Privacy Policy

We, the Tower Computing GmbH ("Tower" or "we"/"us"), would like to thank you for visiting our website and for your interest in our services. 

Your personal data may be processed when you visit our website and when you use our services. The protection of your data is always an important concern for us. This privacy policy explains how we process personal data and what rights you are entitled to. 

This privacy policy can be accessed and printed out at any time on our website. 

1. General information

This privacy policy informs you about how we handle your personal data when you use our website. In particular, it explains what data we collect and what we use it for. It also informs you how and for what purpose this is done.

Personal data ("data") means any information relating to an identified or identifiable person. "Processing" of data means any operation which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The legal basis for data protection can be found in particular in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation", GDPR) as well as in the German Federal Data Protection Act (BDSG) and the German Telecommunications Digital Services Data Protection Act (TDDDG).

2. Controller

The entity responsible for processing your data ("controller"), as defined under Art. 4 (7) GDPR, is:

Tower Computing GmbH

Kolonnenstraße 8

10827 Berlin

hello@tower.dev

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Please contact us at any time using these contact details if you have specific questions about your data, its processing or your rights.

3. Scope of data processing

We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. We process your data only to the extent necessary to provide a functional and user-friendly internet presence or website and to provide our content and services. Failure to provide data may result in legal consequences, such as the inability to fulfil a contract. As part of the data processing, we use third party service providers in the areas of hosting, online marketing, mailing services and customer/data management (CRM) to process data on our behalf. We have entered into appropriate data processing agreements (DPAs) with these third parties, insofar as the third parties are processors, which ensure that an adequate level of data protection is also guaranteed for our processors (Art. 28 GDPR).

4. Data security

We have implemented technical and organisational measures to ensure compliance with data protection regulations, both within our organisation and by external service providers. To safeguard security and protect the transmission of confidential information you share with us as the site operator, our website employs SSL or TLS encryption. 

5. Processing of personal data

The following overview lists all types of data processed by us, the purposes of their processing and the legal basis for their processing.

1. Visiting the website

If you visit our website without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect the following data on our web server temporarily and anonymized via server log files: 

• IP address

• Date and time of the enquiry

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (page visited)

• Access status/HTTP status code

• Amount of data transferred in each case

• Previously visited page

• Browser type 

• Operating system used

• Language and version of the browser software

• Host name of the accessing computer.

This processing is technically necessary in order to display our website to you. We also use the data for statistical analyses to ensure the operational security and stability of our website. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR. 

We also use the data to fulfil our legal obligations for reasons of data security. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. c GDPR. 

2. Use of our online offer

a. Contacting Us / Waitlist

We process the data you provide through our waitlist/contact form to contact you. This data includes:

• your email address 

• a description of your use case for our services.

This data is processed to contact you and analyse your individual needs and expectations for our services.

If you contact us via email, we store the contact details you provide, which may include your name, address, mobile phone number, email address, and any information contained in your inquiry.

When you join our waitlist, request information about our service, or contact us within the scope of an existing contractual relationship, we process the data you provide to handle and respond to your inquiry based on the legal grounds of Art. 6 para. 1 sentence 1 lit. b GDPR. If you have explicitly consented to the processing of your data for responding to your inquiry, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Otherwise, we process your data to safeguard our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR, ensuring we respond appropriately to user or contact inquiries. 

b. Registration and User Account

To become a customer of our services, you are required to register on our website. During registration, we collect your email address and a self-selected password. Optionally, you may provide additional information such as an avatar (e.g., a photo), your company name, and company address. After completing the registration, you will receive a confirmation email (“double opt-in”).

As part of the registration, login, and user account usage, we store your IP address and the timestamp of each user action. This data is stored based on our legitimate interests, as well as the interests of users, to protect against misuse and unauthorised use. As a general principle, this data will not be shared with third parties unless necessary for enforcing our claims or if there is a legal obligation to do so.

We process the following data in connection with registration, login, and use of the user account:

• Email address

• Password

• Optional data you provide: If you upload an avatar (e.g., a photo), enter a company name, and/or provide a company address, these additional data are also processed.

• Device data (device name, country code, language, operating system and version)

• Connection data (IP address, mail provider)

• Date and time of registration and confirmation.

The processing of your data during registration, login, and when you use the user account is based on our legitimate interests, for the purpose of performing and/or initiating a user contract, providing our service, managing and responding to inquiries, and ensuring security (legal basis: Art. 6 para. 1 sentence 1 lit. b GDPR for contract performance and pre-contractual inquiries; Art. 6 para. 1 sentence 1 lit. f GDPR for legitimate interests).

3. Cookies 

We use cookies on our website that are either provided by us or by third parties.

Cookies are small text files that are stored on the device you are using and saved by the browser. Cookies are used to make our website more user-friendly, effective and secure. There are different types of cookies that are used for different purposes. Some cookies ensure that our services function correctly or that you are recognised on your end device after successful registration ("necessary" cookies). By placing these necessary cookies, for example, we make it easier for you to visit our website and use the services available there. Other cookies are placed to analyse user preferences and thus improve our services ("non-essential" cookies). We use these for purposes such as tracking (e.g. interest/behavioural profiling), remarketing, visitor action evaluation, conversion measurement, reach measurement (e.g. access statistics, recognition of returning visitors), target group formation and cross-device tracking. We only set non-essential cookies with your consent. When you visit our website for the first time, a pop-up is displayed ("cookie banner") in which the individual cookies are described in more detail. There you have the option of allowing or rejecting cookies according to your preferences. You can change your settings at any time by clicking on the  Cookie Settings menu at the bottom of the website. Please note that deactivating cookies may limit the functionality of this website.

Depending on the browser settings, the following data is processed when cookies are used:

• Usage data (e.g. websites visited, interest in content, access times), 

• Meta/communication data (e.g. device information, IP addresses),

• Location data (data that indicates the location of an end user's end device).

If personal data is processed when using "necessary" cookies, this is based on Art. 6 para. 1 sentence 1 lit. f GDPR and Section 25 para. 2 TDDDG due to legitimate interests in quality assurance and a technically flawless presentation of the website. The processing of personal data when using so-called "non-essential" cookies is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG).

4. Third-party tools 

a. Google Analytics

If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This service creates pseudonymized usage profiles and uses cookies (see section "Cookies"). The information generated by the cookie about your use of this website (browser type/version, operating system used, time of server request, referrer URL (the previously visited page), hostname of the accessing computer (IP address)) is transmitted to a Google server in the USA and stored there. Google processes the data in the USA.

The data is used to evaluate website usage, compile reports on website activities, and provide other services related to website and internet usage for market research and to tailor the design of these internet pages to users' needs. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Your IP address will not be merged with other Google data. IP addresses are anonymized to prevent attribution (IP masking).

For data transfers to the USA, the following applies: Google is certified under the EU-US Data Privacy Framework (DPF) and has committed to complying with European data protection principles. Additionally, we have concluded EU Standard Contractual Clauses (SCCs) with Google pursuant to Article 46 para. 2 lit. c GDPR to ensure compliance with the EU data protection level.

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and Section 25 para. 1 TDDDG. You can revoke your consent at any time by clicking on the  Cookie Settings menu at the bottom of the website and adjusting your preferences in the cookie banner that appears.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing a browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en. 

Further information on data processing by Google can be found here and in Google's Privacy Policy.

b. Google Tag Manager 

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Tag Manager allows us to manage tags used for tracking and marketing through a single interface. It enables the quick deployment and updating of JavaScript and HTML tags on our website.

The Google Tag Manager itself does not store cookies in your browser or collect data. Its main function is to provide and manage tags that can be used for the implementation and analysis of other services, such as Google Analytics. These services may, in turn, collect data as described in this privacy policy (see under "Google Analytics").

For more information about Google Tag Manager, please refer to the link here.

For more details about data processing by Google, please refer to Google's privacy policy.

6. Storage and deletion of data

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent given for processing is revoked or other authorizations cease to apply (e.g. if the purpose for processing this data no longer applies or it is not required for the purpose). This means that we only store your personal data for as long as is necessary for the respective processing purpose and limit the storage period to the minimum required. In addition, we only store your data if we are authorised or obliged to do so in accordance with statutory retention periods (e.g. in accordance with the German Commercial Code (HGB) or German Fiscal Code (AO)). 

This privacy policy may also contain further information on the retention and deletion of data, which apply primarily to the respective processing activities. 

7. Your Rights as a Data Subject

You have the following rights: 

• the right to information,

• the right to rectification or erasure, 

• the right to restriction of processing, 

• the right to data portability,

• the right to withdraw your consent with effect for the future.

• Objection to the processing of your data (right to object, see details below).

Right to Object: You have the right to object, at any time and for reasons arising from your particular situation, to the processing of your personal data based on Art. 6 para. 1 sentence 1 lit. e or f GDPR; this also applies to profiling based on this provision as defined in Article 4 para. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

To exercise your above rights, you can send an email to hello@tower.dev. You also have the right to complain to a data protection supervisory authority about the processing of your personal data.

If you have any questions with regard to the processing of your data, feel free to contact us at any time.

8. Transfer of data / third country transfers

As a matter of principle, we only pass on your data to third parties if you have consented to this or if there is another legal basis. If we use third-party tools that process your data outside the EU/EEA, we ensure that the legal requirements of Art. 44 et seq. GDPR for such a third country transfer are complied with and your data is processed in the third country in question in accordance with the European data protection standard. With regard to data transfers to the US we rely on the so-called EU-US Data Privacy Framework (DPF), provided that the service provider is certified under the DPF. In other cases we use the so-called EU standard contractual clauses (SCC), which we conclude with the respective provider. In addition, in accordance with the requirements of the ECJ ("Schrems II"), a case-by-case risk analysis is carried out with regard to the respective third country transfer in order to ensure that your data is processed lawfully in the third country concerned and, in particular, to prevent access to your data by state authorities.

9. Data processing when accessing linked content

This privacy policy only applies to this website. However, the website may also contain external links or hyperlinks to websites of other providers. These are to be distinguished from our own content. This external content does not originate from us, nor do we have any influence over the content of third-party sites. If you are redirected to other pages via links within the website, please inform yourself there about the respective handling of your data.

10. Automated decision-making/profiling

We do not use automated decision-making or profiling (an automated analysis of your personal circumstances).

11. Status of this privacy policy and amendments to it

This privacy policy is currently valid and was last updated on November 25, 2024.

Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy.