Privacy Policy

Privacy policy

In the following you will find information on the processing of your personal data in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).

1. Basic information

This privacy policy is intended to inform you as a user of this website about the type, scope and purpose of the collection and use of personal data by the information made available on our website. We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy. As new technologies and the continuous development of this website may result in changes to this privacy policy, we recommend that you read the privacy policy again at regular intervals. If we refer to Internet pages of other providers, e.g. by means of a link, the data protection information and declarations there apply.

2. Provider/Contact person

The provider and controller responsible for the collection and processing of your personal data on this website is

The data protection officer of the controller is:

Dr. Sebastian Kraska
Marienplatz 2
80331 Munich

3. Collection, processing and use of your personal data

Within the framework of this website, there is particular focus on communication data (e.g. name, telephone number, e-mail address, postal address, IP address).

Our offer is directed exclusively at people who are 16 years of age or older.

When do we process your data?

In principle, personal data is information about a natural person that is identified or identifiable by this data (e.g. name, address, e-mail address).

Data processing on our part only takes place if there is a legal basis for this (e.g. your consent, our legitimate interests, fulfillment of legal obligations etc.).

In the following we will introduce you to the purposes for which we or one of our service providers processes your data (purpose of processing).

3.1 Data processing for the purpose of providing the website

Legal basis: overriding legitimate interest in direct marketing, as long as and to the extent that this is in compliance with data protection and competition law requirements (Art. 6 para. 1 lit. f GDPR)

3.2 Data processing for the purpose of processing customer enquiries within the framework of a contact form

Legal basis: overriding legitimate interest in the processing of customer enquiries and marketing measures to the extent that this is in accordance with data protection and competition law requirements (Art. 6 para.1 lit. f GDPR) or if you give your consent to be contacted personally by our team (Art. 6 para.1 lit. a GDPR).

3.3 Data processing for security reasons and to detect faults

Legal basis: overriding legitimate interest in the elimination of faults and to ensure data security within the scope of our legal obligation (Art. 6 Para. 1 lit. f GDPR).

3.4 Data processing for the purpose of safeguarding and defending our rights

Legal basis: Given by the legitimate interest on our part in the protection and defense of our rights (Art. 6 para. 1 lit. f GDPR).

3.5 Data processing in the context of advertising (own and third-party advertising), market research and reach measurement

Legal basis: Direct marketing takes place either because of an existing overriding legitimate interest on our part or because you have given your consent (Art. 6 para. 1 lit. a or f GDPR).

3.6 Data processing by voluntary newsletter registration

Legal basis: We are permitted to send you our newsletter, provided you have given us your prior consent (Art. 6. para. 1 lit. a GDPR). Otherwise, the recording of the registration procedure is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information can be found under item 11.

3.7 Data processing for the purposes of the application procedure

Legal basis: The processing of your personal data during the application procedure is generally necessary to establish the employment relationship (Art. 88 GDPR in conjunction with §26 BDSG-neu and Art. 6 para. 1 lit. b GDPR). It may also be permissible in order to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or on the basis of a legitimate interest (Art. 6 para. 1 lit. f GDPR). Further information can be found under item 9.


If the processing of your data is based on your prior consent, please note that you can end this processing at any time and with effect for the future by withdrawing your consent (see 3.2, 3.5, 3.6).

4. Log data

Whenever our website is called up, our system automatically records data and information on the computer system of the calling computer and transmits this to our server. The following data is recorded and stored during the ongoing communication:

Visited website
Date and time at the time of access and duration of the access
Quantity of data sent
Name of the service provider
Browser used
Operating system used
IP address used
For reasons of data security, in particular to defend against attempts to attack our web server, as already described in 3.3, we will store these access logs for a period of 7 days and then delete them. Excepted from this are data whose retention is required for evidentiary purposes due to further obligations. This data will be retained by us until a corresponding incident has been clarified and may be passed on to investigating authorities in individual cases.

5. Passing on your data

Your data will only be passed on to persons who need it to fulfil our contractual or legal obligations. In this context, we would like to inform you that we may transfer your data to companies affiliated with us to the extent that this is permissible with regard to the purposes and legal basis set out in Section 3.

In addition, your data will be forwarded to recipients outside this company if this is necessary to fulfil our contractual or legal obligations.

Any other transfer of your personal data is carried out on the basis of processing contracts in accordance with Art. 28 GDPR. Here we ensure with our contractual partner that data processing is only carried out if all data protection obligations are complied with. We entrust these external service providers with tasks such as marketing services.

Please note that we may also cooperate with partners who are not data processors and who collect personal data directly from you as a costumer without any direct transmission by us. This includes, for example, the payment service provider PayPal (Europe) S.a.r.l. et Cie, S.C.A. based in the EU (“PayPal”) as well as the respective PayPal data processors. If you choose to process payments via PayPal, you will be directed to PayPal or one of its affiliates for payment purposes. Such third party providers are not our “recipients” within the meaning of Art. 13 para 1 lit. e DSGVO. You independently collect your data based on your own decision to choose this payment process. It should be noted that your contractual relationship with PayPal is independent of your contractual relationship with us.

6. Data transfer to third countries (outside the EU/EEA)

Data will only be transferred to recipients located outside the EU/EEA if they can demonstrate an adequate level of data protection.

Please note that not all third countries can demonstrate such an adequate level of data protection (e.g. the USA). If we nevertheless intend to transfer data to such third countries, we will ensure before entering into the contractual relationship that we agree on, for example, so-called EU standard contractual clauses with this recipient. Furthermore, a data transfer would otherwise still be permissible, if we have your consent to transfer your data to a less secure third country such as the USA.

7. Storage of your data

We will only store your data to the extent and for the duration permitted by law. Accordingly, we will store data in connection with the offers made available by us on this website for the period of time for which we have a legitimate interest in storing the data or for which you allow us to store the data within the scope of your previously given voluntary consent, e.g. for receiving a newsletter. If you withdraw this consent, your data will be deleted. Excluded from the deletion are such data, no matter for what purpose, which we have to store in order to fulfil legal obligations (e.g. tax and commercial law storage periods).

8. Use of cookies and user-based online marketing

Our website uses so-called cookies for tracking our website visitors and contacts. A cookie is a small text file that is stored in your browser by software when you visit our website. This enables us to recognize you when you visit the website repeatedly. The use of cookies is basically for the user-friendly design of our website and for the analysis of log data.

We make use of two different types of cookies or analysis tools. On the one hand, there are those that are necessary for the functionality of our website and those that are not. In the following we will explain the meaning and use of these cookies in more detail:

8.1 Technically necessary cookies

This refers to cookies that are necessary for the technical feasibility of the offer made available on this website. For example, they are required to identify the installation language of the respective browser in order to display the website content in the correct language for you.

These cookies will be deleted after you have finished your visit to our site.

8.2 Technically not necessary cookies

These are cookies that we use, but which are not necessary for the technical feasibility of the online offer. We use marketing cookies as well as tracking methods under the condition that you have given us your prior consent to the use of such cookies.

The use of our tracking methods enables us to gain insights into your user behavior through analysis, so that we can provide you with an individual offer derived from your personal interests.

8.3 Evaluation of usage data and use of tracking methods

Records of your user behavior and preferences are analyzed by programs of our tracking providers, who generate statistics and reports for us from the records. By setting cookies, for example, we could recognize whether and how often you as a user have clicked on a particular advertisement.

By confirming (opt-in) the cookies in our cookie banner, you give us your consent to use your data as described above. You have the opportunity to object your consent at any time.

As far as you object to the cookies in the context of the Cookie-Banner (Objection), we will place an opt-out cookie in your browser to enforce an assignment to your objection. These cookies will only be set in the browser in which you have expressed your objection. If you use a different browser, it is necessary for you to object to its use again.

For the evaluation of usage data we use a customer relationship management tool (see HubSpot), which supports us in particular with conversion tracking services. Furthermore, we use a statistics tool (see Google Analytics). These tools will be enabled only after you have given your consent.

The following marketing tools are used by us in connection with this website:

Google Analytics: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy:

Google Analytics is used by us to gather information and analyze the general user behavior of our website visitors within the framework of the online services we provide and to report on the relevant usage statistics.

Furthermore, Google will inform you about your right to object under the following link:


HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland

Privacy policy:

We use the services of our partner HubSpot to handle part of our online marketing. This includes:

E-mail marketing (see point 11., Newsletter)
Administration customer database
Contact management (enrichment of data records in connection with the collected knowledge of the individual)
Individual analysis and reporting, e.g. on e-mail performance or web analytics regarding our customers and prospects

Both when using Google Analytics and HubSpot’s applications, the information collected by the cookies may be transferred to a server in the USA. The USA generally does not have a level of data protection comparable to the data protection law of the European Union. We will ensure that any data processing carried out with these is based on a permissible legal basis, such as the EU standard contractual clauses, which complies with the requirements of the GDPR. Both Google and HubSpot have implemented the EU standard contractual clauses in their terms of use, witch apply to us.

9. Data protection information in the application procedure

As part of the application procedure, we process your personal data in accordance with the legal requirements. The application procedure requires that you provide us with your application data in an online form provided on this website. In order to be able to provide you with this service, we require the support of an external service provider mandated by us in accordance with section 5 of this privacy policy. You will receive further information on data processing as part of the application process.

10. Social plug-ins

We use so-called social plug-ins on our website. In principle, these are deactivated when you visit our site. They are activated by clicking on the respective social plug-in. This establishes a connection with the server of the network. In this way, the network provider receives information about the fact that you have called up our web offer via your Internet browser. It is not important that you have an account with the respective network provider. Furthermore, your protocol data will be transmitted to the network provider and, in case of doubt, stored there.

The network providers’ servers may be located outside the EU/EEA. For further information on how we handle your personal data, please refer to the data protection regulations of the respective provider.

Unless you do not want your data to be transmitted to network providers, we recommend you to not use the social plug-ins.

Facebook Plug-ins Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA Facebook Ireland Limited, Hanover Reach, 5–7 Hanover Quay, Dublin 2, Irland

Privacy policy:

Instagram Plug-ins Facebook Ireland Limited, 4 Grand Canal Square, Dub-lin 2, Ireland

Privacy policy:

LinkedIn Plug-ins LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy policy:

Twitter Plug-ins Twitter International Company, One Cumberland Place, Fe-nian Street, Dublin 2, D02 AX07, Ireland

Privacy policy:

11. Newsletter

11.1 General Information

By subscribing to our newsletter, you agree to receive it and to the procedures described. We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as “newsletters”) only with a legal permission (e.g. your consent). If the contents of the newsletter are specifically described in the context of a registration for the newsletter, these are decisive for the consent. Furthermore, our newsletters contain information about our services and our company.

Double-opt-in procedure and logging: The registration to our newsletter takes place in a so-called double-opt-in procedure, i.e. you will receive an e-mail after registration in which you are asked to confirm your registration.

Newsletter registrations are logged in order to be able to prove the registration process according to the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored by the shipping service provider are also logged. Furthermore, the following of your personal data will be processed for the purpose of sending the newsletter:

E-mail address
Last name
First name
You can cancel the receipt of our newsletter at any time by withdrawing your consent. You will find a link to cancel the newsletter at the end of each newsletter.


We will send the newsletters via the mailing service provider HubSpot (see further information in 8.3). The dispatch service provider is used on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR and an processing contract in accordance with Art. 28 para. 3 p. 1 GDPR.

11.2 Measurement of newsletter success

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened, or from the server of a service provider if we use one. Within the scope of this retrieval, technical information such as information about the browser and your system as well as your IP address and the time of the retrieval are initially collected. This technical data and information on the target groups and their reading behavior based on the respective retrieval locations (which can be determined with the help of the IP address) as well as access times are used for technical improvement of the services. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked on. For technical reasons, this information can be allocated to the individual newsletter recipients, but it is neither our intention nor, if used, the intention of the service provider to observe you as a user. Rather, the evaluations serve us to recognize your reading habits and to adapt our content for you or to send different content according to your interests. Unfortunately, it is not possible to cancel the performance measurement separately; in this case, the entire newsletter subscription must be cancelled.

12. Security

Our employees and the service providers mandated by us are obliged to maintain secrecy and comply with the provisions of the applicable data protection laws.

We take all necessary technical and organizational measures in accordance with Art. 32 ff. GDPR to ensure an appropriate level of data protection and to protect your data processed by us against the following risks in particular: accidental or unlawful destruction, manipulation, loss, modification or unauthorized disclosure or access. Our security measures are constantly improved in line with technological developments.

13. Right of data subjects

As a user of our website, you are entitled to the rights under Art. 15-18, 21 GDPR within the scope of the GDPR:

Right to access:

According to Art. 15 GDPR you have the right to receive access about the processing of your data, which you can assert against us. For this purpose you can contact us by e-mail at

Right to rectification:

Likewise, you can demand that we correct any incorrect data in accordance with Art. 16 GDPR. In the event that your data is not complete, you may request that your data be completed.

Right to erasure:

Furthermore, we will delete your data at your request in accordance with Art. 17 GDPR. Unless we need this data to fulfil our legal obligations.

Right to restriction:

Within the framework of the conditions set out in Art. 18 GDPR, you have the right to obtain restriction of the processing of the data concerning you.

Right to data portability:

Provided that the requirements of Art. 20 GDPR are met, you have the right to receive your relevant personal data that you have provided us with in a structured, common and machine-readable format. Insofar as this is technically possible, you may also request that this data be transferred to a third party.

Right to withdrawal:

In accordance with Art. 7 para. 3 GDPR, you can withdraw the consent you have given us to your data processing with effect for the future. This means that we may no longer continue to process data for you.

Right of objection:

If processing of your personal data pursuant to Art. 6 Par. 1 letter f GDPR is carried out to the purposes of a legitimate interest, you have the right pursuant to Art. 21 GDPR to object to the processing of your data at any time for reasons arising from your particular situation. We will ensure that processing is discontinued unless we are obliged to continue it for reasons of compelling reasons worthy of protection. Such reasons must overridden your interests, fundamental rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint:

Finally, according to Art. 77 GDPR, you still have the right to lodge a complaint if you are of the opinion that we have not observed data protection regulations in the course of processing your data. In this case, please contact the supervisory authority responsible for your place of residence or your federal state, or the supervisory authority responsible for us. This is the Bavarian State Office for Data Protection Supervision.

Updated January 2021.