Privacy Policy

Updated Date: Jan 15, 2026, 12:00 AM

1. Introduction

With the following Privacy Policy, we inform you about the types of personal data (hereinafter referred to as “data”) we process, for what purposes, and to what extent.

This Privacy Policy applies to all processing of personal data carried out by us in connection with the provision of our services and, in particular, to our online offering, including our website and external online presences (such as social media profiles).

The terms used are not gender-specific.

2. Data Controller

TK Operating
Tom Cedric Kadelbach
Wilhelmstraße 9
65307 Bad Schwalbach
Germany

Email: tom@tkoperating.com

3. Overview of Data Processing

Types of Data Processed

  • Identification data (e.g. name)

  • Contact data (e.g. email address)

  • Contract and payment data

  • Content data (e.g. messages)

  • Usage data

  • Meta, communication, and log data

Categories of Data Subjects

  • Prospective clients

  • Clients and business partners

  • Communication partners

  • Website visitors

Purposes of Processing

  • Performance of contractual services

  • Communication and inquiry handling

  • Organization and administration

  • Security measures

  • Marketing and direct marketing

  • Provision and optimization of the online offering

4. Legal Bases for Processing

Personal data is processed on the basis of the General Data Protection Regulation (GDPR), in particular:

  • Consent (Art. 6(1)(a) GDPR)

  • Performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR)

  • Legal obligation (Art. 6(1)(c) GDPR)

  • Legitimate interests (Art. 6(1)(f) GDPR)

In addition, the national data protection laws applicable in Germany (BDSG) apply.

5. Security Measures

We implement appropriate technical and organizational measures to protect personal data against loss, misuse, or unauthorized access.

Our website uses TLS/SSL encryption (HTTPS) to ensure secure data transmission.

6. Disclosure of Personal Data

Personal data is only disclosed to third parties where legally permitted or necessary for the performance of contractual obligations (e.g. hosting or IT service providers).

7. International Data Transfers

If personal data is transferred to countries outside the EU/EEA (e.g. when using third-party services), such transfers are carried out in compliance with applicable legal requirements, in particular on the basis of the EU-US Data Privacy Framework or appropriate safeguards such as standard contractual clauses.

8. Data Retention and Deletion

Personal data is deleted as soon as the purpose of processing no longer applies and no statutory retention obligations exist.

Statutory retention periods include:

  • 10 years for tax- and commercial-law relevant records

  • 6 years for other business correspondence

  • 3 years for potential civil-law claims

9. Rights of Data Subjects

You have the right:

  • to request access to your stored data

  • to request rectification of inaccurate data

  • to request deletion or restriction of processing

  • to data portability

  • to withdraw consent at any time

  • to object to direct marketing

  • to lodge a complaint with a supervisory authority

10. Business Services

We process personal data in the course of providing our business services, in particular for communication, contract fulfillment, and project organization.

11. Provision of the Website and Hosting

When visiting our website, technical access data (e.g. IP address, time of access) is processed to ensure operation and security of the website.

Such data is generally deleted after a maximum of 30 days.

12. Cookies

Our website uses cookies that are necessary for technical operation.
Where legally required, we obtain user consent before using cookies.

Cookies can be disabled at any time via browser settings.

13. Contact and Inquiry Management

When you contact us (e.g. via form or email), we process the data you provide solely for the purpose of handling your inquiry and subsequent communication.

14. Marketing Communication

Marketing communication (e.g. via email) is carried out only with your consent or on the basis of legitimate interests. You may object to marketing communication at any time.

15. Embedded Content and Third-Party Services

Our website may include content from third-party providers (e.g. fonts or videos). For technical reasons, the IP address of users may be transmitted to the respective provider.

16. Use of External Tools

External tools and services (e.g. file transfer services) may be used for organization and collaboration. Data processing is carried out in accordance with legal requirements.

17. Changes and Updates

We reserve the right to amend this Privacy Policy to ensure compliance with current legal or technical requirements.

18. Supervisory Authority

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany

Website: https://datenschutz.hessen.de
Email: poststelle@datenschutz.hessen.de