Privacy policy

Welcome to our website and thank you for your interest in our company.  

In connection with your visit to our website, the confidentiality and integrity of your personal data, i.e. information, which is related to an identified or identifiable natural person, is very important to us and we set great store by the trustful business relationship with our customers and interested parties. 

To a degree, we require personal data in order to perform our services. It is not our aim to collect, process or use personal data beyond the degree necessary. In particular, we do not sell data to third parties.

With this data protection note, we wish to give you as a visitor to our website, a customer or user, an overview about when we collect and process personal data, when we disclose such data to third parties for a specific purpose and how we use personal data. 

We shall be happy to answer further questions you may have about data protection. Please use our contact details below in section 1 for this purpose. 

I. Name and contact data of the data controller responsible for the processing 

Data controller within the meaning of the General Data Protection Regulation and other national laws as well as other data protection regulations is

Gabrielenstrasse 9 
80636 Munich
Phone: +49 89 490 411-0
Data Protection Representative: Stefan Henschel

II. General information about data processing

1. Processing of personal data 
We generally process personal data of our users only to the extent that we require these data to provide a functional website (Internet page) as well as our content and services. As a rule, personal data are only processed after the user has given his consent. An exception to this are cases in which it is not possible to obtain prior consent for factual reasons, and when processing of the data is necessary or permitted in accordance with statutory requirements. 

2. Purpose of processing and type of processed data
Data are processed in order to make our website available online with its functions, content and services. We want your visit to our website to be as pleasant and convenient as possible. You should have the opportunity of getting an overview about us and our range of services and of being able to communicate with us. We want to be able to answer your queries and maintain contact with you. To this end, the data serve to optimize our website and the convenience while you are using it. The data also serve to ensure the functional efficiency of our website and to ensure the security of our information technology systems and their stability. To achieve and fulfil these goals, we collect the required data for this purpose. Apart from user and communication data, which are automatically recorded by our system, these are also contact data such as email addresses to the extent you wish to disclose these data to us voluntarily.

3. Legal basis for the processing of personal data
When we seek to obtain the consent of the data subject for the processing procedure of personal data, the legal basis for this is Art. 6 (1) lit. a) EU General Data Protection Regulation (GDPR). 

Insofar as the processing of personal data is required for fulfilling an agreement with the data subject, the legal basis is Art. 6 (1) lit. b) GDPR. This also applies for processing procedures necessary to carry out pre-contractual measures, as well as to respond to inquiries.

Art. 6 (1) lit. c) GDPR serves as the legal basis for processing personal data required to fulfil a legal obligation of our company. 

Art. 6 (1) lit. d) GDPR serves as the legal basis if the vital interests of the data subject or of another natural person make it necessary to process personal data. 

Art. 6 (1) lit. f) GDPR serves as the legal basis for processing data if this is required to protect a legitimate interest of our company or a third party, and if such legitimate interest overrides the interests and fundamental rights and freedoms of the data subject.

4. Storage period and erasure of data 
As soon as the purpose for the storage no longer exists, personal data of the data subject shall be erased or blocked. If we as data controllers are subject to legal provisions and other regulations which stipulate such, storage of data may be required beyond this point. Erasure or blocking of data shall also take place if a legally prescribed storage period and one that applies to us expires, unless further storage is necessary to conclude or fulfil an agreement.  

5. Order processing and disclosure of data to third parties  
We only grant to others such as order processors or other third parties access to personal data based on legal permission (e.g. if you have given your consent, if a legal obligation exists, if such obligation is necessary to fulfil a contract, or a legitimate interest exists, such as laid down in Art. 6 (1) lit. f) GDPR, e.g. when using web hosts for secure provisioning of our website). 

If we engage third parties to process personal data, this shall take place based on an order processing agreement on the basis of Art. 28 GDPR. 

In addition, we advise you within the scope of the following information:

III. Website – Provision and server log files

1. Type and extent of data processing: 
When visiting or logging in to our website, data will automatically be sent to us or our hosting providers from your terminal or its browser to ensure stable and secure functioning of our website; this information will be stored temporarily in what are known as server log files. Amongst other things, the following information will be stored in these server log files: the operating system of your device, type and version of your Internet browser, the website from which you accessed our website, our website and the subpages which you visit, time of each access, and the IP address of the device you use or the Internet connection from which the use of our website takes place. 
Storage of these data together with other personal data or merging of these data with data from other sources shall not take place in this respect. 

2. Purpose of data processing 
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. Temporary storage of data in log files takes place to ensure the functionality of our website and to ensure the safety of our information technology systems and their stability, as well as to detect or trace abuse or fraudulent activities as the case may be. An evaluation of the data for marketing purposes does not take place in this context. 

3. Legal basis for data processing
The legal basis for the processing and temporary storage of data and log files is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in securing and improving the functionality and security of our website and arises from the above-mentioned purposes for data processing. 

4. Storage duration
As soon as the data are no longer required for fulfilling the purpose they were collected for, they will be erased. When storing data in log files, the data will be stored for a period of 7 days due to security reasons. After this, they will be erased. If storage should be necessary in individual cases beyond this period for purposes of clarifying cases of abuse or fraudulent activities, the data will be erased following clarification of the relevant issues or incident.  

IV. Newsletter

You shall receive our newsletter only if you have agreed to this or where legal permission exists. We shall inform you about the content described in our newsletter when you have registered. Otherwise, our newsletters contain information about us, our services and our projects, we issue invitations and give tips about events, and we inform you about topics related to marketing, brands and design. 

1. Registration process, data processing

If you would like to receive our newsletter as offered on our website, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you consent to receiving the newsletter. To this end, your consent will be obtained in the course of the registration process and reference will be made to further information in this data protection statement. Following registration you will receive an email requesting confirmation of successful registration. In this way, abusive use of your email address is to be prevented. The registration process will be recorded and together with the time and confirmation of registration, the IP address of the requesting computer shall be stored so that you are able to furnish proof of your registration and consent in accordance with the legal requirements. We do not require any further data and they will not be collected. We only use this data to send the newsletter and do not pass them on to third parties.

2. Purpose of data processing, legal basis and duration of storage 

The email address will be required in order to send the newsletter. The processing of data when and after registering to receive the newsletter and the evaluation related to the sending take place when consent has been given based on your consent pursuant to Art. 6 (1) lit. a) GDPR. Provided there is no necessity for consent, the sending will take place based on Art. 6 lit. f) GDPR and our legitimate interest in implementing marketing measures.  A logging of the procedure based on the registration shall take place pursuant to Art. 6 (1) lit. f) GDPR with our legitimate interest in a secure and user-friendly procedure of sending the newsletter, linked with the possibility of providing proof of consent. Data collected will be erased as soon as they are no longer required for achieving the purpose for which they were collected. The data collected in the course of registration such as the email address, the time and confirmation of registration, IP address, may be stored for up to three years after you cancel our newsletter and revoke the consent needed for the newsletter, so that the consent required up to the time of its revocation can be proven. 

3. Cancellation, revocation

You may cancel the receipt of our newsletter at any time and thus revoke the consent granted for the storage of data, the email address, as well as its use for sending the newsletter, for example via an appropriate link, which you will find in each newsletter or simply by writing an informal email. The lawfulness of the processing based on the consent you have given shall remain unaffected up to the time your revocation is received. 

4. Sending the newsletter via CleverReach

In order to implement the sending of the newsletter we use the service provider we have commissioned: CleverReach (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany). You may view the data protection regulations of CleverReach at:… . The commissioning of CleverReach is based on an order processing agreement (Art. 28 (3) p. 1 GDPR) and on the basis of Art. 6 (1) lit. f) GDPR. Our legitimate interest ensues from the purpose of the commission, with regard to the safeguarding of the operations linked with the technical handling and organization made possible by such commission. 

CleverReach is able to use the data of registered newsletter recipients to improve and optimize its own services, e.g. the display of each newsletter, the optimization of the sending or also for statistical purposes. This takes place pseudonymized, i.e. without a correlation to a newsletter recipient. CleverReach does not use the data to address recipients of our newsletter or to disclose to third parties. 

Our newsletter sent by CleverReach enables us to evaluate the behavior of the newsletter recipients.  In doing so, an analysis can be made as to how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. This analysis via tracking pixels takes place separately for each newsletter. This analysis also takes place based on your consent pursuant to Art. 6 (1) lit a) GDPR and our legitimate interest in optimizing the content of our newsletter within the meaning of Art. 6 (1) lit. f) GDPR.  

We do not employ other analysis procedures (e.g. conversion tracking) made possible by CleverReach. You will find further information about data analysis in the CleverReach newsletter at:…;
If you do not agree to an analysis, we request you to refrain from subscribing to the newsletter or to cancel the newsletter (please see clause 4 below for more details).

V. Applications / “Join us”

If you would like to submit your application for a job, we ask that you use the option provided on our website. A service provider, Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany, currently processes these materials for us in line with all applicable laws. This simplifies the handling for us and ensures that only the employees responsible for handling applications have access to and can view these corresponding documents. 
If you access the “Join us” page on our website, you will automatically go to the careers and application portal operated for us by our service provider. The service provider uses cookies on this portal, and you can find more information about them under our Cookie information. When you call up this careers and application portal, please note the specific data privacy information provided here. 

If we receive unsolicited applications or ones for an advertised position, these data will be deleted no later than six months once the application process has been completed, provided there is no other reason to continue saving this information, which could be the case if the candidate is hired, for example. The legal basis for processing data for the purposes of employment, in the context of a decision regarding the grounds for employment, for its implementation or termination, is § 26 BDSG (German Federal Data Protection Act). If you provide your consent, Art. 6 (1) lit. a GDPR also applies, as well as Art 6 (1) lit. f GDPR to safeguard our legitimate interests or those of a third party.

With your express consent, we can also retain your corresponding data beyond the specific job application or once it has been closed. In this case, your data would be included in our “pool of candidates” and saved indefinitely, provided you do not object to this storage or revoke your consent. If we have job openings or intend to hire in the following two years, we would initially look at the applicants in our “pool of applicants”. Even if you provide your consent and do not revoke it, we would delete the data after three years. This period of time starts at the end of the calendar year in which you have submitted your data. We will not delete any data if there is a need for us to retain it, e.g. if you enter into an employment relationship with us.

VI. Cookies

We do not use cookies.

VII. Social media plugins and external links

When visiting our website, we dispense with the use of social media plugins, which may be associated under certain circumstances with direct transfer of data.
In some cases, we offer you the possibility on our website of getting to the relevant pages via an external link.

At the same time, we would like to point out that, as is the usual case, you will reach an external website using a link and we have no influence on when or which data are collected on the external website. You will receive information about this from the relevant website operator on its website.  

VIII. Rights of the data subject

You have the following rights vis-à-vis the data controller with respect to the personal data that concerns you:

  • Right of access to information pursuant to Art. 15 GDPR; 
  • Right to rectification pursuant to Art. 16 GDPR;
  • Right to rectification and erasure pursuant to Art. 17 GDPR;
  • Right to restriction of processing pursuant to Art. 18 GDPR;
  • Right to object to the collection, processing and/or use pursuant to Art. 21 GDPR;
  • Right to data portability pursuant to Art. 20 GDPR

If the processing of your personal data takes places based on your consent (Art. 6 (1) lit. a) GDPR), you may withdraw your consent for the relevant purpose at any time. The lawfulness of the processing based on the consent you have given shall remain unaffected up to the time your revocation is received.

IX. Security 

We use SSL (Secure Socket Layer) encryption technology or the TLS procedure (Transport Layer Security) to increase the security and protection when transferring confidential content on our website.  You may see in the closed display of the key and/or lock symbol on the status bar of your browser whether a single page of our website is transferred encoded. Aside from this, we use appropriate technical and organizational security measures to protect your data from incidental or deliberate loss or destruction (in part or in whole) and against unauthorized access by third parties. Our security measures shall be continuously improved in line with technological progress. One hundred percent protection against unauthorized access is not achievable for transfers via the Internet or via websites or emails, but we try to guarantee the relevant protection within the scope of what is technically possible and at reasonable effort and expense.

X Amendments to this data protection notice 

Through the further development of our website and offers or due to changes in statutory and official requirements, it may become necessary to amend or supplement this data protection information. You are able to access the current data protection information on our website at all times at https:/ and print it out. This current data protection statement applies as of May 2021.