This privacy policy applies to the online presences mentioned under No. 1 (scope of application) and describes what personal data we collect, on what basis we process it and what rights you have. It does not apply to the twinwin platform available at app.twin.win.
Please note: This translation of the German original is provided for your convenience. Despite taking care to ensure correctness, only the German version prevails in case of discrepancies.
Last updated: March 2026
Responsible for this website is
Twinwin GmbH
c/o Bauermeister
Boddinstr. 24a
12053 Berlin
websites:
www.twin.win
LinkedIn:
linkedin.com/company/twinwin-org (see No. 11)
Email (data protection):
datenschutz@twin.win
We are not subject to the legal obligation to appoint a data protection officer in accordance with Article 37 GDPR in conjunction with Section 38 BDSG. For data protection questions, our data protection coordinator is available at the above e-mail address.
Right of objection (Art. 21 GDPR): Insofar as we process your data on the basis of legitimate interests, you can object to this processing at any time. We will stop processing unless compelling legitimate reasons prevail.
Furthermore, you have the following rights:
To exercise those rights, please contact datenschutz@twin.win.
The data protection supervisory authority responsible for us is:
Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstraße 219
10969 Berlin
Our website is operated by Webflow, Inc. (San Francisco, USA) hosted. Technical connection data is automatically processed with each call (typically IP address, browser and device information, time of access, referrer URL). This data is used for secure operation and error analysis and is deleted after 30 days at the latest.
Webflow does not set any cookies itself. Technical infrastructure components that Webflow uses as part of hosting (e.g. CDN services to deliver script libraries) are part of the Webflow subprocessor chain and are covered by the order processing agreement concluded with Webflow (Art. 28 GDPR).
Legal basis: Art. 6 para. 1 lit. f DSGVO (legitimate interest in a stable and secure website).
Non-essential services are only loaded with your express consent. We use Cookiebot from Cybot A/S (Copenhagen, Denmark) to manage and prove your consent. Cookiebot stores your consent status in a cookie for 12 months; an anonymized IP address and a browser signature are collected.
Legal basis: Art. 6 para. 1 lit. c GDPR in conjunction with Section 25 TDDDG (legal obligation to provide documented consent).
You can withdraw or adjust your consent at any time using the cookie icon on the side of the page.
We include fonts from Google Fonts (Google Ireland Limited, Dublin, Ireland). Technical connection data (see No. 3) is visible to Google servers.
Legal basis: Art. 6 para. 1 lit. f DSGVO (legitimate interest in uniform presentation).
Weitere Informationen: policies.google.com/privacy
With your consent, we use the following services from Google Ireland Limited (Dublin, Ireland):
Legal basis: Art. 6 para. 1 lit. a GDPR (consent, revocable via cookie settings).
Opt-out analytics: tools.google.com/dlpage/gaoptout
We use HubSpot Ireland Limited (Dublin, Ireland) for form processing, live chat, and communication. Form inputs are saved in HubSpot CRM. The following processing takes place without separate consent:
Processing of form entries and chat messages to process inquiries and bookings (Art. 6 para. 1 lit. b or f DSGVO). Newsletters are sent on the basis of consent via double opt-in and until they are withdrawn (Art. 6 para. 1 lit. a GDPR).
With your consent, HubSpot Analytics and the HubSpot Ads Pixel are also active (Art. 6 para. 1 lit. a GDPR).
After your consent, we use LinkedIn Ireland Unlimited Company's Insight Tag (Dublin, Ireland) for conversion tracking and retargeting. LinkedIn and we are jointly responsible for the data generated by visiting the site within the meaning of Art. 26 GDPR; the subsequent processing for our own LinkedIn purposes is LinkedIn's sole responsibility.
Legal basis: Art. 6 para. 1 lit. a GDPR (consent).
Opt-out: linkedin.com/psettings/guest-controls/retargeting opt-out
On form pages, we use Cloudflare Turnstile (Cloudflare, Inc., San Francisco, USA) to protect against automated misuse attempts. Technical browser features and the IP address are processed in the process.
Legal basis: Art. 6 para. 1 lit. f GDPR (legitimate interest in the security of our services).
Webinar registrations: To carry out and invoice live online training, we collect name, business email address, telephone number and number of employees. The data is stored for the duration of legal retention periods.
Contact requests: Messages via our contact form are used to process the respective request and are then deleted, provided that there are no legal storage requirements.
Legal basis: Art. 6 para. 1 lit. b DSGVO when initiating or fulfilling a contract, otherwise Art. 6 para. 1 lit. f GDPR.
We run a company page on LinkedIn. LinkedIn and we are jointly responsible for the resulting page insights data (Art. 26 GDPR). Data subject rights can be asserted against both parties.
Details: linkedin.com/legal/l/dpa
We use the following service providers to provide our services. All service providers are contractually bound in accordance with Art. 28 GDPR or process data on the basis of suitable guarantees.
Individual service providers (Webflow, Google, HubSpot, Cloudflare) are based in the USA or are part of corporations based in the USA. Personal data is transferred on the basis of the EU Commission's adequacy decision in accordance with Article 45 GDPR (EU-U.S. Data Privacy Framework) or on the basis of EU standard contractual clauses in accordance with Article 46 (2) lit. c GDPR.
We will adjust this privacy policy as necessary, in particular if our processing activities or the legal situation changes. The latest version is always available on our website.