Skip to main content

Privacy Policy

Version 1.0 · Last updated 2026-04-02

1. Controller

Responsible for the website and the application provided through it:

Tallence AG
Neue Gröningerstraße 13
20457 Hamburg
Germany

Phone: +49 40 36 09 35 100
Email: info@tallence.com

2. Data Protection Officer

If you have any questions regarding data protection, you may contact our Data Protection Officer at any time:

Stefanie Schmidt
Tallence AG
Neue Gröningerstraße 13
20457 Hamburg

Email: datenschutz@tallence.com

3. General Information on Data Processing

The use of our website is generally possible without providing personal data.

Where personal data (e.g. name or email address) is collected on our pages, this is done, as far as possible, on a voluntary basis.

Your data will only be disclosed to third parties if this is necessary for the fulfilment of our services, if we are legally obliged to do so, or if you have expressly consented. Where we engage external service providers, this is done on the basis of corresponding data processing agreements.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not technically possible.

This privacy policy applies to our website and the application provided through it.

4. Data Processing When Using the Application

4.1 Registration and User Account

When you create a user account, we process the data you provide, in particular:

  • Email address
  • Name
  • Company
  • Job title

Purpose of Processing

Creation and management of your user account and provision of the application.

Legal Basis

Art. 6(1)(b) GDPR (pre-contractual measures)

4.2 Authentication and Use of the Application

To provide the application, we process data generated during login and use, in particular:

  • Authentication data (e.g. login information)
  • Session data
  • Technical usage data

This processing is necessary to ensure the secure operation of the application.

Legal Basis:
Art. 6(1)(b) GDPR (pre-contractual measures)

4.3 Use of Compliance Scans

When you use the application to perform compliance scans, we process data related to your technical infrastructure, in particular:

  • Scan results
  • Configuration and metadata
  • Summaries of audit findings

Purpose of Processing

Provision of the features you use and display and analysis of the scan results.

Legal Basis

Art. 6(1)(b) GDPR (pre-contractual measures)

The processing is carried out by us as the Controller.

5. Hosting

Our application is hosted by an external service provider:

Amazon Web Services EMEA SARL, Luxembourg

A data processing agreement pursuant to Art. 28 GDPR is in place with the provider.

6. Cookies and Consent Management

Our application uses cookies and comparable technologies. Cookies are small text files that are stored on your device and contain certain information.

We distinguish the following categories of cookies:

Necessary Cookies

These cookies are required for the application to function properly (e.g. for navigation or access to secure areas). Without these cookies, the application cannot be operated correctly.

Statistics Cookies

These cookies help us understand how users interact with the application. Services such as Matomo or Amazon CloudWatch RUM may be used for this purpose.

Marketing Cookies

These cookies are used to track users across different pages and to display relevant content or advertising to them.

Legal Bases

  • Necessary cookies: § 25(2) TDDDG in conjunction with Art. 6(1)(f) GDPR
  • Statistics and marketing cookies: § 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR (consent)

Consent and Withdrawal

Statistics and marketing cookies are only set if you have given your consent.

You may withdraw or adjust your consent at any time with effect for the future.

Data Transfers to Third Countries

Processing of personal data cannot be excluded.

The provider ensures that appropriate safeguards pursuant to Art. 44 et seq. GDPR are in place, in particular through the use of Standard Contractual Clauses (SCC).

7. Web Analytics with Matomo

To analyse the use of our application, we use Matomo, a service provided by:

InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand

Matomo uses cookies to enable an analysis of the use of our application. To enrich visitor data (e.g. geographic origin), the full IP address is briefly processed internally before anonymisation, but is not stored. Permanent storage is carried out exclusively in anonymised form.

In the course of use, the following data may in particular be processed:

  • Full IP address (briefly processed for geolocation enrichment, not stored)
  • Truncated IP address (permanently stored)
  • Pages visited and times of access
  • Referrer URL (previously visited page)
  • Information about browser, operating system and device
  • Time spent on individual pages

The data collected is stored exclusively on our own servers and is not disclosed to third parties.

Legal Basis

Art. 6(1)(a) GDPR (consent)

Data Transfers to Third Countries

New Zealand has an adequacy decision from the European Commission pursuant to Art. 45 GDPR.

8. Use of HubSpot (CRM and Marketing Communication)

For the management of contact data and for marketing and communication purposes, we use HubSpot, a service provided by:

HubSpot Inc., 25 First Street, Cambridge, MA 02141, USA

HubSpot is used in particular for:

  • Management of contact data
  • Sending marketing information
  • Analysis of interactions, provided you have consented thereto

Data Processed

The following data may in particular be processed:

  • Name
  • Email address
  • Company
  • Job title
  • Communication and interaction data

The processing of your data via HubSpot takes place exclusively if you have given your consent.

Legal Basis:
Art. 6(1)(a) GDPR (consent)

Consent and Withdrawal

Consent is voluntary and may be withdrawn at any time with effect for the future.

Data Transfers to Third Countries

Processing of personal data may also take place in the USA.

HubSpot is certified under the EU-U.S. Data Privacy Framework. In addition, Standard Contractual Clauses (SCC) are used as additional appropriate safeguards.

9. Performance and Error Analysis (CloudWatch RUM)

If you have consented thereto, we use Amazon CloudWatch Real User Monitoring (RUM) to analyse the use and to monitor the technical performance of the application, a service provided by:

Amazon Web Services EMEA SARL, Luxembourg

CloudWatch RUM enables us to collect and analyse information on the use of the application as well as on technical errors and loading times.

In the course of use, the following data may in particular be processed:

  • Information on page views and loading times
  • Technical error messages
  • Information about browser, operating system and device
  • Interaction data within the application

CloudWatch RUM uses cookies to analyse user sessions and to identify related events.

Legal Basis

Art. 6(1)(a) GDPR (consent)

Withdrawal of Consent

You may withdraw your consent at any time with effect for the future.

Data Transfers to Third Countries

Processing of personal data may also take place in third countries.

Amazon Web Services employs appropriate safeguards within the meaning of Art. 44 et seq. GDPR, in particular through the conclusion of Standard Contractual Clauses (SCC).

10. Data Transfers to Third Countries

Processing of your personal data outside the European Union (EU) or the European Economic Area (EEA) only takes place if this is necessary in the context of the use of certain services.

In such cases, we ensure that an adequate level of data protection is guaranteed. This is achieved in particular through:

  • Adequacy decisions of the European Commission
  • The EU-U.S. Data Privacy Framework (for certified companies)
  • The conclusion of Standard Contractual Clauses (SCC)

Where data is transferred to third countries, this is specifically indicated in the relevant sections of this privacy policy.

11. Your Rights

In connection with the processing of your personal data, you have the following rights:

Access (Art. 15 GDPR)

You have the right to request information as to whether and which personal data we process about you. This includes in particular information on processing purposes, data categories, recipients, storage periods and your further rights.

Rectification (Art. 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us.

Erasure (Art. 17 GDPR)

You may request the erasure of your personal data, provided that no statutory retention obligations or other legal grounds prevent erasure.

Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data, e.g. if you contest the accuracy of the data or the processing is unlawful.

Data Portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used and machine-readable format or to have it transferred to another controller.

Withdrawal of Consent (Art. 7(3) GDPR)

You may withdraw any consent given at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

Right to Object (Art. 21 GDPR)

Where we process your personal data on the basis of legitimate interests, you may object on grounds relating to your particular situation.

Where your data is used for direct marketing, you have an unrestricted right to object without stating reasons.

Right to Lodge a Complaint (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority. As a rule, you may contact the supervisory authority of your place of residence, place of work or our registered office.

To exercise your rights, an email to datenschutz@tallence.com is sufficient.

12. Note on Automated Decision-Making

Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place.

13. Data Security

We take appropriate technical and organisational measures to protect your personal data when using the application against loss, manipulation or unauthorised access.

Our website and application use SSL/TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser begins with “https://” and by the lock icon in your browser bar.

14. Currency of This Privacy Policy

This privacy policy is updated as necessary to adapt it to legal requirements or changes to our services.

The current version shall apply in each case.