Privacy Policy
In this privacy policy, we inform you about the processing of personal data when using our website. Personal data is information that relates to an identified or identifiable person. This includes, in particular, details that allow conclusions to be drawn about your identity, such as your name, your telephone number, your address, or email address. Statistical data that we collect, for example, during a visit to our website and that cannot be linked to you, do not fall under the definition of personal data.
1. Person responsible and contact
Contact person and so-called responsible party for the processing of your personal data when visiting this website in the sense of the General Data Protection Regulation (GDPR) is the
Bridgemaker GmbH
Linienstraße 86
10119 Berlin
Email: privacy@bridgemaker.com
For all questions regarding data protection in connection with our products and services or the use of our website, you can also contact our data protection officer at any time. He/She can be reached at the above postal address as well as at the email address provided earlier (Keyword: “to the attention of the data protection officer”). We expressly point out that when using this email address, the contents are not exclusively noticed by our data protection officer. If you wish to exchange confidential information, please initially request direct contact via this email address.
2. Data processing on our website
2.1 Accessing our website / Connection data
When you use our website (which is displayed via Framer), we process connection data that your browser automatically transmits to enable your visit to the website. This connection data includes the so-called HTTP header information, including the user agent, and particularly includes:
IP address of the requesting device;
Method (e.g., GET, POST), date and time of the request;
Address of the requested website and path of the requested file;
if applicable, the previously requested website/file (HTTP referrer);
Information about the browser and operating system used;
Version of the HTTP protocol, HTTP status code, size of the delivered file;
Request information such as language, type of content, content encoding, character sets;
Cookies stored on the device for the requested domain.
Processing this connection data is necessary to enable the visit to the website, ensure the continuous functionality and security of our systems, and to generally maintain our website administratively. The connection data is also temporarily stored in internal log files for the aforementioned purposes, restricted to the absolute minimum content needed, to identify and address the cause in the event of repeated accesses or accesses with criminal intent that threaten the stability and security of our website. The legal basis for this processing is Article 6(1)(b) GDPR, provided that the page view occurs in the context of the initiation or execution of a contract, and otherwise Article 6(1)(f) GDPR due to our legitimate interest in enabling the website access as well as ensuring the continuous functionality and security of our systems. However, the automatic transmission of connection data and the resulting log files does not constitute access to the information on the device in the sense of the implementation laws of the ePrivacy Directive of EU member states, in Germany § 25 TTDSG. Moreover, it would be absolutely necessary anyway. The log files are stored and subsequently anonymized. Exceptionally, individual log files and IP addresses are retained for a longer period to prevent further attacks from this IP address in the event of cyber-attacks and/or to pursue legal action against the attackers.
3. Data processing on our website
2.2 Contact
Every time you use our website (which is displayed via Framer), we process connection data that your browser automatically transmits in order to enable your visit to the website. This connection data includes so-called HTTP header information, including the user agent, and specifically includes:
IP address of the requesting device;
Method (e.g., GET, POST), date and time of the request;
Address of the requested website and path of the requested file;
possibly the previously accessed website/file (HTTP referer);
Information about the browser and operating system used;
Version of the HTTP protocol, HTTP status code, size of the delivered file;
Request information such as language, type of content, encoding of content, character sets;
cookies stored on the device for the requested domain.
Processing this connection data is necessary to allow the visit to the website, to ensure the long-term functionality and security of our systems, and to generally maintain our website administratively. The connection data is also temporarily and content-wise limited to the essentials in internal log files for the purposes described above, to find the cause and take action in the event of repeated calls or calls with criminal intent, which jeopardize the stability and security of our website. The legal basis for this processing is Art. 6 Para. 1 lit. b GDPR, provided that the page view occurs in the context of establishing or executing a contract, and otherwise Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in enabling the website access and the long-term functionality and security of our systems. However, the automatic transmission of the connection data and the resulting log files do not constitute access to information on the end device as understood by the implementation laws of the ePrivacy directive of EU member states, in Germany § 25 TTDSG. Nevertheless, it would be absolutely necessary in any case. The log files are stored and subsequently anonymized. Exceptionally, individual log files and IP addresses are retained for longer to prevent further attacks from this IP address in the case of cyber attacks and/or to take action against the attackers through criminal prosecution.
2.3 Use of ChatGPT in the provision of the Business Model – AI service
If you want to use our artificial intelligence offer to find answers to your business problem, your data, as described in 2.2.2, will be processed in the ChatGPT Business tool. For this purpose, data is forwarded to the service provider OpenAI, which is offered to individuals from the European Economic Area and Switzerland by OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre, 117-126 Sheriff Street Upper, Dublin 1, D01 YC43, Ireland, and to all other individuals by OpenAI, L.L.C., 3180 18th Street, San Francisco, California 94110, USA. For more information about the ChatGPT Business tool used, please find it here: https://openai.com/de/policies/eu-terms-of-use and https://openai.com/enterprise-privacy. Please note that the ChatGPT tool provided by the service provider OpenAI is an artificial intelligence. However, with the Business version of the tool that we use, any training of the tool with your data is prohibited. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, as far as your information is required to answer your inquiry or to initiate or execute a contract, and otherwise Art. 6 para. 1 lit. f GDPR, to facilitate the provision of the service. We will only contact you for advertising purposes if you have given your consent for this. The data will be stored by ChatGPT until the purposes are achieved and no (legal) retention periods stand in the way.
2.4 Applications
You can apply for open positions through our applicant management system provided by our processor Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany), which you can access via our careers page. The purpose of data collection is to select applicants for a possible establishment of an employment relationship. For the acceptance and processing of your application, we collect the following data in particular:
First and last name;
Email address;
Phone number;
Application documents (e.g. certificates, CV);
Date of earliest possible job entry;
Salary expectations.
Mandatory fields are marked with an asterisk (*). The legal basis for processing your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. We store your personal data upon receipt of your application. If we accept your application and it leads to an employment relationship, we will store your application data for as long as it is necessary for the employment relationship and as long as legal regulations require storage. If we reject your application, we will store your application data for a maximum of six months after the rejection of your application, unless you provide us with your consent for longer storage. If you have separately given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will store your data transmitted as part of the application in our pool of applicants for another twelve months after the recruitment process has ended, in order to identify any further interesting positions for you and to possibly contact you again. After the expiration of the deadline, the data will be deleted. You can revoke this consent at any time with effect for the future.
2.4 Applications
You can apply for open positions through our applicant management system provided by our processor Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany), which you can access via our careers page. The purpose of data collection is to select applicants for a possible establishment of an employment relationship. For the acceptance and processing of your application, we collect the following data in particular:
First and last name;
Email address;
Phone number;
Application documents (e.g. certificates, CV);
Date of earliest possible job entry;
Salary expectations.
Mandatory fields are marked with an asterisk (*). The legal basis for processing your application data is Art. 6 para. 1 lit. b and Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 sentence 1 BDSG. We store your personal data upon receipt of your application. If we accept your application and it leads to an employment relationship, we will store your application data for as long as it is necessary for the employment relationship and as long as legal regulations require storage. If we reject your application, we will store your application data for a maximum of six months after the rejection of your application, unless you provide us with your consent for longer storage. If you have separately given us your consent in accordance with Art. 6 para. 1 lit. a GDPR, we will store your data transmitted as part of the application in our pool of applicants for another twelve months after the recruitment process has ended, in order to identify any further interesting positions for you and to possibly contact you again. After the expiration of the deadline, the data will be deleted. You can revoke this consent at any time with effect for the future.
3. Use of tools on the website
3.1 Technologies used
This website uses various services and applications (collectively referred to as "tools"), which are either provided by us or by third parties. These include, in particular, tools that use technologies to store or access information on the end device:
Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain, and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the set expiration date. Cookies can also be removed manually.
Web Storage (Local Storage / Session Storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, whereas information in local storage has no expiration date and remains stored as a rule, unless a deletion mechanism has been established (e.g. storage of local storage with a time entry). Information in local and session storage can also be removed manually.
JavaScript: programming codes (scripts) embedded in or called by the website, which, for example, set cookies and web storage or actively collect information from the end device or the behaviour of the visitors. JavaScript can be used for "active fingerprinting" and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, but then most services may not function properly.
Pixels: tiny graphics automatically loaded by a service, which can enable the recognition of visitors through the automatic transmission of the usual connection data (in particular IP address, information about browser, operating system, language, address accessed, and time of access) and, for example, determine the opening of an email or the visit of a website. Using pixels allows for "passive fingerprinting" and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images, such as in emails, although this will greatly limit the display.
Using these technologies and also through the simple connection established on a page, so-called "fingerprints" can be created, i.e. usage profiles that can recognize visitors even without the use of cookies or web storage. Fingerprints based on the connection cannot be completely prevented manually. Most browsers are set by default to accept cookies, to execute scripts, and to display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics, and the execution of scripts, our services will likely not function or not function smoothly. Below we list the tools we use, categorized, while informing you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage, as well as the transfer of data to third parties. It will also be explained when we obtain your voluntary consent for the use of the tools and how you can revoke this consent. Should – even with the greatest care – the information in the consent banner contradict those in this privacy policy, the information in this privacy policy shall take precedence.
3.1 Technologies used
3.1 Technologies used
This website uses various services and applications (collectively referred to as "tools"), which are either provided by us or by third parties. These include, in particular, tools that use technologies to store or access information on the end device:
Cookies: information stored on the end device, consisting in particular of a name, a value, the storing domain, and an expiration date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the set expiration date. Cookies can also be removed manually.
Web Storage (Local Storage / Session Storage): information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, whereas information in local storage has no expiration date and remains stored as a rule, unless a deletion mechanism has been established (e.g. storage of local storage with a time entry). Information in local and session storage can also be removed manually.
JavaScript: programming codes (scripts) embedded in or called by the website, which, for example, set cookies and web storage or actively collect information from the end device or the behaviour of the visitors. JavaScript can be used for "active fingerprinting" and the creation of usage profiles. JavaScript can be blocked by a setting in the browser, but then most services may not function properly.
Pixels: tiny graphics automatically loaded by a service, which can enable the recognition of visitors through the automatic transmission of the usual connection data (in particular IP address, information about browser, operating system, language, address accessed, and time of access) and, for example, determine the opening of an email or the visit of a website. Using pixels allows for "passive fingerprinting" and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images, such as in emails, although this will greatly limit the display.
Using these technologies and also through the simple connection established on a page, so-called "fingerprints" can be created, i.e. usage profiles that can recognize visitors even without the use of cookies or web storage. Fingerprints based on the connection cannot be completely prevented manually. Most browsers are set by default to accept cookies, to execute scripts, and to display graphics. However, you can usually adjust your browser settings to reject all or certain cookies or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics, and the execution of scripts, our services will likely not function or not function smoothly. Below we list the tools we use, categorized, while informing you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage, as well as the transfer of data to third parties. It will also be explained when we obtain your voluntary consent for the use of the tools and how you can revoke this consent. Should – even with the greatest care – the information in the consent banner contradict those in this privacy policy, the information in this privacy policy shall take precedence.
3.2 Legal basis and withdrawal
3.2.1 Legal Basis
3.2.2 Obtaining Your Consent
3.2.3 Withdrawal of Your Consent or Change of Your Selection
You can withdraw your consent for certain tools, that is, for the storage and access to information on the device, the processing of your personal data, and the transfer of your data to third countries, at any time with effect for the future. To do this, click the button on the right side at the end of the website. There you can also change the selection of the tools for which you wish to give consent, as well as obtain additional information about the tools used. Alternatively, you can assert your withdrawal directly with the provider of certain tools.
3.2 Legal basis and withdrawal
3.2.1 Legal Basis
We use tools necessary for the operation of the website based on our legitimate interest in accordance with Art. 6(1)(f) GDPR to provide the basic functions of our website. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6(1)(b) GDPR. Access to and storage of information on the device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the EU ePrivacy Directive of the EU member states, in Germany according to § 25(2) TTDSG. All other non-necessary (optional) tools that provide additional functions are used based on your consent in accordance with Art. 6(1)(a) GDPR. Access to and storage of information on the device then takes place on the basis of the implementation laws of the EU ePrivacy Directive of the EU member states, in Germany according to § 25(1) TTDSG. Data processing using these tools only occurs if we have previously obtained your consent for this purpose. If a transfer of personal data to third countries (such as the USA) takes place, we refer, also regarding the risks that may be involved, to section 6 ("Transfer of Data to Third Countries"). We will inform you if there is an adequacy decision for the respective third country or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the accompanying transfer of your personal data to third countries, we will transmit the data processed during the use of the tools (also) on the basis of this consent according to Art. 49(1)(a) GDPR to third countries.
3.2.2 Obtaining Your Consent
To obtain and manage your consents, we use the Cookiebot tool from Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark ("Cookiebot"). This generates a banner that informs you about data processing on our website and gives you the option to consent to all, individual, or no data processing by optional tools. This banner appears on your first visit to our website and whenever you revisit your settings to change them or withdraw consents. The banner also appears on further visits to our website if you have disabled the storage of cookies or if cookies or information in the Local Storage of Cookiebot has been deleted or expired. Cookiebot receives your consents or withdrawals, your IP address, information about your browser, your device, and the time of your visit as part of your website visit. Furthermore, Cookiebot stores necessary information on your device to document your granted consents and withdrawals. The following cookies are set in this context: "CookieConsent" (1 year). The data processing by Cookiebot is necessary to provide you with the legally required consent management and to comply with our documentation obligations. The legal basis for using Cookiebot is Art. 6(1)(f) GDPR, justified by our interest in meeting the legal requirements for consent management. Access to and storage of information on the device is absolutely necessary in these cases and takes place on the basis of the implementation laws of the EU ePrivacy Directive of the EU member states, in Germany according to § 25(2) TTDSG.3.2.3 Withdrawal of Your Consent or Change of Your Selection
You can withdraw your consent for certain tools, that is, for the storage and access to information on the device, the processing of your personal data, and the transfer of your data to third countries, at any time with effect for the future. To do this, click the button on the right side at the end of the website. There you can also change the selection of the tools for which you wish to give consent, as well as obtain additional information about the tools used. Alternatively, you can assert your withdrawal directly with the provider of certain tools.
3.1 Technologies used
3.2.1 Legal Basis
3.2.2 Obtaining Your Consent
3.2.3 Withdrawal of Your Consent or Change of Your Selection
You can withdraw your consent for certain tools, that is, for the storage and access to information on the device, the processing of your personal data, and the transfer of your data to third countries, at any time with effect for the future. To do this, click the button on the right side at the end of the website. There you can also change the selection of the tools for which you wish to give consent, as well as obtain additional information about the tools used. Alternatively, you can assert your withdrawal directly with the provider of certain tools.
3.2 Legal basis and withdrawal
Our website uses the Google reCAPTCHA service, which is offered for individuals from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively referred to as “Google”).
reCAPTCHA prevents automated software (so-called bots) from engaging in abusive activities on the website, i.e., it checks whether the inputs made actually come from a human. For this purpose, reCAPTCHA uses JavaScript and stores cookies and information in the Local Storage on your device. In particular, the following data is processed:
Referrer URL (address of the page from which the visitor came);
IP address;
cookies set by Google;
snapshot of the browser window;
user's input behavior (e.g., answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user, number of mouse clicks);
Technical information: browser type, browser plug-ins, browser size and resolution, date, language settings, display instructions (CSS) and scripts (JavaScript).
For this purpose, the following cookies may be used and read by reCAPTCHA:
“_GRECAPTCHA” (6 months).
In addition, the following cookies are also embedded and stored in the Local Storage to distinguish between humans and robots:
“rc::d-15#”, “rc::a” (permanent),
“rc::b” (for the duration of the session),
“rc::c” (for the duration of the session),
“rc::f” (permanent).
Furthermore, Google reads cookies from other Google services such as Gmail, Search, and Analytics. If you do not wish this association with your Google account, you need to log out of Google before visiting a page where we have integrated Google reCAPTCHA.
The mentioned data is sent to Google in encrypted form. Google's evaluation determines how the captcha is displayed on the page. The use of reCAPTCHA is statistically evaluated. According to Google, your data is not used for personalized advertising.
The legal basis is the necessity for the fulfillment of a contract or the performance of pre-contractual measures in accordance with Article 6(1)(b) GDPR, for example, in the context of registering a user account, using a contact form, or subscribing to a newsletter.
Moreover, the legal basis is our legitimate interest under Article 6(1)(f) GDPR, whereby Google reCAPTCHA serves to protect IT security, ensure the stability of our website, and prevent abuse.
We have concluded a data processing agreement with Google Ireland Limited. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA under Article 45 GDPR. Furthermore, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Commission Implementing Decision (EU) 2021/914, Module 3) in accordance with Article 46 (2) (c) GDPR.
For more information, please see:
in Google's privacy policy: https://policies.google.com/privacy;
in Google's terms of service: https://policies.google.com/terms.
4.3.2 Google Tag Manager
Our website uses the Google Tag Manager service, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for individuals from the European Economic Area and Switzerland, and by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together referred to as 'Google') for all other individuals.
The Google Tag Manager is solely intended for managing website tools by incorporating so-called website tags. A tag is an element that is embedded in the source code of our website to execute a tool, for example through scripts. If these are optional tools, they will only be included by the Google Tag Manager with your consent. The Google Tag Manager employs JavaScript and generally operates without the use of cookies.
The legal basis is Art. 6 (1) (f) GDPR, based on our legitimate interest in integrating and managing multiple tags on our website in a straightforward manner.
Google collects information for the purpose of ensuring stability and functionality when using the Google Tag Manager regarding which tags are included by our website. However, the Google Tag Manager fundamentally does not store any personal data beyond the pure connection establishment, particularly no data regarding user behavior or the pages visited.
We have concluded a data processing agreement with Google Ireland Limited. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. Furthermore, Google Ireland Limited and Google LLC have concluded Standard Contractual Clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 (2) (c) GDPR.
For more information, please see Google's privacy policy: https://support.google.com/analytics/answer/6004245.
3.3 Necessary Tools
We use certain tools to enable the basic functions of our website (“necessary tools”). This includes, for example, tools for preparing and displaying website content, for managing and integrating tools, for providing payment processing services, for fraud detection and prevention, and for ensuring the security of our website. Without these tools, we could not provide our service. Therefore, necessary tools are used without consent. The legal basis for necessary tools is the necessity to fulfill our legitimate interests pursuant to Art. 6 (1) lit. f GDPR in providing the respective basic functions and operating our website. In cases where providing the respective website functions is necessary to fulfill a contract or to carry out pre-contractual measures, the legal basis for data processing is Art. 6 (1) lit. b GDPR. Access to and storage of information on the end device is absolutely necessary in these cases and is based on the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 (2) TTDSG. In case personal data is transferred to third countries (such as the USA), we refer, in addition to the information provided below, to Section 6 (“Data transfer to third countries”).
3.3.1 Google reCAPTCHA
Our website uses the Google reCAPTCHA service, which is offered for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively “Google”).
reCAPTCHA prevents automated software (so-called bots) from performing abusive activities on the website, i.e., it checks whether the inputs made actually come from a human. To do this, reCAPTCHA uses JavaScript and stores cookies and information in Local Storage on your device. Specifically, the following data is processed:
Referrer URL (address of the page from which the visitor came);
IP address;
Cookies set by Google;
Snapshot of the browser window;
User input behaviour (e.g., answering the reCAPTCHA question, input speed in form fields, order of selection of input fields by the user, number of mouse clicks);
Technical information: browser type, browser plugins, browser size and resolution, date, language setting, rendering instructions (CSS), and scripts (JavaScript).
For this purpose, the following cookies may be set and read by reCAPTCHA: “_GRECAPTCHA” (6 months). In addition, the following cookies are also embedded and stored in Local Storage to distinguish between humans and robots: “rc::d-15#”, “rc::a” (permanent), “rc::b” (for the duration of the session), “rc::c” (for the duration of the session), “rc::f” (permanent). Furthermore, Google reads the cookies of other Google services like Gmail, Search, and Analytics. If you do not wish this association with your Google account, it is necessary for you to log out of Google before accessing a page where we have integrated Google reCAPTCHA. The data mentioned is transmitted to Google in encrypted form. Google’s evaluation determines how the Captcha is displayed on the site. The use of reCAPTCHA is statistically evaluated. According to Google, your data is not used for personalized advertising. The legal basis is the necessity to fulfill a contract or to carry out pre-contractual measures according to Art. 6 (1) lit. b GDPR, for example, in the context of registering a user account, using a contact form, or subscribing to a newsletter. Google reCAPTCHA serves to protect IT security, ensure the stability of our website, and prevent abuse. Part of the data may also be processed on servers in the USA. In case personal data is transferred to the USA or other third countries, this occurs based on Art. 49 (1) sentence 1 lit. b GDPR, to enable the fulfillment of a contract with you or to carry out pre-contractual measures. For more information, please refer to Section 6 (“Data transfer to third countries”).
Further information can be found:
in Google’s privacy policy: https://policies.google.com/privacy;
in Google’s terms of service: https://policies.google.com/terms
3.4 Analysis Tools
To improve our website, we use optional tools to recognize visitors as well as for the statistical collection and analysis of general usage behavior based on access data ("analytics tools"). We also use analytics services to evaluate the usage of our various marketing channels. The collected usage information is aggregated and enables us to understand the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more pleasant. The legal basis for the analytics tools is – unless otherwise specified – your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent, see 3.2.3: "Revocation of your consent or change of your selection". In the event that personal data is transferred to third countries (such as the USA), your consent explicitly also covers the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
3.4.1 Google Analytics 4
Our website then uses the service Google Analytics 4 ("Google Analytics"), which is offered for individuals from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). Google Analytics uses JavaScript and pixels to read information on your end device, as well as cookies to store information on your end device. This serves to analyze your usage behavior and improve our website. We will process the obtained information to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred to and stored on a server in the USA by Google for evaluation. In its evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of data. This is particularly for predictive metrics on future behavior of visitors based on structured event data, such as predicted revenue, purchase probability and churn probability. The predictive metrics can also be used for predictive target groups. You can learn more about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions where there is not enough data available to optimize evaluation and reports. Information on this can be found at: https://support.google.com/analytics/answer/10710245. Data evaluations are carried out automatically using artificial intelligence or based on specific individually defined criteria. More information can be found at: https://support.google.com/analytics/answer/9443595.
The following privacy settings have been made in Google Analytics:
IP anonymization (truncation of the IP address before evaluation);
Automatic deletion of old visit logs by limiting the retention period to 2 months;
No reset of the retention period with new activity;
Deactivation of the collection of exact location and position data;
Deactivation of the collection of exact device data;
Deactivated advertising function (including audience remarketing through GA Audience);
Deactivated remarketing;
Deactivated cross-device and cross-site tracking (Google Signals);
Deactivated data sharing with other Google products and services, benchmarking, technical support, account manager.
The following data is processed by Google Analytics:
IP address;
User-ID, Google-ID (Google Signals) and/or device ID;
Referrer URL (previously visited page);
Pages visited (date, time, URL, title, duration of visit);
Events and activities (e.g., scroll activity, downloaded files, clicked links to other websites, interaction with videos and forms, search queries);
if applicable, achievement of certain goals (conversions);
Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and possibly city, based on anonymized IP address).
Google Analytics sets the following cookies for the indicated purpose with the respective retention period:
"_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors through a User-ID;
"_ga_[GA-ID]" (2 years): Retention of the information of the current session;
"_gac_gb_[GA-ID]" (90 days): Storage of campaign-related information and possibly linking with Google Ads conversion tracking;
if applicable, "IDE" (390 days): Recognition and differentiation of visitors through a User-ID, capturing interactions with ads, displaying personalized ads.
For more information about cookies from Google Analytics 4, see: https://support.google.com/analytics/answer/11397207?hl=en.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementation Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. More information can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245.
3.4 Analysis Tools
To improve our website, we use optional tools to recognize visitors as well as for the statistical collection and analysis of general usage behavior based on access data ("analytics tools"). We also use analytics services to evaluate the usage of our various marketing channels. The collected usage information is aggregated and enables us to understand the usage habits of our visitors. This serves to adapt and optimize the design of our website and to make the user experience more pleasant. The legal basis for the analytics tools is – unless otherwise specified – your consent according to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For revocation of your consent, see 3.2.3: "Revocation of your consent or change of your selection". In the event that personal data is transferred to third countries (such as the USA), your consent explicitly also covers the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 ("Data transfer to third countries") for the associated risks.
3.4.1 Google Analytics 4
Our website then uses the service Google Analytics 4 ("Google Analytics"), which is offered for individuals from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other individuals by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together "Google"). Google Analytics uses JavaScript and pixels to read information on your end device, as well as cookies to store information on your end device. This serves to analyze your usage behavior and improve our website. We will process the obtained information to evaluate your use of the website and to compile reports on website activities for the website operators. The data generated in this context may be transferred to and stored on a server in the USA by Google for evaluation. In its evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning for automated analysis and enrichment of data. This is particularly for predictive metrics on future behavior of visitors based on structured event data, such as predicted revenue, purchase probability and churn probability. The predictive metrics can also be used for predictive target groups. You can learn more about this at: https://support.google.com/analytics/answer/9846734. In addition, Google Analytics 4 models conversions where there is not enough data available to optimize evaluation and reports. Information on this can be found at: https://support.google.com/analytics/answer/10710245. Data evaluations are carried out automatically using artificial intelligence or based on specific individually defined criteria. More information can be found at: https://support.google.com/analytics/answer/9443595.
The following privacy settings have been made in Google Analytics:
IP anonymization (truncation of the IP address before evaluation);
Automatic deletion of old visit logs by limiting the retention period to 2 months;
No reset of the retention period with new activity;
Deactivation of the collection of exact location and position data;
Deactivation of the collection of exact device data;
Deactivated advertising function (including audience remarketing through GA Audience);
Deactivated remarketing;
Deactivated cross-device and cross-site tracking (Google Signals);
Deactivated data sharing with other Google products and services, benchmarking, technical support, account manager.
The following data is processed by Google Analytics:
IP address;
User-ID, Google-ID (Google Signals) and/or device ID;
Referrer URL (previously visited page);
Pages visited (date, time, URL, title, duration of visit);
Events and activities (e.g., scroll activity, downloaded files, clicked links to other websites, interaction with videos and forms, search queries);
if applicable, achievement of certain goals (conversions);
Technical information: Operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and possibly city, based on anonymized IP address).
Google Analytics sets the following cookies for the indicated purpose with the respective retention period:
"_ga" (2 years), "_gid" (24 hours): Recognition and differentiation of visitors through a User-ID;
"_ga_[GA-ID]" (2 years): Retention of the information of the current session;
"_gac_gb_[GA-ID]" (90 days): Storage of campaign-related information and possibly linking with Google Ads conversion tracking;
if applicable, "IDE" (390 days): Recognition and differentiation of visitors through a User-ID, capturing interactions with ads, displaying personalized ads.
For more information about cookies from Google Analytics 4, see: https://support.google.com/analytics/answer/11397207?hl=en.
The legal basis for this data processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device is then based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementation Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your explicit consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR. More information can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245.
3.5 Marketing Tools
We also use optional tools for advertising purposes ("marketing tools"). Some of the access data generated while using our website is used to create usage profiles, which particularly store your usage behavior, the ads you viewed or clicked on, and the classification into advertising categories, interests and preferences that arise from this. By analyzing and evaluating this access data, we can present you with personalized advertising, meaning advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. In doing so, we also analyze your usage behavior to recognize you again on other pages and address you personally based on your use of our site (so-called retargeting). Furthermore, we evaluate the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads). Marketing tools also include optional tools from social networks that serve to share posts and content across these networks ("social media plugins"). The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you provide via the consent banner or when using the respective tool by allowing its use via an overlay banner. Access to and storage of information on the end device then occurs on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. For the withdrawal of your consent, see 3.2.3: "Withdrawal of your consent or change of your selection." In the event that personal data is transferred to third countries (such as the USA), your consent expressly also extends to the data transfer (Art. 49 para. 1 lit. a GDPR). Please find the associated risks in section 6 ("Data transfer to third countries").
In the following section, we would like to explain these technologies and the providers involved in more detail. The collected data may include in particular:
the IP address of the device;
the information of a cookie and in local or session storage;
the device ID of mobile devices (e.g. device ID, advertising ID);
Referrer URL (previously visited page);
Accessed pages (date, time, URL, title, duration of stay);
Downloaded files;
Clicked links to other websites;
if applicable, achievement of specific goals (conversions);
Technical information: operating system; browser type, version and language; device type, brand, model and resolution;
Approximate location (country and possibly city).
The collected data is, however, stored exclusively in a pseudonymous form, so that no direct conclusions can be drawn about individuals.
3.5.1 HubSpot
Our website uses services from HubSpot Ireland Limited at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland ("Hubspot") to incorporate cookies via "gstatic" or Google reCAPTCHA.
The following cookies are stored in local storage to distinguish between humans and robots:
"rc::d-15#" (permanent): distinction between human and robot;
"rc::a" (permanent): distinction between human and robot;
"rc::b" (for the duration of the session): distinction between human and robot;
"rc::c" (for the duration of the session): distinction between human and robot;
"rc::f" (permanent): distinction between human and robot.
Furthermore, for more information about cookies, please refer to HubSpot's website: https://knowledge.hubspot.com/de/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser and to Cloudfare's website: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies. The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device then occurs on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have entered into a data processing agreement with HubSpot. The data collected in this regard may be transferred by HubSpot to a server in the USA and stored there. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with HubSpot (Implementing Decision (EU) 2021/914, Module 2) in accordance with Art. 46 para. 2 lit. c GDPR. Additionally, we also obtain your express consent in accordance with Art. 49 para. 1 lit. a GDPR for the transfer of your data to third countries. For more information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy.
3.5.2 Typeform
Our website uses the Typeform service from Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain ("Typeform"). Typeform is used to provide engaging forms and surveys through which we collect information about you, realize email notification sign-ups, or conduct surveys on specific topics. Mandatory fields have been marked accordingly. Once you press the submit button, your data will be transmitted to us and Typeform. Typeform uses scripts that access information on your end device, as well as cookies that are stored on your end device. Your data is stored on servers in the USA.
The following data is processed by Typeform:
IP address;
Your data entered in the form;
Technical information about your device, your browser, your operating system, and your selected language;
Access information about the accessed page, the previously visited page, and the time of the visit;
Usage data through the evaluation of information, particularly from cookies and scripts.
Typeform sets and reads the following cookies:
"AWSALBTG" (7 days) and "AWSALBTGCORS" (7 days): registers which server cluster serves the visitor. This is used in conjunction with load balancing to optimize user experience;
"ld:#:$diagnostics" (permanent): Monitoring website performance for statistical purposes;
"visitorId" (2 years): maintains user status across page requests.
"cookie_support" (for the duration of the session): saves your selection of whether you accept or reject analytical cookies.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the end device then occurs on the basis of the implementing laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. We have entered into a data processing agreement with Typeform. To the extent that Typeform engages processors with their registered office outside the EU or transfers or stores the data in third countries (such as the USA), Typeform has established adequate guarantees such as standard contractual clauses. Additionally, we also obtain your express consent in accordance with Art. 49 para. 1 lit. a GDPR for the transfer of your data to third countries. For more information, please refer to Typeform's privacy policy: https://admin.typeform.com/to/dwk6gt/.
4.5.1 HubSpot
Our website uses services from the provider HubSpot Ireland Limited located at 2nd Floor 30 North Wall Quay, Dublin 1, Ireland (“Hubspot”) to integrate cookies via "gstatic" or Google reCAPTCHA.
The following cookies are stored in local storage to distinguish between humans and robots:
“rc::d-15#” (permanent): Distinction between human and robot;
“rc::a” (permanent): Distinction between human and robot;
“rc::b” (for the duration of the session): Distinction between human and robot;
“rc::c” (for the duration of the session): Distinction between human and robot;
“rc::f” (permanent): Distinction between human and robot.
Furthermore, for more information about cookies, please refer to the HubSpot website: https://knowledge.hubspot.com/de/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser as well as to the Cloudflare site: https://support.cloudflare.com/hc/en-us/articles/200170156-Understanding-the-Cloudflare-Cookies.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the device occurs based on the implementation laws of the EU ePrivacy Directive member states, in Germany according to § 25 para. 1 TDDDG.
We have entered into a data processing agreement with HubSpot. Your personal data may also be transferred by HubSpot Ireland Limited to HubSpot Inc, Two Canal Park, Cambridge, MA 02141 in the USA. HubSpot Inc. has joined the EU-US Data Privacy Framework, thus the transfer in this case occurs on the basis of the adequacy decision for the USA in accordance with Art. 45 GDPR. Furthermore, we have entered into standard contractual clauses with HubSpot Inc. (Implementing Decision (EU) 2021/914, Module 2) in accordance with Art. 46 para. 2 lit. c GDPR.
For further information, please refer to HubSpot's privacy policy: https://legal.hubspot.com/privacy-policy.
4.5.2 Typeform
Our website uses the Typeform service provided by Typeform S.L., Carrer Bac de Roda, 163, 08018 Barcelona, Spain (“Typeform”). Typeform is used to provide engaging forms and surveys, through which we collect information about you, facilitate the registration for email notifications, or conduct surveys on specific topics. Mandatory fields have been marked accordingly. Once you press the submit button, your data will be transmitted to us and Typeform. Typeform uses scripts that access information on your device, as well as cookies that are stored on your device. Your data is stored on servers in the USA.
The following data is processed by Typeform:
IP address;
Your data entered in the form;
Technical information about your device, your browser, your operating system, and your selected language;
Access information about the page accessed, the previously visited page, and the time of the visit;
Usage data through the evaluation of information, particularly from cookies and scripts.
The following cookies are set and read by Typeform:
“AWSALBTG” (7 days) and “AWSALBTGCORS” (7 days): Registers which server cluster is serving the visitor. This is used in connection with load balancing to optimize the user experience;
“ld:#:$diagnostics” (permanent): Monitoring website performance for statistical purposes;
“visitorId” (2 years): Maintaining user status across page requests.
“cookie_support” (for the duration of the session): Storing your choice of whether to accept or reject analytical cookies.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information on the device takes place on the basis of the implementation laws of the ePrivacy Directive of EU member states, in Germany according to § 25 para. 1 TDDDG.
We have signed a data processing agreement with Typeform.
For more information, please refer to Typeform's privacy policy: https://admin.typeform.com/to/dwk6gt/.
4. Online presences on social networks
We maintain an online presence on social networks to communicate with customers and interested parties and to inform them about news from Bridgemaker.
5.1 Processing for advertising purposes by the providers of social networks
The data of the users is typically processed by the respective social networks for market research and advertising purposes. User profiles can thus be created based on the users' interests. For this purpose, cookies and other identifiers are stored on the users' computers. Based on these user profiles, advertisements are then displayed, for example, within the social networks as well as on third-party websites.
The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the privacy notices of the respective social network. Additionally, you can find further information on the respective data processing and the options for objection at the links below.
5.2 Processing for statistical purposes
As part of the operation of our online presences, there is the possibility that we can access information such as statistics on the use of our online presences provided by social networks. These statistics are aggregated and may include particularly demographic information (e.g. age, gender, region, country) and data on interaction with our online presences (e.g. likes, subscriptions, shares, viewing images and videos) and the posts and content disseminated through them. This can also provide insights into the interests of users and which content and topics are particularly relevant to them. We may also use this information to adapt the design and our activities and content on the online presence and optimise it for our audience. Please refer to the list below for details and links to the data from the social networks that we, as operators of the online presences, can access. The collection and use of these statistics are generally subject to shared responsibility. Where this applies, the corresponding contract is listed below.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information of users and communication with users, or Art. 6 para. 1 lit. b GDPR, to stay in contact with our customers and inform them as well as to carry out pre-contractual measures with potential customers and interested parties.
5.3 Access to publicly available information
If you have an account with the social network, it is possible that we can view your publicly available information (e.g. your username) and media (e.g. images and videos) when we visit your profile. Furthermore, the social network may allow us to get in touch with you. This can occur, for example, via direct messages or through posted contributions. The content communication via the social network and the processing of the content data is the responsibility of the social network as a messaging and platform service. For this processing, we refer to the privacy notices of the respective social network.
5.4 Processing of publicly available information
As soon as we take over or further process personal data from you into our own systems, we are independently responsible for that. The processing then takes place to carry out pre-contractual measures and to fulfil a contract in accordance with Article 6(1)(b) GDPR or to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR, in order to contact customers.
5.5 Data Protection Rights
We would like to point out that data protection inquiries can be most efficiently made to the respective provider of the social network, as only these providers have access to the data and can take appropriate actions directly.
5.6 Used Online Presences
Below is a list of information about the social networks on which we operate an online presence:
Facebook (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
Operation of the Facebook fan page in joint responsibility based on an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the Controller): https://www.facebook.com/legal/terms/page_controller_addendum
Information about the processed Page Insights data and contact options in case of data protection inquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
Privacy policy: https://www.facebook.com/privacy/policy/
Instagram (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
Instagram Business Account based on an agreement on joint processing of personal data (so-called Page Insights Supplement regarding the Controller): https://www.facebook.com/legal/terms/page_controller_addendum
Information about the processed Page Insights data and contact options in case of data protection inquiries: https://www.facebook.com/legal/terms/information_about_page_insights_data
Privacy policy: https://privacycenter.instagram.com/policy/
Opt-Out (Statement): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE
Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy policy: https://policies.google.com/privacy
Opt-Out (Statement): https://www.google.com/settings/ads.
X (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland)
Privacy policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization.
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Operation of the LinkedIn company page in joint responsibility based on an agreement on the joint processing of personal data (so-called Page Insights Joint Controller Addendum): https://legal.linkedin.com/pages-joint-controller-addendum
Information about the processed Page Insights data and contact options in case of data protection inquiries: https://legal.linkedin.com/pages-joint-controller-addendum
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Xing/Kununu (New Work SE, Am Strandkai 1, 20457 Hamburg)
Privacy policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
5. Sharing of data
Data that we collect will generally only be shared if:
You have given your explicit consent in accordance with Article 6(1)(a) of the GDPR,
the sharing is necessary for the assertion, exercise or defence of legal claims in accordance with Article 6(1)(f) of the GDPR and there is no reason to assume that you have an overriding legitimate interest in not sharing your data,
we are legally obliged to share under Article 6(1)(c) of the GDPR, particularly if this is required due to official requests, court orders and legal proceedings for enforcement, or
it is legally permissible and necessary for the performance of contractual relationships with you or for the execution of pre-contractual measures that are carried out at your request in accordance with Article 6(1)(b) of the GDPR.
Some data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include in particular data centres that host our website and databases, software providers, IT service providers that maintain our systems, agencies, market research firms, group companies, and consulting firms. If we share data with our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and contracted by us. They are contractually bound to our instructions, have appropriate technical and organisational measures to protect the rights of the data subjects, and are regularly monitored by us. A current list of the service providers we use includes Slicemedia and Magic Design. Furthermore, data may be shared in connection with official requests, court orders, and legal proceedings when it is necessary for enforcement purposes.
6. Data transmission to third countries
As explained in this privacy policy, we use services whose providers are partially located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, meaning countries whose level of data protection does not match that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. This includes, among other things, the standard contractual clauses of the European Union or binding internal data protection regulations. Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, particularly your explicit consent or the necessity of the transfer for the performance of a contract or for conducting pre-contractual measures. If a transfer to a third country is planned and no adequacy decision or suitable guarantees are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transmitted data in order to collect and analyze it, and that enforcement of your rights as a data subject cannot be guaranteed. When obtaining your consent through the cookie banner, you will also be informed about this. If your personal data is transferred to a company in the USA that is currently certified under the EU-U.S. Data Privacy Framework of June 10, 2023, the transfer will take place in this case based on the adequacy decision for the USA according to Art. 45 GDPR.
7. Retention period
In principle, we only store personal data for as long as is necessary to fulfil the purposes for which we collected the data. After that, we delete the data immediately, unless we still need the data until the expiry of the statutory limitation period for evidential purposes for civil claims or due to legal retention obligations. For evidential purposes, we will retain contract data for three years from the end of the year in which our business relationship with you ends. Any claims become time-barred after the statutory limitation period at the earliest at this point. Even after that, we may still have to keep your data for accounting reasons. We are obliged to do so due to statutory documentation requirements, which may arise from the Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act, and the Securities Trading Act. The stipulated retention periods for documents range from two to ten years.
8. Your rights, in particular the right of withdrawal and objection
9.1 Overview of Your Rights
You have the right to the rights of data subjects as specified in Articles 7 (3), 15 – 21, and 77 of the GDPR whenever the relevant legal requirements are met:
Right to withdraw your consent (Art. 7 (3) GDPR);
Right to object to the processing of your personal data (Art. 21 GDPR);
Right to access your personal data processed by us (Art. 15 GDPR);
Right to rectification of your incorrectly stored personal data with us (Art. 16 GDPR);
Right to erasure of your personal data (Art. 17 GDPR);
Right to restriction of processing your personal data (Art. 18 GDPR);
Right to notification of recipients upon request (Art. 19 (2) GDPR);
Right to data portability of your personal data (Art. 20 GDPR);
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
To assert your rights described here, you can contact the above-mentioned contact details at any time. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. If the relevant legal requirements are met, we will respond to your data protection request.
Your inquiries regarding the assertion of data protection rights and our responses will be retained for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise, or defense of legal claims even beyond that. The legal basis is Article 6 (1) (f) GDPR, based on our interest in defending against any civil law claims under Article 82 GDPR, avoiding fines under Article 83 GDPR, and fulfilling our accountability obligations under Article 5 (2) GDPR.
9.2 Right of Withdrawal and Objection
Right of Withdrawal (Art. 7 para. 3 GDPR)
You have the right to revoke any consent you have given pursuant to Art. 6 para. 1 lit. a GDPR at any time. This means that we will no longer continue processing the data that was based on this consent in the future. The revocation of consent does not affect the lawfulness of processing based on the consent prior to the revocation.
Right to Object (Art. 21 GDPR)
General Right to Object: Insofar as we process your data on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interests) or Art. 6 para. 1 lit. e GDPR, you may object to the processing at any time on grounds relating to your particular situation.
Objection to Direct Marketing: Insofar as we process your data for the purposes of direct marketing, you may object to the processing at any time without providing any reasons.
Assertion of Your Rights
If you wish to exercise your right of withdrawal or objection, it is sufficient to send an informal notification to the contact details provided above.
9.3 Right of complaint
You have the right to complain to a data protection supervisory authority (Art. 77 GDPR). You can exercise this right, for example, with a supervisory authority in the member state of your residence, your workplace, or the place of the alleged violation. In Berlin, where our office is located, the competent supervisory authority is: Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.
10. Changes to the Privacy Policy
We occasionally update this privacy policy, for example, when we adjust our website or when legal or regulatory requirements change.
Version: 3.0 / Status: February 2025