Data protection

Protecting personal data - whether it belongs to our customers, partners, or colleagues - is not just a legal obligation, it's part of how we do business responsibly.

As an employee of Thomann.io, you handle personal data as part of your daily work. Personal data is any information that can be linked to an individual - this includes obvious things like names, email addresses, phone numbers, or home addresses, but also order histories, payment details, IP addresses, or even a photo. The GDPR sets the framework for how we collect, process, and store this data, and we take it seriously.

What this means in practice:

• Only access personal data that is relevant to your work. Don't look up data out of curiosity.
• Don't share personal data with people who don't have a legitimate need for it - inside or outside the company.
• Store and transfer data only through approved tools and channels (e.g., Google Workspace, Bitwarden). Avoid unsecured storage like personal email accounts or private cloud services.
• If you're building or working on a product that involves personal data, apply the principle of data minimization: only collect what you actually need.
• If you become aware of a (potential) data breach or security incident, report it to your manager and one of the below listed contacts immediately. Time matters in these situations.

Your contacts:

If you have questions about data protection in your day-to-day work - for example, whether you're allowed to share a customer's data with a third-party tool, how long you may store certain data, or what to do when a customer requests deletion of their data etc. - please reach out to privacy@thomann.io.

Our Data Protection Officer (DPO) is responsible for overseeing compliance with data protection law and can also be contacted at any time:

Thomann GmbH
Hans-Thomann-Straße 1
96138 Burgebrach, Deutschland
privacy@thomann.de

We are all responsible for maintaining the trust our customers and colleagues place in us.