Privacy Policy

1. Definitions

This privacy policy is based on the terminology of the General Data Protection Regulation (GDPR). The key terms include:

  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Data Subject: The natural person whose data is processed.
  • Processing: Any operation performed on personal data.
  • Controller: The entity that determines the purposes and means of processing.
  • Processor: An entity that processes data on behalf of the controller.

2. Controller

TINY SPACE (JSJ Tiny Life GmbH)
Waldemarstr. 7
13156 Berlin, Germany
Phone: +49 151 11304847
Email: hello@tinyspace.com
Website: www.tinyspace.com

3. Data Protection Officer

Tim Jaudszims
Waldemarstr. 7
13156 Berlin, Germany
Phone: +49 151 11304847
Email: hello@tinyspace.com

4. Cookies

Our website uses cookies. Cookies are text files stored via your browser that enable service personalization. You may disable cookies in your browser settings, though this may limit site functionality. Analytics cookies are used in pseudonymized form.

5. General Data Collection

The website automatically collects: browser types, operating systems, referrer information, access timestamps, IP addresses, and ISP data. These data are stored in server log files for security and content delivery purposes, not for personal identification.

6. SSL Encryption

The website uses SSL/HTTPS encryption to protect data security during transmission in accordance with current technical standards.

7. Newsletter

Newsletter registration requires a valid email address and double opt-in confirmation. Registration data including IP address and timestamp are stored. Data is used exclusively for newsletter distribution and will not be shared with third parties. You may unsubscribe at any time.

8. Newsletter Tracking

Newsletters contain tracking pixels for statistical evaluation of marketing campaign success. This data measures engagement but is not shared with third parties. Recipients may revoke consent via the double opt-in procedure.

9. Website Registration

Registration data is collected for internal use only. IP address, registration date, and time are stored to prevent service misuse and clarify criminal matters. Data sharing with processors occurs only for contract fulfillment purposes.

10. Contact Options

When you contact us via email or contact form, the personal data submitted is automatically stored for communication purposes. No third-party sharing occurs.

11. Data Retention and Deletion

Personal data is processed and stored only for the duration required to achieve the storage purpose or as legally mandated. Data is routinely deleted or blocked upon purpose completion.

12. Rights of Data Subjects

You have the following rights under the GDPR:

  • Right to Confirmation: Verify whether personal data is being processed.
  • Right to Access: Obtain stored personal data and processing information.
  • Right to Correction: Correct inaccurate data.
  • Right to Deletion: Request data erasure under specified circumstances.
  • Right to Restrict Processing: Limit data use.
  • Right to Data Portability: Receive data in a structured format.
  • Right to Object: Oppose processing for direct marketing or other purposes.
  • Right Against Automated Decisions: Reject solely automated decision-making.
  • Right to Withdraw Consent: Revoke any consent at any time.

13. Recruitment Data Protection

Applicant data is processed for hiring purposes. Data submitted electronically or via web forms is processed and may be stored if hired. Rejected applications are deleted after two months unless legal obligations require retention.

14. Google Analytics

The website uses Google Analytics with IP anonymization. Google Analytics cookies enable analysis of website usage, with data typically sent to Google servers in the US. You may disable cookies or install the Google Analytics opt-out browser add-on.

15. Web Fonts

Google Web Fonts are used to ensure correct cross-browser display of content. Accessing the library triggers automatic connections to the providers. Google's privacy policy governs their data practices.

16. Social Media Plugins

Social media plugins appear on the site with logos identifying them. A 2-click solution prevents unwitting data transfer to service providers until activated by users. Activated plugins may transmit IP addresses and device information.

17. Legal Basis for Processing

Processing is based on:

  • Article 6(1)(a) GDPR: User consent.
  • Article 6(1)(b) GDPR: Contract necessity.
  • Article 6(1)(c) GDPR: Legal obligations.
  • Article 6(1)(d) GDPR: Protection of vital interests.
  • Article 6(1)(f) GDPR: Legitimate company interests.

18. Storage Duration

Data retention follows applicable statutory retention periods. Upon expiration, data is routinely deleted unless contractually necessary.

19. Automated Decision-Making

The company refrains from automatic decision-making or profiling as a responsible practice.

20. Policy Amendments

The company reserves the right to update this policy to comply with current legal requirements or reflect service changes. Updated versions apply upon your next site visit.