fbpx

Data privacy

Privacy Notice pursuant to Art. 13 GDPR

Name and Address of the Controller

The responsible entity within the meaning of the General Data Protection Regulation (GDPR) and other data protection laws is:

Twist & Schirm Social Media GmbH
Leopoldstraße 31
80802 Munich, Germany

Name and Address of the Data Protection Officer

The data protection officer for the controller is:

Jörg Hermann
jmh Datenschutzberatung
Freibadstr. 30
81543 Munich, Germany

Phone: +49 89 200033580
Email: [email protected]


General Information on Data Processing

Legal Basis for Processing Personal Data

Pursuant to Art. 13 GDPR, we inform you of the legal bases for our data processing. If you have consented to data processing, we process your personal data based on Art. 6(1)(a) GDPR or, if special categories of personal data under Art. 9(1) GDPR are processed, based on Art. 9(2)(a) GDPR. If you explicitly consent to the transfer of personal data to third countries, processing is additionally based on Art. 49(1)(a) GDPR. If your data is necessary for contract fulfillment or pre-contractual measures, processing is based on Art. 6(1)(b) GDPR. If processing is required to fulfill a legal obligation, we process your data based on Art. 6(1)(c) GDPR. Furthermore, data processing may be based on our legitimate interests under Art. 6(1)(f) GDPR.


Data Deletion and Storage Duration

We adhere to the principles of data minimization (Art. 5(1)(c) GDPR) and storage limitation (Art. 5(1)(e) GDPR). We store your personal data only as long as necessary to achieve the purposes mentioned here or as required by legal retention periods. After the purpose ceases or the retention period expires, we delete the respective data as quickly as possible.


External Links

This website may contain links to third-party websites or other pages within our control. If you follow a link to a site outside our responsibility, please note that these websites have their own privacy policies. We do not assume responsibility or liability for these third-party sites. Please review their privacy policies before using those websites.

External links can be identified by their distinctive color, underlining, or cursor change when hovered over. Clicking on an external link may result in the transfer of your personal data to the destination website, including your IP address, the time of clicking, and the referring page. Some links may involve data transfers outside the European Economic Area (EEA), potentially exposing your data to foreign authorities. If you do not wish for such transfers, please refrain from clicking external links.


Rights of Data Subjects

As a data subject under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR) – Obtain information about your stored personal data.
  • Right to rectification (Art. 16 GDPR) – Request correction of inaccurate personal data.
  • Right to erasure (Art. 17 GDPR) – Request deletion of your personal data, subject to legal limitations.
  • Right to restriction of processing (Art. 18 GDPR) – Restrict the processing of your personal data.
  • Right to data portability (Art. 20 GDPR) – Request transfer of your data to another controller.
  • Right to object (Art. 21 GDPR) – Object to the processing of your data for specific reasons.
  • Right to lodge a complaint with a data protection authority if you believe your data protection rights have been violated.

Revocation of Consent

Certain data processing activities require your explicit consent. You may withdraw your consent at any time, but the withdrawal does not affect the legality of data processing prior to revocation.


Objection to Processing

If data processing is based on Art. 6(1)(e) or (f) GDPR, you may object for reasons relating to your particular situation. If we cannot demonstrate compelling legitimate grounds for processing that outweigh your rights, we will cease processing your data.

If your personal data is used for direct marketing, you may object at any time, including any related profiling. Upon objection, we will stop processing your personal data for marketing purposes.


Complaint to a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU country of your residence, workplace, or the place of the alleged violation.


Provision of the Website (Web Hosting)

When accessing our website, certain technical data is automatically collected and stored in server log files, including:

  • IP address of the visitor’s device
  • Device type
  • Hostname of the accessing computer
  • Operating system and browser type/version
  • Accessed file name
  • Time of server request
  • Data volume transferred
  • Whether the request was successful

These logs are not merged with other data sources. Our website may be hosted externally, meaning personal data is stored on the hosting provider’s servers. The legal basis for processing is Art. 6(1)(f) GDPR, as we have a legitimate interest in ensuring the website’s error-free operation and optimization.


Use of Cookies

We use cookies to store information on your device to improve website functionality. These may be session cookies (temporary) or persistent cookies (stored until manually deleted). Third-party cookies may also be used (e.g., for analytics or embedded videos).

Cookies essential for the operation of the website are stored based on Art. 6(1)(f) GDPR. Other cookies are only stored with your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time.


Use of External Services

We integrate third-party services (e.g., analytics, social media plugins) that process your data. If a legitimate interest does not apply, your explicit consent will be requested (Art. 6(1)(a) GDPR).

Analytics Tools

We use analytics tools to evaluate website usage and improve our services.

  • Google Analytics (Google Ireland Limited)
    Data may be transferred to the USA. Google is certified under the EU-U.S. Data Privacy Framework. More details: Google Privacy Policy

  • Leadinfo (Leadinfo B.V., Netherlands)
    Hosted locally, no third-party data transfer.

  • Snowplow (Snowplow Analytics Limited, UK)
    Hosted locally, no third-party data transfer.

Consent Management

We use a Consent Management Tool to handle cookie and third-party service consents. The legal basis for processing is Art. 6(1)(c) GDPR.

  • Borlabs Cookie (Borlabs, Hamburg, Germany)
    Hosted locally, no third-party data transfer.

Content Management Systems

  • Elementor (Elementor Ltd., Israel)
    Hosted locally, no third-party data transfer.

  • WordPress (Automattic Inc., USA)
    Hosted locally, no third-party data transfer.

Customer Relationship Management (CRM)

We use CRM software to manage client relationships. Processing occurs only with your consent (Art. 6(1)(a) GDPR).

  • HubSpot (HubSpot Ireland Limited)
    Hosted locally, no third-party data transfer.

Performance Optimization

We use tools to improve website performance.

Social Media Plugins

We integrate social media plugins for interaction with our social media channels. These plugins process personal data when you visit our website.

  • Facebook (Meta Platforms Ireland Limited)
    Data may be transferred to the USA. Meta is certified under the EU-U.S. Data Privacy Framework. More details: Facebook Privacy Policy

By using our website, you consent to the processing of your personal data as described. You may withdraw consent at any time.