Privacy Policy (GDPR)
Last updated: 01.07.2026
1. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the EU Member States, as well as other data protection regulations, is:
TL NIKA GmbH
Cecina Str. 76
82205 Gilching
Germany
Tel.: +49 8105 7300043
E-mail: info@tlnika.de
Website: www.tlnika.de
2. Name and Address of the Data Protection Officer
Due to the size of the company, the appointment of a Data Protection Officer is not required.
3. General Information on Data Processing
3.1 Scope of Personal Data Processing
We process personal data of our users only to the extent necessary to provide a functional website as well as our content and services.
3.2 Legal Basis for Processing Personal Data
Where we obtain consent from the data subject for processing personal data, Article 6(1)(a) GDPR serves as the legal basis. When processing personal data necessary for the performance of a contract to which the data subject is party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary for pre-contractual measures. Where processing is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis. If processing is necessary to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis. Where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis.
3.3 Data Deletion and Storage Duration
Personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage may also occur where required by European or national legislation to which the controller is subject. Data will also be erased or blocked once a legally prescribed storage period expires, unless further storage is required for contract conclusion or performance.
4. Provision of the Website and Creation of Log Files
4.1 Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is temporarily collected:
(1) Information about browser type and version
(2) The user’s operating system
(3) The user’s IP address
(4) Date and time of access
(5) Websites from which the user’s system accesses our website
This data is stored in log files. IP addresses or other data enabling identification of the user are not affected in the sense of being linked with other personal data. No storage of this data together with other personal data takes place.
4.2 Legal Basis for Data Processing
The legal basis for temporary storage of data and log files is Article 6(1)(f) GDPR.
4.3 Purpose of Data Processing
Temporary storage of the IP address is necessary to enable delivery of the website to the user’s device. Storage in log files ensures the functionality of the website, helps optimize the website, and ensures the security of our IT systems. No evaluation of the data for marketing purposes takes place.
4.4 Storage Duration
Data is deleted as soon as it is no longer necessary for the purpose for which it was collected. For website provision, this occurs at the end of the session. Log files are deleted after a maximum of 14 days. Longer storage is possible; in this case, IP addresses are deleted or anonymized.
4.5 Right to Object and Removal
The collection of data for website provision and storage in log files is essential for website operation. Therefore, there is no possibility for objection.
5. Use of Cookies
5.1 Description and Scope of Data Processing
Our website uses the following cookies: “cookie_notice_accepted” and “pll_language.” The first cookie tracks whether the user has accepted the cookie notice; the second cookie stores the user’s language selection.
5.2 Legal Basis
The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.
5.3 Purpose
The purpose of using technically necessary cookies is to simplify website usage. Some functions cannot be provided without cookies. The browser must be recognized after a page change. No profiling is carried out.
5.4 Storage Duration and Control
Cookies are stored on the user’s device and transmitted to our website. Users have full control over cookies and can disable or restrict them in their browser settings. Stored cookies can be deleted at any time. Disabling cookies may limit website functionality.
6. Rights of the Data Subject
If personal data is processed, you are a data subject under the GDPR and have the following rights:
6.1 Right of Access
You have the right to request confirmation whether personal data concerning you is being processed.
If so, you have the right to information about:
(1) processing purposes
(2) categories of data
(3) recipients
(4) storage duration
(5) rights of rectification, deletion, restriction, and objection
(6) right to lodge a complaint
(7) source of data (if not collected directly)
(8) existence of automated decision-making
You may also request information about transfer to third countries and appropriate safeguards under Article 46 GDPR.
6.2 Right to Rectification
You have the right to request correction or completion of inaccurate or incomplete data without delay.
6.3. Right to Restriction of Processing
Under the following conditions, you may request the restriction of the processing of your personal data:
(1) if you contest the accuracy of the personal data concerning you, for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse the erasure of the personal data and instead request the restriction of the use of the personal data;
(3) the controller no longer needs the personal data for the purposes of processing, but you require the data for the establishment, exercise, or defence of legal claims; or
(4) if you have objected to the processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.
Where the processing of your personal data has been restricted, such data may, with the exception of storage, only be processed with your consent or for the establishment, exercise, or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been applied based on the above-mentioned conditions, you will be informed by the controller before the restriction of processing is lifted.
6.4. Right to Erasure
a. Obligation to delete
You may request from the controller that personal data concerning you be erased without undue delay, and the controller is obliged to erase such data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for the processing.
(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you have been unlawfully processed.
(5) The erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b. Notification to third parties
Where the controller has made personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase such data, the controller, taking into account available technology and implementation costs, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copies or replications of, those personal data.
c. Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89(1) GDPR, insofar as the right referred to in section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defense of legal claims.
6.5 Right to Notification
If you have exercised rights to rectification, erasure, or restriction, we will inform recipients unless impossible or disproportionate.
6.6 Right to Data Portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, provided that:
(1) the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
6.7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR;
the controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
Where personal data concerning you are processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
6.8. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 77 GDPR.

