Privacy Policy

Name and Address of the Controller

INTILION GmbH
Wollmarktstraße 115c
33098 Paderborn
Germany
Tel: +49 (0) 5251 69 32 0
Fax: +49 (0)5251 693 229 9
E-mail: contact@intilion.com

General Information

The term “personal data” is defined in Article 4 No. 1 of the European General Data Protection Regulation (GDPR). According to this, it means any information relating to an identified or identifiable natural person. This includes, for example, your civil name, your address, your telephone number, or your date of birth.
Unless otherwise stated in the following sections, no personal data is generally collected, processed, or used when you use our websites.

Where we use cookies or similar technologies, Section 25 TTDSG additionally applies. Technically non-essential cookies (e.g. for statistics/marketing) are used only on the basis of your consent (see the sections “Website Analytics Services”, “Google Re/Marketing Services”, “Facebook Pixel…” and “Cookie Consent with HubSpot”).

Legal Bases for the Processing of Personal Data

Where we obtain your consent for processing operations involving personal data, Art. 6(1)(a) GDPR serves as the legal basis.
Where your personal data is processed for the performance of a contract between you and INTILION, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Where the processing of your personal data is necessary for compliance with a legal obligation to which INTILION is subject, Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by INTILION or a third party, and such interests are not overridden by the interests, fundamental rights, and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis for the processing.

Data Erasure and Storage Duration

Your personal data will be erased or blocked as soon as the purpose of storage ceases to apply. Data may also be stored where this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or erased when a storage period prescribed by the aforementioned rules expires, unless there is a need for continued storage of the data for the conclusion or performance of a contract.

Data Processing on This Website

When you visit our website, our web servers temporarily store the connection data of the requesting computer as standard. This includes:

• Browser type/version
• Operating system used
• Referrer URL (the previously visited page)
• Hostname of the accessing computer (IP address shortened by the last three digits)
• Time of the server request.
• IP address

Access is logged on the servers of our service provider HubSpot (see also the sections “Content Management System” and “Hosting”), with whom we have concluded a data processing agreement pursuant to Art. 28 GDPR.

The IP address is stored in truncated or pseudonymised form in the log files and deleted after a period of 30 days. INTILION cannot assign this data to specific persons. We use this technical access information exclusively for statistical evaluations in order to improve the attractiveness and usability of our websites and, where appropriate, to identify technical problems on our website at an early stage.
This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, server log files must be recorded.

Contact

You have the option of contacting us via our email address, our hotline, or the contact form. (Also by booking an online appointment via Microsoft Booking.) The personal data transmitted to us in this way will, of course, be used exclusively for the purpose for which you provide it to us when contacting us. Where we request information via our contact form that is not absolutely necessary for establishing contact, we have always marked such information as optional. This information serves to specify your request and to improve the handling of your enquiry. The disclosure of such information is expressly voluntary and based on your consent. Where this concerns information on communication channels (for example, email address, telephone number), you also consent to us contacting you, where appropriate, via this communication channel in order to respond to your request.
You may, of course, revoke this consent at any time with effect for the future. Please contact us for this purpose by post at the address stated above or by email at: revocation@intilion.com.

If you additionally confirm the consent provided for in the contact form, you consent, until revocation, to INTILION GmbH, Wollmarktstraße 115c, DE-33098 Paderborn, using the above-listed data for the purpose of responding to project and/or product enquiries by sending information material and/or arranging a consultation appointment. Granting consent is voluntary. You may revoke this consent at any time with effect for the future vis-à-vis INTILION GmbH at the address stated above or by email at revocation@intilion.com.

For online appointment booking, we use services of the Microsoft group (e.g. Microsoft Bookings). The data entered there (name, contact details, requested appointment, further information) is processed for the purpose of arranging appointments and establishing contact. The legal basis is Art. 6(1)(b) GDPR (pre-contractual/contractual measures). Any transfers to third countries (in particular the USA) are carried out on the basis of appropriate safeguards (e.g. EU Standard Contractual Clauses, EU-US Data Privacy Framework).

Newsletter

With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch, and statistical evaluation procedure, and your rights to object. As part of subscribing to the newsletter, you agree that your stated personal data may, until revoked, be processed by INTILION GmbH for the electronic dispatch of newsletters or other information relating to INTILION products. Consent to use your email address for sending the newsletter may be revoked at any time with effect for the future by unsubscribing from the newsletter. Revocation may be effected either via a link integrated into the newsletter or by notification via email to revocation@intilion.com, without incurring any costs other than transmission costs according to the basic tariffs.

By subscribing to our newsletter, you agree to receive it and to the procedures described.
Newsletter content: We send newsletters, emails, and other electronic notifications containing promotional information (hereinafter “Newsletter”) only with the recipients’ consent or a statutory permission. Where the contents of the newsletter are specifically described in the course of registration, they are decisive for the users’ consent. Otherwise, our newsletters contain information about our services and us.

Double opt-in and logging: Registration for our newsletter is carried out using a so-called double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary so that no one can subscribe using third-party email addresses. Newsletter subscriptions are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Changes to your data stored by the mailing service provider are likewise logged.
Subscription data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a first and last name for the purpose of personalising the newsletter salutation.
The newsletter is sent and its performance measured on the basis of the recipients’ consent pursuant to Art. 6(1)(a), Art. 7 GDPR in conjunction with Section 7(2) No. 3 UWG, or on the basis of statutory permission pursuant to Section 7(3) UWG.
The logging of the registration procedure is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is directed towards the use of a user-friendly and secure newsletter system that serves both our business interests and users’ expectations and also allows us to prove consent.
Termination/revocation – You may terminate receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to unsubscribe from the newsletter at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove that consent had previously been given. The processing of this data is limited to the purpose of possible defence against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is simultaneously confirmed.

Newsletter – Mailing Service Provider

The newsletters are sent by means of the mailing service provider “HubSpot”, a service of HubSpot Ireland Limited, HubSpot House, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland, and HubSpot Inc., 2 Canal Park, Cambridge, MA 02141, USA. HubSpot’s privacy policy can be viewed on HubSpot’s websites.

The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and a data processing agreement pursuant to Art. 28(3) sentence 1 GDPR.

HubSpot may also transfer data to the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework (Data Privacy Framework); in addition, Standard Contractual Clauses are used.

Careers Portal

You may apply via our careers portal, which we provide through the service “Personio”. You can access the careers portal at https://intilion.jobs.personio.de/. Your online application is transmitted directly to the Human Resources department via an encrypted connection and is, of course, treated confidentially. We will use your information exclusively for the purpose of processing your application and deciding on the establishment of an employment relationship and will not pass it on to third parties.
Further information on data processing in the context of the application process can be found in the privacy policy of our careers portal at Personio. If you have applied for a specific position and it has already been filled, or if we also consider you suitable or even better suited for another position, we would like to forward your application within the company. Please let us know if you do not consent to such forwarding. Your personal data will be deleted immediately after completion of the application procedure, or after a maximum of 6 months unless you have expressly given us your consent to store your data for a longer period.
Please note that emails sent unencrypted are not transmitted with access protection. We therefore ask you to use only our online applicant portal for your application.

Online Seminars

If you register for or participate in one of our online seminars, we process the following data about you:

• First and last name
• Email address
• Browser and system data
• IP address
• Language and time zone
• Chat data
• Other data entered by you yourself (e.g. name, telephone number or customer number, support enquiries, chat messages)
• Usage data from online seminars (e.g. access figures, application histories, registration for and participation in an online seminar, retrieval of certain pages, etc.)

This data is used exclusively for the purpose of processing your registration, preparing your seminar participation, and for billing purposes. Once registration has been completed, you will receive a registration confirmation by email. Where we request data in our registration form that is not required for seminar registration, we have always marked such data as “optional”. This data helps us to prepare the seminar more effectively. Your provision of this data is expressly voluntary and based on your consent. You may, of course, revoke this consent at any time with effect for the future. Please contact us for this purpose by post at the address stated above or by email at: revocation@intilion.com. You also have the option of activating our newsletter.

For processing the data for the conduct of the online seminars, we use the tool “Microsoft Teams” from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, as a processor (cf. Art. 28 GDPR).

For seminar registrations, we use forms provided via HubSpot. HubSpot processes the registration data on our behalf for the organisation and administration of the seminars.

Please note that in the context of using Microsoft Teams and HubSpot, data may also be transferred to third countries (in particular the USA). Such transfers are carried out on the basis of appropriate safeguards (e.g. EU-US Data Privacy Framework, Standard Contractual Clauses).

Website Analytics Services

Subject to your consent and on the basis of Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG, we use Google Analytics, a web analytics service provided by Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server and stored there.

Google relies, among other things, on the EU-US Data Privacy Framework and Standard Contractual Clauses of the EU Commission for data transfers to the USA.

Google will use this information on our behalf in order to evaluate users’ use of our online offering, to compile reports on activities within this online offering, and to provide us with further services associated with the use of this online offering and internet usage. Pseudonymous user profiles may be created from the processed data.
We use Google Analytics in order to display advertisements placed within Google’s and its partners’ advertising services only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of websites visited) that we transmit to Google (so-called “Remarketing” or “Google Analytics Audiences”). With the aid of Remarketing Audiences, we also wish to ensure that our advertisements correspond to users’ potential interests and do not have a disturbing effect.
We use Google Analytics only with IP anonymisation activated. This means that users’ IP addresses are truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
The data sent by us and linked to cookies, user identifiers (e.g. user ID), or advertising IDs is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
The IP address transmitted by the user’s browser is not combined with other Google data. Users may prevent the storage of cookies by adjusting their browser software settings accordingly; users may also prevent Google from collecting the data generated by the cookie and relating to their use of the online offering, as well as the processing of such data by Google, by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de
Further information on Google’s use of data, settings and options to object can be found on Google’s websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our partners’ services”), https://policies.google.com/technologies/ads (“How Google uses information for advertising purposes”), https://adssettings.google.com/authenticated (“Manage the information Google uses to show you ads”).

In addition, we also use – again only with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG – internal tracking and analysis functions of HubSpot to understand how visitors use our website (e.g. pages viewed, form usage, campaign attribution). Cookies and similar technologies are also used for this purpose.

Google Re/Marketing Services

Subject to your consent and on the basis of Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG, we use the marketing and remarketing services (collectively “Google Marketing Services”) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google relies, among other things, on the EU-US Data Privacy Framework as well as on Standard Contractual Clauses for data transfers to the USA.

(The details of use remain substantively as described in your previous version – remarketing, cookies, pseudonymous profiles, AdWords/AdSense, Google Tag Manager, opt-out options, etc.)

Within the scope of Google Marketing Services, we in particular place advertisements in the area of Google SEA (search engine advertising).

Facebook Pixel, Custom Audiences and Facebook Conversion

Within our online offering, the so-called “Facebook Pixel” of the social network Facebook is used on the basis of our legitimate interests in the analysis, optimisation, and economic operation of our online offering and for these purposes. However, this processing is carried out only after your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG).

Meta Platforms, Inc., 1 Meta Way, Menlo Park, CA 94025, (“Meta”, formerly Facebook) may transfer data to the USA. Meta participates in the EU-US Data Privacy Framework and also relies on Standard Contractual Clauses for data transfers.

(The remaining descriptive text regarding Custom Audiences, conversion measurement, options to object, etc. remains substantively as in your previous version.)

Cookies

In order to improve our web offering and make its use as optimal as possible for you, but also for advertising purposes, we use cookies. Cookies are small text files that are stored on your computer when you access our website and enable your browser to be recognised again. Cookies store information such as your language setting, the duration of your visit to our website, or the entries you make there. This avoids the need to re-enter all required data each time you use the website. Cookies also enable us to recognise your preferences and tailor our website to your areas of interest. Most browsers accept cookies automatically. If you wish to prevent cookies from being stored, you can select “do not accept cookies” in your browser settings. You can find out exactly how this works in the instructions provided by your browser manufacturer. You may delete cookies already stored on your computer at any time. Please note, however, that our web offering may be usable only to a limited extent without cookies.

First-Party Cookies

This type of cookie is set by the website visited by the user. Only this website is permitted to read information from the cookies.

Third-Party Cookies

Third-party cookies are set by organisations that are not the operator of the website visited by the user. These cookies are used, for example, by marketing companies.

Session Cookies

Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed and the session cookies are therefore deleted.

Persistent Cookies

Persistent cookies are used for repeat visits and are stored in the user’s browser for a certain period of time (usually 1 year or longer). These cookies are not deleted when the browser is closed. This type of cookie is used to reuse a user’s preferences when the user returns to the site.

Via our cookie banner (see section “Cookie Consent with HubSpot”), you can specify in detail which categories of cookies (e.g. statistics, marketing) you consent to or reject.

Cookie Consent with HubSpot

Our website uses the consent functionality of our service provider HubSpot to obtain your consent to the storage of certain cookies in your browser or to the use of certain technologies and to document this in a data protection compliant manner.

When you enter our website, a corresponding cookie is stored in your browser in which the consents you have given or the withdrawal of such consents are stored. This data is processed by HubSpot on our behalf.

The data collected is stored until you request us to delete it, delete the cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention periods remain unaffected.

The cookie consent tool is used in order to obtain and be able to prove the legally required consents for the use of cookies and similar technologies. The legal bases are Art. 6(1)(c) GDPR (legal obligation), Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG (consent), and Art. 6(1)(f) GDPR (legitimate interest in legally compliant consent management).

Social Media

So-called social bookmarks (e.g. from Facebook, Linkedin, Instagram, Twitter, and Xing) are integrated on our website. Social bookmarks are internet bookmarks with which users of such services can collect links and news items. They are merely integrated on our website as links to the relevant services. After clicking the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective providers’ privacy policies. We use the following services:
Meta Platforms Ireland Limited, 1601 S. California Ave, Palo Alto, CA 94304, USA): https://www.facebook.com/privacy/policy
XING SE, Dammtorstraße 30, 20354 Hamburg https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland: https://www.linkedin.com/legal/privacy-policy

Plugins and Tools

Within our online offering, we use content or service offerings from third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economic operation of our online offering within the meaning of Art. 6(1)(f) GDPR) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “Content”).
This always requires that the third-party providers of this content perceive the users’ IP address, as they would otherwise not be able to send the content to the users’ browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. These “pixel tags” may be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on users’ devices and may include technical information about the browser and operating system, referring websites, visit time, and other information on the use of our online offering, and may also be combined with such information from other sources.

Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

YouTube

Our website uses plugins from YouTube to integrate and display video content. The provider of the video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When a page with an integrated YouTube plugin is accessed, a connection to YouTube’s servers is established. YouTube thereby becomes aware of which of our pages you have accessed.
YouTube may directly associate your browsing behaviour with your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand.
The use of YouTube is for the purpose of presenting our online offerings in an appealing manner. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. Details on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy .

Adobe Typekit Web Fonts

Our website uses so-called web fonts from Adobe Typekit for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When you access our pages, your browser loads the required fonts directly from Adobe in order to display them correctly on your end device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. This gives Adobe knowledge that our website has been accessed via your IP address. According to Adobe, no cookies are stored when the fonts are provided.
Adobe is certified under the EU-US Privacy Shield. The Privacy Shield is an agreement between the United States of America and the European Union intended to ensure compliance with European data protection standards. Further information can be found at: https://www.adobe.com/de/privacy/eudatatransfers.html.
The use of Adobe Typekit Web Fonts is necessary in order to ensure a uniform font display on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Further information on Adobe Typekit Web Fonts can be found at: https://www.adobe.com/de/privacy/policies/typekit.html.
Adobe’s privacy policy can be found at: https://www.adobe.com/de/privacy/policy.html

Use of ajax.googleapis.com / jQuery

On this site, we use Ajax and jQuery technologies. In order to increase the loading speed of our website and thereby provide you with a better user experience, we use Google’s CDN (content delivery network) to load this library. There is a very high probability that you have already used jQuery from Google’s CDN on another site. In that case, your browser can access the copy stored in the cache and it does not need to be downloaded again. If your browser has not stored a copy in the cache, or if the file is downloaded from Google’s CDN for any other reason, data from your browser will again be transmitted to Google Inc. (“Google”). In this case, you also consent to your data being transferred to the USA. Further information can be found in Google’s privacy notices: https://www.google.de/intl/de/policies/privacy

Google AdWords and Conversion Tracking

In order to draw attention to our services, we place Google AdWords advertisements and, in this context, use Google conversion tracking for the purpose of personalised, interest-based, and location-based online advertising. The option to anonymise IP addresses is regulated via an internal setting in Google Tag Manager, which is not visible in the source code of this page. This internal setting is configured in such a way that the anonymisation of IP addresses required by the German Federal Data Protection Act is achieved.
The advertisements are displayed after search queries on websites of the Google advertising network. We have the option of combining our advertisements with certain search terms. With the help of cookies, we can place advertisements based on a user’s previous visits to our website. When an advertisement is clicked, Google places a cookie on the user’s computer. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in its privacy policy.
With the aid of this technology, Google and we as the customer receive information that a user has clicked on an advertisement and was redirected to our websites. The information thereby obtained is used exclusively for statistical evaluation for the purpose of optimising advertisements. We do not receive any information that would allow visitors to be personally identified. The statistics made available to us by Google include the total number of users who clicked on one of our advertisements and, where applicable, whether they were redirected to a page of our website marked with a conversion tag. Based on these statistics, we can understand which search terms lead to our advertisement being clicked particularly often and which advertisements lead the user to contact us via the contact form.

If you do not wish this, you can prevent the storage of the cookies required for these technologies, for example, via your browser settings. In that case, your visit will not be included in the user statistics. Google AdWords advertisements and the associated conversion tracking are used only with your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG (consent via the cookie banner).

You also have the option of selecting the types of Google advertisements via the ad settings or deactivating interest-based advertisements on Google. Alternatively, you can deactivate the use of cookies by third-party providers by accessing the Network Advertising Initiative’s opt-out assistance.
However, we and Google still receive statistical information as to how many users visited this page and when. If you also do not wish to be included in these statistics, you can prevent this by using additional programs for your browser (for example the add-on Ghostery). We use the following technology of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”): https://www.google.de/intl/de/policies/privacy

Integration of Third-Party Services and Content

Service companies work for us in connection with the operation of our website (e.g. for hosting our website, content management, etc.), to whom we pass on the data required for the performance of their tasks (e.g. name, address, etc.).
Some of these companies act for us by way of data processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection precautions at the companies commissioned by us. We therefore agree specific data security measures with these companies and review them regularly.

Content Management System

Our website and the displayed content were created using the HubSpot system.

The provider is HubSpot Ireland Limited, HubSpot House, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland, and HubSpot Inc., 2 Canal Park, Cambridge, MA 02141, USA. A data processing agreement pursuant to Art. 28 GDPR has been concluded with HubSpot.

Hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, in particular, IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.
The use of the hoster is for the purpose of fulfilling the contract vis-à-vis our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR).
Our hoster will process your data only to the extent necessary to fulfil its performance obligations and will follow our instructions with regard to this data.

We use the following hoster:
HubSpot (HubSpot Ireland Limited / HubSpot Inc.). Further information on HubSpot can be found on the provider’s websites.

In order to ensure data protection compliant processing, we have concluded a data processing agreement with our hoster.

Furthermore, we point out at this stage that third-party content (including videos from YouTube, map material from Google Maps, or graphics from other websites) may also be implemented within this online offering. A prerequisite for the use of these services is that the providers of this content (hereinafter referred to as “Third-Party Providers”) receive the users’ IP address.
The reason for this is that content cannot be sent to the respective user’s browser without the IP address and the content therefore cannot be displayed.
We have no influence on whether and to what extent the third-party providers store the IP address. Should we be informed in this respect, users will be notified.

Notice on Data Transfers to the USA

Among other things, our website incorporates tools from companies based in the USA or other third countries (e.g. HubSpot, Google, Microsoft, Meta/Facebook). If these tools are active, your personal data may be transferred to the servers of the respective companies in these countries.

For certain US companies, there is an adequacy decision of the EU Commission pursuant to Art. 45 GDPR (EU-US Data Privacy Framework Data Privacy Framework). Where a provider is certified under this framework, a level of data protection comparable to that of the EU is assumed.

Where no adequacy decision exists, we base data transfers on appropriate safeguards within the meaning of Art. 46 GDPR, in particular on Standard Contractual Clauses of the EU Commission and, where appropriate, supplementary technical and organisational measures.

Security Notice

We endeavour to take all security measures to store your personal data in such a way that it is not accessible to third parties or the public. If you wish to contact us by email, we would like to point out that the confidentiality of the information transmitted cannot be fully guaranteed via this communication channel.
We therefore recommend that you send us confidential information exclusively by post.

SSL or TLS Encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the browser’s address line changing from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

External Links

Our website may contain links to external websites to which this privacy policy does not extend.

Despite the utmost care in selecting links to other providers, we cannot assume any responsibility or liability for the content and data security of third-party websites.

Data Transfer to Third Parties

Your data will generally not be transferred to third parties unless we are legally obliged to do so, the transfer of data is necessary for the performance of the contractual relationship, or you have expressly consented in advance to the transfer of your data. External service providers and partner companies, such as the shipping company commissioned with delivery, receive your data only to the extent necessary for processing your order. In these cases, however, the scope of the data transmitted is limited to the required minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of data protection law in the same manner. Please also note the respective providers’ privacy notices. The respective service provider is responsible for the content of external services, although we review the services for compliance with legal requirements to the extent reasonable.

Your Rights

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

1. Right of Access

You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing takes place, you may request the following information from the controller:

1. the purposes for which the personal data is processed;

2. the categories of personal data being processed;

3. the recipients or categories of recipients to whom the personal data concerning you has been or will be disclosed;

4. the planned duration of storage of the personal data concerning you or, if specific information is not possible, the criteria used to determine the storage period;

5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

6. the existence of a right to lodge a complaint with a supervisory authority;

7. all available information as to the origin of the data if the personal data is not collected from the data subject;

8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to Rectification

You have the right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without undue delay.

3. Right to Restriction of Processing

Under the following conditions, you may request the restriction of the processing of personal data concerning you:

1. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;

2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of the use of the personal data instead;

3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defence of legal claims, or

4. if you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override your grounds.

Where the processing of the personal data concerning you has been restricted, such data may – apart from storage – be processed only with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to Erasure

a) Obligation to Erase

You may request the controller to erase the personal data concerning you without undue delay, and the controller shall be obliged to erase this data without undue delay where one of the following grounds applies:

1. The personal data concerning you is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

2. You withdraw your consent on which the processing was based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.

3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

4. The personal data concerning you has been unlawfully processed.

5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.

6. The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.

b) Information to Third Parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary

1. for exercising the right of freedom of expression and information;

2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

3. for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;

4. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR in so far as the right referred to under section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

5. for the establishment, exercise, or defence of legal claims.

6. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you has been disclosed, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis the controller to be informed about these recipients.

6. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, where

1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and

2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. Freedoms and rights of other persons must not be adversely affected thereby.

The right to data portability does not apply to processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

You have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on those provisions. The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims. Where the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.

8. Right to Withdraw the Data Protection Consent Declaration

You have the right to withdraw your data protection declaration of consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

1. is necessary for entering into, or performance of, a contract between you and the controller,

2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

3. is based on your explicit consent.

However, such decisions must not be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests have been taken. In the cases referred to in (1) and (3), the controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

10. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

External Data Protection Officer

If you have any questions regarding data protection, please contact our external data protection officer:

Mr Matthias Lindner
c/o intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg
mlindner@intersoft-consulting.de

Amendments to the Privacy Policy

Ongoing technological developments, changes to our services or the legal situation, as well as other reasons, may require adjustments to our privacy notices. We will announce changes on this page in good time. We therefore ask you to regularly inform yourself about the current status.

This statement is current as of December 2025.