Data Privacy

I. Responsible person & hosting

1. person responsible

The person responsible for data processing is:
thum+associates
Annette Thum

Mobile: +49 175 72 14 190

Email: annette.thum@thumassociates.com

Gleditschstrasse 46 | 10781 Berlin

The protection of your data is very important to me. Please read this privacy policy carefully.

2. SSL or TLS encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize this either by the existing s in “https://” or by the lock symbol in the browser line.

If SSL or TLS encryption is activated, the data you transmit to me cannot be read by third parties.


3. hosting

This website is hosted externally. The personal data collected on this website is stored on the servers of the following web host. This web host has access to IP addresses, contact requests, meta and communication data, contract data, contact data and website access, for example.

The web host is used for (pre-)contractual purposes vis-à-vis my interested parties and customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure and fast provision of this website by the provider (Art. 6 para. 1 lit. f GDPR). The hoster will only process your data to the extent necessary to fulfill its performance obligations.

The following web host is used:

Showit
The software for the creation, provision and operation of my website is Showit. The service provider is: Showit, Inc, 2490 S Gilbert Rd #200, Chandler, AZ 85286 USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://showit.com/. Privacy Policy: https://showit.com/privacy/.


Amazon Web Services (AWS)
Images and media are hosted using AWS. The service provider is as follows: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855, Luxembourg; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://aws.amazon.com/de/; Privacy Policy: https://aws.amazon.com/de/privacy/

Cloudflare
I use a content delivery network (CDN) service, with the help of which the content of an online offer, in particular large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed servers connected via the Internet. The service provider is as follows: Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy/



II Data processing

1. server log data

The provider of the pages automatically collects and stores information in server log files that your browser transmits to me.

These are
- Browser type and browser version
- Operating system used
- referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address

The legal basis is based on Art. 6 para. 1 lit. f GDPR. I have a legitimate interest in the technically error-free presentation and optimization of this website - for this purpose, the server log files must be recorded.

2. inquiries by e-mail or telephone

If you contact me by e-mail or telephone, your request and the associated personal data (first name, request, e-mail address) will be stored and processed by me for the purpose of processing. The legal basis is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on my legitimate interest in the effective processing of the inquiries addressed to me, Art. 6 para. 1 lit. f GDPR.

The data you send to me will remain with me until you ask me to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies. Statutory provisions (retention periods) remain unaffected.

3. cookies

I use cookies on this website. Cookies are data in text format that your browser automatically creates and that are stored on your device when you visit this site. The use of cookies serves on the one hand your comfort while surfing, on the other hand possibly analysis purposes. The data processed in this way is required for the purposes mentioned to safeguard my legitimate interest in the technically flawless provision of my services and website, Art. 6 para. 1 lit. f GDPR. In the CookieConsent tool, if available, I ask for your consent to the storage of technically unnecessary cookies. The individual cookies are listed in my cookie consent tool. The legal basis is Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time.

4. contact form

There is a contact field on my website. If you send me an inquiry there, your details (first name, surname, telephone number, email address, message) will be stored by me for the purpose of processing the inquiry and in the event of follow-up questions. The legal basis is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on my legitimate interest in the rapid processing of inquiries, Art. 6 para. 1 lit. f GDPR.

I will retain the data you provide in the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains. Mandatory statutory provisions (retention periods) remain unaffected.


6. tools/ software

Zoom
I use Zoom for communication and collaboration with my (potential) clients. Zoom is a video teleconferencing software. The provider is Zoom Video Communications, Inc, 55 Almaden Boulevard, Suite 600, San Jose, CA 95113, USA.

The legal basis results from Art. 6 para. 1 lit. b GDPR.

Further information and the applicable data protection provisions of Zoom can be found here: https://zoom.us/de-de/privacy.html

Microsoft Teams
 
I use Microsoft Teams for communication and collaboration with my (potential) clients. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 in USA.

The legal basis results from Art. 6 para. 1 lit. b GDPR.

Further information and the applicable data protection provisions of Microsoft Teams can be found here: https://www.microsoft.com/de-de/privacy/privacystatement

Scheduling tools

Calendly
The appointment scheduling software Calendly is integrated on this website. You can use it to book a free appointment. The data you actively enter is stored there and sent to me by e-mail. The provider is Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA. The legal basis results from Art. 6 para. 1 lit. b GDPR.

Further information and the applicable data protection provisions of Calendly can be found here: https://calendly.com/privacy

VII Storage period

Unless another storage period has been specified in this privacy policy, your personal data will remain with me until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless I have other legally permissible reasons for storing your personal data (e.g. commercial law deadlines); in the latter case, the deletion will take place after the reasons no longer apply.

VIII. Rights of data subjects

As a data subject, you have the following rights:

1. in accordance with Art. 15 GDPR, the right to request information about your personal data processed by me to the extent specified therein.

2. in accordance with Art. 16 GDPR, the right to demand the immediate correction of incorrect or incomplete personal data stored by me

3. in accordance with Art. 17 GDPR, the right to request the deletion of your personal data stored by me, unless further processing is necessary
- to exercise the right to freedom of expression and information
- to fulfill a legal obligation,
- for reasons of public interest or
- is necessary for the establishment, exercise or defense of legal claims.

4. in accordance with Art. 18 GDPR, the right to demand the restriction of the processing of your personal data, insofar as
- the accuracy of the data is contested by you
- the processing is unlawful, but you oppose the erasure of the data
- I no longer need the data, but you need it for the establishment, exercise or defense of legal claims; or
- you have objected to the processing pursuant to Art. 21 GDPR.
 

5. in accordance with Art. 20 GDPR, the right to receive your personal data in a structured, commonly used and machine-readable format or to request transmission to another controller

6. in accordance with Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your place of residence.

7. in accordance with Article 21 GDPR, the right to object in special cases and to direct marketing.


If data processing is carried out on the basis of Art. 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time. The respective legal basis on which processing is based can be found in this privacy policy. If you object, I will no longer process your personal data unless I can demonstrate legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR). If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing.
If you have any questions about data collection and data processing, please contact me directly.

IX. Social media

I have public profiles on social networks. If you are logged into your social media account and visit my social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media provider. In this case, this data is collected, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the social media providers can create user profiles in which your preferences and interests are stored. If you have an account with the respective social network, the personalized advertising can be displayed on all devices on which you are logged in.


1. legal basis

My social media presence is intended to ensure the widest possible visibility on the internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes carried out by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. your consent, Art. 6 para. 1 lit. a GDPR).

2. responsible persons and assertion of rights

If you visit one of my social media sites, I am jointly responsible with the operator for the data processing operations triggered during this visit. You can assert your rights both with me and with the provider of the respective social media channel.

3. storage period 

The data collected directly by me via the social media presence will be deleted by me as soon as the purpose for the storage no longer applies, you request me to delete it, revoke your consent to the storage or the purpose for the data storage no longer applies. Stored cookies remain on your end device until you delete them. Legal provisions (such as retention periods) remain unaffected. 

I have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below). 


X. Social networks specifically 

LinkedIn 

I have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. 
You can find further information and LinkedIn's applicable data protection provisions here: https://de.linkedin.com/legal/privacy-policy?trk=homepagebasic_footer-privacy-policy. 

XI. Data transfer to the USA 

I use plug-ins and tools from providers based in the USA. Personal data may be transferred to the servers of the respective companies. The USA is not a safe third country within the meaning of EU data protection law. US companies are obliged to disclose personal data to security authorities. 

I use appropriate and modern security measures to protect your data from loss, misuse and alteration. I do everything in my power to prevent a violation of your rights or a risk to your personal data. 

Please bear in mind that data transmission over the Internet is never completely secure. I cannot guarantee the security of the data entered on my website during transmission over the Internet. This is at your own risk. 

XII Status of the data protection information 
May 7, 2025