TTE Strategy named HIDDEN CHAMPION 2022 / 23

Data Privacy Information

This data privacy information serves to inform you about our handling of your personal data and your rights pursuant to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). TTE Strategy GmbH (hereinafter referred to as ‘we’ or ‘us’) is the controller of the data processing.

Table of Contents

I. General Information. 2

1. Contact 2

2. Legal Basis 2

3. Period of Storage. 2

4. Recipients of Data. 2

5. Data Transfer to Third Countries 3

6. Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR. 3

7. Your Rights 3

8. Right to object 4

9. Data protection officer 4

II. Data processing on our website. 4

1. Processing of Server Log Files 4

2. Contact form and requests. 4

3. Cookies 5

4. Consent Management 5

5. Google Analytics 6

6. reCAPTCHA. 6

7. Hotjar. 6

III.   Data processing on our Social Media. 7

1. Visit of a Social Media Page. 7

a. LinkedIn Company Page. 7

b. Twitter 8

c. Xing. 8

d. YouTube. 8

2. Comments and Direct Messages. 8

IV.   Further Data Processing. 9

1. Contractual Relationship. 9

2. Applications 9


I. General Information


1. Contact

If you have any questions or feedback concerning this information or wish to contact us to exercise your rights, please send your enquiry to

TTE Strategy GmbH
Am Sandtorkai 77

20457 Hamburg

phone: +49 (0)40 69919799



2. Legal Basis

The legal term ‘personal data’ refers to all information relating to an identified or identifiable human.

We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the BDSG. We solely process data with legal permission. We process personal data

If you apply for an open position in our company, we will, additionally, process your personal data to decide on whether to hire you (section 26 para. 1 sentence 1 BDSG).


3. Period of Storage

Unless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law.


4. Recipients of Data

For certain processing activities, we rely on processors. These processing activities include, for example, hosting, maintenance and support of IT systems, customer and client management, accounting as well as marketing or file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors only process data on explicit instruction and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection.

Apart from that, we may transfer your data to postal and delivery services, our bank, consultants/auditors or the fiscal authority if necessary.

If applicable, further recipients are mentioned below.


5. Data Transfer to Third Countries

Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is lawful, if the European Commission has determined that the third country ensures an adequate level of data protection. In absence of such an adequacy decision by the European Commission, the personal transfer may only be transferred to a third country if appropriate safeguards in accordance with Art. 46 GDPR are provided or one of the conditions pursuant to Art. 49 GDPR is met.

Unless otherwise stated in the following we use the standard contractual clauses for the transfer of personal data to processors established in third countries as appropriate safeguards:

Insofar you consent to the transfer of personal data to third countries, the transfer is legally based on Art. 49 para. 1 letter a) GDPR.


6. Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof.  Data stored for the purpose of granting you your right of access and for the preparation thereof will only be processed for this purpose and for the purpose of data protection audits. Any further processing is restricted in accordance with Art. 18 GDPR.

These processing operations are based on Art. 6 para. 1 letter c) GDPR in conjunction with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.


7. Your Rights

As the data subject, you are entitled to assert your rights against us. In particular, you have the following rights:


8. Right to object

Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing activities based on Art. 6 para. 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.


9. Data protection officer

You can contact our data protection officer via the following address:


Herting Oberbeck Datenschutz GmbH

Hallerstr. 76, 20146 Hamburg   


II. Data processing on our website

During use of our website, we collect information that you provide yourself. We also automatically collect certain information about your use of the site during your visit to the site. In data protection law, the IP address is generally considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.


1. Processing of Server Log Files

In the case of purely informative use of our website, general information is collected automatically (i.e. not via registration), which your browser transmits to our server. This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out in pursuit of our legitimate interests and is based on Art. 6 para. 1 letter f) GDPR. This processing serves the technical administration and security of the website. The data collected will be deleted after seven days unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are unable to identify you as a data subject based on the information collected. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 para. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.

2. Contact form and requests

On our website we provide a contact form via which you can send us messages. The data entered is encrypted before transfer (note the ‘https’ in the address bar of your browser). All data fields marked as mandatory are necessary to process your request. Failure to enter the necessary information results in us being unable to process your request. Providing further data is voluntary. Alternatively, you can send us an email via the contact email address. We process the data to process your request. If your request relates to the conclusion or execution of a contract with us Art. 6 para. 1 letter b) GDPR is the legal basis. Apart from that, we process your data based on our legitimate interest to reach out to persons submitting requests. Legal basis for this is Art. 6 para. 1 letter f) GDPR.


3. Cookies

We use cookies and similar technologies on our website (‘cookies’). Cookies are small text files that are stored by your browser when you visit a website. This makes the browser identifiable so it can be recognised by our web server. You can exercise full control over the use of cookies through your browser. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies in your browser settings in general or for particular cases. The Federal Office for Information Security provides further information on this:

In part, the use of cookies is necessary to maintain functionality and operation of our website and is, therefore, lawful without consent. Apart from that, we use cookies and similar technologies to offer special functions and content or to measure the coverage of our website and analyse the use of our website. This may include cookies by third parties. Cookies which are not necessary to maintain functionality of the website we will only use with your consent pursuant to section 15 para. 1 TMG or Art. 6 para. 1 letter a) GDPR.

Information on our cookies:






Google Advertising Products





4. Consent Management

This website uses a consent management banner for the management of cookies. The consent banner enables users of our website to consent to individual processing activities, revoke consent or object to processing activities. By confirming the ‘I accept’ button or by saving individual cookie settings, you consent to the use of the respective cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 para. 1 letter a) GDPR.

In addition, the banner helps us to provide proof of the declaration of consent. For this purpose, we process information about the declaration of consent and further log data about this declaration. Cookies are also used to collect this data.

Processing this data is necessary to document your consent. The legal basis results from our legal obligation to document consent (Art. 6 para 1 letter c) in conjunction with Art. 7 para. 1 GDPR.

To revoke consent to the use of cookies, click here:


5. Google Analytics

We use Google Analytics provided by Google Ireland Limited (Ireland, EU) on our website.

Google Analytics is a web analytics service that allows us to collect and analyse data about visitor behaviour on our website. Google Analytics allows us to measure interaction data from different devices and sessions. This allows us to put individual user actions in context and analyse long-term relationships.

Google Analytics uses cookies for this purpose, which enable an analysis of the use of our website. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about interaction with our website. Some of this data is information stored in the end device you are using. In addition, further information is also stored on your end device via the cookies used. Such storage of information by Google Analytics or access to information already stored in your end device will only take place with your consent.

Google Ireland will process the data collected on our behalf in this way in order to evaluate the use of our website by users, to compile reports on the activities within our website and to provide us with further services associated with the use of our website and associated with the use of the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.

The setting of cookies and the further processing of personal data described here takes place with your consent. The legal basis for the data processing in connection with the Google Analytics service is therefore Art. 6 (1) a GDPR. You can revoke this consent via our Consent Management Tool at any time with effect for the future.

The personal data processed on our behalf for the provision of Google Analytics may be transferred to any country in which Google Ireland or Google Ireland's sub-processors maintain facilities. Please refer to the information in the section "Data transfer to third countries".

We only use Google Analytics with IP anonymization activated. This means that the IP address of the users are shortened by Google Ireland within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. The IP address transmitted by the user's browser is not merged with other data. The IP address is shortened on servers in the EU.

The data on user actions are stored for a period of 2 months and then automatically deleted. The deletion of data whose storage period has expired automatically takes place once a month.

We also use the Google Analytics advertising features (Remarketing/ Google Signals). This function enables us, in conjunction with the cross-device functions of Google, to display advertisements in a more targeted manner and to present users with ads that are according to their interests. Through remarketing, users are shown ads and products that have been identified as being of interest for the user on other websites in the Google network. The function allows us to link advertising target groups created via Google Analytics Remarketing with the cross-device functions of Google Ads. In this way, interest-based, personalized advertising messages that have been adapted to a user depending on previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another end device of the user (e.g. tablet or PC).

If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on each end device on which you log in with your Google account. The aggregation of the collected data in your Google Account is based solely on your consent, which you can give or revoke at Google. For these linked services, data is then collected via Google Analytics for advertising purposes. To support the remarketing function, Google Analytics collects users' Google-authenticated IDs, which are temporarily linked to our Google Analytics data. This is used to define and create target groups for cross-device ad advertising.

Further information on how data from websites or apps is used by Google for advertising purposes can be found in Google's policies at:



We use the reCAPTCHA service by Google Ireland Limited (Ireland/EU). For such implementation, processing of your IP address is technically necessary so that the content can be sent to your browser. Your IP address is therefore transferred to Google. Google also collects further data, e.g. about your browser and your click behaviour. We use the service for security reasons to ensure that form entries are made by a natural person. In this way, automated access attempts and attacks can be recognised and warded off. We are legally obliged to take technically and economically appropriate measures to ensure the security of the portal. The legal basis is Art 6 para. 1 letter c) GDPR in conjunction with. Art. 32 GDPR and section 13 para. 7 TMG.

You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.


When using Google services, we cannot rule out the possibility that the data processed may be transferred to Google LLC (USA), which is based in the USA. Please note the information in the section ‘Data transfer to third countries’. For further information regarding data protection at Google go to:


7. Hotjar

We use Hotjar to better understand the needs of our users and to optimize what we offer and the experience on this website. With the help of Hotjar’s technology, we gain a better understanding of the experiences of our users (e.g. how much time users spend on which pages, which links they click, what they like and what they don’t like, etc.) and this helps us to align what we offer with the feedback of our users. Hotjar works with cookies and other technologies to collect data about the behavior of our users and about their end devices, in particular the IP address of the device (collected and stored only in anonymous form during your use of the website), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language for displaying our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually prohibited from selling the data collected on our behalf.

When visiting a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page and clicking “Deactivate Hotjar”.

For more information, see the “About Hotjar” section on


III.  Data processing on our Social Media

We operate company pages on multiple social media platforms via which we want to inform on our company and create opportunities for customers to connect. We operate company pages on the following social media platforms:



Visiting or interacting with a company page on social media can result in your personal data being processed. The information in your social media account constitutes personal data. This also encompasses messages and statements made with the account. Additionally, certain information about your visit to a company page is often collected automatically during your visit which may also be personal data.


1. Visit of a Social Media Page

a. LinkedIn Company Page

Generally, the LinkedIn Ireland Unlimited Company (Ireland/EU – ‘LinkedIn’) is the sole controller of the processing of your personal data relating to a visit to our LinkedIn page. Further information about LinkedIn processing personal data is available at

If you visit or follow our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights which enable us to gain knowledge about the ways in which interact with our page (so called ‘insights’). For this purpose, LinkedIn processes, in particular, such data that you already shared with LinkedIn by adding it to your profile like, for example, position, country, field of work, seniority, company size and employment status. Further, LinkedIn collects information on how you interact with our LinkedIn company page, for example whether you follow our LinkedIn company page. LinkedIn does not share personal data with us by providing us with the insights. We only have access to a summarized version of the insights. Also, we are unable to make conclusions about individual members from the information in the insights. LinkedIn and we are joint controllers of the processing regard the page insights. The processing serves our legitimate interest in analysing the ways in which people interact with our page and improving our page based on this. This finds its legal basis in Art. 6 para. 1 letter f) GDPR. We have concluded an agreement with LinkedIn on joint controllership in which the data protection duties are allocated between LinkedIn and us. The agreement is available via The agreement stipulates the following:



Please note that user data is also processed in the USA and other third countries according to LinkedIn’s data protection guidelines. LinkedIn only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.


b. Twitter

Generally, Twitter Inc. (USA) is the sole controller of the processing of your personal data relating to your visit to our Twitter account. Further information on the processing of personal data by Twitter Inc. is available via


c. Xing

Generally, the New Work SE (Germany/EU) is the sole controller of the processing of your personal data relating to your visit to our Xing profile. Further information on the processing of personal data by New Work SE is available via


d. YouTube

Generally, Google Ireland Limited (Ireland/EU) is the sole controller of the processing of your personal data relating to your visit to our YouTube channel. Further information on the processing of personal data by YouTube and Google Ireland Limited is available via


2. Comments and Direct Messages

Additionally, we process information which you provide us with via the respective social media platform. Such information can include the username, contact details or a message to us. We are the sole controller of such processing activities. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 para. 1 letter f) GDPR. Further data processing can take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 letter c) GDPR).


IV.   Further Data Processing


1. Contractual Relationship

In order to establish and execute the contractual relationship with our customers it is usually necessary to process the contact details of the respective contact person. The legal basis for this processing is Art. 6 para. 1 letter f) GDPR. In addition, we process customer and potential customer data for evaluation and marketing purposes. This processing takes place on the legal basis of Art. 6 section 1 letter f) GDPR and serves our interest in further developing our product range and informing you specifically about products by TTE Strategy GmbH Further data processing can take place if you have consented (Art. 6 section 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 section 1 letter c) GDPR).


2. Applications

When you apply for a position at our company, we process your application data exclusively for purposes related to your interest in current or future employment with us and the review of your application. Your application will only be processed and acknowledged by the responsible contact person. All employees entrusted with data processing are obliged to maintain the confidentiality of your data. If we are unable to offer you a position, we will retain the data you provide for up to six months for the purpose of potentially answering questions relating to your application and rejection. This does not apply if legal provisions prevent deletion, if further storage is necessary for the purpose of presenting evidence or if you have expressly consented to longer storage. Legal basis for the data processing is section 26 para. 1 BDSG. If we keep your applicant data for a period of six months and you have expressly consented to this, we would like to point out that this consent can be freely withdrawn at any time in accordance with Art. 7 section 3 GDPR. Such a withdrawal of consent does not affect the lawfulness of the processing, which has taken place prior to the withdrawal.

TTE Strategy