Tupa24 Shop SOS Insurance Claim
Sign in
Forgot password? Sign in with Google Register

Privacy Policy

Datenschutz

Privacy Policy

pursuant to Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR)

Version: 04.04.2026

1. Controller

TupaService GmbH
Brunnenstraße 19/1, DE-76327 Pfinztal
Telephone: +49 (0) 721 33 56 363
E-mail: team@tupa24.de
Managing Director: Alexander Trott

2. Data Protection Officer

TupaService GmbH is not required to appoint a data protection officer under § 38 BDSG, as the legal requirements (in particular regular employment of at least 20 persons constantly involved in automated processing of personal data) are not met. If you have questions about data protection, please contact: TupaService GmbH, Brunnenstraße 19/1, DE-76327 Pfinztal, E-mail: team@tupa24.de.

3. Joint Controllership with XPoint24 GmbH

Where inquiries regarding insurance or mortgage financing are submitted via this website, these inquiries are processed by XPoint24 GmbH (Brunnenstraße 19/1, DE-76327 Pfinztal). For the processing of personal data collected in this context, TupaService GmbH and XPoint24 GmbH have entered into an agreement on joint controllership pursuant to Art. 26 GDPR. Essential content of this agreement:

TupaService GmbH is responsible for collecting data via the website and forwarding it to XPoint24 GmbH. XPoint24 GmbH is responsible for substantive handling of insurance and mortgage financing inquiries as well as further data processing within the scope of intermediation activities. Both companies are jointly responsible for ensuring data subject rights. Contact point for data subjects: team@tupa24.de or info@xpoint24.de.

4. Purposes and Legal Bases of Data Processing

4.1 Provision of the Website

Each time our website is accessed, our web server automatically collects access data (server log files). This includes: IP address, date and time of access, page/file accessed, amount of data transferred, message of successful retrieval, browser type and version, operating system, referrer URL. Processing is based on Art. 6 para. 1 lit. f GDPR (legitimate interest in ensuring uninterrupted operation of the website and IT security).

4.2 Online Shop (Orders and Payment Processing)

If you order products via our online shop (checklists, documents, concepts, service subscriptions), we process the following data: name, e-mail address, billing address, payment data (the latter is processed directly by Stripe), order history. Processing is based on Art. 6 para. 1 lit. b GDPR (performance of a contract) and Art. 6 para. 1 lit. c GDPR (compliance with legal retention obligations under HGB and AO).

4.3 Payment Processing via Stripe

Payment processing is carried out via Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe processes your payment data (credit card number, SEPA direct debit data) as an independent controller. Stripe's privacy policy applies: https://stripe.com/de/privacy. Transmission of payment data to Stripe is based on Art. 6 para. 1 lit. b GDPR (performance of a contract).

4.4 Insurance and Mortgage Financing Inquiries

If you submit an inquiry regarding insurance or mortgage financing via this website, your details (name, contact data, details regarding insurance/financing needs) are forwarded to XPoint24 GmbH. Processing is based on Art. 6 para. 1 lit. b GDPR (pre-contractual measures) and the agreement under Art. 26 GDPR (see section 3).

4.5 Contact (Contact Form, E-mail, Telephone)

If you contact us via contact form, e-mail, or telephone, the data you provide (name, e-mail address, telephone number, content of the message) is processed to handle your inquiry. The legal basis is Art. 6 para. 1 lit. b GDPR (pre-contractual measures or performance of a contract) or Art. 6 para. 1 lit. f GDPR (legitimate interest in responding to inquiries).

4.6 Newsletter

If you subscribe to our newsletter, we process your e-mail address and, if applicable, your name based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time, for example via the unsubscribe link in every newsletter. The lawfulness of data processing carried out before revocation remains unaffected.

4.7 WhatsApp Communication

We offer the option to contact us via WhatsApp (MetaPlatformsIreland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). If you contact us via WhatsApp, your phone number and message content are processed. WhatsApp, as an independent controller, processes additional metadata. The legal basis for our processing is Art. 6 para. 1 lit. a GDPR (consent through your active contact) or Art. 6 para. 1 lit. b GDPR (pre-contractual measures). Please note: using WhatsApp may involve data transfer to the USA. Meta bases this transfer on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR.

4.8 Telegram

We operate a Telegram channel and/or Telegram bot. If you use it, your Telegram user data (username, messages) is processed. Telegram (Telegram FZ-LLC, Dubai, UAE), as an independent controller, processes additional data. The legal basis for our processing is Art. 6 para. 1 lit. a GDPR (consent by joining the channel) or Art. 6 para. 1 lit. f GDPR (legitimate interest in community communication).

4.9 Hosting

This website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes personal data on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR. Data processing takes place exclusively on servers in Germany. No transfer of personal data to third countries occurs within the scope of hosting.

5. Cookies

Our website uses cookies. Technically necessary cookies are set based on Art. 6 para. 1 lit. f GDPR. For all other cookies (analytics, marketing), we obtain your prior consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG).

6. Recipients of Data

Your personal data is disclosed to the following recipients or categories of recipients: Stripe Payments Europe, Ltd., Dublin, Ireland (payment processing); XPoint24 GmbH, Pfinztal (insurance and mortgage financing inquiries, joint controllership under Art. 26 GDPR); Hetzner Online GmbH, Gunzenhausen, Germany (hosting); tax advisors and accountants (compliance with legal retention obligations under HGB and AO); authorities (where legally required, e.g., tax authorities, supervisory authorities).

7. Data Transfer to Third Countries

A transfer of personal data to third countries (states outside the EEA) takes place to: MetaPlatforms (WhatsApp, USA/Ireland) - based on standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR; Telegram FZ-LLC (UAE) - in the absence of an adequacy decision, use is based on your consent. Website hosting is carried out exclusively in Germany (Hetzner Online GmbH); in this respect, no third-country transfer takes place.

8. Storage Period

We store your personal data only for as long as necessary to achieve the processing purpose or as long as statutory retention periods apply. In particular: order data and invoices - 10 years (§ 147 AO, § 257 HGB); business correspondence - 6 years (§ 257 HGB); contact inquiries - until final processing, then deletion unless statutory retention obligations prevent this; newsletter data - until consent is withdrawn; server log files - maximum 30 days.

9. Your Rights as a Data Subject

You have the following rights regarding your personal data processed by us:

Right of access (Art. 15 GDPR) - you may request information about the personal data we process.

Right to rectification (Art. 16 GDPR) - you may request correction of inaccurate data or completion of incomplete data.

Right to erasure (Art. 17 GDPR) - you may request deletion of your personal data unless statutory retention obligations or an overriding legitimate interest prevent this.

Right to restriction of processing (Art. 18 GDPR).

Right to data portability (Art. 20 GDPR).

Right to object (Art. 21 GDPR) - you have the right, on grounds relating to your particular situation, to object at any time to processing of your personal data based on Art. 6 para. 1 lit. f GDPR.

Right to withdraw consent granted (Art. 7 para. 3 GDPR) - you have the right to withdraw any consent once given at any time. The lawfulness of processing carried out on the basis of consent before withdrawal remains unaffected.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) - you have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is: Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Tel.: +49 711 6155 41-0, E-Mail: poststelle@lfdi.bwl.de.

10. Obligation to Provide Personal Data

The provision of personal data is neither legally nor contractually required. You are not obliged to provide personal data. However, without providing certain data (in particular name, e-mail address, payment data), we cannot provide our contractual services.

11. Automated Decision-Making / Profiling

Automated decision-making including profiling pursuant to Art. 22 GDPR does not take place.

12. Language Versions

This privacy policy is provided in German, Russian, and English. In the event of discrepancies between language versions, the German version shall prevail.