General Information

The following information provides a clear overview of what happens to your personal data when you visit this website. Personal data means any information that can be used to identify you personally, either directly or indirectly.

This Privacy Policy explains which personal data we process, for which purposes we process it, on which legal basis the processing takes place, how long the data is stored, which service providers and technologies we use, and which rights you have under applicable data protection law.

Detailed information on data protection can be found in the following sections of this Privacy Policy.

Data Collection on This Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator as the controller within the meaning of the General Data Protection Regulation. The contact details of the controller can be found in the section “Information on the Controller” in this Privacy Policy.

How do we collect your data?

Your data is collected, firstly, when you provide it to us. This may include data that you enter into a contact form, send to us by email, provide during a business inquiry, submit through an application process or communicate to us in another way.

Other data is collected automatically or after your consent when you visit this website. This primarily includes technical data, such as your IP address, browser type, browser version, operating system, referrer URL, date and time of access, pages accessed, files requested and comparable server log data. This technical data is collected automatically as soon as you access this website.

Additional data may be processed through technologies and services used on this website, including cookies, consent management tools, form plugins, search engine optimisation tools, analytics tools and technically necessary website functions.

What do we use your data for?

Part of the data is processed to ensure the secure, stable and technically error free provision of this website.

Other data is processed to respond to inquiries, manage communication, process business requests, provide contractual or pre contractual services, improve the website, optimise search engine visibility, document consent preferences, protect the website against misuse and, where applicable, analyse user behaviour or measure the effectiveness of marketing activities.

Where processing is based on consent, the processing takes place only after you have given such consent. You may withdraw your consent at any time with effect for the future.

Which tools and systems are used on this website?

This website is operated using WordPress as the content management system. WordPress enables us to create, manage and publish website content.

We use Hostinger as our hosting provider. Further information on Hostinger’s handling of personal data can be found in Hostinger’s Privacy Policy and in Hostinger’s Data Processing Addendum.

We use CookieFirst as our consent management platform. CookieFirst is used to obtain, manage and document consent for cookies and comparable technologies. Further information can be found on the CookieFirst website and in CookieFirst’s information on its Data Processing Agreement.

We use Yoast SEO to optimise the technical structure, metadata and search engine visibility of this website. Further information on Yoast and privacy can be found in Yoast’s information on Yoast and GDPR.

We use Fluent Forms Pro to provide and manage online forms. Further information on Fluent Forms and privacy related form functions can be found in the documentation on the GDPR Agreement Field and the Terms and Conditions Field.

Further details on these and other tools can be found in the respective sections of this Privacy Policy.

What rights do you have regarding your data?

You have the right to obtain information free of charge about your stored personal data, its origin, recipients and the purpose of processing.

You also have the right to request the rectification of inaccurate personal data, the completion of incomplete personal data, the deletion of your personal data or the restriction of processing.

If the processing is based on your consent, you have the right to withdraw your consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.

If the processing is based on Art. 6 para. 1 lit. e or Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation. If your personal data is processed for direct marketing purposes, you have the right to object to such processing at any time.

You also have the right to data portability where the legal requirements are met.

Furthermore, you have the right to lodge a complaint with a competent supervisory authority.

You may contact us at any time regarding these rights or any further questions concerning data protection.

Hostinger

We host the content of this website with Hostinger.

Provider is Hostinger International Ltd., 61 Lordou Vironos Street, 6023 Larnaca, Cyprus, and, depending on the contractual and technical setup, affiliated companies of the Hostinger group.

When you visit this website, Hostinger processes technical data required for the secure and reliable provision of the website. This may include, in particular, IP addresses, access times, browser information, operating system information, referrer URLs, requested pages, transferred data volumes, access status and server log files.

This data is processed in order to deliver the website to your browser, ensure technical functionality, maintain system security, detect misuse, analyse technical errors and preserve the stability of the hosting infrastructure.

The use of Hostinger is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the secure, reliable and efficient provision of our website.

Where consent has been requested for specific technologies, processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on your device. Consent may be withdrawn at any time with effect for the future.

Further information on data processing by Hostinger can be found in Hostinger’s Privacy Policy.

Data Processing Agreement with Hostinger

We have concluded a data processing agreement with Hostinger where legally required. This agreement ensures that Hostinger processes personal data of website visitors only in accordance with our instructions and in compliance with applicable data protection law.

Further information can be found in Hostinger’s Data Processing Addendum.

Data Protection

The operators of this website take the protection of your personal data seriously. We treat your personal data confidentially and in accordance with applicable data protection laws, in particular the General Data Protection Regulation, the German Federal Data Protection Act and the Telecommunications Digital Services Data Protection Act.

When you use this website, various personal data may be processed. Personal data means any information relating to an identified or identifiable natural person.

This Privacy Policy explains which data we process, how we process it, for which purposes we process it and on which legal basis the processing is carried out.

We point out that data transmission on the internet, for example communication by email, may have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Information on the Controller

The controller responsible for data processing on this website is:

Blacksd Global UG haftungsbeschränkt
Cosimastraße 121
81925 Munich
Germany

Email: datenschutz@blacksdglobal.com

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

Data Protection Contact

For questions regarding data protection, you may contact us at:

datenschutz@blacksdglobal.com

If a data protection contact person is named internally, this does not automatically mean that a statutory data protection officer within the meaning of Art. 37 GDPR has been appointed, unless this is expressly stated.

Storage Period

Unless a more specific storage period is stated in this Privacy Policy, your personal data will remain with us until the purpose for data processing no longer applies.

If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data. Such reasons may include commercial, tax, contractual or statutory retention obligations, documentation obligations, evidence preservation obligations or the establishment, exercise or defence of legal claims.

Where such legal grounds exist, deletion takes place after these grounds no longer apply.

General Legal Bases for Data Processing

Where you have given consent, we process your personal data on the basis of Art. 6 para. 1 lit. a GDPR. Where special categories of personal data within the meaning of Art. 9 para. 1 GDPR are processed based on consent, the legal basis is Art. 9 para. 2 lit. a GDPR.

Where you have consented to the storage of cookies or access to information on your device, processing is additionally based on Section 25 para. 1 TDDDG. Consent may be withdrawn at any time with effect for the future.

Where processing is necessary for the performance of a contract or for the implementation of pre contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR.

Where processing is necessary to comply with a legal obligation, the legal basis is Art. 6 para. 1 lit. c GDPR.

Where processing is necessary to protect vital interests, the legal basis is Art. 6 para. 1 lit. d GDPR.

Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, the legal basis is Art. 6 para. 1 lit. e GDPR.

Where processing is necessary to protect our legitimate interests or the legitimate interests of a third party, the legal basis is Art. 6 para. 1 lit. f GDPR, unless the interests or fundamental rights and freedoms of the data subject prevail.

The specific legal basis applicable in each case is described in the respective sections of this Privacy Policy.

Recipients of Personal Data

In the course of our business activities, we cooperate with various external parties. Personal data may be transferred to such external parties where this is legally permitted or required.

Recipients may include hosting providers, IT service providers, software providers, communication service providers, payment service providers, banks, tax advisors, legal advisors, public authorities, business partners and other parties involved in the provision, administration or legal handling of our services.

We disclose personal data only where this is necessary for the performance of a contract, where we are legally obliged to do so, where we have a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, where you have given consent or where another legal basis permits disclosure.

Where we use processors within the meaning of Art. 28 GDPR, personal data is transferred only on the basis of a valid data processing agreement.

Where joint controllership within the meaning of Art. 26 GDPR exists, we conclude an agreement on joint controllership where required.

Transfer of Personal Data to Third Countries

We may use tools and services provided by companies located outside the European Union or the European Economic Area. If such tools are active, personal data may be transferred to and processed in third countries.

A transfer of personal data to third countries takes place only where the requirements of Art. 44 et seq. GDPR are met. This may be based on an adequacy decision by the European Commission, standard contractual clauses, binding corporate rules, certification under the EU US Data Privacy Framework or another legally recognised transfer mechanism.

We point out that some third countries may not provide a level of data protection equivalent to that of the European Union. In such cases, we take appropriate safeguards where required by law.

Details on specific third country transfers can be found in the respective sections of this Privacy Policy.

Withdrawal of Your Consent

Many data processing operations are possible only with your express consent. You may withdraw consent that you have already given at any time with effect for the future.

The lawfulness of data processing carried out before the withdrawal remains unaffected.

Right to Object to Data Processing in Special Cases and to Direct Marketing

If data processing is based on Art. 6 para. 1 lit. e or Art. 6 para. 1 lit. f GDPR, you have the right at any time, on grounds relating to your particular situation, to object to the processing of your personal data. This also applies to profiling based on these provisions.

If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right at any time to object to the processing of personal data concerning you for such marketing purposes. This also applies to profiling where it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

Right to Lodge a Complaint with a Supervisory Authority

In the event of infringements of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged infringement.

This right exists without prejudice to other administrative or judicial remedies.

For private companies in Bavaria, the competent supervisory authority is generally:

Bavarian State Office for Data Protection Supervision
Promenade 18
91522 Ansbach
Germany

Website: https://www.lda.bayern.de

Right to Data Portability

You have the right to receive data that we process automatically on the basis of your consent or in performance of a contract in a commonly used, machine readable format.

You also have the right to request that such data be transmitted directly to another controller, where technically feasible.

Access, Rectification and Deletion

Within the framework of applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin, recipients and the purpose of processing.

You also have the right to request the rectification of inaccurate personal data, the completion of incomplete personal data and the deletion of your personal data, provided that the legal requirements are met.

You may contact us at any time regarding these rights.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data.

This right exists in particular where you contest the accuracy of your personal data and we need time to verify it, where the processing is unlawful and you oppose deletion, where we no longer need the data but you require it for the establishment, exercise or defence of legal claims, or where you have objected to processing pursuant to Art. 21 para. 1 GDPR and the balancing of interests is still pending.

If processing has been restricted, such personal data may, apart from storage, be processed only with your consent, for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

SSL and TLS Encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the website operator.

You can recognise an encrypted connection by the fact that the browser address line begins with “https://” and by the lock symbol in your browser.

If SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties during transmission.

Objection to Promotional Emails

We hereby object to the use of contact data published in the context of legal notice obligations for sending unsolicited advertising and information material.

The operators of this website expressly reserve the right to take legal action in the event of unsolicited promotional information being sent, for example by spam email.

Cookies

Our website uses cookies and comparable technologies. Cookies are small data packages that are stored on your device. Comparable technologies may include pixels, local storage, session storage, scripts, tags or similar mechanisms that store information on your device or access information stored on your device.

Cookies and comparable technologies may be technically necessary, functional, analytical or marketing related.

Session cookies are automatically deleted after the end of your visit. Persistent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your browser or by the respective technology according to its storage period.

Cookies may be set directly by us or by third party providers. Third party cookies enable the integration of external services and functions into this website.

Technically necessary cookies are used to provide core website functions, maintain security, manage consent preferences, enable form functionality, ensure correct display and operate the website reliably. The legal basis for technically necessary cookies and comparable technologies is Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. Our legitimate interest lies in the secure, stable and functional operation of this website.

Where cookies or comparable technologies are not technically necessary, they are used only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. This applies in particular to analytics, marketing, tracking and external media technologies. Consent may be withdrawn at any time with effect for the future through the consent settings on this website.

You can configure your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, exclude cookies for certain cases or generally, and activate automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

Further details about the cookies and technologies used on this website can be found in the consent management settings provided by CookieFirst and in the following sections of this Privacy Policy.

Consent Management with CookieFirst

This website uses CookieFirst as a consent management platform. CookieFirst helps us obtain, manage and document consent for cookies and comparable technologies in a legally compliant manner.

Provider is Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, Netherlands.

When you access this website, CookieFirst is used to display the consent banner, record your consent choices, store your consent status and document whether and to which categories or services you have consented.

In this context, CookieFirst may process the following data:

Your consent status, your withdrawal of consent, your anonymised IP address, browser information, device information, date and time of access, URL of the page on which consent was given or changed, approximate location information and a unique consent identifier.

CookieFirst stores a cookie in your browser to assign your consent choices to your device and to ensure that only those cookies and technologies are activated for which the required legal basis exists.

The data processed by CookieFirst is stored for as long as it is necessary for consent documentation, until you request deletion, until the CookieFirst cookie is deleted or until the purpose for storage no longer applies. Mandatory statutory retention obligations remain unaffected.

The use of CookieFirst is based on Art. 6 para. 1 lit. c GDPR, as we are legally required to obtain and document consent where consent is necessary. Where CookieFirst stores information on your device or accesses information stored on your device, the legal basis is Section 25 para. 2 TDDDG for technically necessary access.

Further information about CookieFirst can be found at https://cookiefirst.com.

Further information about the CookieFirst Data Processing Agreement can be found at https://support.cookiefirst.com/hc/en-us/articles/14004646064413-Do-you-have-a-Data-Processing-Agreement.

Data Processing Agreement with CookieFirst

We have concluded a data processing agreement with CookieFirst where legally required. This agreement ensures that CookieFirst processes personal data of website visitors only in accordance with our instructions and in compliance with the GDPR.

Server Log Files

The hosting provider of this website automatically collects and stores information in server log files that your browser automatically transmits to us.

This may include:

Browser type and browser version, operating system used, referrer URL, host name of the accessing device, IP address, date and time of the server request, requested page or file, amount of data transferred, access status and information about the requesting provider.

This data is processed to deliver the website, ensure system security, detect technical errors, prevent misuse and maintain the stability of the website.

The processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the technically error free, secure and stable operation of this website.

Server log files are not merged with other data sources unless this is necessary for investigating misuse, attacks, technical faults or legally relevant incidents.

WordPress

This website is operated using WordPress as its content management system.

WordPress allows us to create, manage and publish website content. In connection with the operation of WordPress, technical data may be processed to deliver pages, maintain website functionality, manage security and ensure stable operation.

Depending on the configuration of the website, WordPress may process technical data such as IP addresses, browser information, access times, login attempts, user interactions with website functions, form interactions and security related log data.

If you use functions on this website that require data entry, such as forms, the data you enter may be processed through the WordPress system and stored in the website backend where technically configured.

The processing of data in connection with WordPress is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in operating a secure, reliable and professionally managed website.

Where individual WordPress functions or plugins process personal data based on consent, processing takes place on the basis of Art. 6 para. 1 lit. a GDPR and, where applicable, Section 25 para. 1 TDDDG.

Further information about WordPress can be found at https://wordpress.org/about/privacy.

Yoast SEO

This website uses the WordPress plugin Yoast SEO.

Yoast SEO helps us optimise the technical structure, metadata and search engine visibility of this website. The plugin may be used to generate or manage page titles, meta descriptions, structured data, canonical URLs, Open Graph data, XML sitemaps and other search engine relevant information.

Yoast SEO is generally used for technical and editorial search engine optimisation. According to Yoast, the free WordPress SEO plugin does not collect personal data from website visitors by default. Nevertheless, the plugin may contribute to the technical processing of website data required for the proper presentation and discoverability of content.

The use of Yoast SEO is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring the professional, technically correct and search engine friendly presentation of this website.

Further information about Yoast and GDPR can be found at https://yoast.com/help/gdpr/.

Fluent Forms Pro

This website uses Fluent Forms Pro to provide and manage online forms.

Provider of Fluent Forms is WPManageNinja LLC. Fluent Forms Pro enables us to create contact forms, inquiry forms, application forms and other online forms through which website visitors may submit information to us.

When you use a form on this website, the data entered into the respective form is transmitted to us and processed for the purpose stated in the form.

Depending on the form, the processed data may include:

Name, company name, position, email address, telephone number, website, message content, selected options, uploaded files, IP address, date and time of submission, consent declarations, technical metadata and other information that you submit through the form.

The processing of form data serves to respond to your inquiry, process your request, carry out pre contractual measures, manage business communication, handle applications or provide the service requested through the respective form.

If your inquiry relates to a contract or pre contractual measures, processing is based on Art. 6 para. 1 lit. b GDPR.

In all other cases, processing is based on our legitimate interest in the efficient handling of inquiries and communication pursuant to Art. 6 para. 1 lit. f GDPR.

Where consent is requested in the form, processing is based on Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time with effect for the future.

Where forms include checkboxes for privacy acknowledgements, GDPR agreement fields or terms and conditions fields, these are used to document required acknowledgements, declarations or consent choices.

Further information on Fluent Forms GDPR functions can be found at https://fluentforms.com/docs/gdpr-agreement-field-in-fluent-forms/.

Further information on Fluent Forms terms and conditions fields can be found at https://fluentforms.com/docs/terms-conditions-field-in-fluent-forms/.

Storage of Form Submissions

Form submissions may be stored in the WordPress backend and transmitted to the responsible internal email inbox for processing.

Access to form submissions is restricted to persons who require access for handling the respective inquiry or process.

The data submitted through forms remains with us until you request deletion, withdraw your consent where applicable, or the purpose for data storage no longer applies. This is generally the case once the inquiry has been finally processed, unless statutory retention periods, contractual documentation obligations, evidence preservation obligations or legal claims require longer storage.

File Uploads Through Forms

If a form provides an upload function, uploaded files are processed exclusively for the purpose stated in the respective form.

Uploaded files may contain personal data depending on the content of the file. You should submit only those files and information that are necessary for the respective inquiry or process.

If you submit special categories of personal data within the meaning of Art. 9 GDPR, such as health data, religious information, political opinions or comparable sensitive information, we process such data only where a valid legal basis exists, in particular where the processing is necessary for the specific request, where you have given explicit consent or where the processing is required for legal claims.

Inquiry by Email, Telephone or Postal Communication

If you contact us by email, telephone or postal communication, your inquiry including all personal data resulting from it will be stored and processed by us for the purpose of handling your request.

This may include your name, contact details, communication content, date and time of the inquiry and any documents or information you provide.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR where your inquiry is related to a contract or pre contractual measures.

In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in efficiently processing inquiries addressed to us.

Where consent is requested, processing is based on Art. 6 para. 1 lit. a GDPR.

The data you send to us through contact inquiries remains with us until you request deletion, withdraw your consent where applicable, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

General Information on Social Media

This website may contain links to social media profiles operated by us or integrated elements from social media platforms.

If you click on a social media link, you will be redirected to the respective platform. From that point onward, the privacy policy and data processing terms of the respective platform provider apply.

If social media elements are technically embedded into this website, personal data may be transmitted to the respective platform provider when the element is activated or loaded. Depending on the technical implementation, such data may include your IP address, browser information, device information, referrer URL, time of access and information about your interaction with the embedded element.

If you are logged into your account with the respective social media platform, the platform provider may be able to associate your visit to this website with your user profile.

Where social media elements are embedded in a way that is not technically necessary and results in cookies being set or information being accessed on your device, the processing takes place only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be withdrawn at any time through the consent settings on this website.

Where we operate social media profiles, we process personal data in the context of communication, public relations, business development and interaction with users. The respective platform providers also process personal data independently and, in some cases, for their own purposes. We have no full influence over the data processing carried out by these providers.

Facebook

This website may contain links or elements relating to Facebook.

Provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If a Facebook element is active, a direct connection may be established between your device and Meta servers. Meta may receive information that you have visited this website using your IP address. If you are logged into your Facebook account, Meta may be able to associate your visit to this website with your user account.

If you interact with Facebook elements, such as buttons, links or embedded content, the corresponding information may be transmitted to Meta and processed there.

The use of embedded Facebook elements takes place on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG where consent is required. Consent may be withdrawn at any time.

Where personal data is collected on this website and transmitted to Meta through Facebook elements, we and Meta Platforms Ireland Limited may be jointly responsible within the meaning of Art. 26 GDPR for the collection and transmission of such data. The further processing carried out by Meta is not part of our joint responsibility.

Further information on data processing by Meta can be found in Meta’s Privacy Policy at https://www.facebook.com/privacy/policy/.

Information on Meta’s Controller Addendum can be found at https://www.facebook.com/legal/controller_addendum.

Information on Meta’s EU data transfer terms can be found at https://www.facebook.com/legal/EU_data_transfer_addendum.

Instagram

This website may contain links or elements relating to Instagram.

Provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

If an Instagram element is active, a direct connection may be established between your device and Meta servers. Meta may receive information that you have visited this website. If you are logged into your Instagram account, Meta may be able to associate your visit to this website with your user account.

If you interact with Instagram elements, such as buttons, links or embedded content, the corresponding information may be transmitted to Meta and processed there.

The use of embedded Instagram elements takes place on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG where consent is required. Consent may be withdrawn at any time.

Where personal data is collected on this website and transmitted to Meta through Instagram elements, we and Meta Platforms Ireland Limited may be jointly responsible within the meaning of Art. 26 GDPR for the collection and transmission of such data. The further processing carried out by Meta is not part of our joint responsibility.

Further information on data processing by Instagram can be found in Instagram’s Privacy Policy at https://privacycenter.instagram.com/policy/.

Information on Meta’s Controller Addendum can be found at https://www.facebook.com/legal/controller_addendum.

LinkedIn

This website may contain links or elements relating to LinkedIn.

Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

If a LinkedIn element is active, a connection may be established between your device and LinkedIn servers. LinkedIn may receive information that you have visited this website using your IP address. If you are logged into your LinkedIn account, LinkedIn may be able to associate your visit to this website with your user account.

If you interact with LinkedIn elements, such as buttons, links or embedded content, the corresponding information may be transmitted to LinkedIn and processed there.

The use of embedded LinkedIn elements takes place on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG where consent is required. Consent may be withdrawn at any time.

Further information on data processing by LinkedIn can be found in LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy.

Information on LinkedIn’s data processing terms can be found at https://www.linkedin.com/legal/l/dpa.

Information on LinkedIn’s EU standard contractual clauses can be found at https://www.linkedin.com/legal/l/eu-sccs.

You can manage LinkedIn advertising settings at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

X, formerly Twitter

This website may contain links or elements relating to X, formerly Twitter.

Provider is X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. For persons outside the United States, the responsible entity may be Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

If an X element is active, a direct connection may be established between your device and X servers. X may receive information that you have visited this website. If you are logged into your X account, X may be able to associate your visit to this website with your user account.

If you interact with X elements, such as buttons, links or embedded content, the corresponding information may be transmitted to X and processed there.

The use of embedded X elements takes place on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG where consent is required. Consent may be withdrawn at any time.

Further information on data processing by X can be found in X’s Privacy Policy at https://x.com/en/privacy.

Information on X data transfer terms can be found at https://gdpr.x.com/en/controller-to-controller-transfers.html.

Privacy settings for X accounts can be managed at https://x.com/settings/account.

General Information on Analytics and Marketing Tools

This website may use analytics, marketing and conversion tracking tools to improve the website, measure reach, understand user interaction, evaluate campaigns and optimise communication.

Depending on the specific tool and configuration, the following data may be processed:

IP address, browser type, browser version, operating system, device information, referrer URL, pages accessed, time of access, click behaviour, scrolling behaviour, approximate location, campaign information, interaction data, conversion events and comparable usage data.

Analytics and marketing tools that are not technically necessary are used only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be withdrawn at any time through the consent settings on this website.

Where analytics are carried out without cookies or comparable technologies and without access to information on your device, and where the processing is limited to aggregated or technically necessary data, processing may be based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in improving the performance, usability and effectiveness of our website.

Google Analytics

This website may use Google Analytics.

Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors. For this purpose, Google may process usage data such as page views, duration of visit, interactions, operating systems used, browser information, approximate location, referrer URLs and conversion events.

Google Analytics may use cookies or comparable technologies that enable recognition of users and analysis of website usage. The information generated may be transferred to Google servers and processed there, including servers in the United States.

The use of Google Analytics takes place only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be withdrawn at any time through the consent settings on this website.

Where Google Analytics is used, IP anonymisation is activated where technically available. This means that your IP address is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area before transmission to the United States. In exceptional cases, the full IP address may be transferred to a Google server in the United States and shortened there.

We have concluded a data processing agreement with Google where legally required.

Further information on Google Analytics can be found at https://support.google.com/analytics/answer/6004245.

Google’s Privacy Policy can be found at https://policies.google.com/privacy.

Information on Google’s data processing terms can be found at https://business.safety.google/adsprocessorterms/.

Information on Google’s EU user consent policy can be found at https://www.google.com/about/company/user-consent-policy/.

You can prevent the collection and processing of data by Google Analytics by using the browser add on available at https://tools.google.com/dlpage/gaoptout.

Meta Pixel

This website may use Meta Pixel.

Provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Meta Pixel enables us to measure the effectiveness of advertising activities, understand interactions with this website and optimise marketing campaigns on Meta platforms such as Facebook and Instagram.

Meta Pixel may process data such as IP address, browser information, device information, pages visited, time of access, referrer URL, interactions with website content and conversion events. This data may be transmitted to Meta and processed by Meta, including in the United States.

The use of Meta Pixel takes place only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be withdrawn at any time through the consent settings on this website.

Where personal data is collected on this website through Meta Pixel and transmitted to Meta, we and Meta Platforms Ireland Limited may be jointly responsible within the meaning of Art. 26 GDPR for the collection and transmission of such data. The further processing carried out by Meta is not part of our joint responsibility.

Further information on Meta Pixel can be found at https://www.facebook.com/business/tools/meta-pixel.

Meta’s Privacy Policy can be found at https://www.facebook.com/privacy/policy/.

Information on Meta’s Controller Addendum can be found at https://www.facebook.com/legal/controller_addendum.

Information on Meta’s EU data transfer terms can be found at https://www.facebook.com/legal/EU_data_transfer_addendum.

You can manage advertising preferences on Facebook at https://www.facebook.com/adpreferences/ad_settings.

LinkedIn Insight Tag

This website may use the LinkedIn Insight Tag.

Provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag enables us to analyse visits to this website, measure conversions, evaluate LinkedIn advertising campaigns and create target groups for advertising on LinkedIn.

LinkedIn may process data such as URL, referrer URL, IP address, device information, browser information, time of access and interaction data. IP addresses may be shortened or hashed by LinkedIn.

If you are a LinkedIn member, LinkedIn may associate your visit to this website with your LinkedIn account, depending on your account settings and the technical implementation. We generally receive only aggregated reports and do not receive direct identification of individual LinkedIn members through these reports.

The use of the LinkedIn Insight Tag takes place only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be withdrawn at any time through the consent settings on this website.

Further information on LinkedIn Insight Tag can be found at https://business.linkedin.com/marketing-solutions/insight-tag.

LinkedIn’s Privacy Policy can be found at https://www.linkedin.com/legal/privacy-policy.

Information on LinkedIn’s data processing terms can be found at https://www.linkedin.com/legal/l/dpa.

Information on LinkedIn’s EU standard contractual clauses can be found at https://www.linkedin.com/legal/l/eu-sccs.

You can object to LinkedIn analytics and interest based advertising at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Search Engine Optimisation and Technical Website Visibility

We use technical search engine optimisation functions to improve the discoverability, structure and presentation of this website in search engines and when website content is shared online.

For this purpose, metadata, page titles, meta descriptions, structured data, canonical URLs, Open Graph data, XML sitemaps and comparable technical website information may be generated, managed or made available to search engines.

These functions are generally not intended to identify individual website visitors.

The processing of technical website data in this context is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the professional, technically correct and discoverable presentation of this website.

Where external analytics, marketing or tracking technologies are used for search engine or advertising purposes, their use is governed by the respective sections of this Privacy Policy and, where required, by your consent.

Newsletter Data

If you subscribe to a newsletter offered on this website, we process the data required to provide the newsletter.

This usually includes your email address and, where applicable, additional information such as your name, company, position, areas of interest, language preference or other information voluntarily submitted through the newsletter form.

We also process information required to verify that you are the owner of the email address provided and that you have agreed to receive the newsletter. This may include the date and time of registration, the IP address used for registration, the confirmation status, the date and time of confirmation and technical metadata related to the subscription process.

The processing of newsletter data is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time with effect for the future, for example by using the unsubscribe link in the newsletter or by contacting us directly.

The lawfulness of processing carried out before withdrawal remains unaffected.

The data stored for the purpose of receiving the newsletter will be stored until you unsubscribe from the newsletter, withdraw your consent or the purpose for storage no longer applies.

After unsubscribing, your email address may be stored in a suppression list to ensure that you do not receive further newsletters. This processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in complying with legal requirements and reliably preventing unwanted newsletter delivery.

Newsletter Service Providers

If we use an external newsletter service provider, the data required for newsletter delivery may be transferred to that provider.

The provider processes the data on our behalf and only in accordance with our instructions where a data processing agreement within the meaning of Art. 28 GDPR is required.

The specific newsletter provider used, if any, should be listed separately in this Privacy Policy once the technical implementation has been finally determined.

Newsletter Tracking

Newsletters may contain technologies that allow us to determine whether a newsletter has been opened and which links have been clicked. This allows us to evaluate the relevance of our content, improve communication and measure the effectiveness of our newsletter.

Newsletter tracking may process opening rates, click rates, time of access, technical information, interaction data and similar usage data.

Newsletter tracking is used only where legally permitted and, where required, based on your consent pursuant to Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG. Consent may be withdrawn at any time with effect for the future.

If newsletter tracking is not used, this section should be removed from the final version.

Direct Electronic Communication with Existing Contacts

We may use email or other electronic communication channels to communicate with existing clients, business partners, prospective clients or other professional contacts.

Such communication may include information about existing contractual relationships, inquiries, projects, services, appointments, operational updates, relevant business information or comparable communication.

Where the communication is necessary for the performance of a contract or for pre contractual measures, the legal basis is Art. 6 para. 1 lit. b GDPR.

Where the communication serves the maintenance of business relationships, the coordination of professional matters or the provision of relevant information to existing contacts, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in efficient, professional and relationship based business communication.

Where consent is required, processing is based on Art. 6 para. 1 lit. a GDPR.

You may object to the use of your contact data for direct marketing purposes at any time with effect for the future.

Processing of Client, Business and Contract Data

We process personal data where this is necessary to establish, perform, manage, modify or terminate contractual or pre contractual relationships.

This may include master data, contact data, company data, communication data, billing data, payment data, project information, contractual documents, service related information, meeting notes, correspondence and other data required for the professional handling of the respective business relationship.

The processing is based on Art. 6 para. 1 lit. b GDPR where it is necessary for the performance of a contract or for pre contractual measures.

Where processing is required to comply with legal obligations, for example tax or commercial law obligations, the legal basis is Art. 6 para. 1 lit. c GDPR.

Where processing is necessary for internal administration, business organisation, documentation, legal defence, risk management, quality assurance or the protection of legitimate business interests, the legal basis is Art. 6 para. 1 lit. f GDPR.

Client, business and contract data are stored for as long as required for the respective purpose. After completion of the contractual relationship or business process, the data is stored only where statutory retention obligations, documentation requirements, limitation periods or legitimate interests require further storage.

Data Transmission in the Context of Services

We transmit personal data to third parties only where this is necessary for the performance of a contract, the provision of services, technical processing, billing, legal compliance or where another legal basis permits the transmission.

Recipients may include payment service providers, banks, tax advisors, legal advisors, IT providers, hosting providers, software providers, communication providers, cloud service providers, public authorities, business partners and other parties involved in the provision or administration of our services.

Further transmission does not take place unless there is a legal basis for it.

Communication with Prospective Clients and Business Partners

If you contact us as a prospective client, business partner, supplier, applicant, media representative or other external contact, we process the data you provide for the purpose of handling the communication and assessing the matter submitted.

This may include your name, company, role, email address, telephone number, communication content, submitted documents, project information, business interests and other information you provide.

The legal basis is Art. 6 para. 1 lit. b GDPR where the communication relates to pre contractual measures or a contractual relationship.

In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in handling inquiries, managing business communication and documenting professional processes.

General Information on Payment Processing

If paid services, digital products, consulting services, memberships, subscriptions or other contractual services are offered, initiated or processed through this website or through subsequent communication, payment data may be processed.

Payment data may include name, billing address, email address, payment amount, payment method, bank details, credit card data, transaction ID, invoice number, payment status and other information required for payment processing.

Payment processing may be carried out through external payment service providers. For payment transactions, the contractual terms and privacy policies of the respective payment service providers apply.

The legal basis for processing payment data is Art. 6 para. 1 lit. b GDPR where processing is necessary for the performance of a contract.

Where processing is required for tax, accounting or commercial law obligations, the legal basis is Art. 6 para. 1 lit. c GDPR.

Where we use payment service providers to ensure secure, efficient and reliable payment processing, the legal basis may additionally be Art. 6 para. 1 lit. f GDPR.

Stripe

We may use Stripe as a payment service provider.

Provider for customers within the European Union is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.

If you make a payment through Stripe, the data required for the payment transaction is transmitted to Stripe and processed by Stripe.

This may include your name, email address, billing address, payment amount, payment method, bank details, credit card data, transaction data, device information, IP address and other information required for payment processing, fraud prevention, compliance and transaction verification.

Stripe may process data in countries outside the European Union or the European Economic Area. Where such transfers take place, Stripe relies on legally recognised transfer mechanisms, such as standard contractual clauses or other appropriate safeguards.

The use of Stripe is based on Art. 6 para. 1 lit. b GDPR where processing is necessary for the performance of payment obligations.

In addition, processing may be based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in secure, efficient and reliable payment processing.

Further information can be found in Stripe’s Privacy Policy at https://stripe.com/privacy.

Information on Stripe and GDPR can be found at https://stripe.com/guides/general-data-protection-regulation.

Invoices and Accounting

Where invoices are issued or payments are documented, we process the data required for accounting, tax compliance and internal financial administration.

This may include name, company, address, tax information, invoice data, payment data, contract information and correspondence related to billing.

The legal basis is Art. 6 para. 1 lit. b GDPR where processing is necessary for the performance of a contract.

Where processing is required for tax or commercial law obligations, the legal basis is Art. 6 para. 1 lit. c GDPR.

Accounting and invoice data are stored for the legally required retention periods. In Germany, these periods may generally amount to 6 or 10 years depending on the type of document and applicable legal requirement.

General Information on Online Meetings

We use online conference tools to communicate with clients, prospective clients, business partners, applicants and other external contacts.

When you communicate with us by video or audio conference, personal data is processed by us and by the provider of the respective conference tool.

The processed data may include your name, email address, telephone number, profile information, meeting metadata, IP address, device information, operating system, browser information, camera information, microphone information, speaker information, connection data, meeting duration, start and end time of participation and other technical or communication related data.

If content is exchanged, uploaded or otherwise made available during an online meeting, such content may also be processed. This may include chat messages, shared files, documents, images, audio, video, screen sharing content, whiteboards and other information shared during the meeting.

Purpose and Legal Basis

Online conference tools are used to conduct meetings, provide consulting services, coordinate projects, communicate with clients and business partners, conduct interviews and organise business processes.

Where online meetings are used for contractual or pre contractual purposes, the legal basis is Art. 6 para. 1 lit. b GDPR.

Where online meetings are used for general business communication, internal coordination or efficient professional communication, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in efficient, flexible and modern communication.

Where consent is requested, processing is based on Art. 6 para. 1 lit. a GDPR.

Recording of Online Meetings

Online meetings are recorded only where this is expressly communicated in advance and where a valid legal basis exists.

If consent is required for recording, the recording takes place only on the basis of Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time with effect for the future.

Recordings are used only for the stated purpose, such as documentation, training, project work, minutes, internal review or agreed service delivery.

Storage Period

Data directly collected by us through online meetings is deleted when the purpose for storage no longer applies, when you request deletion or when you withdraw consent, unless statutory retention obligations, contractual documentation obligations or legal claims require further storage.

We have no full influence over the storage periods applied by the providers of the conference tools. Details can be found in the privacy information of the respective provider.

Microsoft Teams

We use Microsoft Teams.

Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Microsoft Teams enables us to conduct online meetings, video conferences, audio conferences, chats, screen sharing and file sharing.

In this context, Microsoft may process personal data required for the technical provision, security and administration of the service.

Microsoft may process data in countries outside the European Union or the European Economic Area. Where such transfers take place, Microsoft relies on legally recognised transfer mechanisms.

The legal basis for the use of Microsoft Teams is Art. 6 para. 1 lit. b GDPR where meetings are conducted for contractual or pre contractual purposes.

In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in efficient and secure business communication.

Further information can be found in Microsoft’s Privacy Statement at https://privacy.microsoft.com/privacystatement.

Information on Microsoft Teams and privacy can be found at https://learn.microsoft.com/en-us/microsoftteams/teams-privacy.

Information on Microsoft’s data protection terms can be found at https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

General Information on Applications

We offer you the opportunity to apply to us or to submit professional inquiries, including applications for employment, freelance cooperation, partnership roles, advisory roles or other forms of collaboration.

Applications may be submitted by email, through an online form, by post or through another communication channel provided by us.

In the following section, we inform you about the scope, purpose and use of personal data processed in connection with application and selection procedures.

Scope and Purpose of Data Processing

If you submit an application or professional cooperation inquiry to us, we process the personal data required to assess, manage and decide on your application or inquiry.

This may include:

Name, address, email address, telephone number, date of birth, nationality where relevant, professional profile, curriculum vitae, certificates, references, cover letter, salary expectations, availability, portfolio information, LinkedIn profile or other professional profiles, work samples, interview notes, assessment results, communication history and any other information you provide in connection with the application or inquiry.

Depending on the role or cooperation model, we may also process information about qualifications, professional experience, industry expertise, entrepreneurial background, consulting experience, client exposure, language skills, certifications, legal or regulatory suitability, conflicts of interest and commercial fit.

The purpose of processing is to assess your suitability for the respective role, cooperation, project, mandate or partnership, to communicate with you, to conduct interviews, to document the selection process and to make a decision on the application or cooperation request.

Legal Basis for Application Data

Where an application concerns an employment relationship, the legal basis is Section 26 of the German Federal Data Protection Act and Art. 6 para. 1 lit. b GDPR.

Where the application concerns a freelance cooperation, partnership, advisory role or other contractual cooperation, the legal basis is Art. 6 para. 1 lit. b GDPR, as the processing is necessary for pre contractual measures or the potential establishment of a contractual relationship.

Where processing is necessary for legal obligations, the legal basis is Art. 6 para. 1 lit. c GDPR.

Where processing is necessary for documentation, legal defence, compliance checks, conflict checks or the protection of legitimate business interests, the legal basis is Art. 6 para. 1 lit. f GDPR.

Where you have given consent for specific processing activities, the legal basis is Art. 6 para. 1 lit. a GDPR. Consent may be withdrawn at any time with effect for the future.

Special Categories of Personal Data in Applications

We ask applicants and cooperation candidates not to submit special categories of personal data unless this is necessary for the specific application or legally required.

Special categories of personal data include, for example, information about health, religious beliefs, political opinions, trade union membership, racial or ethnic origin, genetic data, biometric data for identification purposes or data concerning sex life or sexual orientation.

If you voluntarily submit such data and the processing is necessary for the application procedure, the legal basis may be Art. 9 para. 2 lit. b GDPR, Art. 9 para. 2 lit. h GDPR, Art. 9 para. 2 lit. f GDPR or your explicit consent pursuant to Art. 9 para. 2 lit. a GDPR, depending on the specific case.

Recipients of Application Data

Application data is accessed only by persons involved in the application, selection or onboarding process.

This may include management, responsible department heads, HR related staff, project leads, legal or compliance advisors and external service providers where necessary.

If external software, hosting, email, form, cloud or communication providers are used for handling applications, they process data only where a legal basis exists and, where required, on the basis of a data processing agreement.

Application data is not disclosed to third parties for unrelated purposes.

Storage Period for Application Data

If the application or cooperation inquiry is successful, the submitted data may be further processed for the purpose of establishing and carrying out the employment, freelance, partnership, advisory or contractual relationship.

If the application or cooperation inquiry is rejected, withdrawn or not pursued further, we generally store the data for up to 6 months after completion of the application or selection process.

This storage period serves documentation and evidence purposes, in particular in case of legal claims.

A longer storage period may apply where statutory retention obligations exist, where legal claims are asserted or threatened, where longer documentation is required due to the nature of the cooperation, or where you have given consent to longer storage.

Inclusion in a Talent Pool or Partner Pool

If we are unable to offer you a role, project or cooperation immediately, we may ask whether you agree to be included in a talent pool, candidate pool, partner pool or comparable internal contact list.

Inclusion in such a pool takes place only on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR.

If you consent, we may store your application data in order to contact you regarding future opportunities, roles, projects or cooperation possibilities.

You may withdraw your consent at any time with effect for the future. In that case, your data will be deleted from the respective pool unless another legal basis permits or requires further storage.

Data stored in a talent pool or partner pool is generally deleted after 2 years unless you renew your consent or another legal basis applies.

Applications Through Online Forms

If applications or cooperation inquiries are submitted through an online form on this website, the information provided in the form is processed as described in this section and in the section on Fluent Forms Pro.

Depending on the form, the processed data may include uploaded documents, form fields, consent declarations, IP address, submission time and technical metadata.

Form based applications are processed for the purpose of handling the application or cooperation inquiry.

Further information on the technical processing of form submissions can be found in the section “Fluent Forms Pro” in this Privacy Policy.

General Information

We use cloud, office and communication services to organise business processes, manage inquiries, store documents, communicate with clients and business partners, coordinate projects and administer internal workflows.

In this context, personal data may be processed in cloud based systems, email systems, document management systems, calendar tools, collaboration tools and internal databases.

The processed data may include name, contact details, company information, communication content, documents, contracts, invoices, project files, application documents, meeting notes, calendar data, metadata, access data and other information required for the respective business process.

The legal basis for such processing is Art. 6 para. 1 lit. b GDPR where processing is necessary for the performance of a contract or pre contractual measures.

Where processing is required to comply with legal obligations, the legal basis is Art. 6 para. 1 lit. c GDPR.

Where processing serves internal administration, secure document management, business organisation, project coordination, legal defence or efficient communication, the legal basis is Art. 6 para. 1 lit. f GDPR.

Where consent is required in individual cases, processing is based on Art. 6 para. 1 lit. a GDPR.

Microsoft 365

We may use Microsoft 365 services for email communication, document management, calendar management, internal collaboration and office related business processes.

Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Microsoft 365 may include services such as Outlook, OneDrive, SharePoint, Microsoft Teams, Microsoft Word, Microsoft Excel, Microsoft PowerPoint and other Microsoft business applications.

In the context of using Microsoft 365, personal data may be processed by Microsoft on our behalf. This may include contact data, communication data, documents, metadata, access data, calendar data, file content, technical log data and usage data.

Microsoft may process data in countries outside the European Union or the European Economic Area. Where such transfers take place, Microsoft relies on legally recognised transfer mechanisms, including standard contractual clauses and other appropriate safeguards.

The use of Microsoft 365 is based on Art. 6 para. 1 lit. b GDPR where processing is required for contractual or pre contractual purposes.

In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in secure, structured and efficient business administration, communication and collaboration.

Further information can be found in Microsoft’s Privacy Statement at https://privacy.microsoft.com/privacystatement.

Information on Microsoft’s data protection terms can be found at https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.

Outlook and Email Communication

We may use Microsoft Outlook and Microsoft Exchange related services for email communication.

When you communicate with us by email, the content of the email, your email address, your name, technical transmission data, metadata and any attachments may be processed.

Email communication is processed for the purpose of responding to inquiries, coordinating projects, managing business relationships, fulfilling contractual obligations and documenting communication.

The legal basis is Art. 6 para. 1 lit. b GDPR where email communication relates to contractual or pre contractual matters.

In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in reliable, secure and efficient communication.

Where email communication is subject to statutory retention obligations, processing is based on Art. 6 para. 1 lit. c GDPR.

OneDrive and SharePoint

We may use OneDrive and SharePoint for document storage, document sharing, project work, internal organisation and collaboration.

Provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

When documents are stored, shared or edited through OneDrive or SharePoint, personal data contained in the respective documents may be processed. This may include client information, project information, application documents, contract documents, invoices, correspondence, meeting notes and other business related data.

OneDrive and SharePoint may also process metadata, access permissions, change history, file names, timestamps, user information and technical log data.

The use of OneDrive and SharePoint is based on Art. 6 para. 1 lit. b GDPR where processing is necessary for contractual or pre contractual purposes.

In all other cases, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in secure, structured and efficient document management and collaboration.

Further information can be found in Microsoft’s Privacy Statement at https://privacy.microsoft.com/privacystatement.

Data Security in Cloud and Office Systems

We use appropriate technical and organisational measures to protect personal data processed through cloud and office systems.

These measures may include access restrictions, role based permissions, password protection, encryption, multi factor authentication, internal authorisation concepts, data minimisation, confidentiality obligations and documented internal procedures.

Access to personal data is limited to persons who require access for the respective business purpose.

This website may contain links to external websites, platforms or third party content.

If you click on an external link, you leave our website. From that point onward, the privacy policy and data processing practices of the respective external provider apply.

We have no influence over the content, security or data processing of external websites. Before using external websites, you should review the respective privacy information of the provider.

External links are provided on the basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in providing users with relevant further information and professional references.

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

These measures are selected based on the type, scope, context and purpose of processing as well as the risk to the rights and freedoms of natural persons.

Security measures may include encrypted transmission, secure hosting, access control, password protection, user permission management, internal confidentiality rules, technical monitoring, regular updates, backup concepts and careful selection of service providers.

We continuously review and adjust our security measures where required by technical, organisational or legal developments.

Some of the service providers and technologies used by us may process personal data outside the European Union or the European Economic Area.

Such transfers may occur, in particular, where providers use servers, affiliated companies or subcontractors in third countries.

Where personal data is transferred to third countries, we ensure that the requirements of Art. 44 et seq. GDPR are met.

A transfer may be based on an adequacy decision of the European Commission, certification under the EU US Data Privacy Framework, standard contractual clauses approved by the European Commission, binding corporate rules or another legally recognised safeguard.

Where no adequacy decision exists and no other appropriate safeguards are available, a transfer may take place only in exceptional cases where the requirements of Art. 49 GDPR are met, for example based on explicit consent or where the transfer is necessary for the performance of a contract.

Details on specific third country transfers are provided in the respective sections of this Privacy Policy where applicable.

Some providers based in the United States may be certified under the EU US Data Privacy Framework.

The EU US Data Privacy Framework is an adequacy mechanism recognised by the European Commission for certified organisations in the United States.

Where a provider is certified under the EU US Data Privacy Framework, personal data may be transferred to that provider on the basis of the adequacy decision, provided that the certification covers the relevant processing activities.

Further information and a list of certified organisations can be found at https://www.dataprivacyframework.gov.

Where providers are not certified or where certification does not cover the relevant processing, we rely on other legally recognised safeguards where required.

We do not use automated decision making within the meaning of Art. 22 GDPR that produces legal effects concerning you or similarly significantly affects you.

If automated decision making or profiling is introduced in the future, we will inform you separately where legally required.

Analytics, marketing or advertising tools may create usage based profiles or target groups where such tools are used and where you have given the required consent. Details can be found in the respective sections of this Privacy Policy.

You are not legally required to provide personal data when visiting this website.

However, certain data is technically necessary to provide the website. Without this data, the website may not be displayed correctly or securely.

Where you contact us, submit forms, apply for a role, request services or enter into a contractual relationship with us, certain personal data may be necessary to process your request or perform the contract.

If you do not provide required data, we may be unable to process your inquiry, provide requested services, conclude a contract or communicate with you.

You are not legally required to provide personal data when visiting this website.

However, certain data is technically necessary to provide the website. Without this data, the website may not be displayed correctly or securely.

Where you contact us, submit forms, apply for a role, request services or enter into a contractual relationship with us, certain personal data may be necessary to process your request or perform the contract.

If you do not provide required data, we may be unable to process your inquiry, provide requested services, conclude a contract or communicate with you.

This Privacy Policy is intended to provide transparent information on the processing of personal data in connection with this website and our related business processes.

If individual services, tools or functions described in this Privacy Policy are not active on this website, the corresponding sections should not be included in the final published version.

For questions regarding data protection, you may contact us at:

datenschutz@blacksdglobal.com