top of page

Privacy Policy (turbit.com)

Last updated: December 2025

1. Controller

Turbit Systems GmbH
Kottbusser Damm 79
10967 Berlin
Germany

Email: info@turbit.de

Managing Directors: Michael Tegtmeier, Christian Fontius

2. Data Protection Contact

For questions regarding data protection, please contact:
datenschutz@turbit.de

3. General Information on Data Processing

3.1 Scope of Processing

We process personal data in particular when you:

  • visit our website,

  • submit forms,

  • access embedded content after giving consent,

  • interact with the website chat,

  • submit support or contact requests.

3.2 Legal Bases for Processing (GDPR)

Depending on the purpose, personal data is processed on the basis of:

  • Art. 6(1)(a) GDPR (consent),

  • Art. 6(1)(b) GDPR (pre-contractual or contractual communication, support),

  • Art. 6(1)(f) GDPR (legitimate interest).

Our legitimate interests include, in particular, the secure, stable and efficient operation of the website and the processing of inquiries. The interests and fundamental rights of data subjects are always taken into account.

3.3 Cookies & Access to End Devices (TDDDG)

The storage of or access to information on your end device (e.g. cookies or similar technologies) takes place:

  • for technically necessary functions on the basis of Section 25(2) TDDDG,

  • for analytics, marketing and external media only with your consent pursuant to Section 25(1) TDDDG, and additionally in accordance with the GDPR (in particular Art. 6(1)(a) GDPR).

3.4 Data Retention

Personal data is deleted as soon as the respective purpose no longer applies and no statutory retention obligations prevent deletion. Specific retention periods are described in the respective sections.

4. Your Rights

You have the following rights in particular:

  • right of access (Art. 15 GDPR),

  • right to rectification (Art. 16 GDPR),

  • right to erasure (Art. 17 GDPR),

  • right to restriction of processing (Art. 18 GDPR),

  • right to data portability (Art. 20 GDPR),

  • right to object to processing based on Art. 6(1)(f) GDPR (Art. 21 GDPR),

  • right to withdraw consent at any time (Art. 7(3) GDPR),

  • right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

5. Hosting & Technical Provision (Wix)

Our website is hosted via Wix.com. As part of technical operation, Wix processes in particular:

  • IP address,

  • date and time of access,

  • pages accessed,

  • device and browser information,

  • security and performance data.

Purpose: operation, delivery, stability and security of the website
Legal basis: Art. 6(1)(f) GDPR
Processing: Wix is used as a service provider.

Processing outside the EU/EEA may occur. In such cases, data transfers take place only if the legal requirements are met.

6. Server Log Files

When using the website, technical log data is processed (e.g. IP address, referrer, user agent, timestamp, status codes).

Purpose: security, error and abuse analysis
Legal basis: Art. 6(1)(f) GDPR
Retention period: generally up to 7 days; longer only in the event of security-relevant incidents.

7. Consent Management (Cookie Settings)

We use a consent management tool that allows you to choose whether we may activate:

  • analytics,

  • marketing,

  • external media.

You can revoke or adjust your consent at any time with effect for the future via the cookie settings.

8. Contact & Forms (Wix Forms)

When you contact us via forms, we process the data you provide (e.g. name, email address, company, message) as well as technical metadata.

Purpose: processing of inquiries, communication, pre-contractual steps
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR
Recipients: Wix and, where applicable, connected CRM or marketing systems
Retention period: until completion of processing; for business-related inquiries typically up to 24 months.

9. Web Analytics (Google Analytics 4)

We use Google Analytics 4 to analyze the use of our website.

Data categories:

  • usage and interaction data,

  • device and browser information,

  • IP address (processed only in truncated form).

The IP address is processed exclusively in truncated form; direct identification of individuals is excluded for us.
Google Signals and the combination of data with other Google services or Google accounts are disabled.

Purpose: analysis and optimization of website usage
Legal basis: consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG)
Retention period: maximum 14 months.

Data transfers to third countries may occur and take place only in accordance with applicable legal requirements.

10. CRM & Marketing Automation

10.1 HubSpot

We use HubSpot to manage inquiries, contacts and communication processes.

Data categories: contact data, communication content, where applicable interaction data
Purpose: processing of inquiries, CRM, marketing processes
Legal basis:

  • Art. 6(1)(b) or Art. 6(1)(f) GDPR for inquiry processing

  • consent for marketing and tracking functions

Transfers to third countries may occur only if appropriate safeguards are in place.

10.2 Mautic

If activated, Mautic is used for marketing automation.

Data categories: contact data, interaction data
Purpose: marketing communication and automation
Legal basis: consent (Art. 6(1)(a) GDPR); where applicable Art. 6(1)(f) GDPR for purely technical functions
Hosting: depending on the respective hosting environment.

11. Embedded Content (External Media)

External content is only loaded after you have consented to “External Media”. In doing so, IP addresses, technical information and cookies may be processed.

Legal basis: consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG)

11.1 Storylane (Interactive Demos)

When accessing embedded Storylane demos, connection and usage data may be processed. Transfers to third countries are possible.

11.2 Loom (Video Embeds)

When playing Loom videos, connection data and possibly cookies may be processed. Transfers to third countries are possible.

11.3 YouTube

When playing embedded YouTube videos, connection data and cookies may be processed. Transfers to third countries are possible.

11.4 Spotify & Apple Podcasts

When playing embedded audio players, connection data and possibly cookies may be processed. Transfers to third countries are possible.

12. Support (Atlassian Helpdesk)

For support and service requests, we use a helpdesk system of the Atlassian group.

Data categories: contact data, request content, attachments, metadata
Purpose: processing and documentation of support requests
Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR
Retention period: in accordance with processing requirements and internal deletion policies.

13. Website Chat (Wix AI Chat)

We use a website chat to answer general questions and to receive inquiries.

Data categories: chat content, where applicable contact data, technical metadata
Purpose: user communication
Legal basis: Art. 6(1)(b) or Art. 6(1)(f) GDPR

Chat content is not used by us for training AI models.
Chat content is stored only for as long as necessary to process the request and is subsequently deleted or anonymized.

Please do not transmit sensitive personal data via the chat.

14. join.com (Recruiting & Application Management)

We use join.com as a recruiting and application management platform. When you apply for a position via our website or via join.com, personal data is processed.

Data categories:

  • application data (e.g. name, contact details, CV, cover letter, qualifications)

  • communication data

  • technical metadata (e.g. time of application)

Purpose:
Conducting the application process, communicating with applicants, and selecting suitable candidates.

Legal basis:

  • Art. 6(1)(b) GDPR (pre-contractual measures within the application process)

  • where applicable Art. 6(1)(f) GDPR (efficient organization of the recruiting process)

Recipients:
join.com as a service provider for application management.

Retention period:
Application data is generally stored until the application process is completed.
Longer storage (e.g. talent pool) takes place only with the applicant’s consent.

Transfers to third countries may occur, provided the legal requirements are met.

15. Recipients & Service Providers

We use service providers (including Wix, Google, HubSpot, Atlassian) who process personal data only to the extent necessary and on the basis of appropriate contractual arrangements.

16. International Data Transfers

Transfers of personal data to countries outside the EU/EEA take place only if the legal requirements are met, in particular on the basis of an adequacy decision or appropriate safeguards.

17. Changes to this Privacy Policy

We update this privacy policy if our website, the tools we use or legal requirements change.

18. Automated Decision-Making / Profiling

No automated decision-making within the meaning of Art. 22 GDPR takes place.

19. Obligation to Provide Data

The provision of personal data is generally voluntary.
Without certain information (e.g. an email address), inquiries or support requests cannot be processed.

20. Language

This privacy policy is available in German and English. In case of discrepancies, the German version shall prevail.

bottom of page