Privacy policy
1. General Information regarding Data Processing
This privacy policy describes the collection and use of personal data in connection with the use of our website in accordance with the requirements of the General Data Protection Regulation ("GDPR"). Processing activities that are not covered by this privacy policy may be supplemented by further privacy policies that shall apply separately.
1.1 Totoli as Data Controller
Controller pursuant to the GDPR is
Lottie GmbH ("we/us" or "Lottie")
Rosenthaler Strasse 37
10178 Berlin
Germany
We inform you in the following about the processing of your personal data within the scope of our web offer https://totoli.kids (“website”).
You can reach us:
- by mail at:
Lottie GmbH
Rosenthaler Strasse 37
10178 Berlin
Germany - or by e-mail at:
privacy@totoli.kids
1.2 Scope of Data Processing
Personal data are any information relating to an identified or identifiable natural person. Applicable legal provisions are in particular those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data ("General Data Protection Regulation", GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).
1.3 Your Rights
In accordance with the statutory provisions, you as the data subject have the following rights:
- the right to access,
- the right to rectification or erasure,
- the right to restriction of processing,
- the right to data portability,
- If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future,
- You may object to the processing of your personal data, if your personal data are processed for direct marketing purposes and/or on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR insofar as there are reasons for this arising from your particular situation.
To exercise these rights named above you may contact us at any, for example via email to privacy@totoli.kids.
You have also the right to lodge a complaint with a supervisory authority at your choice (for example: Berliner Beauftragte für Datenschutz und Informationsfreiheit https://www.datenschutz-berlin.de/kontakt.html).
An overview of the Data Protection Authorities may be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html or http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
1.4 Storing and Deleting Data
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.
1.5 Profiling and automated decision making
We do not use automated decision-making including profiling when processing data concerning our Website or Platform.
1.6 Data Security
For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.
1.7 Data Processing by Third Parties / Data Processing outside the EU
We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured.
2. Data processing on our Website
2.1 Server Logs
Nature and purpose of data processing
We collect data on each visit to our website (so-called Server log files), which include:
- Name of the Website visited,
- date and time of the visit,
- data amount transferred,
- information on a successful call,
- browser type as well as version,
- operating system of the user, referrer URL (the page visited before),
- IP address and the requesting provider
as well as the following, if a mobile end device is being used:
- country code,
- language,
- name of device,
- name and version of operating system.
We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website.
Legal basis
When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) f. GDPR based on our legitimate interest in quality assurance and website security.
Recipients
Recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Storage duration
The log files and IP addresses of website visitors, which we process as described below, are deleted within 30 days.
2.2 Newsletter
Nature and purpose of data processing
When registering for the newsletter, you have to provide an email address and your name. In our newsletter we inform you about our services and products also described on our Website. In case of registration for the newsletter we also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration. We also analyze how users consume our newsletter. This includes tracking of newsletter openings and how the newsletter is consumed.
Legal basis
The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) a GDPR).
Recipients
Recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Transfer to third countries
Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.
Storage duration
We will process your personal information until your consent is revoked.
Revocation of consent
If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters, please use the "unsubscribe" link contained in each newsletter or send us an email to privacy@totoli.kids.
2.3 Waiting List
Nature and purpose of data processing
To sign up for our waiting list, you will be asked to provide your name and email address. Registered persons will receive updates and notifications regarding new products and services before all other users.
Legal basis
The data processing for sending and analyzing our waiting list as described above is based on your consent (Art. 6 (1) a GDPR).
Recipients
Recipient of the data is a service provider. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Storage duration
We will process your personal information until your consent is revoked or until the end of the testing period.
Revocation of consent
If you do not want to be part of the waiting list anymore and/or wish to object to the tracking of your data through the waiting list, please use the "unsubscribe" link contained in each waiting list email or contact us by email at privacy@totoli.kids.
2.4 Careers Section on our Website
Nature and purpose of data processing
We will process your data through the careers section of the Website, if you apply to an open position at Totoli.
In order to submit your application you need to provide your name, email address, as well as your resume and/or CV.
We may also ask for additional information to assist us with our recruitment process and in the event, you are offered a job. Such data may include date of birth, telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us.
You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at Totoli or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.
In particular, we use your data:
- To get in touch with you, communicate with you, update you and to facilitate your application;
- To respond to your questions or concerns;
- To carry out vetting of staff members by contacting references (where required);
- To assist in any disputes, claims or investigations relating to your application, or
- To comply with our legal, regulatory, and professional obligations.
- If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.
Legal basis
We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG)
Recipients
Recipient of the data is a service provider in the EU. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
Storage duration
We will store your information for 6 months after notification that we could not retain your application for a position at Totoli.
2.5 Talent Pool
Nature and purpose of data processing
If we cannot offer you a position immediately based on your application, we might want to keep you informed about other opportunities in the future. In order to do so, we need to keep the information specified under 2.3.
Legal Basis
We process your data based on your consent (based on Art. 6 (1) a. GDPR.
Recipients and Transfer to third countries
(see 2.3)
Storage duration
With your explicit consent to contact you for further opportunities, we will process your information no longer than 2 years.
Revocation of consent
You may withdraw such consent with effect for the future at any time via email to talent@totoli.kids.
2.6 Contacting Us
Nature and purpose of data processing
If you send us an e-mail or contact us via an online form, your contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions.
Legal basis
These data are processed only on the basis of our legitimate interests to offer efficient communications channels to the public (Art. 6 (1) f. GDPR), or on the basis of initiating a or communicating under an existing business relationship (legal basis Art. 6 (1) b. GDPR).
Recipients
Recipient of the data is a processor on behalf. As such, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.
2.7 User Surveys
Nature and purpose of data processing
We sometimes perform online surveys related to our products in order to gain insights and improve our services. Generally, when completing our surveys the data entered with respect to various questions about your age, preferences and opinions in various possible fields, will be stored in an anonymized form. This means that such information will never be stored or brought in connection with any personal identifiable information, such as name or email address.
However, in specific instances in particular related to waiting list subscribers or testers of our products or services we may wish to tie the above mentioned information to your person, to gain more insights specific to your experience. We will always make it clear to our users when surveys will not be anonymized.
Where you have the opportunity to participate in a lottery for a prize, or if we offer gifts to participants of our surveys, we need to process your email address for these purposes. However, as described above, your email address will be submitted to us separately by our service provider and we have no way of connecting it to questions answered.
Legal basis
The processing is carried out with your consent according to Art. 6 para. 1 lit. a GDPR.
Recipients
Recipient of the data is a processor on behalf. For this purpose, we have concluded the necessary data processing agreement under which the service provider is obliged to process the data only in accordance with our instructions.
Retention Period
We will process answers to your questions until your consent is revoked. Your email address will be deleted no later than 6 weeks after participating in a survey.
Withdrawal of Consent
You may withdraw such consent with effect for the future at any time via email to privacy@totoli.kids.
3. Data Processing on our Social Media Pages
We operate pages on the following social media channels:
- Facebook: facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: https://www.facebook.com/policy.php,
- Instagram: instagram.com or mobile app by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to privacy policy: http://instagram.com/about/legal/privacy/;
- Twitter: twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please also refer to privacy policy: https://twitter.com/en/privacy,
- LinkedIn: linkedin.com or mobile app by LinkedIn Corporation, Legal Department -- Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA / LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please also refer to: https://www.linkedin.com/legal/privacy-policy
When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.
The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data. However, you are also welcome to contact us if this should become necessary and we will then forward the request to them.
When using Facebook, Instagram, Twitter, or LinkedIn data may also be processed outside the EU.
Data Processing and Legal Basis
With our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.
Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.
Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 (1) a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 (1) f GDPR).
4. Questions?
For further information you may contact us any time, for example via email at privacy@totoli.kids.