Privacy Notice

Version 11.05.2021

Thank you for visiting our website and for your interest in our company and our offers. We collect, use and store your personal data exclusively within the framework of the provisions of the GDPR. In the following, we inform you about the type, scope and purpose of data collection and use.

Table of contents

  1. Person responsible for the processing of your personal data
  2. Collection and storage of personal data as well as type and purpose of processing
  3. Disclosure and transmission of personal data
  4. Data subject rights
  5. Data deletion and storage period
  6. Cookies
  7. Data security
  8. Our data protection officer
  9. Up-to-dateness and modification of this privacy policy

1. Person responsible for the processing of your personal data
The responsible party in the sense of the GDPR is:
Borsteler Chaussee 47
22453 Hamburg 
Tel.: 040 / 50 79 64 - 0
Managing Director: Dr. Annette Horváth 

2. Collection and storage of personal data as well as type and purpose of processing

a) When visiting our website – Server log files
Every access to our website and every retrieval of a file stored on this website is logged. The following data is collected without your intervention and stored until automated deletion after 30 days:

  • IP address of the requesting computer, as well as device ID or individual device identifier and device type,
  • name of the retrieved file and amount of data transferred, as well as date and time of retrieval,
  • message about successful retrieval,
  • requesting domain,
  • description of the type of Internet browser used and, if applicable, the operating system of your terminal device, as well as the name of your access provider, 

Our legitimate interest pursuant to Art. 6 (1) (f) GDPR to collect the data is based on the following purposes:

  • Ensuring a smooth connection setup and a comfortable use of the website,
  • evaluation of system security and stability 
  • for further administrative and statistical purposes. 

The use of server log files is part of the technical and organizational measures pursuant to Art. 32 GDPR to protect the security of data processing by our website. In this respect, the provision of this data by the user is to be regarded as obligatory in the sense of Art. 13 (2) (e) GDPR.

When using this general data and information, we do not draw any conclusions about your person. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use. A transfer of your data may become necessary if the responsible party is lawfully requested to hand over your data by a state or authority pursuant to Art. 6 (1) (c) GDPR. The data will not be used for the purposes of automated decision-making or profiling within the meaning of Art. 22 GDPR.

Further personal data will only be collected if you provide additional voluntary information when using the website, as described below.

b) When contacting us via the e-mail addresses provided
If you contact us by e-mail, this will result in the processing of your personal data as part of the response. This is your e-mail address and the data you disclose within the inquiry. Data processing in the context of this e-mail contact is carried out pursuant to Art. 6 (1) (f) GDPR based on our legitimate interest in a satisfactory exchange with interested parties, potential customers and business partners. The data will be deleted as soon as the purpose of processing ceases to apply. If you wish to object to the answering of your inquiry or any other feedback by e-mail, you may do so pursuant to Art. 21 GDPR by informing us by e-mail, mail, or telephone.

This personal data will not be passed on to third parties. There is no legal or contractual obligation on your part to use this contact option. The use is voluntary. The data will not be used for the purposes of automated decision-making or profiling within the meaning of Art. 22 GDPR.

3. Disclosure and transmission of personal data
We do not transfer your data to third parties for purposes other than those listed below. We only pass on your data to third parties if:

  • you have given your express consent to do so (Art. 6 (1) (a) GDPR), or.
  • this is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR), or
  • there is a legal obligation to disclose data (Art. 6 (1) (c) GDPR), or
  • the disclosure serves to protect the vital interests of a natural person (Art. 6 (1) (d) GDPR), or
  • the disclosure serves the legitimate interest in asserting, exercising or defending legal claims of the controller and there is no reason to assume that you have an overriding interest worthy of protection in not having your data disclosed (Art. 6 (1) (f) GDPR) and the scope of the data disclosed is thereby limited to the minimum necessary.

3.1 External hosting Netlify
This website is hosted (hoster) by the external service provider Netlify (, which is based in the USA and also operates its servers there. The hoster processes your IP address and stores the log files (see section 2a) ). The log files are stored for no longer than 30 days. The data processing is automated and is necessary for the provision and security of the web offer and for its improvement. Further information can be found in the privacy policy of Netlify (, as well as in the GDPR guidelines of Netlify (

The hoster is used for the purpose of providing an up-to-date and secure website as an information offer for customers and partners and thus processes on the basis of Art. 6 (1) (f) GDPR. Our hoster will only process your data insofar as this is necessary for the fulfilment of its service obligations and follow our instructions with regard to this data. Since this is therefore commissioned processing, we have concluded a corresponding data processing agreement with the hoster pursuant to Art. 28 (3) GDPR. The contract also contains the standard contractual clauses, which ensure an appropriate level of data protection during processing, including in the hoster's country of domicile. The data transfer to the USA associated with the data processing thus takes place in accordance with Art. 46 (2) (c) GDPR.

4. Data subject rights

a) Right to revoke your consent (Art. 7 (3) GDPR): You have the right to revoke your consent given once in accordance with Art. 6 (1) (a) GDPR at any time. This has the consequence that we no longer continue the data processing based on this consent for the future. To do so, you can use the contact details listed in this privacy notice (e-mail, telephone, mail). The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. By revoking, the data concerned will be deleted immediately and will no longer be processed in any way.

b) Right to information (Art. 15 GDPR): Upon request, we will inform you whether and which personal data relating to you are stored, in particular about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing and objection, the existence of a right of complaint, the origin of your data if this has not been collected by us, and the existence of automated decision-making, including profiling.

c) Right to rectification (Art. 16 GDPR): You also have the right to have any incorrectly processed personal data corrected or incompletely collected data completed.

d) Right to erasure (right to be forgotten) (Art. 17 GDPR): In addition, you have the so-called "right to be forgotten", i.e. you can demand that we erase your personal data, provided that the legal requirements for this are met. Irrespective of this, your personal data will be automatically deleted by us if the purpose of the data collection has ceased to exist or the data processing has been carried out unlawfully.

e) Right to restriction of processing (Art. 18 ): Furthermore, you have the right to demand that we restrict the processing of your data, provided that the legal requirements for this exist (Art. 18 GDPR).

f) Right to data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer to another controller.

g) Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data at any time, provided that the processing is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This applies in particular to processing for direct marketing purposes. For this purpose, you can use the contact details listed in this privacy policy (e-mail, telephone, mail). In the event of an effective objection, your personal data will also be automatically deleted by us.

h) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): If you feel that your rights have been violated by our data processing, you have the right to lodge a complaint with the supervisory authority responsible for the data controller in accordance with Art. 77 GDPR. The contact details of the competent supervisory authority are:

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str 22, 7th floor
20459 Hamburg
Telephone: 040 428 54 - 4040
Fax: 040 428 54 - 4000

5. Data deletion and storage period
The deletion, blocking or restriction of the processing of stored personal data takes place when the user of the website revokes the consent given for storage, when knowledge of the personal data is no longer required for the fulfilment of the purpose pursued with the storage and the deletion is not opposed by any legal retention periods (e.g. retention periods under commercial or tax law) or when their storage is inadmissible for other legal reasons. Data for billing and accounting purposes are not affected by a request for deletion. 

6. Cookies
This website does not use cookies and therefore does not require a cookie banner. Cookies are small text files that are automatically created by your browser and stored on your terminal device when you visit a website that uses cookies.  

7. Data security
We take all necessary technical and organizational security measures to store your personal data in such a way that they are not accessible to third parties or the public. In addition to maintaining confidentiality, the measures used ensure the integrity and availability of the data. If you wish to contact us by e-mail, we would like to point out that the confidentiality of the information transmitted cannot be fully guaranteed when using this method of communication. We therefore recommend that you send us confidential information exclusively by post.

8. Our data protection officer
We have appointed a data protection officer. The contact details are:

Data Screen Consult Gesellschaft für Unternehmensberatung mbH
Mr. Arnd Harnischmacher
Kaiser-Friedrich-Promenade 111a
61348 Bad Homburg v.d.H.

9. Changes to this privacy notice
This privacy notice is currently valid and has the status of May 2021. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this privacy notice. The current privacy notice can be accessed and printed out at any time at: