Privacy Policy
This policy applies to the online services hs-tumbler.com and not-a-tumbler.com, including all language versions and subpages.
- We set essential cookies without consent.
- Statistics and marketing cookies load only after opt-in via the cookie banner.
- You can withdraw consent at any time via Cookie Settings in the footer.
1. Data Controller
hs·tumbler GmbH
Prof.-von-Klitzing-Str. 9, 49610 Quakenbrück, Germany
Phone: +49-5431-9272580 · Email: info@hs-tumbler.com
2. Data Protection Officer
We have appointed a Data Protection Officer:
Fernando Fernandez
NUM3RUS GmbH
Carmenstr. 9, 40549 Düsseldorf, Germany
Phone: +49 211 171 8756
Email: info@num3rus.com
3. Scope
This policy describes the nature, scope, and purposes of processing personal data when using the domains hs-tumbler.com and not-a-tumbler.com.
4. Legal Basis
- Art. 6(1)(b) GDPR – Contract/Pre-contractual measures (e.g., inquiries).
- Art. 6(1)(f) GDPR – Legitimate interest (operation, security, server logs).
- Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG – Consent (statistics/marketing).
5. Cookies, Consent, Withdrawal
Our cookie banner (CMP) distinguishes between categories:
- Essential Core functions, security.
- Statistics Anonymous usage analysis (e.g., Microsoft Clarity).
- Marketing Advertising/Lead attribution (e.g., Google Ads, Zoho).
Statistics/Marketing cookies load only after your consent. You can withdraw or change this at any time via the "Cookie Settings" link in the footer.
6. Hosting and Server Logs
STRATO
Provider: STRATO AG, Otto-Ostrowski-Straße 7, 10249 Berlin ("STRATO"). When you access our pages, STRATO processes shortened IP addresses, date/time, URL, referrer, user agent, status codes in server log files.
Purpose: Delivery, stability, IT security. Legal basis: Art. 6(1)(f) GDPR. Insofar as cookie/tracking consent is concerned, additionally Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG. Withdrawal via "Cookie Settings".
Data Processing Agreement: DPA concluded with STRATO. Info: strato.de/datenschutz (German).
Retention period: Typically 7–14 days.
7. Contact Forms and Email
We use information from forms to process your inquiry. Legal basis: Art. 6(1)(b) GDPR (pre-contractual) or (f) GDPR (general inquiries). Retention: Until completion of inquiry; statutory retention obligations remain unaffected.
8. Services Used (Only with Consent)
8.1 Google Tag Manager / Google Ads
Purpose: Tag management, campaign measurement. Legal basis: Consent (Art. 6(1)(a) GDPR; § 25(1) TTDSG). Recipients: Google Ireland Limited; possibly Google LLC (USA). Third-country transfer: USA; Standard Contractual Clauses (SCC). Withdrawal: Via Cookie Settings.
Example Cookies/IDs:_gcl_au, _gcl_aw, _gcl_dc (typically 90 days).
8.2 Microsoft Clarity (Statistics/UX)
Purpose: Anonymous usage analysis (heatmaps, click paths, session replays). Legal basis: Consent. Recipients: Microsoft Ireland; possibly Microsoft Corporation (USA). Third-country transfer: USA; SCC. Withdrawal: Cookie Settings.
Typical Cookies:_clck (1 year), _clsk (1 day), CLID (1 year), ANONCHK (~10 min), MR (~7 days), MUID (~1 year), SM (Session).
8.3 Zoho SalesIQ (Chat/Lead)
Purpose: Live chat, lead tracking. Legal basis: Consent. Recipients: Zoho Corporation B.V. (NL) and affiliated companies (including USA/India). Third-country transfer: SCC. Withdrawal: Cookie Settings.
Typical Cookies:siq_*, zsiq_*, sales_*, _zld*.
8.4 Zoho CRM – Web Tracking
Purpose: Attribution of website visits to leads/contacts, evaluation of marketing channels. Legal basis: Consent. Recipients/Transfer: Zoho as above; SCC. Withdrawal: Cookie Settings.
Typical Cookies:zc_*, zsc*, zsd*, zsr*.
8.5 Zoho PageSense (A/B Testing & Analytics)
Purpose: Website optimization, A/B testing, visitor analysis. Legal basis: Consent. Recipients/Transfer: Zoho as above; SCC. Withdrawal: Cookie Settings.
Typical Cookies:zps*, zft*, zab*, ps_*.
9. Cookie/Vendor List
| Provider | Purpose | Cookie/ID (Examples) | Duration | Category |
|---|---|---|---|---|
| Google Ads / Tag | Campaign measurement, conversion tracking | _gcl_au, _gcl_aw, _gcl_dc | typically 90 days | Marketing |
| Microsoft Clarity | UX analysis (heatmaps, click paths, session replays) | _clck, _clsk, CLID, ANONCHK, MR, MUID, SM | _clck: 1 year · _clsk: 1 day · CLID: 1 year · ANONCHK: ~10 min · MR: ~7 days · MUID: ~1 year · SM: Session | Statistics |
| Zoho SalesIQ | Live chat, lead recognition/assignment | siq_*, zsiq_*, sales_*, _zld* | Session / 6–12 months | Marketing |
| Zoho CRM | Lead attribution, campaign evaluation | zc_*, zsc*, zsd*, zsr* | 90–365 days | Marketing |
| Zoho PageSense | A/B testing, website optimization, visitor analysis | zps*, zft*, zab*, ps_* | Session–12 months | Statistics |
| Zoho (General) | Global settings, geo-location, opt-out preferences | _zgeo, _zsgeo, zcglobal_* | 6–12 months | Marketing |
| Consent Management | Stores consent choices (categories/status) | cookieyes-*, cky-*, gdpr_*__donottrack | 6–12 months | Essential |
| Platform / Security | CSRF protection, session status, load balancing | csrftoken, csrfc, JSESSIONID, SERVERID | Session–12 months | Essential |
Note: Specific names/durations may vary depending on campaign and system configuration. The list applicable to your visit can be found in the automatically generated table below and in the cookie banner ("Cookie Settings").
10. Provider Information & Data Transfer
- Google Ireland Limited / Google LLC (USA) – Privacy: policies.google.com/privacy · Information on Ads/Consent Mode in Google Help. Transfer to third countries (USA) based on Standard Contractual Clauses (SCC).
- Microsoft Ireland / Microsoft Corporation (USA) – Privacy: privacy.microsoft.com. Clarity documentation: Microsoft Learn. Transfer to third countries (USA) via SCC.
- Zoho Corporation B.V. (NL), affiliated companies (including USA/India) – Privacy: zoho.com/privacy.html. DPA/SCC: zoho.com/gdpr/dpa.html. PageSense: zoho.com/pagesense/privacy.html.
11. Your Rights
- Access, rectification, erasure, restriction (Art. 15–18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR) to processing based on Art. 6(1)(f) GDPR
- Withdrawal of consent (Art. 7(3) GDPR)
- Complaint to a supervisory authority (Art. 77 GDPR)
12. Data Retention
We process personal data only as long as necessary. Statutory retention obligations remain unaffected.
13. Children
Our services are directed at business customers. We do not intentionally process data of children.
14. Changes
We update this policy when processes or legal requirements change. The current version is available here.
