How we use your data and accommodate your rights – information pursuant to Articles 13, 14 and 21 of the EU General Data Protection Regulation (GDPR)


We respect your privacy and are committed to protecting it whether you are a customer, a potential customer or a website visitor. So, what exactly does that mean in terms of your personal data? This document provides you with a fast and simple overview of the personal data concerning you that we collect and how we process it. It also informs you of your rights under effective data protection law and who to contact if you have any questions.

Who are we and who can you contact?

The data controller pursuant to GDPR is

Technologiepark Karlsruhe GmbH
Albert-Nestler-Str. 7
76131 Karlsruhe
Tel. +49 (0)721 6105-01
Fax +49 (0)721 6105-199

We take all the necessary precautions to protect your personal data.

If you have any questions about this privacy policy please contact us at the above address.

What data do we collect and where do we obtain it from?

The personal data we process includes the following:

  • Personal identification data (e.g. name, address, date of birth, birthplace, nationality, identity card/passport number, e-mail address, phone number, tax no., IBAN);
  • Data about your financial situation (e.g. credit rating, information from credit agencies);
  • Data about your online behaviour and preferences (e.g. IP address, unique identifiers of mobile devices, data about your visits to our websites, cookies, the devices you used to access our website (this data allows us to recognise you when you visit our website again or use our mobile apps));
  • Data about your interests and preferences that you communicate to us, e.g. via our websites.

We collect your personal data when you contact us about our products or services, e.g. as a customer or a potential customer, particularly if you express an interest in our products or send us an e-mail or call us by phone, or if you use our products and services within the framework of an existing business relationship. We additionally process personal data – when this is necessary to provide our products or services – which we permissibly obtain from other companies, banks (e.g. credit unions, savings banks), mayor’s offices, regional administrations and other third parties (e.g. Creditreform), (e.g. to process orders, execute contracts or if you have provided your consent). We also process personal data obtained from public sources if such data is necessary to provide our services. We obtain this data permissibly from sources such as the Internet, company registers and association registers.

What data do we process when you visit our website?

Server log file data

When you visit our website we may save the following access information:

  • Requesting IP address
  • Accessed file
  • http response code
  • Referrer URL
  • Date, time and time zone when the server is accessed
  • Browser type and version
  • Operating system of the requesting device
  • Search term used, e.g. in Google, to find the website

We process data on website access/use on the basis of Article 6 (1) f) GDPR for the purposes of providing the website, maintaining its technical operation and ensuring the security of our IT systems. In processing the data we pursue our legitimate interest to provide and maintain a website service and to ensure that the website’s technical functions work. These data are automatically processed when you access the website. If you didn’t provide us with the data you would not be able to use our website. We do not use the data for the purpose of drawing conclusions about your identity.
The data is collected anonymously and deleted again after 30 days unless we need it for a longer period of time for the aforementioned purposes. In such cases we delete the data without delay when it is no longer needed for the processing purpose.

Contact form and e-mail

When you contact us via contact form or e-mail, the contact data which you voluntarily provide to us (e.g. name and e-mail address) is collected, processed and used for the specific purposes of documenting and responding to your enquiry (or enquiries) and for technical administration.
Data in connection with communications via contact form or e-mail are processed on the basis of Article 6 (1) b) GDPR if  this is necessary to take steps prior to entering into a contract, or on the basis of Article 6 (1) f) GDPR. In the latter case we pursue the legitimate interest to respond to contact enquiries which are voluntarily sent to us.
We delete the data you provide as soon as it is no longer needed for the processing purpose, unless we are required to comply with statutory archiving requirements.

If your data is processed by us to pursue a legitimate interest you can object to the storage  of your personal data at any time. In this case we will stop processing your data until we can furnish proof that it is in our legitimate interest to process it and delete it unless  we are required by law to store it. To exercise your right of objection to the storage of your personal data please contact us by letter, fax or e-mail.


Our website uses cookies and similar technologies (collectively referred to as “cookies”) to optimise the website experience for users. For example, they make website navigation easier and enhance user friendliness.
Cookies are small identifiers that are sent by our web server to your browser and stored on your device if you use standard settings that allow cookies. One way that cookies are used is to recognise you if you have accessed our website previously with the same device. The processing purpose is to enhance your website experience. We only use cookies for website functions if they are essential to the function and it is in our legitimate interest to do so, i.e. if we would not otherwise be able to provide certain basic functions on our website (e.g. automatic language selection so that you don’t have to select the language again each time you access a different web page). The legal basis for processing your data is Article 6 (1) f) GDPR.
The cookies we use are so-called session cookies which are deleted when you leave our website.

You can change your browser settings to block cookies. You can also install free browser extensions such as Adblock Plus in combination with the EasyPrivacylist or Ghostery to prevent cookies from being stored and used and to prevent tracking with cookie-like technology. However, if you do not allow cookies you may not be able to use all the functions of this website to their full extent.

Adobe Typekit

We use Adobe Typekit web fonts to make our website visually appealing. Adobe Typekit is a service provided by Adobe Systems Incorporated (“Adobe”), 601 Townsend St., San Francisco, CA 94103, USA which allows us to access the Adobe font library. When you access one of our web pages, the web fonts are downloaded and cached in your browser so that the texts and fonts can be displayed correctly. When the web fonts are downloaded Adobe gains knowledge of your IP address. In this connection, it cannot be excluded that information will be transmitted to an Adobe server in a third country. Adobe is Privacy Shield certified and therefore guarantees to provide a level of data protection reflecting EU data protection requirements.
Your data is processed for the purpose of our legitimate interest to improve our website, particularly the user experience, by ensuring that the content is displayed in a uniform and appealing way (Article 6 (1) f) GDPR).
You can find further information about Adobe’s use of data here:

What do we use your data for and on what legal basis?

TPK GmbH processes personal data for the purposes of communicating with potential customers, providing advice, taking steps prior to entering into contracts, entering into contracts and administering contracts.

Processing is necessary to perform a contract pursuant to Article 6 (1) b) GDPR

To execute a contract with you we have to process your data. This also applies to the data you provide to us prior to entering into a contract with us. The purpose for which the data is processed is primarily oriented on the product (e.g. leased commercial space, construction contracts).

Processing is necessary for compliance with a legal obligation pursuant to Article 6 (1) c) GDPR

We have to comply with numerous legal obligations.

For example, it is necessary to process your data for the following purposes: credit assessments, fraud and money laundering prevention, compliance with tax law review and reporting requirements, risk management and for the provision of statutory reports to the authorities.

You have given your consent to the processing of your personal data pursuant to Article 6 (1) a) GDPR

If you have consented to the processing of your personal data for a specific purpose we are legally permitted to process it. You can withdraw your consent at any time. This also applies to declarations of consent that you provided to us before the GDPR (General Data Protection Regulation) entered into force, i.e. prior to 25 May 2018. The withdrawal of your consent does not affect the lawfulness of processing up to the time of withdrawal of consent.

Processing is necessary for the purposes of the legitimate interests pursued by us pursuant to Article 6 (1) f) GDPR

We process personal data if this is necessary for us to pursue a legitimate interest except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. It is in our legitimate interest to process personal data for the purpose of conducting our business.

Other legal bases

Other legal bases for the use of personal data include, for instance,
the Baden-Württemberg State Data Protection Act, the Federal Data Protection Act, the German Commercial Code, the State Budgetary Code.

Very importantly, we do not under any circumstances sell your data to third parties!


Who receives your data and why?

Your personal data within TPK GmbH

Within TPK GmbH the only persons with access to your data are those who require it to pursue our legitimate interests or to perform our contractual and legal obligations.

Your personal data outside TPK GmbH

We and our employees are under obligation to protect the commercial confidentiality of all customer-related facts and valuations and to protect the confidentiality of personal data. We are only allowed to pass on information concerning you if statutory provisions permit, you have given us your consent or we are empowered to disclose the information.

Under the above circumstances, recipients of your personal data may include:

Revenue authorities, Creditreform, universities, banks (e.g. savings banks and credit unions), certified public accountants, supervisory authorities, the Federal Statistics Office, appraisers, affiliated companies).

Service providers who support us

Our service providers may also receive your personal data for the purposes described. They include trades companies, construction companies, cleaning companies and the like. If the service providers are not processors pursuant to Article 28 GDPR, personal data is only disclosed to them for the purposes of compliance with contractual or legal obligations.

How long do we store your data for?

We only store your data for as long as it is required for the processing purpose.

When the data is no longer necessary to perform contractual or legal obligations it is regularly deleted unless we have to continue storing it for a – limited – time period. This may be necessary for the following reasons:

  • Compliance with commercial or tax law archiving requirements
  • As evidence in legal disputes within the framework of statutory limitation periods

Civil law limitation periods may be up to 30 years in length, whereby the regular limitation period is three years.

Are data transferred to a third country or an international organisation?

Data are only transferred to third countries (countries outside the European Union or the European Economic Area – EEA) if this is necessary for the purpose of entering into or executing a contract with you, if it is required by law or if you have provided us with your consent.

Are you under obligation to provide TPK GmbH with certain personal data?

We are not generally able to enter into or execute a contract with you if we do not collect and use your personal data.
Your identity documents are necessary for the purpose of identifying you before we enter into a business relationship with you. In this process, your name, place of birth, date of birth, nationality, address and ID card or passport details are collected and stored. If, during the course of our business relationship, any of these details change you are required to inform us without undue delay. If you do not provide us with the necessary information and documents we cannot enter into or continue a business relationship with you.

What are your rights and why are your rights important to us?

We always try to respond to your enquiries as quickly as possible. Sometimes it can take up to a month before we respond to an enquiry. If we require more than one month for final clarification we will inform you of how much time we require. In some cases we are not able to or not permitted to provide any information. In such cases we will notify you promptly of the reason why we are not able to provide the information. You have the right to lodge a complaint.

What are your rights as a potential customer or contractual partner of TPK GmbH as regards the processing of your data?

The rights are governed by the relevant provisions of the EU General Data Protection Regulation (Articles 15 to 21):

Your right to information and rectification

You can request information about the personal data concerning you that we process. If your personal data is not (no longer) accurate you can request rectification. You also have the right to have incomplete data completed. We will inform third parties to whom the data has been transferred of the rectification if we are legally required to do so.

Your right to the erasure of your personal data

You have the right to request the immediate erasure of your personal data if one of the following applies:

Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • You withdraw your consent and there is no other legal ground for processing;
  • You object to the processing and there are not overriding legitimate grounds for processing;
  • Your personal data have been unlawfully processed.

Please note that your right to the erasure of your personal data depends on whether legal grounds exist which necessitate the processing of the data.

Your right to restriction of processing your personal data

You have the right to obtain restriction of processing of your personal data if one of the following applies:

  • You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claim.

Your right to data portability

You have the right to receive the personal data concerning you in a transferrable format.

Your right to object

You have the right to object, on grounds relating to your particular situation, to the processing of your personal data, based on a consideration of the balance of interests (Article 6 (1) e GDPR). In particular, you have the right to object to the processing of your data for direct marketing purposes pursuant to Article 21 (1) and (2) GDPR.

If you lodge an objection we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

If you wish to exercise any of the aforementioned rights, please contact:

Technologiepark Karlsruhe GmbH
Albert-Nestler-Str. 7
76131 Karlsruhe
Tel. +49 (0)721 6105-01

Your right to lodge a complaint

It is possible that you may not be satisfied with our response to a concern you have expressed. In that case you can lodge a complaint with the competent supervisory authority.

Please address any complaints to:

The State Commissioner for Data Protection in Baden-Württemberg
Königstr. 10a
70173 Stuttgart
Tel. +49 (0)711 615541-0
Fax  +49 (0)711 615541-15