Effective Date: 14th June, 2025
Thrypes GmbH ("Thrypes" "we" "us" or "our") is committed to protecting the privacy and data of individuals who visit our website thrypes.com, interact with us, or use our services. This Data Protection Policy outlines how we collect, process, store, share, and protect personal data in full compliance with:
The General Data Protection Regulation (EU) 2016/679 (GDPR),
The German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), and
All other applicable data protection and privacy laws in Germany and the European Union.
The primary purpose of this Data Protection Policy is to establish a clear framework for how Thrypes GmbH, as a data controller, collects, processes, manages, and safeguards personal data in accordance with applicable data protection laws, specifically the General Data Protection Regulation (GDPR) and the Federal Data Protection Act of Germany (BDSG). This policy is designed to:
Ensure Lawfulness, Fairness, and Transparency:
Guarantee that all personal data processed by Thrypes is handled lawfully, fairly, and in a transparent manner towards the individuals whose data is involved. This means individuals are fully informed about the nature, scope, and purpose of the data processing activities carried out by Thrypes.
Promote Accountability and Trust:
Provide clarity to data subjects (such as website users, customers, employees, and partners) about how their personal data is collected, why it is processed, how it is used, and the legal grounds for such processing. This transparency fosters trust and empowers individuals to exercise control over their personal data.
Ensure Compliance with Data Protection Obligations:
Outline the procedures and responsibilities that Thrypes adheres to in order to comply with its legal obligations as a data controller under Article 5 and Article 24 of the GDPR and corresponding provisions of the BDSG. This includes safeguarding data subjects’ rights, ensuring data security, and demonstrating compliance with the principles of data protection by design and by default.
Establish Data Governance Practices:
Define the standards, roles, and responsibilities within Thrypes regarding the management of personal data. This ensures that employees, contractors, and third-party service providers understand their duties in upholding data protection standards.
Mitigate Risks Associated with Data Processing:
Provide a structured approach to identifying, managing, and mitigating risks related to data privacy and security, thereby protecting both Thrypes and data subjects from the consequences of data breaches or non-compliance.
By implementing this policy, Thrypes reaffirms its commitment to upholding the highest standards of privacy, data protection, and ethical data handling in all of its operations related to the website thrypes.com and any associated digital services.
This Data Protection Policy applies to all personal data processing activities undertaken by Thrypes GmbH in its capacity as a data controller within the meaning of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act of Germany (BDSG).
All personal data collected directly or indirectly through the website www.thrypes.com, including, but not limited to, data collected through:
Contact forms and communication requests.
Newsletter subscriptions or mailing list sign-ups.
Client inquiries, service requests, or information submissions.
Job applications and recruitment-related submissions.
Web cookies, tracking pixels, and other analytics technologies that collect behavioral and technical data about website usage.
All personal data processing activities related to:
Data storage, access, and management.
Data sharing with authorized service providers.
Security, maintenance, and monitoring of personal data.
Marketing communications (where consent is given).
Legal and compliance-related data handling.
This policy does not apply to: Personal data processing activities conducted by third-party websites, applications, or platforms that may be linked or referenced on our website. Thrypes GmbH holds no responsibility for the data protection practices, privacy policies, or data handling processes of such third parties. Users are encouraged to consult the respective privacy policies of these external sites before providing any personal information.
| Role | Responsibilities |
|---|---|
Thrypes GmbH (Data Controller) |
|
Employees and Contractors |
|
Data Protection Officer (DPO) |
|
Email: data.privacy@thrypes.com
Phone: +49 (030) 25093949
Mailing Address:
Thrypes GmbH,
Gontardstraße 11, 4th Floor,
10178 Berlin, Germany
At Thrypes GmbH, the processing of personal data is governed by the core principles established under Article 5 of the General Data Protection Regulation (GDPR). These principles form the foundation of our commitment to ensuring the lawful, fair, and responsible handling of personal data. We uphold these principles rigorously throughout all stages of data collection, processing, storage, and deletion.
Firstly, Thrypes operates under the principle of lawfulness, fairness, and transparency. This means that all personal data is processed in accordance with legal requirements, handled in a fair manner that respects the rights of individuals, and conducted transparently. Data subjects are fully informed about the nature, purpose, and extent of data processing, and are provided with clear information about how their data will be used.
Secondly, the principle of purpose limitation is a cornerstone of our approach. Thrypes collects personal data only for clearly defined, explicit, and legitimate purposes. We ensure that data is not further processed in a manner incompatible with those purposes, unless it is required by law or additional consent has been obtained from the data subject.
The principle of data minimization is equally important. We collect and process only the personal data that is adequate, relevant, and limited to what is strictly necessary in relation to the purposes for which it is processed. This prevents the excessive collection of data and minimizes potential risks to privacy.
Thrypes also prioritizes the principle of accuracy. We take reasonable steps to ensure that personal data is accurate and kept up to date. Where necessary, inaccurate or outdated data is corrected or deleted without undue delay to maintain the integrity of the information we process.
In adherence to the principle of storage limitation, Thrypes retains personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable legal, regulatory, or contractual obligations. Once the retention period has expired, data is securely deleted, anonymized, or otherwise disposed of in a manner that ensures it cannot be reconstructed or recovered.
The principles of integrity and confidentiality guide our information security practices. Thrypes implements appropriate technical and organizational measures to safeguard personal data from unauthorized access, unlawful processing, accidental loss, destruction, or damage. These measures include encryption, access controls, and regular security assessments.
Lastly, the principle of accountability is central to Thrypes' data protection framework. We are fully responsible for demonstrating compliance with all applicable data protection laws and principles. This includes maintaining comprehensive records of processing activities, conducting regular audits, training employees on data protection, and continuously monitoring and improving our privacy management systems.
By adhering to these principles, Thrypes ensures that personal data is handled responsibly, ethically, and in full compliance with the GDPR and the German Federal Data Protection Act (BDSG).
Thrypes GmbH ensures that all personal data processing activities are carried out on a lawful basis, in strict compliance with the provisions of Article 6 of the General Data Protection Regulation (GDPR) and applicable sections of the Federal Data Protection Act (BDSG). The legal basis for processing personal data depends on the specific purpose and context in which the data is collected. The primary legal grounds upon which Thrypes relies are as follows:
Where required, Thrypes processes personal data based on the freely given, specific, informed, and unambiguous consent of the data subject. Consent is obtained for clearly defined purposes, such as subscribing to newsletters, receiving marketing communications, submitting contact forms, or participating in voluntary surveys and feedback requests. Individuals retain the right to withdraw their consent at any time, with future effect, without affecting the lawfulness of processing carried out prior to withdrawal.
Thrypes processes personal data where it is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract. This applies, for example, when users request services, submit inquiries related to potential collaborations, receive proposals, or enter into business relationships with Thrypes. Without this data, Thrypes would be unable to fulfill contractual obligations or deliver requested services effectively.
In certain cases, the processing of personal data is mandatory for Thrypes to comply with legal obligations imposed under German or European law. This includes obligations related to tax compliance, financial recordkeeping, employment law, regulatory reporting, prevention of fraud, audit requirements, and responding to lawful requests from public authorities or courts. Failure to process this data would result in non-compliance with legal and statutory obligations.
Thrypes also processes personal data where it is necessary for the purposes of legitimate interests pursued by Thrypes or by a third party, provided that such interests are not overridden by the data subject’s fundamental rights and freedoms. This legal basis applies in scenarios such as:
Ensuring the security and integrity of our website and IT systems.
Monitoring and preventing fraudulent activities or abuse of services.
Analyzing website usage to improve functionality, optimize performance, and enhance user experience.
Communicating with clients, business partners, or prospective customers outside of direct contractual relationships.
Defending against legal claims or enforcing our terms of service.
In applying this basis, Thrypes conducts a balancing test to ensure that our legitimate interests do not disproportionately impact the privacy or rights of individuals. Measures such as data minimization, transparency, and user controls are employed to mitigate potential impacts.
Thrypes GmbH collects and processes various categories of personal data from users of its website www.thrypes.com, as well as from individuals who engage with us through online forms, communication channels, or other digital interactions. The types of personal data we collect depend on the nature of the interaction and are necessary for providing services, responding to inquiries, improving our website functionality, and ensuring compliance with applicable laws.
This includes personal information that directly identifies an individual or allows for their identification in a business context. Typical identification data collected may include the user’s full name, email address, phone number, company name, and job title. This information is primarily collected when users complete contact forms, request information, subscribe to newsletters, engage in business-related communications, or apply for roles through our recruitment channels.
We automatically collect technical data that relates to the user’s device and how they access our website. This may include the user’s IP address, browser type and version, operating system, device type, screen resolution, and language settings. Technical data is collected to ensure the website functions properly, to optimize user experience, and to monitor security and performance. This information also assists in identifying potential fraudulent activities or security risks
Usage data pertains to how visitors interact with the website. This includes data such as the specific web pages visited, the date and time of visits, duration of time spent on each page, navigation paths, clickstream patterns, and other interaction logs. This information is gathered through cookies, analytics tools, and server logs. It is utilized to analyze trends, improve website functionality, optimize content, and understand user preferences and behaviors.
When users communicate with us directly — whether through contact forms, email ncorrespondence, feedback submissions, or customer service inquiries — we collect the content nof those communications. This can include details about the user’s request, any attachments, nopinions, feedback, or additional information the user voluntarily provides. Communication data nis essential for providing responsive customer support, addressing inquiries, managing business nrelationships, and documenting correspondence where necessary for legal or operational npurposes.
Thrypes GmbH processes personal data in a manner that is strictly aligned with the purposes for which it was collected. All use of personal data is conducted in accordance with the principles of lawfulness, fairness, and transparency as set forth in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The ways in which we use personal data are directly related to delivering our services, ensuring regulatory compliance, improving operational efficiency, and maintaining a secure digital environment.
One of the primary uses of personal data is to enable Thrypes to effectively respond to inquiries, service requests, and communications submitted by users through our website, email channels, or other contact methods. This includes managing ongoing business relationships, providing requested information about our services, delivering proposals, and handling customer support needs.
Additionally, we use personal data to optimize and enhance the functionality of our website. Through the analysis of technical and usage data, we are able to improve navigation, enhance the performance of site features, personalize content where applicable, and generally ensure a seamless user experience for our visitors.
Personal data is also processed to ensure that Thrypes complies with applicable legal and regulatory obligations. This includes maintaining accurate business records, fulfilling tax and financial reporting requirements, adhering to employment laws, and responding to legitimate requests from public authorities or regulatory agencies. Internal audits and compliance checks are supported by the lawful processing of necessary data.
Where consent has been explicitly granted by the user, Thrypes uses personal data to deliver marketing communications. These may include newsletters, updates about our services, invitations to events, and other promotional materials. Data subjects retain full control over their preferences and may withdraw consent for such communications at any time.
Finally, the processing of personal data plays a critical role in maintaining the security and integrity of our website and associated systems. We use personal and technical data to detect, prevent, and investigate fraudulent activities, unauthorized access attempts, and cybersecurity threats. This proactive use of data also supports our efforts to monitor system performance, diagnose technical issues, and ensure that our digital infrastructure remains secure and resilient.
All processing activities are conducted with a commitment to protecting data subject rights and minimizing any potential impact on privacy. Data is never used in a manner incompatible with the original purposes for which it was collected unless permitted or required by law.
At Thrypes GmbH, the privacy and security of personal data are of paramount importance. We handle personal data with the highest degree of confidentiality and only share such data when it is necessary, lawful, and fully compliant with the General Data Protection Regulation (GDPR), the Federal Data Protection Act of Germany (BDSG), and other applicable data protection regulations.
Personal data may be shared with authorized third-party service providers who act as data processors on behalf of Thrypes. These service providers support us in delivering our services and maintaining operational efficiency. Typical categories of processors include web hosting providers, cloud storage services, email communication platforms, analytics providers (such as website usage analytics), cybersecurity service providers, and customer relationship management (CRM) platforms. All such third parties are contractually bound by Data Processing Agreements (DPAs) that ensure full compliance with GDPR requirements. These agreements impose strict obligations regarding the confidentiality, integrity, and security of the personal data they process on our behalf, and prohibit the use of data for any purposes other than those instructed by Thrypes.
In certain circumstances, Thrypes may be legally required to disclose personal data to regulatory bodies, public authorities, or law enforcement agencies. This disclosure occurs strictly when mandated by applicable laws, court orders, or lawful requests, and when necessary to comply with legal obligations, defend legal claims, enforce our terms and conditions, or protect the rights, safety, and property of Thrypes, our employees, clients, or the public.
It is a fundamental policy of Thrypes GmbH that we do not sell, trade, lease, or otherwise transfer personal data to third parties for commercial purposes. Personal data is shared strictly on a need-to-know basis and only with entities that uphold rigorous privacy and security standards.
Furthermore, any international transfers of personal data to recipients outside the European Economic Area (EEA) are subject to strict safeguards, including adequacy decisions issued by the European Commission or the implementation of Standard Contractual Clauses (SCCs) or other legally recognized mechanisms to ensure that the transferred data is afforded an adequate level of protection in accordance with GDPR requirements.
Thrypes remains fully accountable for the protection of personal data shared with third parties and continuously monitors and audits the compliance of its service providers to ensure adherence to data protection obligations.
Thrypes GmbH primarily processes personal data within the European Economic Area (EEA). However, in limited circumstances, it may be necessary to transfer personal data to countries outside the EEA to facilitate the delivery of services, maintain business operations, or engage with third-party service providers.
Such transfers occur only under conditions that ensure the level of data protection is consistent with the standards established by the General Data Protection Regulation (GDPR). Specifically, international data transfers are conducted under one of the following lawful mechanisms:
Adequacy Decisions: Transfers are permitted where the European Commission has determined that the destination country provides an adequate level of data protection equivalent to that afforded within the EEA.
Standard Contractual Clauses (SCCs) and Other Safeguards: In the absence of an adequacy decision, Thrypes employs legally binding agreements such as the European Commission’s SCCs or other approved contractual clauses to ensure that data transferred outside the EEA is afforded robust protection and that the rights of data subjects are preserved.
Explicit Informed Consent: Where neither an adequacy decision nor appropriate contractual safeguards are applicable, Thrypes may proceed with the transfer of data based on the explicit, informed, and voluntary consent of the data subject, having fully disclosed the potential risks associated with such transfers.
All international transfers are subject to thorough due diligence and risk assessments to ensure continued compliance with GDPR standards and the protection of individual privacy rights.
Thrypes GmbH retains personal data only for as long as necessary to fulfill the purposes for which the data was originally collected. This includes the delivery of services, communication, legal compliance, and operational requirements.
The specific duration of retention depends on the context and purpose of data processing. In general, personal data is retained for the duration of the relationship with the data subject and, where applicable, for a period thereafter as required to satisfy legal, tax, accounting, or regulatory obligations under German law and EU legislation.
For instance, business correspondence, contracts, and financial records may be retained for periods prescribed by statutory regulations, including but not limited to § 147 of the German Fiscal Code (AO) and § 257 of the German Commercial Code (HGB), which require retention for up to 10 years for certain types of data.
Once the retention period has expired and there is no further lawful basis for retaining the data, Thrypes ensures that the data is either securely deleted, anonymized, or irreversibly destroyed using industry-standard data disposal techniques, thereby safeguarding the privacy and security of the data subjects.
In accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), data subjects whose personal data is processed by Thrypes GmbH have comprehensive rights designed to safeguard their privacy and give them meaningful control over their personal data.
These rights include:
Right of Access: Individuals have the right to request confirmation as to whether their personal data is being processed and to receive a copy of that data, along with detailed information about the processing activities.
Right to Rectification: Data subjects can request that inaccurate or incomplete personal data be corrected or supplemented without undue delay.
Right to Erasure (Right to be Forgotten): Under certain conditions, individuals may request the deletion of their personal data, particularly where the data is no longer necessary for the purposes for which it was collected, consent has been withdrawn, or the processing is unlawful.
Right to Restriction of Processing: Individuals can request that the processing of their personal data be temporarily restricted, for example, while accuracy is being verified or pending the resolution of an objection.
Right to Data Portability: Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
Right to Object: Individuals may object to the processing of their personal data based on legitimate interests, including profiling related to such interests. Thrypes will cease processing unless compelling legitimate grounds override the interests, rights, and freedoms of the data subject or the processing is necessary for the establishment, exercise, or defense of legal claims.
Right to Withdraw Consent: Where processing is based on consent, individuals have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal.
Thrypes GmbH is committed to facilitating the exercise of these rights in an accessible and timely manner. Data subjects wishing to exercise any of the above rights can submit their request via email to the Data Protection Officer at:
Email: data.privacy@thrypes.com
Upon receiving a request, Thrypes may require verification of the requester’s identity to ensure the security and confidentiality of the data. Responses will be provided within the timelines prescribed by the GDPR, typically within one month of receipt of the request.
Thrypes GmbH is committed to protecting personal data against unauthorized access, loss, misuse, alteration, and destruction. In accordance with Article 32 of the GDPR and applicable German data protection laws, we implement a combination of technical and organizational measures (TOMs) designed to ensure the ongoing confidentiality, integrity, availability, and resilience of our data processing systems and services.
Our security measures include, but are not limited to:
SSL/TLS encryption for all data transmissions to ensure secure communication between users and our servers.
Hosting our data with ISO/IEC 27001-certified cloud service providers, ensuring that industry-recognized standards for information security management are maintained.
Role-based access controls (RBAC) that limit data access to authorized personnel only, based on job responsibilities and the principle of least privilege.
Regular vulnerability scanning, system monitoring, and timely application of software updates and security patches to mitigate emerging threats.
Comprehensive employee training programs focused on data protection, confidentiality, cybersecurity awareness, and regulatory compliance to ensure that all staff understand their responsibilities with regard to safeguarding personal data.
Additionally, Thrypes maintains incident response protocols and business continuity plans to minimize potential disruptions or breaches and to respond swiftly and effectively should an incident occur.
The Thrypes website uses cookies and similar tracking technologies to enhance user experience, optimize website functionality, and analyze site usage. These technologies enable the website to remember user preferences and provide a seamless browsing experience.
Cookies serve the following primary purposes:
Functional Cookies: These are essential for the website’s operation and functionality, such as remembering language preferences, session management, and user authentication. Without these cookies, key parts of the website may not function properly.
Analytics and Performance Cookies: Tools such as Google Analytics are employed to collect anonymized information about how visitors interact with the website. This includes tracking page visits, navigation patterns, time spent on pages, and referral sources. The purpose is to analyze website performance and improve content, design, and functionality based on aggregated user behavior.
Users are informed of our use of cookies when they first visit the website and are given the option to accept or manage cookie preferences in compliance with ePrivacy Directive requirements (EU Cookie Law) and GDPR. For detailed information on how we use cookies and how users can control them, please refer to our Cookie Policy.
In the unlikely event of a personal data breach, Thrypes GmbH has established procedures in compliance with Article 33 and Article 34 of the GDPR.
If a data breach occurs that is likely to result in a risk to the rights and freedoms of individuals (such as risk of identity theft, fraud, financial loss, or confidentiality breaches), Thrypes will:
Notify the competent Data Protection Authority (DPA), specifically the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information), within 72 hours of becoming aware of the breach. This notification will include all relevant facts about the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.
Where the breach poses a high risk to the affected individuals, Thrypes will also communicate the breach to those individuals without undue delay, providing clear information about the nature of the breach, potential impacts, and recommended steps the individuals should take to mitigate risks.
All data breaches are logged internally, regardless of their severity, and thoroughly investigated to prevent recurrence. Thrypes’ data breach response procedures are part of our wider information security management framework.
Thrypes GmbH reserves the right to update, amend, or modify this Data Protection Policy at any time in order to reflect changes in legal requirements, regulatory guidance, technological developments, or our organizational practices.
Whenever substantial changes are made to this policy, the updated version will be published on this page with the revised Last Updated date clearly indicated. We encourage all users and data subjects to review this policy periodically to remain informed about how Thrypes protects their personal data.
If you have any questions, concerns, or requests relating to this Data Protection Policy, your personal data, or your data protection rights, you are encouraged to contact us at:
Thrypes GmbH
Gontardstraße 11, 4th Floor,
10178 Berlin, Germany
Email: data.privacy@thrypes.com
Phone: +49 (030) 25093949
Our Data Protection Officer (DPO) is available to assist with data protection inquiries, data subject rights requests, and any concerns regarding the handling of personal data.
body
footer