Privacy Notice

Legal Note: Governing Language
This English translation of our Privacy Notice is provided for information purposes only. In the event of any discrepancies or contradictions between the German and English versions, the German version shall prevail.

1. Overview and responsibility

We appreciate your interest in our company and our services in the field of machine safety. This privacy notice applies to the website at www.tpsafety.de/en and to the associated processing of data from our business customers. Data protection is a particularly high priority for the management of TP Safety GmbH. When you visit our website, data (e.g. IP addresses) that is technically necessary for the operation of the site is processed automatically. We also process data in the course of our business processes (email, telephone, project processing).

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

TP Safety GmbH
Grenzwall 35
42897 Remscheid
Germany

Phone: +49 151 1223 1229
Email: info@tpsafety.de

Represented by the managing directors: Thomas Prokopowicz, Anna Katharina Thielemeyer

No automated decision-making
We do not use automated decision-making, including profiling, in accordance with Art. 22 (1) and (4) GDPR.

2. Your rights as a data subject

Within the framework of the applicable legal provisions, you have the following rights regarding your personal data at any time:

Right to information (Art. 15 GDPR): You have the right to know what data we store about you, where it comes from and to whom it has been passed on.
Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate or incomplete data.
Right to erasure (Art. 17 GDPR): You may request the erasure of your data.
Right to restriction of processing (Art. 18 GDPR): You may request that we only use your data in a restricted manner.
Right to data portability (Art. 20 GDPR): You may request that we provide your data to you or a third party in a commonly used, machine-readable format.
Right to withdraw your consent (Art. 7 (3) GDPR): You may withdraw your consent (e.g. for the newsletter) at any time with effect for the future.
Right to object (Art. 21 GDPR): You may object to the processing of your data for reasons arising from your particular situation, provided that the processing is based on a legitimate interest.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

Competent supervisory authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf
Internet: www.ldi.nrw.de

3. Hosting and technical provision of the website

3.1 External hosting

Type and purpose of processing

We host our website with the following provider:

ALL-INKL.COM – Neue Medien Münnich
Hauptstraße 68
02742 Friedersdorf
Germany

The purpose is to ensure the reliable, secure and fast provision of our online services.

Processed data
The personal data collected on this website is stored on the host's servers. This mainly includes IP addresses, contact enquiries, meta and communication data, website accesses and other data generated via a website.

Legal basis
The use of the host is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in providing our online services as reliably, securely and quickly as possible. In addition, processing is carried out for the purpose of fulfilling contracts with our customers (Art. 6 (1) lit. b GDPR).

Data processing
We have concluded a data processing agreement (DPA) with ALL-INKL.COM – Neue Medien Münnich. This contract ensures that the host only processes the data of our visitors in accordance with our instructions and in compliance with the GDPR.

Storage period
The data remains on our host's servers until the purpose for which it was collected no longer applies (e.g. after your enquiry has been processed) or you request us to delete it. Mandatory legal provisions, in particular tax and commercial law retention periods, remain unaffected.

3.2 Server log files

Type and purpose of processing
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These server log files are used for the technically error-free presentation and optimisation of our website.

Processed data
The following data is collected:

Browser type and browser version
Operating system used
Referrer URL (the previously visited page)
Host name of the accessing computer (IP address)
Time of the server request

This data is not merged with other data sources.

Legal basis
This data is collected on the basis of Art. 6 (1) lit. f GDPR. We have a legitimate interest in the technically error-free presentation and optimisation of our website. For this purpose, the server log files must be collected. Access to the end device (transmission by the browser) is absolutely necessary in accordance with Section 25 (2) No. 2 TDDDG.

Storage period
The log files are usually stored by our host for 7 days and then automatically deleted or anonymised, unless security-related incidents require longer storage for evidence purposes.

3.3 SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Consent & cookie management (Complianz)

Type and purpose of processing
Our website uses Complianz consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in accordance with data protection regulations. The provider of this technology is:

Complianz B.V.
Kalmarweg 14-5
9723 JG Groningen
Netherlands

When you visit our website, a Complianz cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of the Complianz software, but remains within our website installation in the database at our host.

Processed data
The following data is collected:

Your IP address (anonymised)
Date and time of consent
Browser information
Consent ID and status of consent

Legal basis
Complianz is used to obtain the legally required consent for the use of technologies. The legal basis for this is Art. 6 (1) lit. c GDPR (fulfilment of a legal obligation to provide evidence of consent in accordance with Art. 7 (1) GDPR) and Section 25 (2) No. 2 TDDDG (unconditional necessity to store information on the user's terminal device).

Storage period
The data will be stored until you delete the corresponding cookie in your browser yourself or the purpose for data storage no longer applies (usually after one year, unless consent needs to be renewed).

5. Web Analysis (Google Analytics 4)

Type and purpose of processing
If you have given your consent, Google Analytics 4, a web analysis service provided by Google LLC, is used on this website. The responsible body for users in the EU is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

Google Analytics uses technologies such as cookies or device fingerprinting, which enable an analysis of your use of our websites. The information generated about your use of this website is usually transferred to a Google server in the USA or in third countries outside the EU and stored there.

With Google Analytics 4, the anonymisation of IP addresses is enabled by default. Due to this anonymisation, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server and truncated there.

Processed data

Usage data: click paths, scroll events, dwell time, bounce rates.
Technical data: browser type, device type, screen resolution.
Location data: approximate location (region) based on the truncated IP address.

Legal basis
The storage of cookies or access to information on the user's terminal device is based on consent in accordance with Section 25 (1) TDDDG. Further processing of your personal data is based on your consent in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time via the cookie banner with effect for the future.

Data processing
We have concluded a data processing agreement with Google. When using Google Analytics, we fully implement the current requirements of the German data protection authorities.

Third country transfer (USA/worldwide)
We would like to point out that Google processes data in the USA and other third countries. Google LLC is certified under the EU-US Data Privacy Framework (DPF). The EU Commission has determined that certified companies in the USA have an adequate level of data protection. You can view the certification at the following link: https://www.dataprivacyframework.gov/participant/5780. In addition, we base the data transfer on the standard contractual clauses of the EU Commission.

Storage period
The data stored by us at user and event level that is linked to cookies or user IDs is automatically deleted after 14 months.

6. Data collection through contact and communication channels

6.1 Contact form and callback service

Type and purpose of processing
If you contact us via our contact form or callback service, we will process your details in order to handle and respond to your enquiry and in the event of follow-up questions.

Processed data
We store your details from the enquiry form, including the contact details you have provided (name, email address and, optionally, your telephone number and message). A telephone number is required for our callback service. In all other cases, providing a telephone number is voluntary.

Legal basis
This data is processed on the basis of Art. 6 (1) (b) GDPR, provided that your enquiry is related to the preparation of a quotation for machine safety or an existing contract. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us in accordance with Art. 6 (1) (f) GDPR.

Storage period
The data you provide to us will remain with us until you request us to delete it, revoke your consent to its storage, or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions, in particular tax and commercial law retention periods (often 6 or 10 years for business correspondence), remain unaffected.

6.2 General email correspondence and telephone enquiries

Nature and purpose of processing
For the purpose of individual communication and responding to business enquiries, we process data that is transmitted to us by email or telephone.

Processed data
Your enquiry, including all personal data arising from it (name, contact details, request), will be stored and processed by us for the purpose of processing your request.

Legal basis
The legal basis for this processing is also Art. 6(1)(b) GDPR (for contractual or pre-contractual enquiries) or Art. 6(1)(f) GDPR (legitimate interest in responding to your message promptly).

Storage period
The data you send us will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions, in particular tax and commercial law retention periods (often 6 or 10 years for business correspondence), remain unaffected.

6.3 Video conferences and online meetings (Microsoft Teams)

Type and purpose of processing
We use Microsoft Teams to conduct telephone calls, video conferences and online meetings with our customers and interested parties. The provider is:

Microsoft Ireland Operations Limited
One Microsoft Place, South County Business Park, Leopardstown
Dublin 18
Ireland

Processed data
When using this service, communication data (IP address, time, dial-in metadata) and, if applicable, image and sound formats are processed. Recording only takes place with your express prior consent.

Legal basis
If the communication takes place within the framework of a contract or for the purpose of initiating a contract, the legal basis is Art. 6 (1) lit. b GDPR. In all other cases, the use is based on our legitimate interest in efficient and location-independent communication in accordance with Art. 6 (1) lit. f GDPR.

Third country transfer (USA/worldwide)
Microsoft may also process data in the USA. Microsoft is certified under the EU-US Data Privacy Framework, which guarantees an adequate level of data protection. You can view the certification here: https://www.dataprivacyframework.gov/participant/6474. In addition, we base the data transfer on the standard contractual clauses of the EU Commission.

7. Communication & office software

7.1 Microsoft 365 (office communication)

Type and purpose of processing

We use Microsoft 365 for our office communication (email). The provider is:

Microsoft Ireland Operations Limited
One Microsoft Place, South County Business Park, Leopardstown
Dublin 18
Ireland

Processed data
In the course of email correspondence, documents (e.g. offers or reports) are also processed as file attachments via Microsoft systems. The systematic storage and permanent archiving of your specific project data, risk assessments and design documents takes place exclusively locally on our company computers or on our company's own secure network storage (NAS) at TP Safety GmbH.

Legal basis
Processing is carried out on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in efficient and secure business communication.

7.2 Mobile communication & contacts

Type and purpose of processing
We use business smartphones to ensure our mobile availability and flexible appointment coordination. The contact data stored on these devices is synchronised with our Microsoft account to ensure a uniform database.

Processed data
The names and telephone numbers of our business contacts and, where applicable, upcoming appointment data are processed on these devices. We use technical measures, such as central device control and end-to-end encryption, to ensure that the requirements of the GDPR are fully complied with.

Legal basis
The legal basis for this processing is Art. 6 (1) (f) GDPR. Our legitimate interest is based on the need for efficient mobile accessibility and optimal, up-to-date customer service.

Storage period
The contact details remain on the end devices and in the synchronised account for as long as an active business relationship exists or until you object to the storage or the original purpose for data storage no longer applies.

8. Newsletter & marketing automation (ActiveCampaign)

Type and purpose of processing
We use the services of ActiveCampaign for our online marketing and newsletter distribution. The provider is:

ActiveCampaign, Inc.
1 N Dearborn St., 5th Floor
Chicago, Illinois 60602
USA

The platform enables us to send newsletters and analyse whether messages have been opened or links clicked (performance measurement). To collect your data (e.g. via registration forms), we use the Thrive Leads tool, which transmits the data to ActiveCampaign in encrypted form. This also includes the option of registering for topic-specific lists of interested parties (e.g. for planned seminars or specialist events without a fixed date) in order to receive targeted information on these topics.

Registration is carried out using a double opt-in procedure. After registering, you will receive an email with a confirmation link. This process ensures that no one can register with someone else's email address. Registrations are logged in order to be able to verify the registration process in accordance with legal requirements (Art. 7 (1) GDPR).

Processed data
Your email address is processed as part of these services. Our newsletters also contain so-called web beacons (tracking pixels). These are small files that collect technical information (e.g. IP address, browser type, time of access) and information about your clicking behaviour when you open the newsletter. This data is used for statistical evaluation and continuous improvement of our information offering.

Legal basis
The newsletter is sent and statistical analysis and tracking are carried out exclusively on the basis of your express consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.

Data processing
We have concluded a data processing agreement with ActiveCampaign and fully implement the strict requirements of the German data protection authorities when using ActiveCampaign.

Third country transfer (USA)
We would like to point out that ActiveCampaign processes data in the USA. The company is certified under the EU-US Data Privacy Framework (DPF), which guarantees an adequate level of data protection. The certification can be viewed at the following link: https://www.dataprivacyframework.gov/participant/4495. In addition, we base the data transfer on the standard contractual clauses of the EU Commission.

Storage period
You can revoke your consent to receive our newsletter at any time with future effect. You will find a link to unsubscribe at the end of each newsletter. After unsubscribing, your data will be deleted for newsletter distribution, unless there are legal retention obligations or you have consented to further storage.

9. External media and plugins

9.1 Google Maps

Type and purpose of processing
We use the Google Maps map service on our website to visually display our location and enable you to find us easily. The provider is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

To maximise your data protection, we have integrated Google Maps in such a way that no data is transferred to Google when our page is loaded (two-click solution). Instead of the map, you will initially see a placeholder. Only when you actively click on this placeholder or give your consent via our cookie banner will a connection to Google's servers be established.

Processed data
When you activate the map, your IP address and usage data (e.g. the time of access and, if applicable, location data, provided you have enabled this on your device) are transferred to Google. This may also include transfer to Google LLC servers in the USA.

Data processing
We have concluded a data processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google services.

Storage period
We have no influence on the storage period of the data processed by Google Maps. Details can be found in Google's privacy policy: https://policies.google.com/privacy.

9.2 LinkedIn (profile link)

Type and purpose of processing
We use a link on our website to the personal profile of our managing director Thomas Prokopowicz on the social network LinkedIn to enable direct networking and communication. The provider is:

LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2
Ireland

The link on our website is a static hyperlink. Therefore, no data is transferred to LinkedIn when you visit our website. Only when you actively click on the LinkedIn button will you leave our website and be redirected to LinkedIn. From this point on, data processing by LinkedIn is carried out on the provider's own responsibility.

Processed data
No personal data is collected or transferred in connection with LinkedIn on our website itself. Only after clicking on the link and accessing the LinkedIn platform does LinkedIn collect data (e.g. IP address, cookies).

Legal basis
The link is provided on the basis of our legitimate interest in contemporary professional networking and external presentation in accordance with Art. 6 (1) (f) GDPR.

Storage period
We have no influence on the storage period of your data after it has been forwarded to LinkedIn. Further information can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

9.3 Google Web Fonts

Type and purpose of processing
We use web fonts from Google to ensure that our content is displayed in a uniform and visually appealing manner. This serves in particular to ensure the correct display of texts and the integration of external services (such as Google Maps). The provider is:

Google Ireland Limited
Gordon House, Barrow Street
Dublin 4
Ireland

In order to display the fonts, the browser you are using must connect to Google's servers. Your IP address is transmitted to Google in the process.

Processed data
The IP address and information about which of our pages you have visited are transmitted.

Legal basis
The use of Google Web Fonts is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error-free and visually consistent presentation of our websites. If consent has been requested (e.g. via the cookie banner), processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR or Section 25 (1) TDDDG.

Storage period
We have no influence on the storage period of the data processed by Google. Details can be found in Google's privacy policy: https://policies.google.com/privacy.

10. Handling of data from customers and interested parties

Type and purpose of processing

We process personal data (e.g. names, addresses, contact details, contract content) of our customers, interested parties and business partners in the machine safety business area in order to provide contractual services, prepare quotations and maintain our business relationship, as well as to determine requirements and plan our range of seminars in the field of machine safety.

Processed data
As part of our business processes, we process names, addresses, contact details, contract content and technical project data in particular.

No use of AI systems for sensitive data
We guarantee that sensitive project data provided to us, in particular technical specifications, risk assessments, design details or internal trade secrets, will at no time be fed into external AI models or used for training purposes. The technical analysis, safety assessment and final creation of your documents are carried out exclusively by our qualified specialists on our local, secure systems.

Legal basis
Processing is carried out to fulfil our contractual obligations or to implement pre-contractual measures, such as the preparation of an offer, in accordance with Art. 6 (1) (b) GDPR. In addition, we are subject to legal obligations, such as tax retention obligations under the Commercial Code, which require processing in accordance with Art. 6 (1) (c) GDPR. Where necessary, we also process data to protect legitimate interests, such as the assertion of legal claims, in accordance with Art. 6 (1) (f) GDPR.

The provision of your personal data is necessary for the conclusion of a contract or for the implementation of pre-contractual measures (e.g. preparation of an offer). Without the provision of necessary data (e.g. name, email, project data), we cannot provide our contractual services or process enquiries.

Storage period & disclosure to third parties
Data is only transferred to third parties within the framework of legal requirements. We disclose data if this is necessary for the fulfilment of the contract, for example to banks or shipping service providers, or if there is a legal obligation to do so. This includes, among other things, disclosure to the tax office or our tax advisor for accounting purposes (e.g. via Lexware). The data will be deleted as soon as it is no longer required for the fulfilment of contractual or legal obligations. However, due to commercial and tax law requirements, we are obliged to securely store relevant address, payment and project data for a period of 10 years.

11. Security and administration

11.1 Antispam Bee

Type and purpose of processing
We use the Antispam Bee plugin to prevent automated spam requests via our forms. The tool serves to protect our IT infrastructure and ensure trouble-free communication.

Processed data
Antispam Bee analyses technical data from the request (e.g. time, abbreviated IP address) to detect spam patterns. The plugin works entirely locally within our website installation at our host. No personal data is transferred to the provider or server outside the EU.

Legal basis
Use is based on our legitimate interest in the security and functionality of our website in accordance with Art. 6 (1) lit. f GDPR.

Storage period
The data used for analysis is deleted immediately after being checked for spam characteristics. If IP addresses are stored temporarily in local logs for pattern recognition, they are deleted after 30 days at the latest.

11.2 Data backup (UpdraftPlus & Synology C2)

Type and purpose of processing
To ensure the availability and integrity of our website data, we use the UpdraftPlus plugin to create regular backups.

Processed data & storage
The backups include the entire website installation as well as the database, which also stores personal data (e.g. customer data, order histories and course progress). These backups are initially stored in encrypted form on a company-owned, secure network storage device (NAS) belonging to TP Safety GmbH. For additional reliability (disaster recovery), these backups are transferred in encrypted form to the Synology C2 Cloud. The provider is Synology GmbH, Grafenberger Allee 125, 40237 Düsseldorf, Germany. We use Frankfurt am Main (Germany) as the location for the data centre.

Legal basis
The legal basis is our legitimate interest in data security and the recoverability of our systems in the event of a technical error in accordance with Art. 6 (1) lit. f GDPR.

Data processing
We have concluded a data processing agreement with Synology. As Synology is an internationally active company, we also base our cooperation on the standard contractual clauses of the EU Commission as a precautionary measure, even though storage primarily takes place on servers in Germany.

Storage period
We store our website backups on a rolling basis. This means that older backups are automatically overwritten by new backups as soon as the number of backup copies defined by us is reached (usually after 30 days), unless legal retention obligations for the data contained therein (e.g. tax-relevant accounting data) require longer storage.

11.3 Security plugins (WP 2FA)

Type and purpose of processing
To protect the administration access to our website against unauthorised access (brute force attacks, etc.), we use two-factor authentication (WP 2FA).

Processed data
In this context, log data about access attempts (e.g. IP address, time, attempted username) is processed in order to detect and block attack attempts (e.g. brute force attacks).

Legal basis
Processing is carried out on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in protecting our website from criminal activity. Access to the end device (e.g. for session verification) is absolutely necessary in accordance with Section 25(2)(2) TDDDG.

Storage period
The log data of login attempts is deleted regularly, unless it is needed for longer for the analysis of security incidents.

12. Up-to-dateness and changes to this privacy notice

This privacy notice is currently valid and was last updated in February 2026. Due to the further development of our website and offers or due to changed legal or official requirements, it may be necessary to change this privacy notice. You can access and print out the current privacy notice at any time on this website.