party, collects various personal information about you and your device and processes it for various purposes, including Facebook's own.

Facebook Ireland Limited ("Facebook") is generally responsible for the collection and further processing of personal user data on the Facebook websites. Please note that Facebook collects and processes certain information about your visit to our fan page even if you do not have a Facebook user account or are not logged in to Facebook.

Information on the processing of personal data by Facebook can be found in Facebook's privacy policy https://www.facebook.com/privacy/explanation

If you "share", "comment", "like" or "reply" to one of our posts, data processing takes place that can be attributed to you or the platform operator Facebook. We are not responsible for this data processing within the meaning of Art. 4 Nr. 7 DSGVO.

We are not obligated to review the contributions, comments, or content uploaded, posted, or submitted by users. However, TDSoftware GmbH reserves the right, in particular, to immediately reject, block, or remove submitted contributions, comments, or content from blogs and forums—insofar as these are publicly accessible on the fan page—without prior notice as soon as it becomes aware of their illegality.

7.2.4 Where do we store your personal data?

Using this fan page also involves the transfer of data to countries outside the European Economic Area ("EEA"). There is no adequacy decision from the EU Commission for these countries, which means that there are no data protection regulations comparable to those in the EU (so-called third countries).

Please note further information in Facebook's so-called data protection policy regarding additional legal bases for this transfer to third countries.

7.3 Your rights as a data subject

Every person affected by our personal data processing has the right to information pursuant to Art. 15 DSGVO, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Art. 17 DSGVO, the right to restriction of processing pursuant to Art. 18 DSGVO, the right to object pursuant to Art. 21 DSGVO and the right to data portability pursuant to Art. 20 DSGVOR. The restrictions pursuant to §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 DSGVO in conjunction with § 19 BDSG.

These rights can be exercised vis-à-vis both of the aforementioned responsible bodies.

If you wish to exercise your rights with respect to Facebook, please follow Facebook's instructions: https://www.facebook.com/privacy/explanation.

Objection or revocation of granted consent

Your objection can be made informally and can also be sent to us by telephone.

Meta Platforms Technologies Ireland Limited ("Facebook") is generally responsible for the collection and further processing of personal user data on Facebook's websites.

As of: July 21, 2025

Contact us

How to reach TDSoftware