Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.
Controller within the meaning of data protection law
60314 Frankfurt am Main
+49 69 264929777
Data Protection Officer
Hopp + Flaig PartG mbB
Data Protection Officer
Neue Weinsteige 69/71
This website is hosted by an external service provider (hosting provider). This website is hosted in Frankfurt / Main, Germany. Personal data collected on this website is stored on the hosting provider’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.
We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status
- Web browser used and operating system used
- (Full) IP address of the requesting computer
- Transmitted amount of data
We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file serves the evaluation of system security and stability as well as administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data on an ad hoc basis and only in the event of a security incident for a period exceeding 30 days.
It is not possible for us to draw conclusions about individual persons on the basis of this data. In addition, the data may be processed in anonymous form for statistical purposes.
This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Our website uses so-called “cookies”. Cookies are information memories that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings).
Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
You can set your browser to
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Please note that if you disable cookies, the functionality of our website may be limited.
On our website Social Media is solely embedded as a link to the respective service (i.e., Facebook, Twitter, LinkedIn, Xing, and YouTube). After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.
Contact form and contact by email
If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
Emergency request form
If you contact us via our form for emergency requests, your details from the contact form, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
Quote request form
If you contact us via form or email to request an offer, your details from the form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
We offer our business customers free information for download. For this purpose, we collect your e-mail address for sending the download. Further details such as name, telephone number and company we may use to provide you with further information on the requested downloads. If you consent to the further use of your data, e.g. for sending you our newsletter, the double opt-in procedure will be applied.
The legal basis for this is our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR and, if applicable, your consent in accordance with Art. 6 Para. 1 lit. a) GDPR.
If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). Your personal data ordinarily is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission regulation. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.
Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.
To enable you to request consent on our website for the processing of your end device information and personal data using cookies or other tracking technologies, we use our consent tool “consentmanager”.
With the help of consentmanager, you have the possibility to provide your consent or to refuse the processing of your end device information and personal data by means of cookies or other tracking technologies for the purposes listed in the consentmanager. Such processing purposes may include the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualized product recommendations and individualized advertising.
You can use consentmanager to give or refuse your consent for all processing purposes or give or refuse your consent for specific purposes or individual third-party providers. The settings you have made can also be changed by you at a later point in time.
The purpose of integrating consentmanager is to allow users of our website to decide whether to set cookies and similar functionalities and to offer the option of changing settings already made in the course of further use of our website. In the course of using consentmanager, personal data as well as information of the end devices used will be processed by us. When processing, your data is also sent to consentmanager (consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden). The information about the settings you have made is also stored in your terminal device.
As technically necessary, we use the following cookies as far as the consentmanager is concerned: cmpcccu / cmpcccu / cmpconsent / cmpconsent – details can be found here: https://help.consentmanager.de/books/cmp/page/cookies-set-by-the-cmp
After twelve months the user settings have been made, consent is queried again. The user settings made will then be stored again for this period, unless you yourself delete the information about your user settings in the user device capacities provided for this purpose beforehand.
You may object to the processing insofar as the processing is based on Art. 6 para 1 lit. f) DSGVO.
We use the web analysis tool “Matomo” to design our websites according to your requirements. Matomo creates usage profiles based on pseudonyms. To do this, permanent cookies are stored on your device and are read by us.
As part of the application of our Matomo Tag Manager, we use the MATOMO_SESSID cookie, which is technically necessary for us.
The MATOMO_SESSID only runs during the session and will be deleted after the session ends. In this way we are able to recognize and count recurring visitors.
See also: https://cookiedatabase.org/cookie/matomo/matomo_sessid/
The data processing is carried out according to § 25 Abs. 1 TTDSG and Art. 6 para 1 lit. a DSGVO being based on your consent via our cookie banner. You can revoke your consent at any point in time. If you want to do so, please make the appropriate settings using our cookie banner.
Salesforce Sales Cloud
We use Salesforce Sales Cloud to manage customer data. Provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München (hereinafter ‘Salesforce’).
Salesforce Sales Cloud is a CRM system that allows us to manage existing and potential customers as well as customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer related processes.
Details of the Salesforce Sales Cloud features can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/
As part of our use of Salesforce Sales Cloud we rely on cookies which help us collect and analyze the information listed above. You can find more information here: https://help.salesforce.com/s/articleView?id=sf.pardot_basics_cookies.htm&type=5
We store our customer data on Salesforce servers in Frankfurt (more information Salesforce instances in the EU). Since the end of 2022 Salesforce provides EU customers with enhanced protection.
The use of the Sales Force Sales Cloud requires the consent of our website visitors, which we obtain via the cookie banner we use. This consent is given in accordance with Art. 6 para 1 lit. a DSGVO (consent). It provides the legal basis for the collection and processing of personal data such as that which may occur in the use of Sales Force Sales Cloud. The consent can be revoked at any time.
In addition to the consent, there is a legitimate interest on our part to manage our customers, to organize communication processes and to analyze our customer-related processes. The legal basis for this is Article 6 para 1 lit. f DSGVO (Legitimate Interests).
Personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.
Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding company internal rules that legitimize intra-company data transfers outside the EU and the EEA.
Details are available here:. https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html
For further details see the Salesforce privacy statement: https://www.salesforce.com/de/company/privacy/.
Google Tag Manager
The tags are mostly from Google products such as Google Ads or Google Analytics.
But tags from other companies can also be integrated and managed via the Google Tag Manager. These tags perform different tasks. For example, you can collect browser data, provide marketing tools with data, include buttons, set cookies, and track users across multiple websites.
To optimize our website we use various tracking tools. The data collected from these tracking tools shows us what our website visitors are most interested in, where we can improve our services and which other people we should show our offers.
The Google Tag Manager acts as an “administrator” of the tags of the integrated web analysis tools. The data in the Google Tag Manager is passed on to the individual tracking tools, but is not stored in this tool. In connection with the Google Tag Manager, we use the cookie GCLID , which is technically necessary, among other things, to allow for LinkedIn integration.
The use of the Google Tag Manager requires the consent of our website visitors, which we obtain by means of the cookie banner we use. This consent given in accordance with Art. 6 para 1 lit a DSGVO (consent) constitutes the legal basis for the processing of personal data, as may occur when collected by Web Analytics Tools. In addition to obtaining consent, we have a legitimate interest in analyzing the behavior of our website visitors and thereby improving our offer technically and economically.
The legal basis is Art. 6 para 1 lit a DSGVO (legitimate interests).
Google stores data on its own servers distributed worldwide: https://www.google.com/intl/de/about/datacenters/locations/
Google may also process data from you in the United States. We would like to point out that in the view of the European Court of Justice, there is currently no adequate level of protection for data transfers to the US. Google uses so-called standard contractual clauses (= Article 46 Abs. 2 und 3 DSGVO) as a basis for processing or transferring data to recipients established in third countries (outside the European Union, Iceland, Liechtenstein and Norway) in paticular in the Unites States). Standard contractual clauses (SCCs) are templates provided by the European Commission. These are intended to ensure that your data also complies with European data protection standards if it is transferred to and stored in third countries (such as the USA). Through these clauses, Google undertakes to comply with the European level of data protection when processing personal data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission.
The Google Ads Data Processing Terms, which reference standard contractual clauses, can be found at https://business.safety.google/intl/de/adsprocessorterms/
If you want to learn more about the Google Tag Manager, we recommend that you check the FAQs at https://support.google.com/tagmanager/?hl=de#topic=3441530
We use the tracking tool Linkedln Insight-Tag on our website. The service provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Linkedln Ireland Unlimited (Wilton Place, Dublin 2, Ireland).This company is responsible for the data protection aspects in the European Economic Area (EEA), the EU and Switzerland.
With the help of the LinkedIn Insight-Tag we receive information about visitors to our website.
In connection with LinkedIn Insight-Tag we use various cookies as they are technically necessary to drive the activities listed above. More information about LinkedIn cookies can be found here: https://de.linkedin.com/legal/l/cookie-table
Our use of LinkedIn Insight-Tag is based on Art. 6 para 1 lit. f DSGVO as we have a legitimate interest in effective advertising measures including social media. If you have given your consent by means of our cookie banner, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO.
For more information about the data processed using the Linkedln Insight-Tag, please visit https://www.linkedin.com/legal/privacy-policy
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway) or a data transfer there, LinkedIn uses so-called standard contractual clauses (para 46 DSGVO). Standard Contractual Clauses (SCC) are model templates provided by the European Commission to ensure that Ihe data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Linkedln undertakes to respect the European level of data protection when processing your data andto comply with the European level of data protection. These clauses are based on an implementing decision of the EU Commission.
For more information about Linkedin’s standard contractual clauses please visit https://de.linkedin.com/legal/l/dpa.
To object to the analysis of usage behavior as well as targeted adertisment by LinkedIn:: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, members of LinkedIn can control the use of their personal data for advertising purposes in their account settings.
In order to avoid a linking of data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Registration for our webinars (GotoWebinar)
We have a data processing agreement with LogMeIn in place in which we commit them to protect our customers’ information and not to share it with third parties.
The integration of GotoWebinar ensures that the webinar will be conducted in a technically sound manner using professional tools. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
Registration for free webinars:
If you register for a free webinar on our website, you must provide your e-mail address and your first and last name. By registering for a webinar, you also automatically agree to subscribe to our newsletter, which will keep you informed about regular products and events. The legal basis is your previously given consent in accordance with Art. 6 Para. 1 lit. a GDPR.
You can unsubscribe from the webinar at any time. After the webinar you can still unsubscribe from the newsletter.
Registration for exclusive customer webinars:
When you register for our exclusive customer webinars on GotoWebinar you will need to enter your e-mail address and your first and last name. The legal basis is your previously given consent according to Art. 6 para. 1 lit. a GDPR.
You can unsubscribe from the webinar at any time. With the end of the webinar all your data will be deleted.
Answering customer inquiries through Salesforce
In order to be able to process user requests faster and more efficiently, we use the services of Salesforce (Salesforce Inc. USA). This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. We have agreed standard data protection clauses with Salesforce and Pardot in order to guarantee an appropriate level of data protection when transferring data to third countries. Salesforce uses the users’ data only for the technical processing of the inquiries and does not pass them on to third parties. If users do not agree to data collection via and storage of data in Salesforce’s external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post. For more information about this CRM system and the provider, please visit https://www.salesforce.com/privacy/overview/.
You can make appointments with us on our website. We use the “Calendly” tool for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
The data you have entered will remain with us until you ask us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply. Mandatory legal provisions, in particular retention periods, remain unaffected.
The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a justified interest in making appointments with interested parties and customers in as uncomplicated a manner as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://calendly.com/pages/dpa.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Online-based Audio and Video Conferences (Conference tools)
We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Duration of storage
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Your personal data is not transferred to third parties, unless
- we have explicitly pointed this out in the description of the respective data processing.
- you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
- there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal
Right of objection
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to email@example.com
Subject to change