Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.
Controller within the meaning of data protection law
60314 Frankfurt am Main
+49 69 264929777
Data Protection Officer
Hopp + Flaig PartG mbB
Data Protection Officer
Neue Weinsteige 69/71
This website is hosted by an external service provider (hosting provider). This website is hosted in Frankfurt / Main, Germany. Personal data collected on this website is stored on the hosting provider’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website.
We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status
- Web browser used and operating system used
- (Full) IP address of the requesting computer
- Transmitted amount of data
We collect the listed data to ensure a smooth connection setup of the website and to enable a comfortable use of our website by the users. In addition, the log file serves the evaluation of system security and stability as well as administrative purposes. The legal basis for the temporary storage of the data or the log files is Art. 6 para. 1 lit. f GDPR.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data on an ad hoc basis and only in the event of a security incident for a period exceeding 30 days.
It is not possible for us to draw conclusions about individual persons on the basis of this data. In addition, the data may be processed in anonymous form for statistical purposes.
This data is never stored together with other personal data of the user, compared with other data or passed on to third parties.
Our website uses so-called “cookies”. Cookies are information memories that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings).
Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
You can set your browser to
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Please note that if you disable cookies, the functionality of our website may be limited.
On our website Social Media is solely embedded as a link to the respective service (i.e., Facebook, Twitter, LinkedIn, Xing, and YouTube). After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.
Contact form, emergency enquiries & contact by e-mail
If you send us an enquiry by e-mail, contact or emergency form, your details from the enquiry form or your e-mail, including the personal data you provide there, will be stored by us for the purpose of processing the enquiry, follow-up enquiries and direct advertising for our own products or services. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR and, if applicable, Art. 6 Para. 1 lit. b GDPR, if your request is aimed at concluding a contract.
Your data will be deleted after final processing, at the latest 12 months after your enquiry, provided that there are no statutory retention obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.
We offer free information for download. For this purpose, we collect your e-mail address to send you the download. We use other details such as your name, telephone number and company to provide you with further information such as direct advertising for our own products or services. The double opt-in procedure is used to confirm your e-mail address. The legal basis for this is our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR and, if applicable, your consent according to Art. 6 Para. 1 lit. a) GDPR.
Your data will be deleted after final processing, at the latest 12 months after your request, provided that there are no legal retention obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 Para. 1 lit. f GDPR.
If you apply for a job at our company via contact form or by email, we collect personal data. This includes, in particular, your contact details (such as first and last name, telephone number and email address of the user) as well as other data provided by you regarding your background (e.g. CV, qualifications, degrees and work experience) and your person (e.g. cover letter, personal interests). This may also include special categories of personal data (e.g. information on a severe disability). Your personal data ordinarily is collected directly from you during the application process and is encrypted during electronic transmission. The primary legal basis for this is Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a, 7 GDPR in conjunction with § 26 para. 2 BDSG can be used as a data protection permission regulation. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.
Within our company, only those persons and positions (e.g. human resources) have access to your personal data which absolutely need to carry out the application procedure or to fulfil our legal obligations. Your applications will be forwarded to the responsible person for examination. Under no circumstances will your personal data be passed on to third parties without authorisation.
Your data for an application for a specific job advertisement will be stored and processed by us during the ongoing application process. Once the application process has been completed (e.g. in the form of an acceptance or rejection), the application process including all personal data will be deleted from the system no later than six months after the application process has been completed. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. For this purpose, an informal e-mail to the contact details of the person responsible listed above is sufficient. If you are accepted, your application documents will be transferred to the personnel file.
To enable you to request consent on our website for the processing of your end device information and personal data using cookies or other tracking technologies, we use our consent tool “consentmanager”.
With the help of consentmanager, you have the possibility to provide your consent or to refuse the processing of your end device information and personal data by means of cookies or other tracking technologies for the purposes listed in the consentmanager. Such processing purposes may include the integration of external elements, integration of streaming content, statistical analysis, reach measurement, individualized product recommendations and individualized advertising.
You can use consentmanager to give or refuse your consent for all processing purposes or give or refuse your consent for specific purposes or individual third-party providers. The settings you have made can also be changed by you at a later point in time.
The purpose of integrating consentmanager is to allow users of our website to decide whether to set cookies and similar functionalities and to offer the option of changing settings already made in the course of further use of our website. In the course of using consentmanager, personal data as well as information of the end devices used will be processed by us. When processing, your data is also sent to consentmanager (consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden). The information about the settings you have made is also stored in your terminal device.
As technically necessary, we use the following cookies as far as the consentmanager is concerned: cmpcccu / cmpcccu / cmpconsent / cmpconsent – details can be found here: https://help.consentmanager.de/books/cmp/page/cookies-set-by-the-cmp
After twelve months the user settings have been made, consent is queried again. The user settings made will then be stored again for this period, unless you yourself delete the information about your user settings in the user device capacities provided for this purpose beforehand.
You may object to the processing insofar as the processing is based on Art. 6 para 1 lit. f) DSGVO.
We use the web analysis tool “Matomo” to design our websites according to your requirements. Matomo creates usage profiles based on pseudonyms. To do this, permanent cookies are stored on your device and are read by us.
As part of the application of our Matomo Tag Manager, we use the MATOMO_SESSID cookie, which is technically necessary for us.
The MATOMO_SESSID only runs during the session and will be deleted after the session ends. In this way we are able to recognize and count recurring visitors.
See also: https://cookiedatabase.org/cookie/matomo/matomo_sessid/
We also use Heatmap & Session Recording modules. Matomo’s heatmap service shows the areas of our website where the mouse is moved most frequently or which are clicked on most often. The session recording service records individual user sessions. This allows us to play back recorded sessions and thus analyze the use of our website. Data entered in forms is not recorded and is not visible at any time.
The data processing is carried out according to § 25 Abs. 1 TTDSG and Art. 6 para 1 lit. a DSGVO being based on your consent via our cookie banner. You can revoke your consent at any point in time. If you want to do so, please make the appropriate settings using our cookie banner.
Salesforce Sales Cloud
We use Salesforce Sales Cloud to manage customer data. Provider is salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 München (hereinafter ‘Salesforce’).
Salesforce Sales Cloud is a CRM system that allows us to manage existing and potential customers as well as customer contacts and to organize sales and communication processes. The use of the CRM system also enables us to analyze our customer related processes.
Details of the Salesforce Sales Cloud features can be found here: https://www.salesforce.com/de/products/sales-cloud/overview/
As part of our use of Salesforce Sales Cloud we rely on cookies which help us collect and analyze the information listed above. You can find more information here: https://help.salesforce.com/s/articleView?id=sf.pardot_basics_cookies.htm&type=5
The use of the Sales Force Sales Cloud requires the consent of our website visitors, which we obtain via the cookie banner we use. This consent is given in accordance with Art. 6 para 1 lit. a DSGVO (consent). It provides the legal basis for the collection and processing of personal data such as that which may occur in the use of Sales Force Sales Cloud. The consent can be revoked at any time.
In addition to the consent, there is a legitimate interest on our part to manage our customers, to organize communication processes and to analyze our customer-related processes. The legal basis for this is Article 6 para 1 lit. f DSGVO (Legitimate Interests).
Personal data may also be transferred to the parent company of salesforce.com Germany GmbH, salesforce.com inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA.
Salesforce has Binding Corporate Rules (BCR) approved by the French Data Protection Authority. These are binding company internal rules that legitimize intra-company data transfers outside the EU and the EEA.
Details are available here:. https://www.salesforce.com/de/blog/2020/07/die-binding-corporate-rules-von-salesforce-erfuellen-hoechste-da.html
For further details see the Salesforce privacy statement: https://www.salesforce.com/de/company/privacy/.
Our website uses Google Analytics, a web analytics service provided by Google Inc (“Google”).
Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland), for all Google services, is responsible for the economic European area.
Google Analytics uses so-called “cookies”, this means that text files are stored on the computer of our website visitors. The information generated by the cookie about the use of our website is transmitted to a Google server in the USA and then stored there. Further information on the DSGVO-compliant use of Google Analytics as well as an overview of the cookies that Google Analytics uses can be found here, for example.
If IP anonymization is activated on our website, the IP address of our website visitors will only be shortened beforehand by Google within the member states of the EU or in other contracting states of the Agreement on the European Economic Area. In a few exceptional cases, the full IP address may be transmitted to a Google server in the USA and then shortened there. Google can then evaluate the use of the website on the basis of this information, which is stored, in order to then provide a compilation of a report on website activity. Based on this report, Google can then also provide further services to the website provider related to website usage and internet usage. The IP address transmitted by the browsers of our website visitors via Google Analytics will not be merged with other data from Google.
If this evaluation based on your visit to our site is not in your interest, you can prevent the storage or installation of cookies by selecting the appropriate settings on your browser software. At the same time, we would like to inform you that in this case you will not be able to use all functions of our website to their full extent.
By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
The use of Google Analytics requires the consent of our website visitors, which we obtain by means of the cookie banner we use. According to Art. 6 para. 1 lit. a DSGVO (consent), this consent constitutes the legal basis for the collection and processing of personal data, as may occur with the use of Google Analytics. The consent can be revoked at any time.
In addition to the consent, there is a legitimate interest on our part to analyze the behavior of our website visitors and thereby to improve our offer technically and economically. The legal basis for this is Article 6 para 1 lit. f DSGVO (legitimate Interests).
We use the tracking tool Linkedln Insight-Tag on our website. The service provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Linkedln Ireland Unlimited (Wilton Place, Dublin 2, Ireland).This company is responsible for the data protection aspects in the European Economic Area (EEA), the EU and Switzerland.
With the help of the LinkedIn Insight-Tag we receive information about visitors to our website.
In connection with LinkedIn Insight-Tag we use various cookies as they are technically necessary to drive the activities listed above. More information about LinkedIn cookies can be found here: https://de.linkedin.com/legal/l/cookie-table
Our use of LinkedIn Insight-Tag is based on Art. 6 para 1 lit. f DSGVO as we have a legitimate interest in effective advertising measures including social media. If you have given your consent by means of our cookie banner, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO.
For more information about the data processed using the Linkedln Insight-Tag, please visit https://www.linkedin.com/legal/privacy-policy
As a basis for data processing at recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway) or a data transfer there, LinkedIn uses so-called standard contractual clauses (para 46 DSGVO). Standard Contractual Clauses (SCC) are model templates provided by the European Commission to ensure that Ihe data comply with European data protection standards even if they are transferred to third countries (such as the USA) and stored there. Through these clauses, Linkedln undertakes to respect the European level of data protection when processing your data andto comply with the European level of data protection. These clauses are based on an implementing decision of the EU Commission.
For more information about Linkedin’s standard contractual clauses please visit https://de.linkedin.com/legal/l/dpa.
To object to the analysis of usage behavior as well as targeted adertisment by LinkedIn:: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Furthermore, members of LinkedIn can control the use of their personal data for advertising purposes in their account settings.
In order to avoid a linking of data collected on our website by LinkedIn and your LinkedIn account, you must log out of your LinkedIn account before visiting our website.
Registration for our webinars (GotoWebinar)
We have a data processing agreement with LogMeIn in place in which we commit them to protect our customers’ information and not to share it with third parties.
The integration of GotoWebinar ensures that the webinar will be conducted in a technically sound manner using professional tools. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR.
Registration for free webinars:
If you register for a free webinar on our website, you must provide your e-mail address and your first and last name. By registering for a webinar, you also automatically agree to subscribe to our newsletter, which will keep you informed about regular products and events. The legal basis is your previously given consent in accordance with Art. 6 Para. 1 lit. a GDPR.
You can unsubscribe from the webinar at any time. After the webinar you can still unsubscribe from the newsletter.
Registration for exclusive customer webinars:
When you register for our exclusive customer webinars on GotoWebinar you will need to enter your e-mail address and your first and last name. The legal basis is your previously given consent according to Art. 6 para. 1 lit. a GDPR.
You can unsubscribe from the webinar at any time. With the end of the webinar all your data will be deleted.
Answering customer inquiries through Salesforce
In order to be able to process user requests faster and more efficiently, we use the services of Salesforce (Salesforce Inc. USA). This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. We have agreed standard data protection clauses with Salesforce and Pardot in order to guarantee an appropriate level of data protection when transferring data to third countries. Salesforce uses the users’ data only for the technical processing of the inquiries and does not pass them on to third parties. If users do not agree to data collection via and storage of data in Salesforce’s external system, we offer them alternative contact options for submitting service requests by e-mail, telephone, fax or post. For more information about this CRM system and the provider, please visit https://www.salesforce.com/privacy/overview/.
You can make appointments with us on our website. We use the “Calendly” tool for booking appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).
The data you have entered will remain with us until you ask us to delete it, revoke your consent for storage or the purpose for which the data was stored ceases to apply. Mandatory legal provisions, in particular retention periods, remain unaffected.
The legal basis for data processing is Art. 6(1)(f) GDPR. The website operator has a justified interest in making appointments with interested parties and customers in as uncomplicated a manner as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://calendly.com/pages/dpa.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Online-based Audio and Video Conferences (Conference tools)
We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.
Purpose and legal bases
The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.
Duration of storage
Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.
We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Your personal data is not transferred to third parties, unless
- we have explicitly pointed this out in the description of the respective data processing.
- you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
- there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal
Right of objection
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to firstname.lastname@example.org
Subject to change