Privacy Policy

This website has been technically designed to provide you with the maximum level of data protection during your visit: There is explicitly no tracking or analysis of your visit to this website. In order to compile general access statistics, we register your accesses with an anonymised IP address in our database.

These notices apply to your visit to the website as well as to a specific order.
These notices give you an overview of the processing of your personal data by the person responsible and your rights as a data subject under data protection law. Which of your data is processed specifically and in what way depends on the functionalities of the website used in each case or on the commissioned or agreed services.
This information also applies to current and future persons authorized to represent and beneficial owners and the possible contractually agreed contact persons of legal entities. In such a case, we ask that you pass this information on to these people.

1. Who is responsible for data processing and who can I contact?

Responsible in terms of data protection law is:

Hansjoerg Mueller
Peter-Haupt-Str. 42
DE-97080 Wuerzburg


Phone: +49 (0)172 844 3414 (calls only via WhatsApp or Telegram)

If you have any questions about the processing processes at the person responsible or want to assert your rights under data protection law, please send your request to the aforementioned address.

2. Which sources and data do we use?

We process personal data that we receive from our customers as part of our business relationship. In addition, to the extent necessary for the provision of our service, we process personal data that we have legitimately received from other companies (e.g. to fulfill contracts, to execute orders or on the basis of your consent). On the other hand, we process personal data from publicly accessible sources (e.g. press, media, internet, etc.), insofar as we were permitted to collect them or were legitimately transmitted by third parties.

In our procedures, we process relevant personal data of natural persons from interested parties, customers and all other natural persons who are in direct or indirect contact with us, e.g. B. also from employees of legal entities, but also from visitors to our websites and apps and, if applicable, applicants.

Relevant personal data are essentially: Name, address and other contact data, data from the fulfillment of our contractual obligations, documentation data, data on the use of our telemedia (websites and apps, newsletter) and other data comparable to the categories mentioned .

Processing within the meaning of the GDPR basically means any process related to personal data, i.e. in particular the collection, storage, use, transmission or deletion of personal data.

When you access our website, your browser transmits the following data: IP address, date, time, accessed pages, logs, status code, amount of data, referrer, user agent and accessed host name. In the server access log files, your IP address is stored anonymised and the log entry is deleted after 60 days. Faulty page accesses are logged in a separate log file without anonymised IP address and deleted after 7 days.

To compile statistics, we also store the following data of your access for 180 days in our database: IP address (anonymised), date, time, accessed pages, logs, status code, data volume, referrer and accessed host name.

The comment function on our blog stores the IP addresses of users who post comments. We need this data in case someone writes illegal content. In this case, we could be prosecuted for the comment ourselves and are therefore interested in the identity of the comment author. However, these comment IP addresses are deleted as soon as we have read the comments. This usually takes place within one to two days. After 7 days at the latest, the IP address is automatically deleted. As a commenter, you can subscribe to follow-up comments; to do so, you will receive a confirmation email to verify that you are the owner of the email address entered. You can unsubscribe from ongoing comment subscriptions at any time. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is the needs-based design of the website.

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):

  • To fulfill contractual obligations (Art. 6 Para. 1 lit. b GDPR)

The processing of personal data takes place to provide services within the framework of the implementation of our contracts with our customers and our suppliers and service providers or to implement pre-contractual measures that are carried out at your request (e.g. from interested parties).

The purpose of the data processing depends specifically on the respective product and can include, among other things, needs analyzes and consulting services. Further details on the purpose of data processing can be found in the respective contract documents and terms of business and use.

  • As part of the balancing of interests (Article 6 (1) (f) GDPR)

We process data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties, unless your interests in the protection of your personal data prevail.

  • On the basis of your consent (Art. 6 Para. 1 lit. a GDPR)

If you have given us your consent to process personal data for specific purposes (e.g. forwarding of data in the group, evaluation of usage behaviour), the processing is lawful on the basis of your consent.

Given consent can be revoked at any time. This also applies to declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. The revocation of consent does not affect the legality of the processing activities carried out by us up to the time of revocation.

  • Due to legal requirements (Art. 6 Para. 1 lit. c GDPR)

For us, legal obligations result directly from the law, especially from tax law. The resulting storage obligations for invoice-relevant documents and commercial letters entitle us to store personal data for up to 10 years, in the case of legally established claims, claims from enforceable settlements or enforceable documents, etc. also for up to 30 years.

4. Who gets your data (Who is the recipient of your data)?

We only pass on your data to third parties if this is necessary to fulfill our contractual and legal obligations. Service providers commissioned by us, such as web hosts and vicarious agents, can also receive data for these purposes if they maintain data secrecy and the data protection instructions that they have received from us.

Other data recipients may be those bodies for which you have given us your consent to data transmission. In individual cases, there may be other recipients of your data due to the special nature of the subject matter of the contract with you. These are then mentioned separately in the contract documents and the terms and conditions for the specific transaction.

5. Will data be transferred to a third country or to an international organization?

Your data will only be transferred to countries outside the European Union (third countries or non-EU countries) if this is necessary to fulfill the contract, you have given us your consent or as part of order processing on the basis of a legitimate interest.

Just as we use service providers in a third country, they are obliged to comply with the data protection level in Europe in addition to our written instructions through the agreement of the EU standard contractual clauses.

6. How long will your data be stored?

We process and store your personal data to the extent necessary for the duration of our business relationship, which e.g. B. also includes the initiation and execution of the contract. We would like to point out that the business relationship is a continuing obligation, which is usually designed to last for years.

We are also subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the Fiscal Code (AO), among other things. The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also based on the statutory limitation periods, which according to §§ 195 ff of the German Civil Code (BGB) can usually be three years, but can also be thirty years in certain cases.

7. What rights do you have as a data subject?

Every data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure (“right to be forgotten”) under Art. 17 GDPR, the right to restriction of processing ( Blocking) according to Art. 18 GDPR, the right to object according to Art. 21 GDPR (you will find separate information on this at the end of this data protection notice) and the right to data portability under Art. 20 GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to deletion. Finally, you still have the right to lodge a complaint with the supervisory authority in accordance with Art. 77 GDPR in conjunction with Section 19 BDSG.

If you have given us your consent to the specific processing of your personal data, you can revoke this at any time for the future. This also applies to declarations of consent that were given to us before the GDPR came into force, i.e. before May 25, 2018. The revocation of consent does not affect the legality of the processing activities carried out by us up to the time of revocation.

8. Are you obliged to provide your data?

As part of the business relationship with you, you only have to provide the personal data that is necessary for the establishment, implementation and termination or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or carry out your order, or we will no longer be able to carry out an existing contract and may have to terminate it.

9. To what extent is there automated decision-making?

In order to establish and implement the business relationship, we generally do not use fully automated decision-making in accordance with Article 22 GDPR. If we use this procedure in individual cases, you will be informed separately if this is required by law.

10. Does profiling take place?

We also do not process your data for profiling.

Information about your right to object according to Art. 21 GDPR

Individual right to object

You have the right, for reasons that arise from your particular situation, at any time against the processing of personal data relating to you, which is based on Article 6 (1) (f) GDPR (data processing on the basis of a legitimate interest) takes place to file an objection.

Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object to this type of processing at any time.

The objection can be made in any form and should be sent to the above email address.