1. Data protection, controller and data privacy officer

We would like to inform you about how we collect personal data when you use our website. Personal data is any data which relates to you personally, such as your name, address, e-mail addresses, and user behavior.

The controller responsible for processing your personal data through this website is

TroNa GmbH, Oranienburger Str. 50, 10117 Berlin

Geschäftsführer: Friedrich Tromm, Stefan Nagel +49 30 220 56 56 10

You can contact our data privacy officer using the email address or our postal address, with the addition of ‘The Data Privacy Officer’.

  1. Cookies

To make our website easier to use, we use functional cookies, in which we e.g. store your language settings. Using functional cookies represents a legitimate interest on our part. The legal basis of this is also Art. 6, Par. 1 lit. f GDPR.

Cookies are small text files which are copied onto your hard drive and deleted again automatically according to the settings in your browser or after a defined period. Cookies cannot execute any programs or place viruses on your computer. They serve to make the website more user-friendly and effective as a whole.

You can set your browser at any time to permit or exclude the use of cookies, or to ask for your confirmation before using them, and to delete them automatically after the end of each session. If you do not authorize cookies, it may be that not all the features of this website will work properly.

Information on tracking cookies can be found in Section 5 below.

  1. Personal details

(1) If you use our website for information only, without registering or otherwise providing us with information, then we will only collect the personal data which your browser sends to our server. If you wish to view our website, we will collect the following information, which is technically necessary to display our website to you and to ensure it remains stable and secure (the legal basis is Art. 6 Par. 1 cl. 1 lit. f GDPR):

  • IP address
  • Date and time of enquiry
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of request (actual page)
  • Access status / HTTP status code
  • Quantity of data transmitted
  • Website from which the request was sent
  • Browser
  • Operating system and its interface
  • Language and version of browser software.

Logfile information is kept for a maximum of seven days for security reasons (such as the investigation of misuse and fraudulent activities), then it is deleted. Any data which needs to be kept for evidence purposes will not be deleted until the particular case has been resolved fully. The legal basis is Art. 6 Par. 1, lit. f GDPR.

(2) Personal data is only collected by us if and to the extent that you provide it to us on your own account, such as when making contact or submitting an application. We will handle this data confidentially and only use it for the original purpose for which it was sent, which is usually for processing and handling your enquiry. Your data is not usually given to third parties, unless we are obliged or legally allowed to, or if you have given us your consent, or if we have been ordered to do so by the authorities. If your enquiry relates to one of our group companies, then we will of course forward it to that company. If you contact us by e-mail, then your e-mail will be stored in our mail system. We may store your enquiry and the data associated with it in our CRM system. The e-mails themselves are not stored with their content encrypted. Our contact form is transport-encrypted using SSL/TLS, which you can recognize by the ‘https’ before the URL. Our mail server also uses conventional transport encryption protocols. The legal basis of this is Art. 6 Par. 1 lit. b GDPR.

  1. Data protection in the application process

(1) In the event of an application, we process the data you provide us with voluntarily for the purpose of performing and handling the application process. The only people to receive the data are those involved in the application process in the human resources department, who may forward your application to other group companies if you have applied to them or if we believe that your application may be of interest to one of our group companies. The legal basis of this is Art. 6 Par. 1 lit. b GDPR.

(2) If we turn down your application, then we will not store your data for more than six months after the end of the application process. This storage period relates to the assertion of claims under the AGG (German Equal Treatment Act) and our associated legitimate interest in defending ourselves against such claims. The legal basis of this is Art. 6 Par. 1 lit. f GDPR.

(3) If you give your consent to be included in our applicant pool, then we can agree on a different period with you. You may revoke this consent at any time with future effect. The legal basis for that is Art. 6 Par. 1 lit. a GDPR.

  1. Google Analytics / tracking cookies

(1) This website uses Google Analytics, a Web analysis service provided by Google Inc. (“Google”). Google Analytics uses cookies – text files stored on your computer to facilitate the analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP-anonymity is activated on this website, then your IP address will first be truncated by Google inside the member states of the European Union and in other states that are signatories to the European Economic Area treaty. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, and truncated there. Google uses this information on behalf of the website operator in order to evaluate your use of the website so that it can draw up reports on website activities, and in order to provide the website operator with other services associated with the use of the website and access to the Internet.

(2) Google will not connect the IP address sent to them by your browser as part of Google Analytics with other Google data.

(3) You can prevent the saving of cookies via the corresponding setting in your browser software. However, if you do so, please note that this may mean that you cannot use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie about your use of the website (including your IP address), and from processing that data, by downloading and installing the browser plugin available at the following link: Alternatively you can block the collection of your data for specific devices using the following link. By doing this, an ‘opt-out cookie’ is set which prevents your data from being collected from then onwards. Deactivating Google Analytics

(4) This website uses Google Analytics with the extension ‘_anonymizeIp()’. This means that IP addresses are handled in truncated form, so they cannot be associated with any particular people. So, if the data collected about you can be related to you as a person, this is immediately excluded and the personal data is therefore deleted immediately.

(5) We use Google Analytics to analyze the use of our website and regularly improve it. The statistics we acquire help us to improve our website and make it more interesting for you as a user. To cover the exceptional circumstances in which personal data is sent to the USA, Google has submitted itself to the EU-US Privacy Shield, The legal basis for using Google Analytics is Art. 6 Par. 1 cl. 1 lit. f GDPR.

(6) Information about third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.

(7) Users’ personal data is deleted or anonymized after 14 months.

  1. Vimeo videos

(1) This website incorporates embedded videos that are stored on the platform of the provider Vimeo, Inc., 555 West 18th Street, New York, New York 10011, and which can be played directly from our website.

(2) Our website is configured in such a way that your browser first sets up a link with Vimeo’s servers, and sends your IP address to them when you click on the video. If you are logged into Vimeo, then this information can be linked to your user account. You can prevent this from happening by logging out of Vimeo before playing the video.

With regard to the way Vimeo uses your data in conjunction with embedded videos, please refer to Vimeo’s data privacy statement, which is available at

Vimeo can use Google Analytics; please refer to this data privacy statement ( and how to opt out of Google-Analytics (

(3) We embed Vimeo videos to make our website more attractive to you and to make the way our website operates more economical. The legal basis for that is Art. 6 Par. 1 cl. 1 lit. f GDPR.

  1. Facebook page

We run the Facebook page that we can communicate and connect with Facebook users. Facebook collects data on how users interact with this page and processes this data outside the EU. To compensate for any detrimental effects this could have, Facebook maintains Privacy Shield certification (, which commits it to observe EU data protection standards. Facebook routinely uses the personal data generated by the use of our Facebook page for the purposes of advertising, analytics, and market research, for example in order to develop a profile of your interests and habits so that it can display ads tailored specifically to you. Facebook can also directly associate your activities on our Facebook page with your Facebook account (if you have one). In addition, Facebook provides us with a variety of aggregate data, from which it is generally not possible to infer information about individual users. We use the insights from this data to make our service more relevant for you. The lawful basis for processing is our legitimate interest (as per GDPR article 6(1)(f)) in communicating with our users in a precisely targeted, effective way.

  1. Your rights

(1)You have the right to find out whether we are processing your personal data at any time, according to Art. 15 GDPR. If we are, then we have other additional information duties as a result.

(2)You also have the right to have your data corrected pursuant to Art. 16 GDPR, deleted according to Art. 17 GDPR and for its processing to be limited pursuant to Art. 18 GDPR, provided no other legal regulations say otherwise.

(3)Of course, you can at any time revoke your consent to have your data processed according to Art. 6 Par. 1 lit. a or Art. 9, Par. 2 lit. a GDPR without providing reasons. This does not affect the legality of processing done up to that point.

(4)You also have the right to data portability according to Art. 20 GDPR.

(5)You also have, pursuant to Art. 21 GDPR, the right to object to the processing of your data, in particular processing on the basis of Art. 6 Par. 1 lit. e or f GDPR. Should you wish to exercise that right, please tell us the reason why you do not want us to keep processing your personal data the way we are. If your objection is justified, we will assess the case and either stop processing your data, amend the way we do it, or inform you of the compelling reasons we have for continuing to process it, these reasons being deemed worthy of protection.

(6)You also have the right to complain to the responsible regulatory authorities, which can be found here (