Privacy Policy

Note on Translation: In case of discrepancies between the German and English versions of this Privacy Policy, the German version shall prevail.

On this page

Preamble

As an implementation partner for critical and highly complex enterprise software, the professional, day-to-day handling of highly sensitive business and personal data is deeply embedded in the DNA of sophisTex GmbH.

Drawing on our core expertise, we understand the immense value of data and the critical need to protect it. For us, data protection is not merely a box-ticking exercise; it is a fundamental mark of quality and an expression of respect toward our customers, partners, and website visitors. This deep commitment to data security and confidentiality is consistently reflected across all our online services.

Therefore, we deliberately avoid unnecessary tracking and excessive data collection on our website. We only collect data that is technically essential or for which you have given your explicit consent.

We believe that communicating openly about how we protect your data is just as important as the protection itself. For this reason, the following privacy policy provides a clear, honest, and transparent overview of the data processing activities on this website.

Introduction

We have prepared this privacy policy to explain how we—as the Controller—and the Processors we commission (e.g., service providers) handle your personal data now and in the future, in accordance with the General Data Protection Regulation (EU) 2016/679  (GDPR) and applicable national laws. It also outlines the legal rights available to you. All terms used in this document are intended to be gender-neutral.
In short: We provide comprehensive information regarding the personal data we process.

Privacy policies are often highly technical and laden with legal jargon. In contrast, this document aims to present the essential information as simply and transparently as possible. Where helpful for transparency, we explain technical terms in plain language and provide links to further reading. Our goal is to state clearly and simply that we only process personal data in the course of our business operations when there is a valid legal basis. This level of clarity cannot be achieved using the brief, vague, and highly legalistic language that is unfortunately standard across much of the internet when dealing with privacy. We hope you find the following explanations informative and perhaps even discover something new.

Should you have any remaining questions, please do not hesitate to contact the responsible entity listed below or in our legal notice, explore the provided links, and consult the referenced third-party information. You will, of course, also find our contact details in the legal notice.

Scope of Application

This privacy policy applies to all personal data processed by us through our online services, as well as to data processed by third-party companies (Processors) acting on our behalf. By personal data, we refer to information as defined in Article 4(1) of the GDPR. In the context of this website, this primarily includes technical data such as your IP address or device information, as well as data like your name or email address if you choose to contact us. Processing this data is necessary to ensure our website is secure, high-performing, and user-friendly, and to allow us to respond to your inquiries. The scope of this privacy policy includes:

  • All online platforms (websites) operated by us
  • Our social media presences and email communications

In short: This privacy policy covers all areas where our company systematically processes personal data through the aforementioned channels. If we enter into legal relationships with you outside of these channels, we will provide separate notice as required.

Throughout this privacy policy, we aim to provide transparent information regarding the legal principles and regulations—specifically the legal bases under the General Data Protection Regulation (GDPR)—that permit us to process personal data.
Under EU law, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016. You can read the full text of the EU General Data Protection Regulation online via EUR-Lex at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679  .

We only process your data if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have explicitly consented to the processing of your data for a specific purpose. Storing data submitted via a contact form is a common example.
  2. Contract (Article 6(1)(b) GDPR): We process your data to fulfill a contract or pre-contractual obligations. For instance, before concluding a business agreement, we require certain personal information.
  3. Legal Obligation (Article 6(1)(c) GDPR): We process your data when legally required to do so. For example, we must retain invoices containing personal data to comply with accounting laws.
  4. Legitimate Interests (Article 6(1)(f) GDPR): We may process personal data based on our legitimate interests, provided these do not override your fundamental rights. Operating our website securely and efficiently constitutes such an interest.

Other conditions, such as tasks carried out in the public interest, the exercise of official authority, or the protection of vital interests, generally do not apply to our operations. Should such a legal basis nevertheless become relevant, it will be indicated accordingly.

In addition to EU regulations, national laws also apply:

  • In Austria, this is the Federal Act concerning the Protection of Personal Data (Datenschutzgesetz or DSG).
  • In Germany, the Federal Data Protection Act (BDSG) applies.

If other regional or national laws apply, we will inform you about them in the relevant sections below.

Contact Details of the Controller

If you have questions about data protection or the processing of your personal data, you can find the contact details of the Controller (as defined in Article 4(7) GDPR) below:

sophisTex GmbH
Tobias Hochgesandt (Managing Director)
Zeppelinstraße 5
68782 Brühl
Germany
Email: contact (at) sophistex.com
Phone: +49 6202-578154-0

Retention Period

As a general rule, we only store personal data for as long as is absolutely necessary to provide our services and products. This means we delete personal data once the original reason for processing it no longer exists. In some cases, however, we are legally required to retain certain data even after the original purpose has been fulfilled—for example, for accounting and tax purposes.

If you request the deletion of your data or revoke your consent to data processing, your data will be deleted as quickly as possible, provided there are no overriding legal retention obligations.

We will provide more specific information regarding the duration of particular data processing activities further below, where applicable.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 of the GDPR, we hereby inform you of the rights you possess to ensure fair and transparent data processing:

  • Under Article 15 GDPR, you have the right to obtain access to the personal data we process about you. If we process your data, you are entitled to receive a copy of it and to learn the following details:
    • the purpose of the processing;
    • the categories of data being processed;
    • who receives this data and, if transferred to third countries, how security is guaranteed;
    • the intended storage duration;
    • the existence of your rights to rectification, erasure, or restriction of processing, as well as the right to object;
    • your right to lodge a complaint with a supervisory authority (links provided below);
    • the source of the data, if not collected directly from you;
    • whether automated decision-making or profiling is utilized.
  • Under Article 16 GDPR, you have the right to rectification, meaning we must correct your data if you discover inaccuracies.
  • Under Article 17 GDPR, you have the right to erasure (“right to be forgotten”), allowing you to request the deletion of your data.
  • Under Article 18 GDPR, you have the right to restriction of processing, meaning we may only store your data but not actively use it.
  • Under Article 20 GDPR, you have the right to data portability, entitling you to receive your data in a commonly used format upon request.
  • Under Article 21 GDPR, you have the right to object to processing, which, if exercised, forces a change in how we handle your data.
    • If processing is based on Article 6(1)(e) (public interest) or Article 6(1)(f) (legitimate interest), you may object. We will then promptly determine if we can legally comply with your objection.
    • If your data is used for direct marketing, you can object at any time. We will immediately cease using your data for this purpose.
    • If your data is used for profiling, you can object at any time, and we must halt this processing.
  • Under Article 22 GDPR, you have the right not to be subject to a decision based solely on automated processing (such as profiling) that significantly affects you.
  • Under Article 77 GDPR, you have the right to lodge a complaint with a data protection supervisory authority at any time if you believe our processing violates the GDPR.

In short: You have robust rights—please do not hesitate to contact our responsible team listed above!

If you believe that the processing of your data violates data protection laws or that your privacy rights have been infringed in any way, you can file a complaint with the relevant supervisory authority. In Austria, this is the Data Protection Authority (https://www.dsb.gv.at/  ). In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI)  . The local data protection authority responsible for our company is:

Baden-Württemberg Data Protection Authority

State Commissioner for Data Protection: Prof. Dr. Tobias Keber
Address: Lautenschlagerstraße 20, 70173 Stuttgart, Germany
Phone: +49 711 / 61 55 41-0
Email: poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de/ 

Data Transfer to Third Countries

We only transfer or process data in countries outside the jurisdictional scope of the GDPR (third countries) if you consent to this processing or if another legal justification applies. This occurs particularly when processing is legally mandated or essential for fulfilling a contractual relationship, and only insofar as it is generally permitted. In most instances, your consent is the primary reason we allow data processing in third countries. Utilizing services from third countries like the USA—where many software providers maintain their servers—may entail personal data being processed and stored in unforeseen ways.

We explicitly point out that, according to the European Court of Justice, an adequate level of data protection for transfers to the USA is only guaranteed if the US-based company processing the data of EU citizens actively participates in the EU-US Data Privacy Framework. Further information on this can be found here: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf\_en 

Data processing by US services that do not actively participate in the EU-US Data Privacy Framework could result in data not being processed or stored anonymously. Furthermore, US government authorities may have the capability to access individual data. It is also possible that collected data could be linked to information from other services offered by the same provider if you hold a corresponding user account. Whenever possible and offered, we strive to utilize server locations within the EU.
Where applicable, we will provide more specific details regarding third-country data transfers in the relevant sections of this privacy policy.

Security of Data Processing

To safeguard personal data, we have implemented rigorous technical and organizational measures. Where feasible, we encrypt or pseudonymize personal data, making it as difficult as possible for third parties to deduce personal information from the data we hold.

Article 25 of the GDPR emphasizes “data protection by design and by default,” meaning that security and appropriate protective measures must be an integral consideration for both software (e.g., web forms) and hardware (e.g., physical server access). Where necessary, we will detail specific security measures in the sections below.

TLS Encryption with HTTPS

While TLS, encryption, and HTTPS may sound highly technical, they serve a vital purpose. We utilize HTTPS (Hypertext Transfer Protocol Secure) to securely transmit data across the internet, shielding it from interception.
This ensures that the entire transmission of data from your browser to our web server is secure and completely protected against “eavesdropping.”

By implementing this, we add a crucial layer of security, fulfilling our obligation of data protection by design (Article 25 Paragraph 1 GDPR  ). The use of TLS (Transport Layer Security)—a standard encryption protocol for secure internet data transmission—allows us to guarantee the confidentiality of your data.
You can identify this secure connection by the small padlock symbol located in the top-left corner of your browser, next to our web address, and by the “https” prefix (instead of “http”) in the URL.
For further information on encryption, we recommend searching online for “Hypertext Transfer Protocol Secure wiki.”

Communication

Communication Summary

  • Data Subjects: Anyone communicating with us via phone, email, or online form
  • Processed Data: e.g., phone numbers, names, email addresses, and submitted form data. Further details are provided under the respective communication method.
  • Purpose: Facilitating communication with customers, business partners, and other parties.
  • Retention Period: For the duration of the business transaction and as required by legal obligations.
  • Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)

If you contact us and communicate via phone, email, or an online form, personal data may be processed.

This data is processed exclusively to handle and address your inquiry and the related business transaction. The data is retained for the duration of this process or as dictated by statutory retention periods.

Data Subjects

These processes affect all individuals who initiate contact with us through our provided communication channels.

Phone

When you call us, call data is stored pseudonymously on the respective device and by our telecommunications provider. Additionally, details such as your name and phone number may subsequently be sent via email and stored to fulfill your request. This data will be deleted once the business matter is concluded, provided legal regulations allow for its deletion.

Email

When communicating with us via email, data may be stored on the respective end devices (computers, laptops, smartphones) as well as on our email server. This data will be deleted once the business matter is concluded, provided legal regulations allow for its deletion.

Online Forms

If you use our online form to contact us, the submitted data is stored on our web server and may be forwarded to our internal email addresses. This data will be deleted once the business matter is concluded, provided legal regulations allow for its deletion.

The processing of communication data relies on the following legal bases:

  • Art. 6(1)(a) GDPR (Consent): You grant us permission to store your data and use it for purposes related to the business transaction.
  • Art. 6(1)(b) GDPR (Contract): Processing is necessary to fulfill a contract with you or a Processor (e.g., a telecom provider), or to carry out pre-contractual steps, such as preparing a quotation.
  • Art. 6(1)(f) GDPR (Legitimate Interests): We have a legitimate interest in managing customer inquiries and business communications professionally. Utilizing technical infrastructure—such as email clients, Exchange servers, and mobile networks—is essential to ensuring this communication is efficient and effective.

Data Processing Agreement (DPA)

In this section, we explain what a Data Processing Agreement is and why it is necessary. Since “Data Processing Agreement” is quite lengthy, we often use the acronym DPA. Like most organizations, we do not operate entirely alone; we utilize services from other companies and individuals. By involving external service providers, we may need to share personal data for processing. These partners act as Processors, with whom we establish a binding contract known as a Data Processing Agreement (DPA). The critical takeaway for you is that any processing of your personal data by our partners is conducted strictly according to our instructions and is rigorously governed by the DPA.

Who are Processors?

As the company operating this website, we are the Controller responsible for all the data we process from you. Alongside Controllers, the GDPR defines “Processors.” This refers to any company or individual that processes personal data on our behalf. More precisely, under the GDPR: any natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller is considered a Processor. Consequently, Processors include service providers such as web hosting companies, cloud providers, payment gateways, newsletter services, or large tech firms like Google or Microsoft.

To clarify these terms, here is a breakdown of the three key roles under the GDPR:

Data Subject (you, as a customer or interested party) → Controller (us, the company directing the processing) → Processor (the service provider, e.g., web host or cloud provider)

Content of a Data Processing Agreement

As noted, we have established DPAs with all partners acting as our Processors. The core function of this agreement is to legally bind the Processor to handle data strictly in accordance with the GDPR. The contract must be formalized in writing, though an electronic agreement is also legally considered “written.” Processing of personal data by a third party only commences once this contract is in place. A DPA must outline the following:

  • The Processor’s binding obligation to us as the Controller
  • The rights and responsibilities of the Controller
  • The categories of data subjects involved
  • The types of personal data being processed
  • The nature and purpose of the data processing
  • The subject matter and exact duration of the processing
  • The physical location where the processing occurs

Furthermore, the DPA details the obligations of the Processor, the most crucial being:

  • Implementing robust data security measures
  • Establishing technical and organizational measures to protect the rights of data subjects
  • Maintaining a comprehensive record of processing activities
  • Cooperating fully with data protection supervisory authorities upon request
  • Conducting risk assessments concerning the received personal data
  • Engaging Sub-processors only with the explicit, written approval of the Controller

To view an example of a standard DPA, you may refer to the sample contract provided here: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-mustervertrag-auftragsverarbeitung.html  .

Our website includes links to external third-party websites to provide you with additional information or useful references. To ensure complete transparency, we visually indicate these external links using a specific icon (e.g., a small arrow symbol).

As long as you remain on our website and do not click an external link, no automated data transfer to the linked third-party website occurs.

You only leave our website when you actively choose to click and follow an external link. At the moment you click, it is a technical necessity that your IP address is transmitted to the server of the linked website (the third-party provider); otherwise, your browser would be unable to load the destination page. Additionally, depending on your browser’s configuration, other technical metadata (such as your browser type, operating system, or the page you visited previously, known as the “referrer”) may also be sent to the third-party provider.

Once you click the external link and are redirected to the third-party site, the responsibility for data protection shifts entirely to the operator of that destination page. We exercise no control over how your data (including your IP address) is processed, stored, or potentially shared with other parties on these external sites. We encourage you to consult the privacy policy of the respective provider to understand how they handle your data.

Providing these external links—and the technically mandatory redirection that accompanies them—is based on our legitimate interest (Art. 6(1)(f) GDPR) in offering our users a comprehensive range of information and valuable resources. Choosing to follow these links is always entirely voluntary on your part.

Cookies

Cookies Summary

  • Data Subjects: Website visitors
  • Purpose: Integrating external content (e.g., videos) following explicit consent
  • Processed Data: Varies depending on the specific third-party cookie.
  • Retention Period: Varies depending on the specific third-party cookie.
  • Legal Bases: Art. 6(1)(a) GDPR (Consent)

No First-Party Cookies

Our goal is to make your visit to our website as privacy-friendly as possible. Therefore, we utilize absolutely no first-party cookies on our website (these are cookies set directly by us that would normally manage basic website functionalities).

Third-Party Cookies and External Services

We utilize interfaces to integrate external services, such as videos hosted on the Vimeo platform. These external services may deploy cookies to facilitate certain functionalities or to analyze user behavior.

Before any of this external content is loaded (for example, before a Vimeo video can play), our website will explicitly request your consent to load that specific material. A connection to the external service is established—and potential cookies from that third party set on your device—only after you actively grant this consent. Without your explicit approval, these external services remain blocked, and no associated cookies are deployed.

Because our website does not set any cookies by default during a standard visit, there is no requirement to display a traditional, intrusive “cookie banner” requesting broad consent the moment you arrive. You retain total control over your privacy, deciding to release data only at the specific moment you choose to engage with an external service (like watching a video).

If you wish to view which cookies are currently stored in your browser or delete them, you can easily manage this within your browser settings:

Web Hosting Introduction

Web Hosting Summary

  • Data Subjects: Website visitors
  • Purpose: Professional website hosting and operational security
  • Processed Data: IP address, time of visit, browser details, and other technical metadata. More specifics are available below and from the respective hosting provider.
  • Retention Period: Dependent on the provider, but typically two weeks.
  • Legal Bases: Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

Whenever you visit a website today, certain pieces of information—including personal data—are automatically generated and logged. This website is no exception. This data must be processed as minimally as possible and only with proper justification. For clarity, when we say “website,” we refer to the entirety of all pages on a domain, from the homepage down to the deepest subpage. “Domain” refers to addresses like example.com or sample.de.

To view a website on your device (computer, tablet, or smartphone), you use an application called a web browser (such as Google Chrome, Microsoft Edge, Mozilla Firefox, or Apple Safari).

To display a webpage, your browser must connect to another computer that stores the website’s code: the web server. Operating a web server is highly complex, which is why organizations typically rely on professional hosting providers. These providers ensure that website data is stored reliably and securely. We understand this involves a lot of technical jargon, but bear with us!

During the connection process between your browser and the web server, personal data is inherently processed. Your device must store certain temporary data, and the web server must briefly log data to guarantee a stable connection and proper operation.

Why Do We Process Personal Data?

The core purposes of this data processing are:

  1. Providing professional, reliable hosting for the website
  2. Maintaining high levels of operational and IT security
  3. Conducting anonymous analyses of access patterns to improve our services, and, if necessary, to assist in law enforcement or defend against legal claims

Which Data is Processed?

As you browse our website right now, our web server (the computer hosting this site) automatically logs data into files known as web server log files. This data typically includes:

  • The complete web address (URL) of the specific page you are viewing
  • Your browser type and version (e.g., Chrome 87)
  • Your operating system (e.g., Windows 10)
  • The address of the webpage you visited immediately prior to ours (the referrer URL) (e.g., https://www.example-source-site.com/from-there-i-came/  )
  • The hostname and IP address of your device (e.g., COMPUTERNAME and 194.23.43.121)
  • The exact date and time of your visit

How Long is Data Stored?

Standard protocol dictates that this log data is stored for two weeks before being automatically purged. We do not share this data with third parties; however, in cases involving illegal activity, we cannot rule out the possibility that law enforcement authorities may review these logs.

In short: Your visit is logged by our hosting provider to ensure the site runs properly, but we never distribute your data without your explicit consent!

Processing personal data in the context of web hosting is lawful under Art. 6(1)(f) GDPR (protection of legitimate interests). Utilizing a professional hosting provider is essential to maintain a secure, fast, and user-friendly online presence, and it allows us to effectively track and defend against cyberattacks or legal claims.

We maintain a Data Processing Agreement (in accordance with Art. 28 GDPR) with our hosting provider, which legally guarantees compliance with all data protection regulations and ensures the highest standards of data security.

Cloudflare Privacy Policy

Cloudflare Privacy Policy Summary

  • Data Subjects: Website visitors
  • Purpose: Web hosting, Content Delivery Network (CDN) services, and website security
  • Processed Data: IP addresses and various technical metadata
  • Retention Period: Varies based on configuration; typically temporary for security logs
  • Legal Bases: Art. 6(1)(f) GDPR (Legitimate Interests)

What is Cloudflare?

We utilize Cloudflare for web hosting and the global delivery of our website. The service is provided by Cloudflare, Inc., an American corporation located at 101 Townsend St., San Francisco, CA 94107, USA.

Cloudflare serves as our hosting platform, providing a Content Delivery Network (CDN) alongside robust security features. A CDN is a globally distributed network of servers designed to deliver web content rapidly to users anywhere in the world. Because all traffic to our website routes through Cloudflare’s infrastructure, they effectively act as our web hosting provider. Cloudflare processes the data flowing between your browser and our site, actively shielding us from malicious attacks. To accomplish this, some of your data is temporarily stored on Cloudflare servers. This includes technical data (like URLs, browser versions, and operating systems) as well as your IP address, which is critical for detecting threats, blocking attacks, and ensuring stable hosting operations.

Why Do We Use Cloudflare for Our Website?

Our primary objective is to provide a fast, secure, and highly reliable website. Cloudflare enables us to achieve exceptional global performance while defending against severe threats like DDoS attacks. By partnering with Cloudflare, we ensure our platform’s security and efficiency.

Which Data is Processed by Cloudflare?

Cloudflare’s systems process data automatically. This encompasses personal data, specifically your IP address, alongside technical metrics such as the requested URL, browser version, operating system, and general location data. Cloudflare relies on IP addresses to enhance security profiles and block harmful traffic. They may also utilize cookies for essential data storage.

How Long and Where is Data Stored?

Because Cloudflare operates a global server network, your data may be processed outside the European Union, including in the USA. Generally, Cloudflare retains data only for as long as strictly necessary to fulfill its security obligations. For security-related logs, this retention period is usually very brief.

How Can I Delete My Data or Prevent Data Storage?

You retain the right to access, rectify, delete, and restrict the processing of your personal data at any time.

If you prefer that Cloudflare not set cookies, you can disable them directly within your browser settings. Please refer to the links provided in our “Cookies” section for browser-specific instructions.

We hold a strong legitimate interest in utilizing Cloudflare to ensure our online services remain secure, resilient, and fast. The legal justification for this processing is Art. 6(1)(f) GDPR (Legitimate Interests).

For comprehensive details on Cloudflare’s privacy practices, please review their official privacy policy at https://www.cloudflare.com/privacypolicy/  .

Data Processing Agreement (DPA) with Cloudflare

In strict compliance with Article 28 of the GDPR, we have executed a Data Processing Agreement (Data Processing Addendum) with Cloudflare. For a deeper understanding of what a DPA entails, please refer to our general “Data Processing Agreement (DPA)” section above.

This contract is a legal mandate, as Cloudflare processes personal data on our behalf. It formally stipulates that Cloudflare may only process the data they receive from us in accordance with our explicit instructions and must adhere fully to the GDPR. You can review Cloudflare’s Data Processing Addendum here: https://www.cloudflare.com/cloudflare-customer-dpa/  .

Social Media Introduction

Social Media Privacy Policy Summary

  • Data Subjects: Visitors who click our links to visit social media profiles
  • Purpose: Corporate representation and communication
  • Processed Data: No data is automatically collected on our site. Processing only occurs once you click the link and arrive at the respective platform.
  • Legal Bases: Art. 6(1)(f) GDPR (Legitimate Interests in communication and professional representation)

No Embedded Social Media Plugins

To maximize the protection of your privacy, our website completely eschews the use of embedded social media plugins (such as Facebook “Like” or “Share” buttons).

What this means for you: Simply browsing our website results in no automatic data transfer to any social network. No hidden connections are established with social media servers while you remain on our domain.

We maintain an active corporate presence on social networks—specifically LinkedIn—to communicate with clients, interested parties, and the broader community regarding our services.

On this website, we exclusively use simple external links pointing to our corporate profiles (for example, our LinkedIn page at https://www.linkedin.com/company/sophistex  ).

You are only redirected to the servers of a social media network if you actively click on one of these links. From that exact moment forward, the privacy policies and terms of service of that specific platform (e.g., LinkedIn) take full effect. We possess no control over the data processing activities conducted by the provider once you navigate to their platform.

LinkedIn Privacy Policy

Because we link to our corporate LinkedIn profile, we wish to inform you about LinkedIn’s data processing practices should you choose to visit their platform:

The LinkedIn network is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA).

The moment you access our LinkedIn profile, LinkedIn begins processing your personal data (including your IP address, browser type, and behavioral data). This occurs regardless of whether you have a LinkedIn account or are currently logged in. If you are logged into an active LinkedIn session, LinkedIn will directly associate your visit to our profile with your personal account.

LinkedIn bears the fundamental responsibility for all data processing on its platform. As the administrator of a corporate profile, we may receive anonymized statistical reports (known as Page Insights) from LinkedIn. These aggregated insights help us understand our audience and improve our content strategy on the platform.

For exhaustive details on how LinkedIn processes data, your rights, and how to configure your privacy settings, please consult LinkedIn’s official privacy policy: https://www.linkedin.com/legal/privacy-policy 

Audio & Video Introduction

Audio & Video Privacy Policy Summary

  • Data Subjects: Website visitors
  • Purpose: Enhancing our service offerings with multimedia content
  • Processed Data: Variables including contact details, behavioral data, device information, and IP addresses. Detailed specifics are provided in the relevant sections below.
  • Retention Period: Data is generally retained as long as it fulfills the required service purpose.
  • Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Audio and Video Elements?

We incorporate audio and video elements into our website, allowing you to watch videos or listen to podcasts without leaving our domain. Because this multimedia content is hosted by specialized third-party service providers, the actual media files are streamed directly from their servers.

These elements are integrated functional features from platforms like Vimeo. While accessing these portals is typically free, premium content may also be available. These integrations allow for seamless media playback directly within our website interface.

Whenever you engage with audio or video elements on our website, the respective service providers may transmit, process, and store your personal data.

Why Do We Use Audio & Video Elements on Our Website?

We strive to provide the most engaging and comprehensive experience possible. We recognize that modern communication relies heavily on multimedia, not just static text and images. Rather than routing you away from our site via simple links, we embed audio and video formats directly into our pages to deliver informative and entertaining content efficiently. This multimedia approach significantly enriches our service offering.

Which Data is Stored by Audio & Video Elements?

When you navigate to a page featuring embedded media (like a video), your device establishes a connection with the third-party provider’s server. During this connection, your data is transferred to and stored by that provider. This data collection occurs regardless of whether you possess an account with that provider. Typically collected data includes your IP address, browser type, operating system, and hardware specifics. Furthermore, providers track your web activity—such as how long you watched, where you clicked, and the website from which you accessed their service. This behavioral data is generally captured using cookies or pixel tags (web beacons), with pseudonymized data stored in your browser’s cookies. For precise details on data processing practices, always refer to the specific provider’s privacy policy.

Duration of Data Processing

The exact duration your data resides on third-party servers is detailed further down in the specific tool descriptions or within the provider’s own privacy policy. The guiding principle is that personal data should only be processed for as long as it is strictly necessary to deliver the service. However, you should assume that third-party providers may retain certain analytics data for several years. Cookie lifespans also vary wildly; some expire the moment you close your browser, while others persist for years.

Right to Object

You retain the absolute right to revoke your consent regarding cookies and third-party providers at any time. You can manage this via our cookie management tools or by utilizing browser-level opt-out functions (e.g., clearing or disabling cookies entirely). Revoking your consent does not retroactively invalidate the legality of prior data processing.

Because embedded audio and video features inherently rely on cookies, we urge you to review our general “Cookies” section, as well as the specific privacy policies of the relevant third-party providers.

If you explicitly consent to the processing and storage of your data by engaging with an embedded audio or video element, this consent forms the legal basis for the processing (Art. 6(1)(a) GDPR). Underlying this, we possess a legitimate interest (Art. 6(1)(f) GDPR) in providing dynamic, high-quality communication to our visitors and partners. Crucially, however, we ensure these elements remain inactive—and no data is transferred—until you grant your explicit consent.

Vimeo Privacy Policy

Vimeo Privacy Policy Summary

  • Data Subjects: Website visitors
  • Purpose: Enhancing our service offerings with high-quality video content
  • Processed Data: IP addresses, device information, behavioral data, and potentially contact details. Further specifics are provided below.
  • Retention Period: Data is retained as long as it serves the service’s purpose.
  • Legal Bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What is Vimeo?

Our website features embedded videos hosted by Vimeo. The platform is operated by Vimeo LLC, located at 555 West 18th Street, New York, New York 10011, USA. Using an integration plugin, we display high-quality video content directly on our site. Engaging with these videos may result in data transmission to Vimeo. This section explains what data is involved, our rationale for using Vimeo, and how you can exercise control over your data.

Founded in 2004, Vimeo has been a pioneer in high-definition video streaming. Known for prioritizing premium quality over sheer volume, Vimeo is a favored platform for artistic content, high-end documentaries, and professional corporate media.

Why Do We Use Vimeo on Our Website?

Our primary objective is to deliver exceptional content in the most accessible format possible. Vimeo is instrumental in achieving this, allowing us to showcase high-resolution video directly within our website infrastructure. Instead of forcing you to navigate away to a separate platform, we bring the media to you, vastly improving the user experience and expanding our multimedia capabilities.

Which Data is Stored on Vimeo?

By default, all Vimeo videos embedded on our website are strictly disabled. If you merely visit a page containing a video, absolutely no connection is made to Vimeo’s servers, and zero data is transmitted.

It is only after you explicitly grant your consent (for instance, by clicking a placeholder image to load the video player) that a connection is established with Vimeo. The moment this connection occurs, data transfer begins. Vimeo collects, stores, and processes this data on its servers. Vimeo collects data regardless of whether you hold an account with them. This includes your IP address, browser details, operating system, and fundamental device metrics. Additionally, Vimeo logs that you accessed their service via our website and tracks your interactive behaviors (such as play, pause, or skip actions) utilizing cookies and similar tracking technologies.

If you are currently logged into a registered Vimeo account, the platform can link your activities on our website directly to your personal profile, often deploying additional tracking cookies. To prevent this profile linkage, you must log out of your Vimeo account before watching the video.

Below is a breakdown of the cookies Vimeo may deploy only after you have consented to load the video player. Please note this list assumes you are not logged into a Vimeo account and is illustrative rather than exhaustive.

Name: player
Value: “”
Purpose: This cookie remembers your player preferences (such as volume or quality settings) before you start the video, ensuring a consistent experience during future viewings.
Expiry date: 1 year

Name: vuid
Value: pl1046149876.614422590313209771-4
Purpose: This is Vimeo’s primary analytics cookie, collecting data regarding your interactions with embedded videos across the web.
Expiry date: 2 years

Note: The two cookies listed above are deployed immediately upon loading the video player. Depending on how you interact with the video (e.g., clicking a “share” button), additional cookies may be triggered. These can include third-party tracking cookies such as _ga (Google Analytics) or _fbp (Facebook Pixel). The exact deployment depends heavily on your specific interactions.

The following list highlights other potential cookies triggered by interaction with Vimeo elements:

Name: _abexps
Value: %5B%5D
Purpose: Helps Vimeo recall specific user-defined settings, such as language or regional preferences, generally tracking how you utilize the service.
Expiry date: 1 year

Name: continuous_play_v3
Value: 1
Purpose: A first-party cookie that monitors playback behavior, recording events like when you pause or resume a stream.
Expiry date: 1 year

Name: _ga
Value: GA1.2.1522249635.1578401280313209771-7
Purpose: A widely used third-party Google Analytics cookie that stores a unique user ID to distinguish between different website visitors.
Expiry date: 2 years

Name: _gcl_au
Value: 1.1.770887836.1578401279313209771-3
Purpose: A third-party cookie utilized by Google AdSense to measure and optimize advertising efficiency.
Expiry date: 3 months

Name: _fbp
Value: fb.1.1578401280585.310434968
Purpose: A Facebook tracking cookie used to deliver targeted advertisements across the Facebook network.
Expiry date: 3 months

Vimeo utilizes this aggregated data to refine its platform, communicate with users, and deploy targeted advertising. Vimeo maintains that as long as a user does not actively interact with an embedded video, only first-party cookies (originating directly from Vimeo) are utilized.

How Long and Where is Data Stored?

Vimeo is headquartered in White Plains, New York (USA), but operates a globally distributed network of servers and databases. Consequently, your data may be processed and stored on servers located within the United States. Vimeo retains this data for as long as it possesses a legitimate business reason to do so, after which the data is either permanently deleted or fully anonymized.

How Can I Delete My Data or Prevent Data Storage?

You retain ultimate control over your browser’s cookie settings. If you prefer to block Vimeo from setting cookies and gathering data, you can disable or clear cookies directly within your browser preferences. Be aware that heavily restricting cookies may impair the functionality of embedded media players. For specific instructions on managing cookies in popular browsers, please refer to the links provided in our general “Cookies” section.

Registered Vimeo users can also exercise granular control over data collection via their account privacy settings.

When you actively consent to load and view a Vimeo video, this explicit action serves as the legal basis for the subsequent data processing (Art. 6(1)(a) GDPR). While we maintain a legitimate interest (Art. 6(1)(f) GDPR) in providing rich multimedia content, we strictly enforce a “consent-first” policy; Vimeo elements remain completely dormant until you approve them. Because Vimeo relies on cookies, we strongly encourage you to review both our general cookie policy and Vimeo’s specific privacy documentation.

It is important to note that Vimeo processes data within the USA. The European Court of Justice has determined that the USA currently lacks a uniformly adequate level of data protection, which introduces potential risks concerning data privacy and state surveillance.

To legally legitimize data transfers to third countries (such as the USA) that fall outside the European Union’s jurisdiction, Vimeo relies on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2) and (3) GDPR. These SCCs are legally binding templates drafted by the EU Commission. By executing these clauses, Vimeo commits to upholding European data protection standards, regardless of the physical location of its servers. You can review the EU Commission’s implementing decision regarding these clauses here: https://eur-lex.europa.eu/eli/dec\_impl/2021/914/oj?locale=en 

For comprehensive details on how Vimeo implements these Standard Contractual Clauses, please refer to: https://vimeo.com/privacy#international\_data\_transfers\_and\_certain\_user\_rights  .

Further information regarding Vimeo’s cookie practices is available at https://vimeo.com/cookie\_policy  , and their complete privacy policy can be found at https://vimeo.com/privacy  .

Conclusion

Congratulations! If you have made it this far, you have thoroughly reviewed our entire privacy policy—or at least scrolled to the very end. The sheer detail of this document should serve as proof that we take the protection of your personal data extremely seriously.

Our primary objective with this policy is to inform you, thoroughly and honestly, about how we process data. We don’t just list what data is collected; we explain the reasoning behind the technologies we employ. Privacy policies are notoriously dense and heavily legalistic. Acknowledging that our visitors are rarely lawyers or web developers, we have deliberately chosen to explain these concepts in clear, accessible language, resorting to technical jargon only when absolutely necessary for legal precision.

If you have any questions or concerns regarding data privacy on our website, please do not hesitate to contact us. We wish you a wonderful day and look forward to welcoming you back to our website soon.

All texts are protected by copyright.

Source: This privacy policy was generated with the Datenschutz Generator für Deutschland  by AdSimple, and has been individually and extensively customized to reflect the specific operational realities of our website.