Privacy Policy

TNG Technology Consulting GmbH (hereinafter referred to as TNG / We) welcomes your visit to our website and your interest in our company. We take the protection of your personal data seriously and want you to feel safe and comfortable when visiting our website.

TNG aims to minimize the use of personal data in the internet services for which we are responsible. All personal data accumulated within the framework of the internet services provided by TNG will be processed and used in accordance with the applicable regulations for the protection of personal data. Under no circumstances will TNG use your personal data for other purposes.

1. Controller

Data processing on this website is the responsibility of the controller, namely:

TNG Technology Consulting GmbH
Beta-Straße 13
85774 Unterföhring
Germany

2. Data Security

TNG Technology Consulting GmbH uses technical and organizational security measures to protect the data made available to TNG Technology Consulting GmbH from accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

Our security measures are continuously updated in line with technological developments.

3. Data Processing

Here we inform you about how we process your personal data. "Personal data" in this context includes all information relating to an identified or identifiable natural person. "Processing" means all operations or series of operations relating to personal data, such as the collection or storage of personal data.

3.1 API and Website Hosting

Requests to our websites or one of our APIs are routed to TNG hosted servers through external services such as Amazon Web Services, Inc and firewalls that might log the following data:

This data will be automatically deleted after 90 days. Exceptions to this rule will only be made in cases where there is a legitimate interest in its further storage, for example to clarify security incidents. In these cases, the data will be deleted as soon as this process is completed.

This data processing is based on our legitimate interest to make our website accessible to users, to identify any functional problems or capacity deficits of our website and to verify security in accordance with Art. 6 para. 1 lit. f DSGVO/UK GDPR.

3.2 Using our Services

The data provided by users is processed by AI services on TNG hardware (in the following called "Skainet"). These AI services include, but are not limited to, text-generation with large language models (LLMs).

The data sent to Skainet is processed only for the purpose of providing the service. In particular, the queries and documents sent by users as well as the generated answers are not logged or stored by Skainet. The data is not used to train any models and is not sent to third-party services.

This data processing is based on the consent of the user in accordance with Art. 6 para. 1 lit. a DSGVO/UK GPDR.

To provide access tokens for the Skainet services, we save the following data:

This data will be automatically deleted from the live system 30 days after expiration and 30 days later from the backups.

Moreover, for every Skainet call, we log the following data ("request metadata"):

This request-level access data will be automatically deleted after 30 days. In addition, endpoint-specific usage metrics might aggregate request metadata and model name, which will be deleted after 3 years.

This data processing is based on our legitimate interest to make our services accessible to users, to identify any functional problems or capacity deficits, and to verify security in accordance with Art. 6 para. 1 lit. f DSGVO/UK GDPR.

For all requests authenticated with tokens that have been issued as part of a contractual agreement with TNG, request metadata and requested model name will be labelled with the respective contract identifier and retained for three years.

This data processing is necessary for the performance of our contracts with clients under Art. 6 para.1 lit. b DSGVO/UK GDPR to ensure compliance with our Fair‑Use Policy (e.g., detecting excessive, automated, or otherwise non-compliant usage patterns).

4. Rights of Data Subjects

4.1 DS-GVO (EU) / Data Protection Act 2018 & UK GDPR (UK)

You have the right, in accordance with the laws applicable to you and to the extent provided therein, to access your personal data and to require us to update, rectify or erase your personal data. In addition, in accordance with applicable law, you may restrict TNG's processing of your personal data, and you have the right to data portability. Your right to access your personal data includes the right to obtain a copy of all or certain portions of your personal data in our possession, as long as the provision of such data by TNG does not adversely affect the rights and freedoms of other persons.

Right to object: you have the right to object to the processing of your personal data solely on the basis of TNG's legitimate interest. If you exercise your right to object hereto, TNG will no longer process your personal data unless there are compelling legitimate reasons for further processing or the processing is necessary to establish, exercise or defend legal claims.

If the processing is based on your consent, you can revoke this consent at any time. This revocation only affects future processing.

You also have the right to lodge a complaint with the relevant data protection authority if you believe that the processing of your personal data has violated applicable data protection laws.

4.2 Privacy Act (Australia)

You have the right of access to your data and to request rectification of your data. You also have the right to lodge a complaint if you believe that the processing of your personal data has violated applicable data protection laws. In all such cases, please contact our data protection officer (see section 5).

If you wish to lodge a complaint about our handling of your personal information, you can contact our data protection officer. We take all complaints seriously and will investigate your concerns promptly and fairly. We will respond to your complaint within a reasonable timeframe, usually within 30 days, and inform you of the steps we have taken or will take to address your concerns. We may ask you to provide additional relevant details and may discuss your complaint with our internal departments, our service providers, and others where appropriate. If you are not satisfied with our response, you have the right to lodge a complaint with your relevant data protection authority, e.g. the Office of the Australian Information Commissioner at https://www.oaic.gov.au/about-us/contact-us/ .

4.3 Privacy Act (New Zealand)

You have the right of access to your data and to request rectification of your data. In such cases, please contact our data protection officer (see section 5).

4.4 California Consumer Privacy Act

You have the right of access to your personal data and to require us to rectify or erase your personal data. You also have the right to data portability and to restrict the use of sensitive personal data. Exercising these rights, such as the erasure of your data, may result in TNG being unable to provide certain services you have requested or being unable to provide them as desired. Exercising your rights does not carry any further negative consequences for you; TNG will not discriminate against you in any way as a result of exercising your data protection rights. To exercise your rights, please contact our data protection officer (see section 5).

5. Data Protection Officer

If you have any questions regarding the processing of your personal data, you can contact our data protection officer directly, who is also available in case of requests for access, inquiries or complaints:

Data Protection Officer
Dr. Marcel Lippmann
TNG Technology Consulting GmbH
Beta-Straße 13
85774 Unterföhring
Germany

datenschutz(at)tngtech.com

We can supply our GPG key on request, should you wish to send us your request in encrypted form.

6. Version

This privacy policy was last modified on 2025-06-24. We reserve the right to amend this policy from time to time to reflect changes in our data processing practices. In the event of changes, we will post the new privacy policy on this website.