This Privacy Policy explains how RedGecko GmbH, operator of the Thunderbolt Collective website (“we”, “us”, or “our”) collects, uses, discloses, and protects personal data you (“user”, “you”, or “your”) provide to us. This policy applies to all websites, applications, and services operated by us.
I. Data Controller
The data controller for data processing is:
Thunderbolt Collective
RedGecko GmbH
Paul-Lincke-Ufer 20-22
10999 Berlin, Germany
Email: hello (at) thunderbolt-collective.com
Phone: +49 (0)30 / 120 76 74 10
II. General Information on the Collection and Processing of Data
We collect and process personal data in accordance with applicable data protection laws, particularly the General Data Protection Regulation (GDPR). We collect and use personal data only if it is legally permitted or if you consent to the data collection.
The personal data we collect may include:
- Name
- Contact details (email address, phone number)
- Usage data (IP address, browser type, pages visited, date and time of access)
- Other data you voluntarily provide to us
1. Purpose of Data Processing
The data we collect is used for the following purposes:
- Providing and improving our services
- Communicating with you
- Security and protection of our services
- Marketing and advertising
- Compliance with legal obligations
2. Legal Basis for Processing
The processing of your data is based on the following legal grounds:
- Consent according to Art. 6 (1)(a) GDPR
- Performance of a contract according to Art. 6 (1)(b) GDPR
- Compliance with a legal obligation according to Art. 6 (1)(c) GDPR
- Legitimate interests according to Art. 6 (1)(f) GDPR
III. Web Hosting
This website is hosted by an external service provider (hoster). The hosting of this website, as well as personal data collected on this website, is stored on various servers within the EU. This information primarily consists of IP addresses, contact requests, meta and communication data, website access and other data generated via a website.
We have concluded a data processing agreement with the provider in accordance with the requirements of Art. 28 of the GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.
IV. Server Log Files
When you visit our website, certain information is automatically transmitted by your browser and stored in server log files. This information is necessary to ensure a smooth connection to the website, the proper functioning of our services, and to evaluate system security and stability. The data collected includes:
- Date and time of request
- The name of the requested file
- The page from which the file was requested
- Access status
- Web browser and operating system used
- IP address of the requesting computer
- Amount of data transferred in bytes
The legal basis for processing the data is our legitimate interest in the protection and functionality of our website in accordance with Art. 6(1)(f) GDPR.
This data is never stored together with other personal data of the user, compared with other data, or transferred to third parties. The data is retained for a limited time and only to the extent necessary to achieve the aforementioned purposes.
V. Contact Form, Email, and Phone Inquiries
If you contact us via forms on our website, email or telephone, we process the personal data you provide (e.g., name, email, message content) solely for the purpose of responding to your inquiry. We will not pass on this data under any circumstances without your consent.
The legal basis for processing this data is our legitimate interest in responding to your request (Art. 6(1)(f) GDPR). If your inquiry leads to a contract or is related to an existing contract, the legal basis is the performance of a contract (Art. 6(1)(b) GDPR).
Your data will be deleted after the final processing of your request, provided that there are no legal obligations to retain data. You can object to the processing of your personal data at any time in the case of Art. 6(1)(f) GDPR.
VI. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience on our website, analyze site usage, and assist in our marketing efforts. Cookies are small text files stored on your device when you visit our website.
For detailed information about the cookies we use, the purposes for which we use them, and how you can manage your cookie preferences, please refer to our Cookie Policy.
VII. Implemented Technologies
We use third-party technologies on our website to enhance our services, improve security, and ensure the smooth operation of our website. The following services may process your data:
7.1 CookieYes Consent Management Platform (CMP)
We use CookieYes CMP, a service provided by CookieYes Limited, 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom.
CookieYes helps us to obtain and manage your consent preferences in accordance with GDPR requirements. This ensures that your consent is obtained before loading non-essential cookies or third-party plugins that process personal data.
As part of this service, CookieYes may collect information such as your IP address, consent status and preferences regarding the use of cookies and similar technologies. The legal basis for processing this data is our compliance with legal obligations under Art. 6(1)(c) GDPR.
For more information on how CookieYes Limited processes your data, please refer to their Privacy Policy.
7.2 Cloudflare Turnstile Captcha
We use Cloudflare Turnstile Captcha, a service provided by Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
We use Cloudflare Turnstile Captcha to protect our website, to verify that visitors to our website are human and to prevent automated access (bots). As part of this service, Cloudflare may collect information such as your IP address, browser and device information, and user behavior data (e.g., mouse movements, keystrokes).
The legal basis for processing this data is our legitimate interest in the security and integrity of our website and services in accordance with Art. 6(1)(f) GDPR.
Data may be transferred to the United States under Standard Contractual Clauses (SCCs), ensuring adequate safeguards for the protection of your data in accordance with GDPR requirements.
For more information on how Cloudflare processes your data, please refer to their Privacy Policy.
7.3 Google Ads and Conversion Tracking
We use Google Ads and Conversion Tracking, services provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland.
We use Google Ads to display relevant advertisements across the Google network, and Google Conversion Tracking to measure the success of our ad campaigns. As part of this service, Google may collect data such as ads viewed, cookie ID, the date, time, and duration of visits, geographic location, IP address, search terms, online identifiers, device and browser information, and user behavior (click paths).
The use of Google Ads is based on your consent in accordance with Art. 6(1)(a) GDPR. You may withdraw your consent at any time through the cookie settings on our website.
Data may be transferred to countries outside the European Economic Area (EEA), including the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and Google’s certification under the EU-US Data Privacy Framework (DPF).
For more information on how Google processes your data, please refer to the Google Privacy Policy.
7.4 Google Fonts (Local Embedding)
We embed Google Fonts locally on our server to ensure that no external requests are made to third parties when you visit our website. This means no personal data is transmitted to Google when displaying fonts on our website.
7.5 Google Maps
We use Google Maps, a service provided by Google Ireland Limited, to display interactive maps on our website to enhance user experience. This service is activated only with your explicit consent.
Google Maps may collect data such as your IP address and location data.
The legal basis for processing this data is your consent according to Art. 6(1)(a) GDPR. You may withdraw your consent at any time through the cookie settings on our website.
Data may be transferred to countries outside the EEA, including the United States. These transfers are protected by Standard Contractual Clauses (SCCs) and Google’s certification under the EU-US Data Privacy Framework (DPF).
For more information on how Google processes your data, please refer to the Google Privacy Policy.
7.6 3D Office Tour via Matterport
Our website features a 3D office tour provided by Matterport, Inc., 352 East Java Dr, Sunnyvale, CA 94089, USA. By interacting with this feature, you agree to the processing of your data by Matterport. Matterport may collect data such as device information and user activity data to provide the virtual tour service and improve user experience.
The legal basis for processing this data is your consent according to Art. 6(1)(a) GDPR. You may withdraw your consent at any time through the cookie settings on our website.
Data may be transferred to countries outside the EEA, including the United States. These transfers are protected by Standard Contractual Clauses (SCCs).
For more information on how Matterport processes your data, please refer to the Matterport Privacy Policy.
VIII. Transfer of Personal Data to Third Parties
Your personal data will not be transferred to third parties, unless:
- We have explicitly indicated this in the description of the respective data processing.
- You have given your express consent in accordance with Art. 6(1)(a) GDPR.
- It is necessary for fulfilling our contractual obligations to you, as outlined in Art. 6(1)(b) GDPR
- There is a legal obligation to do so in accordance with Art. 6(1)(c) GDPR
- It is necessary for enforcing our rights, especially for enforcing claims from a contractual relationship with you
IX. International Data Transfers
Where personal data is transferred to countries outside the European Economic Area (EEA), such transfers will be protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and certifications like the EU-US Data Privacy Framework (DPF) where applicable.
X. Data Storage and Deletion
Your personal data is stored only for as long as necessary to achieve the purposes mentioned above or as required by law. After that, the data will be deleted or anonymized. In cases of legal obligations, data may be stored for up to ten years in accordance with the retention periods specified in the German Commercial Code (HGB) and the German Fiscal Code (AO).
XI. Your Rights
You have the following rights regarding the personal data we process:
- Right of access (Art. 15 GDPR): You have the right to request information about the personal data we hold about you, including the purposes of processing, the types of data, the recipients, and how long we store it.
- Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate or incomplete data.
- Right to deletion (Art. 17 GDPR): You may request the deletion of your personal data. Certain exceptions apply, such as where we need the data to comply with legal obligations.
- Right to restriction of processing (Art. 18 GDPR): You have the right to request restrictions on how we process your data.
- Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, or request that we transfer it to another controller.
- Right to withdraw consent (Art. 7(3) GDPR): If you have given consent for the processing of your data, you can withdraw it at any time. This will not affect the legality of the processing before the withdrawal.
- Right to lodge a complaint (Art. 77 GDPR): If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any way, you can lodge a complaint with the competent supervisory authority.
- Right to object to certain data processing activities (Art. 21 GDPR): You have the right to object to the processing of your personal data, particularly for direct marketing purposes.
To exercise your rights, contact us at any time using the information provided in the “Contact” section below.
XII. Security and Integrity of Data
We take appropriate security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include technical measures such as encryption and firewalls, as well as organizational measures like restricted access to data.
XIII. Changes to the Privacy Policy
We reserve the right to change this Privacy Policy at any time. The current version is available on our website. Please check regularly for updates to this policy.
XIV. Contact
For questions or concerns regarding this Privacy Policy or to exercise your rights, please contact us at: datenschutz (at) redgecko.com.