Privacy Policy

Introduction

With the following Privacy Policy, we would like to inform you about the types of your personal data ("Data") we process for which purposes and to what extent. The Privacy Policy applies to all processing of personal data we conduct, both in the context of providing our services and especially on our websites, in mobile applications, and within external online presences, such as our social media profiles (collectively referred to as "Online Offer").

The terms used are not gender-specific.

Status: 5 September 2025

Controller

INN.LAW® – Innovative Lawyers
Rechtsanwalt (Attorney at Law) Peter Poleacov
Am Kaldenberg 3A
40489 Düsseldorf
Email Address: info@inn.law
Imprint: https://www.inn.law/impressum

Overview of Processing Activities

The following overview summarizes the types of processed data and the purposes of their processing, and refers to the individuals concerned.

Types of Processed Data

  • Inventory Data

  • Payment Data

  • Contact Data

  • Content Data

  • Contract Data

  • Usage Data

  • Meta/Communication Data

  • Applicant Data

Categories of Affected Individuals

  • Customers

  • Employees

  • Prospective Clients

  • Communication Partners

  • Users

  • Applicants

  • Business and Contractual Partners

  • Clients

  • Depicted Persons

Purposes of Processing

  • Provision of Contractual Services and Customer Support

  • Contact Inquiries and Communication

  • Security Measures

  • Direct Marketing

  • Reach Measurement

  • Office and Organizational Procedures

  • Management and Response to Inquiries

  • Application Procedures

  • Content Delivery Network (CDN)

  • Feedback

  • Marketing

  • Profiles with User-related Information

  • Provision of Our Online Offer and User-friendliness

  • Information Technology Infrastructure

Relevant Legal Grounds

The following provides an overview of the legal bases of the EU Privacy Policy Regulation ("DSGVO"), on which we process personal data. Please note that in addition to the provisions of the DSGVO, national Privacy Policy requirements may apply in your or our place of residence or headquarters country. If, in individual cases, more specific legal bases are relevant, we will inform you about these in the Privacy Policy.


  • Consent (Art. 6 para. 1 sentence 1 lit. a) DSGVO) - The data subject has given their consent to the processing of personal data concerning them for a specific purpose or for several specified purposes.

  • Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) DSGVO) - Processing is necessary for the performance of a contract to which the data subject is a party or for carrying out pre-contractual measures that occur at the request of the data subject.

  • Legal obligation (Art. 6 para. 1 sentence 1 lit. c) DSGVO) - Processing is necessary to fulfill a legal obligation to which the controller is subject.

  • Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) DSGVO) - Processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.

  • Application process as pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) DSGVO) - If, in the context of the application process, special categories of personal data within the meaning of Art. 9 para. 1 DSGVO (e.g., health data such as degree of disability or ethnic origin) are requested from applicants, so that the controller or the data subject can exercise their rights arising from employment law and the law of social security and social protection, and fulfill their respective obligations, their processing occurs according to Art. 9 para. 2 lit. b. DSGVO, in the case of the protection of vital interests of the applicants or other persons according to Art. 9 para. 2 lit. c. DSGVO, or for purposes of preventive healthcare or occupational medicine, for the assessment of the employee's working capacity, for medical diagnostics, the provision or treatment in the health or social field, or the management of systems and services in the health or social field according to Art. 9 para. 2 lit. h. DSGVO. In the case of communication of special categories of data based on voluntary consent, processing occurs based on Art. 9 para. 2 lit. a. DSGVO.


In addition to the Privacy Policy regulations of the DSGVO, national regulations for Privacy Policy in Germany apply. This includes particularly the law against abuse of personal data in data processing (Federal Privacy Policy Law - BDSG). The BDSG contains especially special regulations on the right to information, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission as well as automated individual decision-making including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (Section 26 BDSG), particularly with regard to the establishment, implementation, or termination of employment relationships as well as the consent of employees. In addition, the data protection laws of the federal states may apply.

Security Measures

We take appropriate technical and organizational measures according to the legal requirements, considering the state of technology, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of the threat to the rights and freedoms of natural persons, to ensure a level of protection appropriate to the risk.


The measures particularly include securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access related to them, entry, transfer, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subjects' rights, the deletion of data, and responses to data threats. Additionally, we consider the protection of personal data already during the development or selection of hardware, software, as well as procedures in accordance with the principle of Privacy Policy by technical design and privacy-friendly default settings.


TLS encryption (https): To protect the data transmitted via our online offerings, we use TLS encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Attorney Confidentiality Obligation

As legal professionals, we are subject to the specific attorney confidentiality obligation pursuant to Section 43a BRAO. All client data is processed with the utmost confidentiality. The transfer of client data to data processors occurs only after prior commitment to confidentiality and in compliance with professional regulations.

Backup and Data Protection

To ensure availability and protection against data loss, we conduct regular data backups. Backup data is stored encrypted and deleted after a maximum of 7 years.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that the data is transmitted to other offices, companies, legally independent organizational units, or individuals, or disclosed to them. The recipients of this data can include, for example, service providers tasked with IT responsibilities or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and in particular conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.


Data transfer within the corporate group: We may transfer personal data to other companies within our corporate group or grant them access to this data. If this sharing is done for administrative purposes, it is based on our legitimate business and economic interests, or it takes place if it is necessary for fulfilling our contractual obligations or if there is consent from the affected individuals or a legal permission is in place.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing occurs as part of the use of services of third parties or the disclosure or transmission of data to other persons, entities, or companies, this will only happen in accordance with legal requirements.


Subject to express consent or contractual or legal requirements for transmission, we only process or have the data processed in third countries with a recognized level of Privacy Policy, contractual obligation through so-called standard protection clauses of the EU Commission, in the presence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).

Deletion of Data

The data processed by us will be deleted in accordance with legal regulations as soon as the permissions granted for processing are revoked or other permissions cease to apply (e.g. if the purpose of processing this data is no longer applicable or it is not necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person.


As part of our Privacy Policy, we can provide users with additional information on the deletion as well as the retention of data, which are specifically applicable to the respective processing processes.

Use of Cookies

Cookies are small text files or other storage marks that store information on end devices and read information from the end devices. For example, to save the login status in a user account, a shopping cart content in an e-shop, the accessed content, or used functions of an online offer. Cookies can further be used for different purposes, e.g., for the functionality, security, and comfort of online offers, as well as for creating analyses of visitor flows.


Cookie usage on our website: Our website only uses technically necessary cookies. We do not use marketing cookies, analytics cookies, or social media tracking. No consent is required for technically necessary cookies.


Notes on the legal basis for data protection: The legal basis on which we process users' personal data with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing your data is the declared consent. Otherwise, the data processed with the help of cookies is processed on the basis of our legitimate interests (e.g., in the economic operation of our online offer and improvement of its usability), or if this occurs as part of fulfilling our contractual obligations if the use of cookies is necessary to fulfill our contractual obligations. The purposes for which we process the cookies are explained in these Privacy Policies or as part of our consent and processing processes.


Storage duration: The following types of cookies are distinguished with regard to the storage duration:

  • Temporary cookies (also: session cookies): Temporary cookies are deleted no later than after a user has left an online offer and closed their end device (e.g., browser or mobile application).

  • Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected with the help of cookies can be used for reach measurement. If we do not provide users with explicit information on the type and storage duration of cookies (e.g., in the context of obtaining consent), users should assume that cookies are permanent and storage duration can be up to two years.


General notes on withdrawal and objection (opt-out): Users can withdraw the consents they have given at any time and also object to processing in accordance with the statutory provisions in Art. 21 DSGVO. Users can also declare their objection via their browser settings, e.g., by deactivating the use of cookies (although this may restrict the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com.

Commercial Services

We process data from our contractual and business partners, such as customers and prospects (collectively referred to as "contractual partners") within the framework of contractual and comparable legal relationships as well as related measures, and in the context of communication with the contractual partners (or pre-contractually), for example, to respond to inquiries.


We process this data to fulfill our contractual obligations. This includes, in particular, the obligations to provide the agreed services, any update obligations, and remedies in case of warranty and other performance disruptions. Furthermore, we process the data to safeguard our rights and for the purpose of the administrative tasks associated with these obligations and corporate organization. Moreover, we process the data based on our legitimate interests in proper and economic business management, as well as security measures to protect our contractual partners and our business operations from misuse, endangerment of their data, secrets, information, and rights (e.g., involvement of telecommunications, transport, and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Within the scope of applicable law, we only transfer the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners are informed about further forms of processing, e.g., for marketing purposes, within the scope of this Privacy Policy.


Which data is necessary for the aforementioned purposes is communicated to the contractual partners before or during the data collection, e.g., in online forms, through special markings (e.g., colors) or symbols (e.g., asterisks, etc.), or personally.


We delete the data after the expiration of statutory warranty and comparable obligations, i.e., generally after four years, unless the data is stored in a customer account, e.g., as long as they must be retained for archival reasons by law. The statutory retention period is ten years for records relevant under tax law as well as for commercial books, inventories, opening balances, financial statements, operational instructions necessary for understanding these documents, and other organizational documents and booking vouchers, and six years for received commercial and business letters and reproductions of sent commercial and business letters. The period begins at the end of the calendar year in which the last entry in the book was made, the inventory, opening balance, financial statement, or management report was drawn up, the commercial or business letter was received or sent, or the booking voucher was created, further the recording was made, or other documents were created.


Insofar as we use third-party providers or platforms for the provision of our services, the terms and conditions and Privacy Policies of the respective third-party providers or platforms apply in the relationship between the users and the providers.


  • Processed types of data: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, phone numbers); contract data (e.g., subject of contract, duration, customer category); usage data (e.g., visited web pages, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

  • Data subjects: Customers; prospects; business and contractual partners; clients.

  • Purposes of processing: Provision of contractual services and customer service; security measures; contact inquiries and communication; office and organizational procedures; administration and response to inquiries.

  • Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR); legal obligation (Art. 6 para. 1 S. 1 lit. c) GDPR); legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).


Further information on processing processes, procedures and services:


  • Customer account: Contractual partners can create an account within our online offer (e.g., customer or user account, briefly "customer account"). If the registration of a customer account is necessary, contractual partners are also informed about this as well as the information required for registration. The customer accounts are not public and cannot be indexed by search engines. During registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers along with the access times, to prove registration and prevent any misuse of the customer account. When customers have terminated their customer account, the data related to the customer account will be deleted, unless their retention is required for legal reasons. It is up to the customers to secure their data in the event of termination of the customer account; Legal bases: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).

  • Online courses and online training: We process the data of participants in our online courses and online training (collectively referred to as "participants") to provide them with our course and training services. The data processed in this context, the type, scope, purpose, and necessity of their processing are determined by the underlying contractual relationship. The data generally includes details of the courses and services used and, insofar as part of our service offering, participants' personal specifications and results. The processing forms also include the evaluation and assessment of our services and those of the course and training leaders; Legal bases: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).

  • Legal advice: We process the data of our clients as well as interested parties and other clients or contractual partners (collectively referred to as "clients") to provide them with our contractual or pre-contractual services, in particular consulting services. The processed data, the type, scope, purpose, and necessity of their processing are determined by the underlying contract and mandate relationship. Insofar as consent from the clients is available, it is necessary for our contract fulfillment, legally (e.g., according to the information obligations of the money laundering regulations) or for the protection of vital interests, or is carried out under consideration of the clients' protection interests on the basis of our legitimate interests in the efficient and secure execution of our activity, we disclose or transmit the data of the clients subject to professional regulations to third parties or agents, such as authorities, courts or in the field of IT, office or comparable services; Legal bases: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).

  • Offer of software and platform services: We process the data of our users, registered and any test users (collectively referred to as "users") to provide them with our contractual services and based on legitimate interests to ensure the security of our offering and to further develop it. Required data are marked as such in the context of order, booking or similar contract conclusion and include the information needed for service provision and billing as well as contact information for any correspondence; Legal bases: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).

  • Events and activities: We process the data of participants of the events, activities, and similar engagements offered or organized by us (collectively referred to as "participants" and "events"), to enable them to participate in the events and to use the services or actions associated with participation. If we process health-related data, religious, political, or other special categories of data in this context, this is done within the framework of manifestness (e.g., in thematically oriented events or serves health care, security or is done with the consent of the affected parties). Required details are marked as such in the context of order, booking, or similar contract conclusion and include the data needed for service provision and billing as well as contact information for any correspondence. To the extent that we have access to end customer, employee, or other person information, we process this in accordance with legal and contractual requirements; Legal bases: fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).

Use of Online Platforms for the Purpose of Offering and Distribution

We offer our services on online platforms operated by other service providers. In this context, in addition to our Privacy Policy, the privacy statements of the respective platforms apply. This is particularly true with regard to the execution of the payment process and the procedures used on the platforms for reach measurement and interest-based marketing.


  • Processed data types: Inventory data (e.g., names, addresses); payment data (e.g., bank details, invoices, payment history); contact data (e.g., email, phone numbers); contract data (e.g., contract subject, duration, customer category); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

  • Affected persons: Customers.

  • Purposes of processing: Provision of contractual services and customer service; marketing.

  • Legal basis: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR).

Providers and Services used in the Course of Business Activities

In the context of our business activities, we use additional services, platforms, interfaces, or plug-ins from third parties (briefly referred to as "services") in compliance with legal requirements. Their use is based on our interests in the proper, lawful, and economical operation of our business activities and our internal organization.


  • Types of Data Processed: Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Contract data (e.g., contract subject, duration, customer category).

  • Affected Persons: Customers; Interested parties; Users (e.g., website visitors, users of online services); Business and contract partners.

  • Purposes of Processing: Provision of contractual services and customer service; Office and organization procedures.

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further Information on Processing Procedures, Methods and Services:


Payment Procedure

In the context of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer the affected persons efficient and secure payment options and, in addition to banks and credit institutions, we employ other service providers for this purpose (collectively "Payment Service Providers").


The data processed by the Payment Service Providers include basic data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, amount and recipient-related information. The information is required to carry out the transactions. However, the entered data is only processed and stored by the Payment Service Providers. That is, we do not receive any account or credit card-related information, but only information with confirmation or negative feedback of the payment. In some cases, the data is transmitted by the Payment Service Providers to credit reference agencies. This transmission is intended for identity and credit checks. We refer to the terms and conditions and the Privacy Policy of the Payment Service Providers.


For payment transactions, the terms and conditions and Privacy Policy of the respective Payment Service Providers apply, which can be accessed within the respective websites or transaction applications. We also refer to these for further information and the exercise of withdrawal, information, and other rights of the affected parties.


  • Types of Data Processed: Basic data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history); Contract data (e.g., subject matter of the contract, duration, customer category); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Concerned Persons: Customers; Prospects.

  • Purposes of Processing: Provision of contractual services and customer service.

  • Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR).


Further notes on processing processes, procedures, and services:


  • PayPal: Payment services (technical connection of online payment methods) (e.g., PayPal, PayPal Plus, Braintree); Service Provider: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR); Website: https://www.paypal.com/de; Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

  • Stripe: Payment services (technical connection of online payment methods); Service Provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal Bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) GDPR); Website: https://stripe.com; Privacy Policy: https://stripe.com/de/privacy.

Provision of the Online Offer and Web Hosting

We process users' data to provide them with our online services. For this purpose, we process the user's IP address, which is necessary to transmit the content and features of our online services to the user's browser or device.


  • Processed data types: Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Content data (e.g., input in online forms).

  • Data subjects: Users (e.g., website visitors, users of online services).

  • Purposes of processing: Provision of our online offer and user-friendliness; IT infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)); Security measures; Content Delivery Network (CDN).

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further information on processing procedures, methods, and services:


  • Providing online offer on rented storage space: To provide our online offer, we use storage space, computing capacity, and software which we rent or otherwise obtain from a corresponding server provider (also known as "web host"); Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Collection of access data and log files: Access to our online offer is logged in the form of so-called "server log files". Server log files may include the address and name of the retrieved web pages and files, date and time of retrieval, transferred data volumes, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), and as a rule, IP addresses and the requesting provider. Server log files can be used for security purposes, e.g., to avoid server overload (especially in the case of abusive attacks, such as DDoS attacks) and, on the other hand, to ensure the utilization and stability of the servers; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Deletion of data: Log file information is stored for a maximum duration of 30 days and then deleted or anonymized. Data required to be retained for evidence purposes is excluded from deletion until the respective incident is finally clarified.

  • Email dispatch and hosting: The web hosting services we use also include the dispatch, receipt, and storage of emails. For these purposes, the addresses of recipients and senders and further information concerning email dispatch (e.g., the involved providers) as well as the contents of the respective emails are processed. The aforementioned data can also be processed for the purpose of SPAM detection. Please be aware that emails are generally not encrypted on the Internet. Emails are usually encrypted during transit, but (unless an end-to-end encryption method is used) not on the servers from which they are sent and received. Thus, we cannot assume responsibility for the transmission path of emails between the sender and reception on our server; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Content-Delivery-Network: We use a "Content-Delivery-Network" (CDN). A CDN is a service with which content of an online offer, especially large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed and connected servers over the Internet; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Cloudflare: Content-Delivery-Network (CDN) – a service with which content of an online offer, especially large media files such as graphics or program scripts, can be delivered faster and more securely with the help of regionally distributed and internet-connected servers; Service provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.cloudflare.com; Privacy Policy: https://www.cloudflare.com/privacypolicy; Data Processing Agreement: https://www.cloudflare.com/cloudflare-customer-dpa; Standard Contractual Clauses (Ensures data protection level for processing in third countries): https://www.cloudflare.com/cloudflare-customer-scc.

  • Framer: Web hosting; Service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

Registration, Login, and User Account

Users can create a user account. As part of the registration process, users are informed of the required mandatory information and processed for the purpose of providing the user account based on contractual obligation fulfillment. The processed data includes, in particular, the login information (username, password, and an email address).


As part of the use of our registration and login functions and the use of the user account, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorized use. This data is generally not shared with third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation to do so.


Users can be informed via email about processes relevant to their user account, such as technical changes.


  • Types of processed data: Inventory data (e.g., names, addresses); Contact data (e.g., email, telephone numbers); Content data (e.g., entries in online forms); Meta/communication data (e.g., device information, IP addresses).

  • Affected persons: Users (e.g., website visitors, users of online services).

  • Purposes of processing: Provision of contractual services and customer service; Security measures; Administration and response to inquiries; Provision of our online offering and user-friendliness.

  • Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) DSGVO); Legitimate interests (Art. 6 para. 1 S. 1 lit. f) DSGVO).


Further information on processing processes, procedures, and services:


  • Registration with real names: Due to the nature of our community, we ask users to use our offer only under their real names. That is, the use of pseudonyms is not permitted; Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) DSGVO).

  • Deletion of data after termination: If users have terminated their user account, their data with regard to the user account will be deleted, subject to a legal permission, obligation, or consent of the users; Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) DSGVO).

  • No retention obligation for data: It is the responsibility of the users to secure their data upon termination before the end of the contract. We are entitled to permanently delete all data stored by the user during the contract period; Legal bases: Fulfillment of contract and pre-contractual inquiries (Art. 6 para. 1 S. 1 lit. b) DSGVO).

  • Framer: Web hosting; Service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) DSGVO); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

Blogs and Publication Media

We use blogs or comparable means of online communication and publication (hereinafter "publication medium"). The data of the readers is processed for the purposes of the publication medium only to the extent necessary for its presentation and communication between authors and readers or for security reasons. Otherwise, we refer to the information on the processing of visitors to our publication medium within these Privacy Policy.


  • Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses).

  • Affected Persons: Users (e.g., website visitors, users of online services).

  • Purposes of Processing: Provision of contractual services and customer service; Feedback (e.g., collecting feedback via online form); Providing our online offering and user-friendliness; Security measures; Management and responding to inquiries.

  • Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further Information on Processing Processes, Procedures, and Services:


  • Comments and Contributions: When users leave comments or other contributions, their IP addresses may be stored based on our legitimate interests. This is done for our security in case someone leaves illegal content in comments and contributions (insults, forbidden political propaganda, etc.). In such cases, we may be held responsible for the comment or contribution and, therefore, have an interest in the author's identity. Furthermore, we reserve the right to process the data of users for spam detection based on our legitimate interests. On the same legal basis, we reserve the right, in the case of surveys, to store the IP addresses of users for their duration and use cookies to avoid multiple votes. The information regarding the person provided in the context of comments and contributions, any contact and website information as well as the content information will be stored by us permanently until the objection of the users; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • Framer: Webhosting; Service Provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

Contact and Inquiry Management

When contacting us (e.g., via contact form, email, phone, or social media) as well as within the scope of existing user and business relationships, the information of the requesting persons will be processed as far as necessary to answer the contact inquiries and any requested measures.


  • Processed Categories of Data: Contact data (e.g., email, phone numbers); Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta-/communication data (e.g., device information, IP addresses).

  • Affected Persons: Communication partners.

  • Purposes of processing: Contact inquiries and communication; administration and answering of inquiries; feedback (e.g., collecting feedback via online form); providing our online offering and user-friendliness.

  • Legal Basis: Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR). Deletion of Data: Contact inquiries are deleted after 3 years, unless a mandate relationship develops. For mandates, the statutory retention periods according to BRAO apply.


Further Notes on Processing Procedures, Methods, and Services:


  • Contact Form: When users contact us via our contact form, email, or other communication channels, we process the data communicated to us in this context to handle the communicated concern; Legal Basis: Contractual fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b) GDPR), Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Video Conferences, Online Meetings, Webinars, and Screen Sharing

We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conference"). When selecting conference platforms and their services, we comply with legal requirements.


Data processed by conference platforms: In the context of participating in a conference, the conference platforms process the following personal data of the participants. The extent of processing depends, on the one hand, on which data are required in connection with a specific conference (e.g., providing access data or real names) and which optional information is provided by the participants. In addition to processing for the conduct of the conference, the participants' data may also be processed by the conference platforms for security purposes or service optimization. The processed data includes personal data (first name, last name), contact information (email address, telephone number), access data (access codes or passwords), profile pictures, information about job position/function, the IP address of the internet access, information about the participants' devices, their operating system, the browser and its technical and language settings, information about the content communication processes, i.e., inputs in chats and audio and video data, as well as the usage of other available features (e.g., surveys). The content of communications is encrypted to the extent technically provided by the conference providers. If participants are registered as users with the conference platforms, additional data may be processed in accordance with the agreement with the respective conference provider.


Logging and recordings: If text inputs, participation results (e.g., from surveys), as well as video or audio recordings are logged, this will be transparently communicated to the participants in advance, and they will be asked – as far as necessary – for their consent.


Participant privacy measures: Please refer to the privacy policies of the conference platforms for details on processing your data and choose the optimal security and privacy settings within the conference platforms' settings for you. In addition, please ensure that during a video conference, data and personal protection in the background of your recording is upheld (e.g., by notifying roommates, locking doors, and using, as far as technically possible, the function to obscure the background). Links to conference rooms and access data must not be shared with unauthorized third parties.


Notes on legal grounds: If, in addition to the conference platforms, we also process the users' data and ask users for their consent to the use of conference platforms or certain functions (e.g., agreement to record conferences), the legal basis for processing is this consent. Furthermore, our processing may be necessary to fulfill our contractual obligations (e.g., in participant lists, in the case of preparing conversation results, etc.). Otherwise, users' data is processed based on our legitimate interests in efficient and secure communication with our communication partners.


  • Types of data processed: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

  • Affected persons: Communication partners; users (e.g., website visitors, users of online services); persons depicted.

  • Purposes of processing: Provision of contractual services and customer support; contact inquiries and communication; office and organizational procedures.

  • Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Additional notes on processing procedures, processes, and services:


Application Procedure

The application process requires applicants to provide us with the necessary data for their assessment and selection. The required information is derived from the job description or, in the case of online forms, from the details provided there.


In general, the required information includes personal details such as name, address, a means of contact, and evidence of the qualifications necessary for a position. Upon request, we are happy to inform you about which information is needed.


If available, applicants can submit their applications to us via an online form. The data is encrypted and transmitted to us in accordance with current technological standards. Applicants can also send us their applications via email. However, we ask you to consider that emails are generally not encrypted when sent over the internet. As a rule, emails are encrypted during transmission, but not on the servers from which they are sent and received. We cannot accept responsibility for the transmission path of the application between the sender and reception on our server.


For the purposes of applicant search, submission of applications, and selection of applicants, we may use applicant management or recruitment software and platforms and services from third-party providers, in compliance with legal requirements.


Applicants are welcome to contact us regarding the method of submitting the application or to send the application to us by post.


Processing of special categories of data: If special categories of personal data in accordance with Art. 9 para. 1 GDPR (e.g., health data such as disability status or ethnic origin) are requested from applicants during the application process, so that the responsible party or the affected person can exercise rights arising from labor law and social security and social protection law and comply with related obligations, their processing takes place according to Art. 9 para. 2 lit. b. GDPR, in the case of protection of vital interests of applicants or other persons according to Art. 9 para. 2 lit. c. GDPR or for purposes of health care or occupational medicine, for assessing the work capacity of employees, for medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector according to Art. 9 para. 2 lit. h. GDPR. In the case of a voluntary consent-based disclosure of special categories of data, their processing takes place based on Art. 9 para. 2 lit. a. GDPR.


Deletion of data: The data provided by applicants can be further processed by us in the event of a successful application for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time. Deletion takes place, subject to legitimate revocation of the applicants, at the latest after a period of six months, so that we can answer any follow-up questions related to the application and comply with our evidence obligations from the regulations on equal treatment of applicants. Invoices for any travel expense reimbursements will be archived in accordance with tax regulations.


Integration into an applicant pool: Integration into an applicant pool, if offered, takes place based on consent. Applicants are informed that their consent to be included in the talent pool is voluntary, does not affect the ongoing application process, and they can revoke their consent at any time for the future.


  • Types of processed data: Inventory data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., inputs in online forms); applicant data (e.g., personal details, postal and contact addresses, the documents related to the application and the contained information, such as cover letters, resumes, certificates, and additional information related to a specific job or voluntarily disclosed by applicants regarding their person or qualification).

  • Affected persons: Applicants.

  • Purposes of processing: Application process (establishment and any subsequent execution, as well as possible subsequent termination of the employment relationship).

  • Legal basis: Application process as a pre-contractual or contractual relationship (Art. 6 para. 1 lit. b) GDPR).

Cloud Services

We use software services accessible via the internet and executed on the servers of their providers (commonly referred to as "Cloud Services", also known as "Software as a Service") for storing and managing content (e.g. document storage and management, exchange of documents, content and information with specific recipients or publication of content and information).


In this context, personal data may be processed and stored on the providers' servers, insofar as they are part of communication transactions with us or are otherwise processed by us, as explained in this Privacy Policy. This data can notably include users' master data and contact data, data related to operations, contracts, other processes and their content. The providers of the Cloud Services also process usage data and metadata, which they use for security purposes and service optimization.


If we provide forms or other documents and content for other users or publicly accessible websites with the help of the Cloud Services, the providers may store cookies on the users' devices for the purposes of web analysis or to remember users' settings (e.g. in the case of media controls).


  • Processed Data Types: Inventory data (e.g. names, addresses); Contact data (e.g. email, telephone numbers); Content data (e.g. entries in online forms); Usage data (e.g. visited websites, interest in content, access times); Meta-/Communication data (e.g. device information, IP addresses).

  • Affected Parties: Customers; Employees (e.g. staff, applicants, former employees); Interested parties; Communication partners.

  • Purpose of Processing: Office and organizational procedures; Information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.).).

  • Legal Basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further information on processing operations, procedures, and services:


Newsletter and Electronic Notifications

We send newsletters, e-mails, and other electronic notifications (hereinafter referred to as "Newsletter") only with the consent of the recipients or a legal permission. If the contents of the newsletter are specifically described as part of the newsletter registration, they are decisive for the user's consent. Otherwise, our newsletters contain information about our services and us.


To register for our newsletters, it is generally sufficient to provide your email address and your name, for the purpose of personal address in the newsletter. However, we may ask you to provide further information if it is necessary for the purposes of the newsletter.


Double Opt-In Procedure: Subscription to our newsletter takes place through a so-called double opt-in procedure. This means, after registration, you receive an email in which you are asked to confirm your registration. This confirmation is necessary to ensure that no one can register with someone else's email address. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storing the registration and confirmation time as well as the IP address. Changes to your data stored with the email provider are also logged.


Deletion and Restriction of Processing: We may store email addresses that have been unsubscribed for up to three years based on our legitimate interests before deleting them, to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to continuously observe objections, we reserve the right to store the email address solely for this purpose in a blocklist.


The logging of the registration process is based on our legitimate interests for the purpose of proving its proper course. If we commission a service provider with sending emails, this is done on the basis of our legitimate interests in an efficient and secure mailing system.


Contents: We inform you about contractual law topics as well as about us, our services, products, promotions, and offers.


  • Types of Data Processed: Inventory data (e.g., names, addresses); Contact data (e.g., email, phone numbers); Meta/communication data (e.g., device information, IP addresses); Usage data (e.g., visited websites, interest in content, access times).

  • Affected Persons: Communication partners.

  • Purposes of Processing: Direct marketing (e.g., by email or post).

  • Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  • Possibility to Object (Opt-Out): You can cancel the reception of our newsletter at any time, i.e., revoke your consents or object to further receipt. A link to cancel the newsletter can be found at the end of each newsletter or otherwise, you can use one of the contact options provided above, preferably email.


Further Notes on Processing Processes, Procedures, and Services:


  • Measurement of Open Rates and Click Rates: The newsletters contain a so-called "web beacon", i.e., a pixel-sized file that is retrieved from our server when the newsletter is opened, or, if we use a mailing service provider, from their server. During this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, are first collected. These pieces of information are used for the technical improvement of our newsletter based on technical data or the target groups and their reading behaviors based on their retrieval locations (which can be determined using the IP address) or the access times. This analysis also includes determining whether the newsletters are opened, when they are opened, and which links are clicked. These pieces of information are assigned to individual newsletter recipients and stored in their profiles until they are deleted. The evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. The measurement of open rates and click rates, as well as the storage of measurement results in the profiles of the users and their further processing, are based on the consent of the users. A separate revocation of the success measurement is unfortunately not possible, in which case the entire newsletter subscription must be canceled, or it must be objected to. In this case, the stored profile information will be deleted; Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR).

  • Loops: Email services; Service Provider: Astrodon, Inc., Beaverton, 9450 SW Gemini Dr, USA; Legal Bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://loops.so; Privacy Policy: https://loops.so/privacy; Data Processing Agreement: https://loops.so/dpa; Basis for Third Country Transfers: EU Commission standard contractual clauses.

Promotional Communication via Email, Post, or Telephone

We process personal data for purposes of marketing communication, which may occur through various channels such as email, mail, or phone, in accordance with legal regulations.


Recipients have the right to revoke their consent at any time or to object to marketing communication at any time.


After revocation or objection, we store the data necessary to prove previous authorization for contact or mailing until three years after the end of the year of revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of potential defense against claims. On the basis of the legitimate interest to permanently respect the revocation or objection of users, we also store the data required to prevent renewed contact (e.g., depending on the communication channel, the email address, phone number, name).


  • Processed data types: Inventory data (e.g., names, addresses); Contact information (e.g., email, phone numbers).

  • Affected individuals: Communication partners.

  • Purposes of processing: Direct marketing (e.g., by email or post).

  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

Web Analysis, Monitoring and Optimization

Web analysis (also referred to as "reach measurement") serves to evaluate our online offering. This allows us to identify, for example, the extent to which our online offering is used. We can also understand which areas require optimization.


In addition to web analysis, we can also implement testing procedures to test and optimize different versions of our online offer or its components.


Among other things, the visited webpage(s) (Page URL), the websites from which visitors access our online offer (HTTP Referrer), the browser used, the computer system used, the type of device used, as well as information regarding the country, region, and city from which the access occurs, are recorded.


  • Processed data types: Usage data (e.g., visited webpages); Meta-/communication data (e.g., browser).

  • Individuals concerned: Users (e.g., website visitors, users of online services).

  • Processing purposes: Reach measurement (e.g., access statistics).

  • Security measures: See the following information about the service provider.

  • Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further information on processing procedures, methods, and services:


  • plausible.io: Reach measurement and web analytics; no use of cookies or comparable persistent online identifiers, recurring visitors are recognized with the help of a pseudonymous identifier that is deleted after one day; moreover, no personal data is stored (https://plausible.io/data-policy); no data is transferred to third parties; processing takes place on the server of plausible.io based on a Data Processing Agreement; Service Provider: Plausible Insights Oü, Västriku tn 2, 50403, Tartu, Estonia; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://plausible.io/; Privacy Policy: https://plausible.io/privacy; Data Processing Agreement: https://plausible.io/dpa.

  • Framer Analytics: Integrated web analysis functions of our website platform. Framer Analytics operates completely anonymized and GDPR-compliant without cookies or persistent identifiers. Data processing occurs exclusively on EU servers. Recorded are: page views, visitor numbers, referral sources, device types (anonymized). Unique visitors are measured with a one-day window, after which automatic anonymization occurs; service provider: Framer B.V., Rozengracht 207B, 1016 LZ Amsterdam, Netherlands; legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.framer.com; Privacy Policy: https://www.framer.com/legal/privacy-statement; Data Processing Agreement: https://www.framer.com/legal/data-processing-addendum.

  • Ahrefs Webmaster Tools: SEO and website analysis tool for monitoring website performance in search engines. Recorded are: search engine rankings, backlinks, technical SEO data, crawling information. Personal data is only processed when actively using the tool, not during normal website visits; Service Provider: Ahrefs Pte Ltd., 16 Raffles Quay, #33-03 Hong Leong Building, Singapore 048581; Legal bases: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://ahrefs.com; Privacy Policy: https://ahrefs.com/privacy; Basis for third-country transfers: Standard contractual clauses of the EU Commission.

Presences on Social Networks (Social Media)

We maintain online presences within social networks and process user data in this context to communicate with active users there or to provide information about us.


We point out that in this context, user data can be processed outside the European Union. This may pose risks for users because, for example, it might make the enforcement of users' rights more difficult.


Furthermore, user data is generally processed for market research and advertising purposes within social networks. For example, user profiles can be created based on usage behavior and resulting user interests. These usage profiles can, in turn, be used to display advertisements within and outside the networks that presumably correspond to users' interests. For these purposes, cookies are typically stored on users' computers, in which usage behavior and user interests are stored. Furthermore, data can also be stored in usage profiles independently of the devices used by users (especially if the users are members of the respective platforms and are logged in).


For a detailed presentation of the respective forms of processing and the possibilities for objection (Opt-Out), we refer to the Privacy Policies and information of the operators of the respective networks.


Even in the case of information requests and the assertion of data subject rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to the users' data and can directly take appropriate measures and provide information. Should you need further assistance, you can contact us.


  • Types of data processed: Contact data (e.g. email, phone numbers); content data (e.g. entries in online forms); usage data (e.g. visited websites, interest in content, access times); meta/communication data (e.g. device information, IP addresses).

  • Concerned persons: Users (e.g. website visitors, users of online services).

  • Purposes of processing: Contact requests and communication; feedback (e.g. collecting feedback via online form); marketing.

  • Legal bases: Legitimate interests (Art. 6 para. 1 S. 1 lit. f) GDPR).


Further information on processing processes, procedures and services:


Plugins and Embedded Functions as well as Content

We integrate functional and content elements into our online offer that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (hereinafter uniformly referred to as "content").


The integration always requires that the third-party providers of such content process the IP address of the users, as they could not send the content to their browser without the IP address. The IP address is thus necessary for the presentation of this content or functions. We strive to use only such content whose respective providers use the IP address solely for delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user's device and may contain technical information about the browser and the operating system, referring websites, visit time, and additional information about the use of our online offer as well as be connected with such information from other sources.


  • Types of processed data: Usage data (e.g., visited websites, interest in content, access times); meta/communication data (e.g., device information, IP addresses).

  • Data subjects: Users (e.g., website visitors, users of online services).

  • Purposes of processing: Provision of our online offer and user-friendliness.

  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further information on processing activities, procedures, and services:


  • Integration of third-party software, scripts, or frameworks (e.g., jQuery): We integrate software into our online offer that we retrieve from servers of other providers (e.g., function libraries that we use for the presentation or user-friendliness of our online offer). In doing so, the respective providers collect the users' IP addresses and may process them for the purpose of transmitting the software to the users' browser and for purposes of security, as well as for evaluating and optimizing their offer. Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).

  • YouTube videos: Video content; YouTube videos are embedded via a special domain (recognizable by the component "youtube-nocookie") in the so-called "Enhanced Privacy Mode," whereby no cookies are collected on user activities to personalize video playback. However, information about user interaction with the video (e.g., remembering the last playback position) may be stored; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy.

Management, Organization and Auxiliary Tools

We use services, platforms, and software from other providers (hereinafter referred to as "third-party providers") for the purposes of organization, management, planning, and providing our services. When selecting third-party providers and their services, we comply with legal requirements.


In this context, personal data may be processed and stored on the servers of the third-party providers. Various data may be affected, which we process according to this Privacy Policy. This data may include, in particular, users' master data and contact data, data regarding transactions, contracts, other processes, and their contents.


If users are referred to the third-party providers or their software or platforms in the context of communication, business, or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization, or marketing purposes. We therefore ask you to take note of the privacy statements of the respective third-party providers.


  • Types of data processed: Content data (e.g., entries in online forms); Usage data (e.g., visited websites, interest in content, access times); Meta/communication data (e.g., device information, IP addresses); Contract data (e.g., subject matter of contract, duration, customer category); Contact data (e.g., email, phone numbers); Inventory data (e.g., names, addresses); Payment data (e.g., bank details, invoices, payment history).

  • Affected persons: Communication partners; Users (e.g., website visitors, online service users); Business and contract partners; Customers.

  • Purposes of processing: Provision of contractual services and customer support; Office and organizational procedures.

  • Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).


Further information on processing processes, procedures, and services:


  • Lexoffice: Online software for invoicing, accounting, banking, and tax submission with voucher storage; Service provider: Haufe Service Center GmbH, Munzinger Straße 9, 79111 Freiburg, Germany; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.lexoffice.de; Privacy Policy: https://www.lexoffice.de/datenschutz; Data Processing Agreement: https://www.lexoffice.de/auftragsverarbeitung.

  • DocuSign: Digital signatures and signing procedures for documents; Service provider: DocuSign, Inc., 221 Main Street Suite 1000 San Francisco, CA 94105, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://www.docusign.com/; Privacy Policy: https://www.docusign.com/company/privacy-policy; Additional information: Processing as a data processor and controller is based on approved binding internal data protection regulations, which ensure a level of data protection complying with the requirements of the GDPR (English: "Binding Corporate Rules", Art. 47 GDPR): https://www.docusign.com/trust/privacy/binding-corporate-rules.

  • Cal.com: Online appointment scheduling and management; Service provider: Cal.com, Inc., 2261 Market St Ste 4382, San Francisco, CA 94114, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://cal.com/de; Privacy Policy: https://cal.com/de/privacy; Data Processing Agreement: https://cal.com/privacy#data-processing-agreement; Basis for third-country transfers: EU Commission's Standard Contractual Clauses.

  • Linear: Project management tool for planning, organizing, and tracking workflows, tasks, and projects; Service provider: Linear Orbit, Inc., 2261 Market Street #4990, San Francisco, CA 94114, USA; Legal grounds: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://linear.app; Privacy Policy: https://linear.app/privacy; Data Processing Agreement: https://linear.app/dpa; Basis for third-country transfers: EU Commission's Standard Contractual Clauses.

Updating and Revising the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We adapt the Privacy Policy as soon as changes to the data processing we carry out make this necessary. We inform you as soon as the changes require an act of participation on your part (e.g., consent) or any other individual notification.


Insofar as we provide addresses and contact information of companies and organizations in these Privacy Policy, please note that the addresses may change over time and we ask that you verify the information before making contact.

Rights of the Data Subjects

As a data subject under the GDPR, you are entitled to various rights, which arise specifically from Art. 15 to 21 GDPR:


  • Right to Object: You have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you, which is based on Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct marketing.

  • Right to Withdraw Consent: You have the right to withdraw consents granted at any time.

  • Right of Access: You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with legal requirements.

  • Right to Rectification: You have the right, in accordance with the legal requirements, to request the completion of the data concerning you or the rectification of inaccurate data concerning you.

  • Right to Deletion and Restriction of Processing: You have the right, in accordance with the legal requirements, to request that data concerning you be deleted immediately, or alternatively, in accordance with the legal requirements, to request the restriction of the processing of the data.

  • Right to Data Portability: You have the right to receive data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with legal requirements, or to request its transmission to another controller.

  • Complaint to Supervisory Authority: In accordance with the legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a privacy supervisory authority, in particular a supervisory authority in the Member State of your habitual residence, the authority of your workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the GDPR.


Supervisory Authority Responsible for Us:


Data Protection and Freedom of Information Commissioner of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, Germany

Definitions of Terms

In this section, you will find an overview of the terms used in these Privacy Policy notices. Many of the terms are derived from the law and are primarily defined in Art. 4 GDPR. The legal definitions are binding. The following explanations are primarily intended to aid understanding. The terms are sorted alphabetically.


  • Content Delivery Network (CDN): A "Content Delivery Network" (CDN) is a service that helps deliver the content of an online offer, particularly large media files such as graphics or program scripts, faster and more securely using regionally distributed servers connected via the Internet.

  • Personal Data: "Personal data" are all information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., cookie), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

  • Profiles with user-related information: The processing of "profiles with user-related information", or "profiles" for short, includes any type of automated processing of personal data that involves using these personal data to analyze, evaluate, or predict certain personal aspects related to a natural person (depending on the type of profiling, this may include various information regarding demographics, behavior, and interests, such as interaction with websites and their contents, etc.). Cookies and web beacons are often used for profiling purposes.

  • Reach Measurement: Reach measurement (also known as Web Analytics) is used to evaluate the visitor flows of an online offer and may include the behavior or interests of visitors in certain information, such as website content. With the help of reach analysis, website owners can, for example, identify when visitors access their website and what content they are interested in. This allows them to better tailor the website's content to their visitors' needs. Pseudonymous cookies and web beacons are often used for the purposes of reach analysis to recognize returning visitors and obtain more precise analyses of the use of an online offering.

  • Controller: The term "Controller" refers to the natural or legal person, authority, institution, or other entity that, alone or jointly with others, decides on the purposes and means of processing personal data.

  • Processing: "Processing" is any operation performed on personal data, whether or not by automated means. The term is broad and practically includes any handling of data, be it collecting, evaluating, storing, transmitting, or deleting.

Logo von INN.LAW – Kanzlei für internationales Wirtschaftsrecht

info@inn.law

+49 211 545 703 30

Düsseldorf

Legal advice

International Business Law

Corporate Law

Compliance

Contract Management

Academy

Current Webinars

In-house training

Insights

About Us

Team

References

Contact

Information

Terms and Conditions of Events

Legal Notice

Privacy Policy

© 2025 INN.LAW® – Innovative Lawyers