Privacy Notice

(Effective November 2025)

 

This Privacy Notice provides an overview of how your personal data (hereinafter also referred to as “data”) is processed within our company and informs you about your rights under applicable data protection laws.
Applicable data protection law depends on the origin of the data subjects and the location of the responsible entity:

• Switzerland: For personal data of Swiss citizens, the Swiss Federal Act on Data Protection (“FADP”) and the Ordinance to the Federal Act on Data Protection (“OFADP”) apply.
• Germany: The European General Data Protection Regulation (“GDPR”), the German Federal Data Protection Act (“BDSG”), and the Telecommunications-Digital Services Data Protection Act (“TDDDG”) apply.
• Other EU countries: The European General Data Protection Regulation (“GDPR”) and its national implementations apply

Please review this Privacy Notice carefully and, if necessary, print or save it for your records.

Personal data refers to all information that can be used to identify you personally. The processing of your personal data may serve various purposes. Essentially, the data processing activities carried out by PrimeSoft Group AG, Bahnhofstrasse 4, 8360 Eschlikon, Switzerland (hereinafter also referred to as “PrimeSoft” or “we”) can be divided into the following areas:

• General information on data protection, processing activities, and data subject rights applicable to all processing activities can be found in Section A.
• In connection with our website primesoft-group.com (hereinafter: “website”) or comparable external online presences such as our social media profiles, we process data exchanged between your internet-enabled devices and our servers, as well as other data you provide when using these online presences. Details are provided in Section B.
• In connection with our online events (e.g., live webinars, digital events, training sessions, presentations), we process participant data, including data exchanged between your devices and the platform used for the event, as well as data you provide during use. Details are provided in Section C.
• Business partner and supplier data is processed exclusively for order placement, processing, and execution. More information is provided in Section D.

Please refer to the relevant sections for quick and context-specific information about particular processing situations.

A. General Information on Data Protection and Data Subject Rights

 

I. Who is responsible for data processing and whom can you contact?

The controller under the GDPR and other applicable data protection laws is:

PrimeSoft Group AG
Bahnhofstrasse 4
8360 Eschlikon
Switzerland

Phone: +41 58 510 26 26
Email: info@primesoft-group.com

 

II. What rights do you have regarding your personal data?

If your personal data is processed, you are a “data subject” under the GDPR or FADP and may have the following rights:

1. Right of Access

You can request confirmation and information about whether and to what extent we process your data (Art. 15 GDPR / Art. 8 FADP).

2. Right to Rectification

You have the right to correct inaccurate or incomplete data (Art. 16 GDPR / Art. 5 FADP).

3. Right to Erasure

If the legal requirements of Art. 17 GDPR or Art. 32 nFADP are met, you may request that we delete your data, provided we process it unlawfully or the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons preventing immediate deletion, e.g., in the case of legally regulated retention obligations.
Regardless of exercising your right to erasure, we will fulfill our legal deletion obligations by promptly and completely deleting your data after the processing purpose has ceased, unless a contractual or statutory retention period opposes this.

4. Right to Restrict Processing

In the cases specified in Art. 18 GDPR, you may request that we restrict the processing of your data. If you have restricted the processing of your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest.

5. Right to Data Portability

According to Art. 20 GDPR or Art. 28 para. 1 FADP, you have the right to receive the data you have provided to us, which we process automatically based on your consent or in fulfillment of a contract, in a commonly used, machine-readable format, or to have it transmitted to a third party. If you request the direct transfer of the data to another controller, this will only occur if it is technically feasible. The right to data portability does not apply to processing personal data necessary for performing a task carried out in the public interest or in the exercise of official authority vested in the controller.

6. Right to Object

If we process your data based on legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR, you may object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or the processing serves the establishment, exercise, or defense of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising purposes; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes. You may object to the processing of your data for direct marketing purposes at any time without providing reasons.

7. Right to Withdraw Consent

Some data processing operations are only possible with your explicit consent within the meaning of Art. 6 para. 1 lit. a GDPR or Art. 6 no. 7 nFADP. You may revoke consent already given at any time with effect for the future. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation. Please note that even after revoking consent, processing of the affected data may still be possible in whole or in part on the basis of other legal grounds.

8. Right to Lodge a Complain

You have the right to file a complaint with a data protection authority.
Without prejudice to any other administrative or judicial remedy, you have the right under the GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your workplace, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).
A list of data protection supervisory authorities and their contact details can be found by German users of our online presences at the following link: http://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you believe that we have violated applicable data protection law when processing your data, please contact us so that we can clarify any questions.
You also have the right to contact the supervisory authority responsible for us based on our company headquarters:

Federal Data Protection and Information Commissioner
Feldeggweg 1
CH - 3003 Bern

III. Which personal data is processed and from which sources does this data originate?

 

1. Origin of personal data

Through our websites, we process data that we receive during your visit or that you actively provide to us during your use (e.g., when using our contact form or a chat function). Other data is automatically collected by our IT systems when you visit the website. These are primarily technical data (e.g., internet browser, operating system, or time of a page view). The collection of this data occurs automatically as soon as you enter our website or access one of our services. Details can be found in Part B.

In addition, we process – insofar as necessary for the provision of our services or for fulfilling a contract with you – data that we have lawfully received from other companies in our corporate group or partner companies, or from locally responsible companies integrated into our distribution system with which we maintain a permanent business relationship. Part of the PrimeSoft Group includes, in addition to the responsible entity:

• PrimeSoft AG, Bahnhofstr. 4, 8360 Eschlikon, Switzerland
• PrimeSoft (Schweiz) AG, Bahnhofstr. 4, 8360 Eschlikon, Switzerland
• PrimeDocs GmbH, Agnes-Pockels-Bogen 1, 80992 Munich, Germany

In individual cases, we also process data that we have lawfully obtained from other third parties such as credit agencies, creditor protection associations, or authorities, or that we have lawfully taken, received, or acquired from publicly accessible sources (e.g., telephone directories, company registers, press, internet, or other media).

2. Categories of personal data

The personal data we regularly process includes basic personal and contact details such as:
Title, first and last name, salutation, date of birth, address, email address, telephone number, fax number, position in the company.

In addition, depending on the order, service, or other relationship with you, we process the following additional personal data:

• Address data: Street, house number, any address additions, postal code, city, country
• Contact data: Telephone number(s), email address(es)
• Registration data: Information about the service you registered for; timestamps and technical information on registration, confirmation, and deregistration; data provided by you during registration
• Offer data
• Access data: Date and time of visits to our online presences; the page from which the accessing system reached our site; pages accessed during use; session identification data (Session ID); as well as the following information from the accessing computer system: IP address, browser type and version, device type, operating system, and similar technical information
• Information about the nature and content of our business relationship: Contract data, order data, revenue and document data, customer and supplier history, consulting documents
• Advertising and sales data
• Documentation data (e.g., data from service calls or support cases)
• Other data that we receive from you in the course of our business relationship (e.g., during customer meetings)
• Documentation of consent declarations

IV. For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of applicable data protection law, in particular on the following bases:

1. Fulfillment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)

Processing of personal data occurs to fulfill our contractual obligations, particularly in connection with the operation of our online presences, as well as all activities typically required for the operation and administration of our company (e.g., customer and user management). Data may also be processed at the pre-contractual stage during business initiation or when carrying out other contractual relationships with us.

Examples include:

• Creating and maintaining a partner or supplier account in our CRM system
• Creating and maintaining customer/prospect files or our customer/prospect database in our CRM system
• Sending information
• Offering and selling products
• Offering and providing our services
• Planning and conducting online events

Details on the purpose of these data processing activities can be found in the respective contractual documents and terms and conditions.

2. Protection of legitimate interests (Art. 6 para. 1 lit. f GDPR)

Based on a balancing of interests, data processing may occur beyond the actual fulfillment of a contract to protect our legitimate interests or those of third parties. This is permissible unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail. Examples include:

• Provision of our online presences, their functions, and content
• Use of technically necessary cookies or comparable technologies under § 25 para. 2 TDDDG
• Responding to contact inquiries and communication with users
• Transmission of data to affiliated companies and partners
• Execution of payment transactions via external service providers
• Use of collection agencies and lawyers to collect and/or enforce claims in court
• Assertion of other legal claims and defense in legal disputes
• Advertising or marketing
• Market and opinion research
• Measures for business management and development of our services
• Maintaining databases of customers/prospects or service providers to improve our offering
• Conducting risk assessments (due diligence) in the context of corporate restructuring or acquisition/sale
• Ensuring IT security and IT operations of our company and services
• Measures for building and facility security

3. Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR)

Processing of your data may be necessary to fulfill various legal obligations and requirements to which we are subject, e.g., from commercial or tax laws.

4. Consent (Art. 6 nos. 6 and 7 FADP; Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TDDDG)

Some data processing operations are only possible based on your explicit consent.
If we request your consent within the scope of the FADP, this is based on Art. 6 nos. 6 and 7 FADP.

If we request your consent within the scope of the GDPR, this is based on Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR.For example, if a service we use stores or accesses information on the user’s terminal device in any way, consent is required under § 25 para. 1 sentence 1 TDDDG. If the service functions without any access to the terminal device, the TDDDG does not apply.

If you have given us consent to process your data in an individual case, processing will occur in accordance with the purposes specified in the consent declaration and to the extent agreed therein. Consent given, e.g., for sending a newsletter, can be revoked at any time with effect for the future. Please contact us using the contact details provided in Section A, items I and II.

Please note that processing carried out before revocation is not affected by the revocation and that data processing may still be possible in whole or in part on the basis of another legal ground.

V. Who receives my data?

Your data is accessible to those employees or organizational units who need it to fulfill our contractual and legal obligations or to process or pursue our legitimate interests.

Depending on the request, we reserve the right to forward your data to the locally or professionally responsible company within the PrimeSoft Group for independent processing.

Your data will be forwarded for the initiation or execution of a contractual relationship (e.g., provision of a service or sale of goods) or – depending on the nature of the specific contractual relationship – as well as on the basis of our legitimate interests, particularly to companies that we regularly use in connection with the provision of our services or for contract processing. This includes the following recipients or categories of recipients:

• IT service providers (e.g., email service providers, web hosting companies)

• • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (software provider, web analytics/marketing)
  • HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (software provider CRM system, web analytics/marketing, contact, hosting, CMP)
• Sales partners
• Advertising/marketing partners
  • glaswerk Consulting AG - Digital Marketing & Sales, Brown Boveri Strasse 12, CH-5400 Baden
• Insurance companies
• Banks
• Communication providers (telephone providers, fax providers)
• Payment service providers
• Shipping and logistics providers
• Credit agencies
• Auditors
• Tax and legal advisors

If we use a service provider as a processor under Art. 28 GDPR or as a processor under Art. 9 nFADP, we remain responsible for protecting your data. Where legally required, processors are contractually obligated via a data processing agreement to treat your data confidentially and only process it within the scope of service provision. The processors we engage receive your data only if they need it to fulfill their respective service.

Data will only be transmitted to government agencies and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you instruct us to do so.

VI. How long will my data be stored?

Your personal data will only be used for the purpose for which you provided it or for which you gave us your consent and will be stored until that specific purpose is fulfilled. After complete processing of the purpose, or as soon as you request deletion of your data, your data will only be stored as long as necessary due to statutory limitation periods or retention periods (particularly of a tax or commercial nature). After all periods have expired, the data will be deleted unless you have expressly consented to further or different use. Even during retention periods, you may exercise rights such as blocking your data (see Section A, item II).
Your data will be deleted or blocked as soon as the purpose of storage ceases or you request deletion.
We generally process and store your data only until the end of the business relationship or until the expiry of applicable warranty, guarantee, and limitation periods. Beyond this, it may be necessary to retain data until the legally binding conclusion of any legal disputes in which the data is required as evidence.
Furthermore, we are subject to statutory documentation and retention obligations (e.g., of a commercial or tax nature), due to which we must store your data even after termination of a contract.

VII. Will personal data be transferred to a third country?

As part of our processing activities, personal data may, in certain business transactions or areas of activity, also be transferred to entities in so-called third countries outside the EU, Switzerland, or other EEA states that have not yet been certified by the EU Commission or the Swiss Federal Council as having an adequate level of data protection, for example, to the USA. If such a data transfer becomes necessary in an individual case, it will only occur if appropriate data protection can be ensured, e.g., based on an adequacy decision by the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection, or based on your explicit consent.
By playing one of the YouTube videos embedded on our website by clicking the play button, you consent (a) to the use of cookies by YouTube, which may also serve to analyze usage behavior for market research and marketing purposes by YouTube, and (b) under Art. 49 para. 1 sentence 1 lit. a GDPR to the processing of your data by YouTube in the USA. More details can be found below under Section B, item VI.

B. Use of Our Online Presences

In principle, you can visit our online presences and use them for informational purposes without having to provide any personal information (e.g., register, place orders, or otherwise transmit information about yourself). In this case, we only process personal data of our users insofar as this is necessary to provide a functional website and our content and services, or insofar as cookies used on the website transmit personal information when visiting the website. Information about the cookies we use ourselves can be found in Section B, item II. Other cookies may also enable our partner companies or third parties to recognize your browser on your next visit. For information on such third-party cookies, please refer to Section B, item III.
The processing of personal data of our users generally only takes place with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal provisions.

I. Hosting, Provision of the Website, and Creation of Log Files

Description of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device, which your internet browser automatically transmits to us or our web host (so-called log files). These server log files contain IP addresses or other data that allow assignment to a user. This could be the case, for example, if the link to the website from which the user accesses our site or the link to the website to which the user switches contains personal data.

We use the service HubSpot (HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland) for hosting content and designing and managing our website. HubSpot processes data you enter when using forms. Cookies or similar technologies may also be used to ensure the functionality of the site (e.g., preventing repeated display of the same content).

The following information is collected and stored by our hosting provider:

• Browser types and versions used
• Operating system used by the accessing system
• The website from which an accessing system reaches our website (referrer)
• The subpages accessed on our website
• Date and time of access
• Internet Protocol address (IP address)
• Internet service provider of the accessing system
• Other similar data and information used for defense against attacks on our IT systems

The data is stored in the log files of our web host. These data are not stored together with other personal data of the user.

Legal Basis and Purpose of Data Processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR. This information is also required to provide our website under § 25 para. 2 no. 2 TDDDG.
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address must remain stored for the duration of the session.
Storage in log files and anonymization of data ensures the functionality of the website. In addition, the data helps us optimize the website and ensure the security of our IT systems.

Duration of Storage / Objection and Removal Option

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collected to provide the website, this is the case when the respective session ends.
In the case of storage in log files, this occurs after no more than 7 days.
The collection of data to provide the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.

II. Cookies and Similar Technologies

1. Use of Cookies

Description

Our website uses cookies or similar methods and collects, processes, and uses usage data (e.g., access times, pages visited) or meta and communication data (IP address, device information).
Cookies are text files with a characteristic string that are stored in the internet browser or by the internet browser on the user’s computer system and enable the browser to be uniquely identified when the offer is accessed again. When a user accesses a website, a cookie can be stored on the user’s operating system. A cookie contains a characteristic string. The use of these cookies serves to make a web presence more user-friendly, effective, and secure. When you visit a website where a cookie is embedded, the data you enter is stored exclusively in the cookie on your computer. Data is only transmitted to the servers of our offer when a page is requested.
Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g., so that you can log in to the application and remain logged in across pages during your visit to our offer.
Other cookies remain on your device for a predetermined period and enable us to recognize your browser on your next visit (so-called persistent or protocol cookies). The purpose of using these cookies is to offer you optimal user guidance and to “recognize” you and present you with a varied website and new content during repeated use.
Cookies from partner companies or third parties can be used, for example, to collect information for advertising, personalized content, or statistics (“third-party cookies”). If we do not identify cookies as originating from third parties, they come from our offer (“first-party cookies”). We inform you separately about cookies from third parties or “tracking” technologies we use in the following sections of our privacy policy.
Flash cookies are stored as data elements from websites on your computer when they are operated with Adobe Flash. Flash cookies have no time limit.
We use various cookies and similar technologies to make our website more user-friendly.
Details on names, purposes, storage duration, type, and origin of the cookies and similar technologies used can be found in our cookie management tool embedded on the website.

Legal Basis and Purpose of Data Processing

The legal basis for processing personal data using technically necessary cookies within the meaning of § 25 para. 2 TDDDG is Art. 6 para. 1 lit. f GDPR. As the operator of online presences, we have a legitimate interest in ensuring the best possible functionality and security of the website as well as a user-friendly and effective design of the page visit, insofar as we do not request your consent under § 25 para. 1 sentence 1 TDDDG.
To obtain consent, we have integrated a Cookie Management Platform (“CMP”), see the following heading. This makes it easier for users to give consent for the individual categories of cookies and similar technologies we use or to manage them. The CMP blocks all categories of cookies that are not essential for the proper functioning of the website unless you consent to the use of additional tools. When you access our website, users are shown an interface for this purpose:
By clicking the “Accept” button, you can either allow all procedures or, via the “Cookie Settings” button, individually decide (by activating the respective selection sliders and clicking the final “Save Settings” button) for which cookies and/or cookie-based applications and subsequent data processing you give your consent.
Alternatively, you can reject all non-essential cookies by clicking the “Reject” button and use the website exclusively with cookies required for its operation.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

Duration of Storage / Objection and Removal Option

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically.
Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, you as a user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. An objection to the use of cookies for online marketing purposes, especially in the case of tracking, can be declared via a variety of services, primarily via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ or generally at http://optout.aboutads.info.
You can click the “Cookie Settings” button in the footer at the bottom left of our website to change your cookie settings. If you subsequently reload the website, you will be asked again for your cookie consent. If cookies are disabled for our website, some functions of the website may no longer be fully usable.

2. Hubspot Consent Management Platform (“CMP”)

Description of Data Processing

We use the cookie consent management platform of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, represented in Europe by HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (hereinafter referred to as “HubSpot”).

When you access our website, the CMP provides you with a pop-up window allowing you to see which cookies and similar technologies we use to design our website, what purpose they serve, and what data is stored or transmitted to third parties. Under “Cookie Settings,” you can view a cookie list divided into functional groups and then enable cookies grouped by function by clicking the corresponding checkbox and declare your consent to the use of cookies, or give your consent for all cookies overall.

When accessing our website, you can give your consent to the use of cookies and similar technologies according to your selected preferences.

Please note that technical cookies are already stored when you enter our website and the corresponding field is preset.

The CMP collects log file and consent data using JavaScript. This JavaScript enables informing the user about their consent to certain tags on our website and obtaining, managing, and documenting this consent. The CMP stores the selected setting and the consent you gave when entering the website and processes the following data:

• Consent data: anonymized log data (Consent ID, Processor ID, Controller ID), consent status, timestamp
• Device data: data of the devices used (e.g., shortened IP addresses (IPv4, IPv6), device information, timestamp)
• User data: user information (e.g., email, ID, browser information, setting IDs, changelog)

For this purpose, the cookie management tool itself stores a technically necessary cookie.

Legal Basis and Purpose of Data Processing

The legal basis for processing personal data through the use of cookies by the CMP is Art. 6 para. 1 letter f GDPR, to safeguard our legitimate interests in ensuring the best possible functionality and security of the website and a user-friendly and effective design of the page visit. For this purpose, the CMP uses technically necessary cookies to store the content of the consent you have given for your next visit. The use of such necessary cookies facilitates the use of websites for users and is therefore required for the provision of the service in accordance with § 25 para. 2 no. 2 TTDSG. Some functions of our online presences cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after leaving the page.

Duration of Storage / Objection and Removal Option

Cookies are stored on the user’s device and transmitted from the user to our site. Therefore, you as the user have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the corresponding settings in your internet browser. Cookies already stored can be deleted at any time. For the cookie used by the CMP, there is no possibility of objection, as otherwise the cookie consent tool embedded on our website could not store the cookie preferences given by users.

III. Statistical Analysis of the Website / Increasing Reach / Tracking to Measure the Success of Advertising Campaigns and Optimize Ad Display

1. HubSpot Ads

Description of Data Processing

On this website, we use the HubSpot service for various purposes. HubSpot is an email marketing and customer relationship management (CRM) system provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, and offered in Europe by HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. HubSpot is an integrated software solution that covers various aspects of our online marketing. These include, among others: email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), and contact forms.

We use HubSpot to manage and deliver our newsletter (see Section B, item VII.2 below) as well as inbound marketing in connection with various functionalities of our online presences.

The stored information is kept on HubSpot servers. The processed data can be used by us to gain detailed insights into how our online presences are used, to contact visitors to our website, and to determine which of our company’s services are of interest to them.

As part of optimizing our marketing measures, the following data may be collected and processed via HubSpot:

• Geographic location
• Browser type
• Navigation information
• Referrer URL
• Performance data
• Information on how often the application is used
• Mobile app data
• Login information for the HubSpot subscription service
• Files displayed locally
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of visit
• Source of application download
• Operating system
• Events occurring within the application
• Access times
• Clickstream data
• Device model and version

HubSpot uses so-called “web beacons” (invisible graphics or code) and cookies embedded in websites or emails and stored on users’ devices.

HubSpot also collects user data entered when you (a) subscribe to our newsletter or (b) fill out one of our contact forms. We forward your data to HubSpot, which processes the data exclusively on our behalf.

Please note: If you contact us via contact forms, personal data may be transmitted to service providers in third countries. These third countries do not have an adequate level of data protection. If data is transferred to the USA, there is a risk that your data may be processed by US authorities for monitoring purposes without you having any legal remedies.

Further information on data protection at HubSpot can be found at: https://legal.hubspot.com/de/privacy-policy.

Legal Basis and Purpose of Data Processing

The storage of HubSpot cookies and web beacons is based on § 25 para. 1 TDDDG.
We use the information collected via HubSpot on the basis of our legitimate interest in modern contact management in a CRM system, in optimizing our marketing, analyzing the use of our online presences, and continuously improving and designing them in a user-friendly manner, as well as to inform our users in a targeted manner (Art. 6 para. 1 lit. f GDPR).
As part of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured through standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security equivalent to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent pursuant to Art. 49 para. 1 lit. a GDPR may serve as the legal basis for the transfer to third countries.

Duration of Storage / Objection and Removal Option

The user can prevent the storage of cookies by disabling the storage of cookies in their browser settings. If the user wishes to have other personal data deleted, they can exercise their right of objection and removal as described in the general information under Section A.

2. Google Analytics

Description of Data Processing

This website uses functions of the web analytics service Google Analytics. The provider in Europe is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”), a subsidiary of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics also uses cookies. The information generated by a Google cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google processes the data and we receive reports about your user behavior. These reports may include, among others:

• Audience reports: Help us understand our users better and know who is interested in our services.
• Behavior reports: Show how you interact with our website. We can track the path you take on our site and which links you click.
• Real-time reports: Provide immediate insight into what is happening on our website, e.g., how many users are currently reading this text.

Google Analytics creates a random, unique ID using a tracking code, which is linked to your browser cookie. This allows Google Analytics to recognize you as a new user. When you visit our site again, you are recognized as a “returning” user. All collected data is stored together with this user ID, enabling pseudonymous user profile analysis.

Interactions on our website are measured using identifiers such as cookies and app instance IDs. Interactions include all types of actions you perform on our website. If you also use other Google systems (such as a Google account), data generated by Google Analytics can be linked to third-party cookies. Google does not share Google Analytics data unless we, as the website operator, authorize it. Exceptions may occur if legally required. The cookies used by Google Analytics can be found in the detailed information in our cookie management tool, which you can access under “Settings” by clicking the “?” icon.

Our website uses Google Analytics exclusively with the “anonymizeIp()” extension. This means your IP address is not fully stored and is shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area before transmission to the USA. Identification of the website visitor is excluded. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. Below is an overview of the main data collected by Google Analytics:

• Heatmaps: Show exactly which areas you click on, providing insights into where you navigate on our site.
• Session duration: Indicates the time you spend on our site without leaving. If you are inactive for 20 minutes, the session ends automatically.
• Bounce rate: Refers to when you view only one page on our website and then leave.
• Account creation: If you create an account or place an order on our website, Google Analytics records this data.
• Location: Your IP address can be used to determine your country and approximate location (IP geolocation).
• Technical information: Includes browser type, internet provider, and screen resolution.
• Source: Shows which website or advertisement brought you to our site.

This list is not exhaustive and serves only as a general overview of data storage by Google Analytics. For more information on how Google processes data, please read Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Legal Basis and Purpose of Data Processing

We use Google Analytics to evaluate the use of our website and services, compile reports on activities on our website and services, and provide other services related to website and internet usage. We also use Google Analytics to analyze data from AdWords and the DoubleClick cookie for statistical purposes. As the website and service operator, we have a strong interest in analyzing user behavior to optimize both our website and services as well as the offers and advertising placed there. Therefore, we ask for your consent to use Google Analytics and store Google Analytics cookies based on § 25 para. 2 TDDDG.
The information generated by the cookie about your use of our website or services is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated, your IP address will be shortened by Google within member states of the European Union or other contracting states of the Agreement on the European Economic Area before transmission. Nevertheless, in exceptional cases, the full IP address may be transmitted to a Google server in the USA and shortened there. By consenting to the use of Google Analytics cookies, you also agree under Art. 49 para. 1 sentence 1 lit. a GDPR that your data may be processed in the USA, provided the data transfer is not secured by EU standard contractual clauses. The USA is considered by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring purposes without you having any legal remedies. If you click the “Reject all cookies” button or make a restricted selection without Google cookies, the described transfer to Google does not take place. You can revoke your consent at any time with effect for the future.

Google wird diese Informationen benutzen, um Ihre Nutzung der Webseite bzw. der Dienste auszuwerten, um Reports über die Webseiten­aktivitäten für uns zusammen­zustellen und um weitere mit der Webseitennutzung und der Internet­nutzung verbundene Dienst­leistungen zu erbringen. Auch wird Google eigenen Angaben zufolge diese Informationen gegebenenfalls in eigener Verantwortung an Dritte übertragen, sofern dieses gesetzlich vorgeschrieben ist oder soweit Dritte diese Daten im Auftrag von Google verarbeiten. Google hat vertraglich zugesichert in keinem Fall Ihre IP-Adresse mit anderen Daten von Google in Verbindung bringen. Um dies sowie die für uns vorgenommene Daten­verarbeitung abzusichern, haben wir mit Google einen Vertrag zur Verarbeitung von Daten im Auftrag abgeschlossen.

Duration of Storage / Objection and Removal Option

Cookies are stored on the user’s computer and transmitted from the user to our site. Therefore, you as the user have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies already stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, some functions of the website may no longer be fully usable.
By installing the browser add-on to deactivate Google Analytics (http://tools.google.com/dlpage/gaoptout?hl=de), you can object to the use of your data and its collection by Google Analytics. This informs Google Analytics that no information about your website visit should be transmitted to Google Analytics.
Furthermore, you can install an opt-out cookie on your device via this link https://developers.google.com/analytics, especially for mobile browsers, to prevent future data collection by Google Analytics on our website. Please note that if you delete cookies on your device, you will need to reinstall the opt-out cookie.

3. Google Tag Manager

Description of Data Processing

Google Tag Manager is a solution provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: “Google”), which allows marketers to manage website tags via an interface. The Google Tag Manager itself (which implements the tags) is a domain without cookies and does not collect personal data.
However, the Tag Manager runs in the user’s browser, meaning at least information is stored in the memory of their device. To execute the Google Tag Manager, Google only learns the user’s IP address.
The Google Tag Manager triggers other tags that may themselves collect data. For these respective third-party providers, corresponding explanations can be found in this privacy policy. The Google Tag Manager does not access this data. If you have disabled cookies or otherwise opted out, this will be respected for all tracking tags implemented via Google Tag Manager; the tool does not change your cookie settings.
For more information on Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

Legal Basis and Purpose of Data Processing

The legal basis for using Google Tag Manager is Art. 6 para. 1 letter f GDPR, insofar as tags are executed that do not themselves require consent. Google Tag Manager serves to deploy other tools embedded on the website and is therefore necessary for providing the service under § 25 para. 2 no. 2 TDDDG. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after leaving the page. Otherwise, we request your consent under § 25 para. 1 TDDDG.

Duration of Storage / Objection and Removal Option

We use Tag Manager for Google services such as Google Analytics. If you have disabled these services, this will be respected by Google Tag Manager. See the explanations on Google Analytics under Section B, item III.2.

4. SalesViewer

Description of Data Processing

We use SalesViewer, a technology provided by SalesViewer GmbH, Huestr. 30, 44787 Bochum, Germany (hereinafter: “SalesViewer”).
SalesViewer collects and stores data for marketing, market research, and optimization purposes. From this data, usage profiles can be created under a pseudonym. For this purpose, tracking scripts are used to collect company-related data. According to SalesViewer, the entire tracking process works without the use of cookies or similar technologies (such as local storage or fingerprinting) and stores only IP-independent data points. No files are stored on users’ devices.

SalesViewer guarantees 100% GDPR compliance. This assurance and further information on data protection can be found at:
https://www.salesviewer.com/datenschutz.

Legal Basis and Purpose of Data Processing

We use SalesViewer based on our legitimate interests as a website operator (Art. 6 para. 1 lit. f GDPR) to collect and store data for marketing, market research, and optimization purposes.

Duration of Storage / Objection and Removal Option

You can object to the collection and storage of data at any time with effect for the future by clicking this link:
https://www.salesviewer.com/opt-out
to prevent SalesViewer from collecting data on this website in the future. An opt-out cookie will be placed on your device for this website. If you delete your cookies in this browser, you must click this link again.

IV. Additional Notes on Implemented Procedures, Plugins, and Tools for Website Design

1. SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser’s address line changes from “http://” to “https://” and by the lock symbol in your browser bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

2. Google Maps

Description of Data Processing

We integrate Google Maps via an API interface, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, offered in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display interactive maps and create route plans on our website.
To fully provide its service, Google Maps must collect and store data from you. This includes, among other things, the search terms you enter, your IP address, and latitude/longitude coordinates. If you use the route planner function, the entered start address is also stored. This data storage occurs on Google Maps websites. We can only inform you about this but have no influence over it. Each time Google Maps is accessed, Google sets at least one cookie (name: NID) to process user settings and data when displaying the page where the Google Maps component is integrated. This gives Google information such as your IP address or that you accessed the corresponding subpage of our website. This cookie stores data about your user behavior. Google primarily uses this data to optimize its own services and provide personalized advertising for you. This cookie is generally not deleted when you close your browser but expires after a certain period unless you manually delete it beforehand.
If you are logged into your Google account while using Google Maps, the aforementioned data will be directly associated with your account according to your user agreement with Google. If you do not want this association, you must log out of your Google account before using Google Maps functions.
Google stores your data as usage profiles and uses them for advertising, market research, and/or the design of its website to meet user needs. According to Google, such evaluation occurs (even for users not logged in) to provide personalized advertising and inform other users of the social network about your activities on our website.
We do not receive this data ourselves and do not initiate its collection. In the case of information requests and the assertion of user rights, we point out that these are most effectively addressed to Google as the provider of Google Maps and the responsible entity for this purpose. Only the providers have access to the users’ data and can take appropriate measures and provide information directly.

Legal Basis and Purpose of Data Processing

The use of Google Maps is based on our legitimate interests under Art. 6 para. 1 lit. f GDPR in providing a simple and effective way to reach us.

Duration of Storage / Objection and Removal Option

If you do not want this association with your Google profile, you must log out before using the subpage where Google Maps is embedded. You have the right to object to the creation of these user profiles, but you must exercise this right directly with Google. Please also note the Google opt-out plugin:
http://tools.google.com/dlpage/gaoptout?hl=de
and Google’s settings for displaying ads:
https://adssettings.google.com/authenticated.
If you do not agree to the future transmission of your data to Google when using Google Maps, you can also completely disable this service by turning off JavaScript in your browser. However, please note that this will make the corresponding functionality of our site unusable.

3. Google WebFonts (Local Hosting)

Description of Data Processing

We design our website using fonts from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, offered in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), and use the “Google Web Fonts” service, which enables access to Google’s font library. To provide the fonts, your browser loads the required Google Fonts into its cache. This is necessary so that your browser can display our texts in an improved visual format and correctly render the fonts used. In doing so, we process the IP address of the browser to which these contents are delivered during the website visit. Since we store the web fonts locally, to our knowledge, no data is transmitted to Google in the USA. However, we have no influence over the scope and further use of the data collected and processed by Google through the use of Google Web Fonts.

Legal Basis and Purpose of Data Processing / Duration of Storage / Objection and Removal Option

The integration of Google Web Fonts is based on our legitimate interests under Art. 6 para. 1 lit. f GDPR in the attractive design of our online presence and the technically secure and simple integration and display of fonts, their uniform presentation, and compliance with licensing restrictions when embedding fonts.
The collection of data for providing the website is absolutely necessary for the operation of our website. Consequently, there is no possibility of objection on the part of the user.
If Google Web Fonts involves further independent processing of data, Google is solely responsible as the controller. For more information on data protection and the storage duration of data collected by Google, please refer to Google’s privacy policy:
https://policies.google.com/privacy?hl=de&gl=de
Information on Google Web Fonts can be found at:
https://fonts.google.com/ and
https://developers.google.com/fonts/faq?hl=de-DE&csw=1.

4. reCaptcha (Invisible reCAPTCHA)

Description of Data Processing

To protect your registration or sign-up processes as well as your inquiries in our forms and input fields, we use the reCAPTCHA service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, offered in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google evaluates behavioral data and user actions (particularly mouse movements) of users. Unlike other reCAPTCHA methods, Invisible reCAPTCHA does not require additional queries (such as checkboxes or image puzzles). Instead, a JavaScript element is embedded in the source code. reCAPTCHA then runs in the background and analyzes user behavior. From the recorded user actions, the reCAPTCHA software calculates a captcha score, which Google uses to determine the likelihood that the subsequent input is made by a human or abusively by automated, machine processing (so-called “bots”).
Google reCAPTCHA uses so-called “cookies.” For this purpose, Google collects the following data: information about which page the CAPTCHA is embedded on, the IP address of the connection, referrer URL, information about the operating system used, screen and window resolution, the language set in the browser, the time zone you are in, browser plugins installed on your device, any other existing Google cookies, and mouse and keyboard behavior.
According to Google, the collected IP address is shortened within member states of the EU or other contracting states of the Agreement on the European Economic Area and only in exceptional cases transmitted unshortened to servers in the USA, where it is then shortened. The IP address transmitted by your browser as part of reCAPTCHA is not merged with other Google data according to Google. An exception may exist if you are simultaneously logged into your own Google account. In that case, however, Google processes your data outside our responsibility based on the terms of use agreed between you and Google.
For more information on how Google processes data, please read Google’s privacy policy:
https://policies.google.com/privacy?hl=de.

Legal Basis and Purpose of Data Processing

Data processing is based on our legitimate interests in ensuring the integrity and functionality of our online offerings and services. We have a legitimate interest in protecting our online offerings and services and their users from misuse (e.g., automated spying, DDoS attacks, or spam).

Duration of Storage / Objection and Removal Option

The collection of data for providing the website is absolutely necessary for the operation of our online offerings and services. Consequently, there is no possibility of objection on the part of the user. You can object to the collection and transmission of personal data or prevent the processing of this data only by disabling JavaScript execution in your browser or installing a JavaScript blocker. In this case, however, you will not be able to use the functions of our online offerings and services.
If you are already logged into a Google service, Google may combine this data based on the terms of use and privacy policy you accepted with Google. If you want to avoid this, log out of the Google service beforehand. For more information, please contact Google or visit:
https://policies.google.com/privacy?hl=de.

 

5. BootstrapCDN

Description of Data Processing

To optimize loading speed, design, and display of content on our website across different devices, we use the service BootstrapCDN, a Content Delivery Network (“CDN”). BootstrapCDN mirrors our content across various servers to ensure optimal global accessibility. This service is provided by StackPath, LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA (hereinafter referred to as “BootstrapCDN”).
To deliver our website content quickly, the service uses JavaScript libraries. Corresponding files are loaded from a StackPath server, which records your IP address. StackPath’s privacy policy explicitly states that StackPath uses aggregated and anonymized data from various services (including BootstrapCDN) to enhance security and for its own services. These data cannot be used to identify you personally.
As part of processing via BootstrapCDN, data may be transferred to the USA. The security of the transfer is ensured through standard contractual clauses with StackPath, which guarantee that the processing of personal data complies with GDPR-level security. If the standard contractual clauses are insufficient to establish an adequate level of security, your consent under Art. 49 para. 1 lit. a GDPR may serve as the legal basis for the transfer to third countries.

Legal Basis and Purpose of Data Processing

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in accelerating the loading times of our website and optimizing its performance.

Duration of Storage / Objection and Removal Option

To prevent the execution of JavaScript code from BootstrapCDN entirely, you can install a JavaScript blocker, such as noscript.net or ghostery.com. However, disabling or restricting JavaScript execution may result in some content and functions of our website not being fully available for technical reasons.

6. jQuery CDN

Description of Data Processing

To optimize loading speed, design, and display of content on our website across different devices, we use the service jQuery CDN, a Content Delivery Network (“CDN”). This service is provided by the jQuery Foundation and offered for the JS Foundation via the StackPath CDN by StackPath, LLC, 2021 McKinney Ave. Suite 1100, Dallas, TX 75201, USA (hereinafter referred to as “jQuery”).
To deliver our website content quickly, the service uses JavaScript libraries. Corresponding files are loaded from the CDN server unless they are already present in your browser cache from visiting another website. When connecting to the CDN server, your IP address is recorded.
StackPath’s privacy policy explicitly states that StackPath uses aggregated and anonymized data from various services (including jQuery) to enhance security and for its own services. These data cannot be used to identify you personally.
As part of processing via jQuery, data may be transferred to the USA. The security of the transfer is ensured through standard contractual clauses with StackPath, which guarantee that the processing of personal data complies with GDPR-level security. If the standard contractual clauses are insufficient to establish an adequate level of security, your consent under Art. 49 para. 1 lit. a GDPR may serve as the legal basis for the transfer to third countries.

Legal Basis and Purpose of Data Processing

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in accelerating the loading times of our website and optimizing its performance.

Duration of Storage / Objection and Removal Option

To prevent the execution of JavaScript code from jQuery entirely, you can install a JavaScript blocker, such as noscript.net or ghostery.com. However, disabling or restricting JavaScript execution may result in some content and functions of our website not being fully available for technical reasons.

V. Links to Websites of Other Providers

Our website may contain links to other websites. We have no influence on the content and design of the offerings of other providers. Therefore, the provisions of this privacy policy do not apply to external providers whose offerings or content we merely link to.
If you are redirected to other sites via links from our pages, please inform yourself there about the respective handling of your data.

VI. Online Presences on Social Networks and Platforms

Description of Data Processing

We maintain additional online presences within social networks or industry networks (such as LinkedIn) and platforms (such as YouTube) and link to them from our website. By clicking on the respective buttons (recognizable by the logos of the social networks or platforms), you will be taken to the respective online presence of the network. The purpose of these online presences is to communicate with customers, prospects, and users active there and to inform them about our services.
When accessing the respective networks and platforms, the terms of service and data processing policies of their respective operators apply.
Since the use of these networks occurs outside our website or services, we have no influence over this, unless otherwise stated below. However, we point out that when using the above-mentioned platforms and networks to which we link, data may also be processed in the USA by these companies and by the respective operators for market research and advertising purposes, including the creation of user profiles. If you are logged into the respective networks and platforms, they may also store cookies on your device to track your use of our platform or services and other information about your usage behavior.
Unless otherwise stated in our privacy policy, we only process user data when they communicate with us within the social networks and platforms, e.g., by writing comments or sending us messages.
To make it easier for you to find information about the respective data processing and the options for objection by the respective operators, we refer below to the privacy policies and information provided by the operators of the respective networks.

Legal Basis and Purpose of Data Processing

We process your personal data only within the scope of direct contact with us via the respective social network or interaction with our presence or its content. Unless otherwise stated in our privacy policy, we process user data based on our legitimate interests under Art. 6 para. 1 lit. f GDPR for effective user information and communication, provided that users communicate with us within the social networks and platforms (e.g., when users post contributions on our online presences or send us messages). If your contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
If, in connection with our presence on a social network, personal data is processed and the respective network alone decides on the purposes and means of processing, then the respective network is solely responsible for the processing. Please carefully check which personal data you share with us via a social network presence. If you want to avoid the social network processing personal data transmitted by you to us, please contact us via another method.

Duration of Storage / Objection and Removal Option

Duration of Storage / Objection and Removal Option

If you are a member of one of the social networks (SN) where we maintain online presences and do not want the SN to collect data about you through our offering and link it to your data stored with the SN, you must log out of your SN account before visiting our offering. For a detailed description of the respective processing, information on the duration of data storage by the respective SN, and the options for objection (opt-out), please refer to the links provided by the respective providers below.

Even in the case of information requests and the assertion of user rights, we point out that these are most effectively addressed to the providers. Only the providers have access to the users’ data and can take appropriate measures and provide information directly. Should you still require assistance, you may contact us.

 

LinkedIn

LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

• Privacy Policy: https://www.linkedin.com/legal/privacy-policy
• Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

YouTube

We occasionally use content or services from YouTube LLC, 901 Cherry Ave., San Bruno, California, CA 94066, United States (hereinafter: “YouTube”) to embed video content on our website via a plugin. YouTube is a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, which is part of Alphabet Inc.
Our YouTube videos are embedded in “enhanced privacy mode,” meaning that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play videos will the following data be transmitted. By embedding our videos via the domain youtube-nocookie.com, our YouTube videos can be played without the cookies normally set by YouTube. Nevertheless, when playing YouTube videos, data is transmitted to YouTube. This data transfer is neither initiated nor controlled by us.
If you play the embedded videos using this plugin (by clicking the play button), your IP address is sent to YouTube because YouTube cannot deliver the video content to your browser without the IP address. The IP address is therefore required for display. Furthermore, the YouTube server is informed which subpage of our website you visited. If you are logged into your YouTube account as a YouTube member, playing our videos also allows YouTube to associate your usage behavior directly with your personal profile.
To prevent this association, log out of your YouTube profile before playing our video content. Additional options to restrict the processing of your data can be found in the general settings of your Google account. In addition to these tools, Google also offers specific privacy settings for YouTube. Further information on data processing by YouTube can be found in YouTube’s applicable policies:
https://policies.google.com/technologies/product-privacy?hl=de&gl=de

 

VII. Active Use of Our Website

1. Contact Form and Email Contact

Description of Data Processing

Our online presences include contact forms that can be used for electronic communication. If a user takes advantage of this option, the data entered in the respective input fields will be transmitted to us and stored, in particular:

• First and last name *
• Company
• Email *
• Phone
• Subject *
• Message *

Fields marked with * are mandatory, as we consider them essential for verifying and responding to an inquiry. Without these, the contact form cannot be used.

At the time of sending your message via one of our contact forms, the following data is also stored:

• The user’s IP address
• Date and time of registration

Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email will be stored.

If you send us inquiries, your details, including the contact data you provide, will be stored in our Customer Relationship Management System (“CRM System”) HubSpot for the purpose of processing the inquiry and for any follow-up questions. HubSpot is provided by HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (see also Section VIII below).

Legal Basis and Purpose of Data Processing

The legal basis for processing the data transmitted via a contact form or email is Art. 6 para. 1 lit. f GDPR. If the contact form inquiry or email contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the input fields serves solely to handle the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.
Other personal data processed during the sending process serves to prevent misuse of the contact form and ensure the security of our IT systems.

Duration of Storage / Objection and Removal Option

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the input fields of the contact form and those transmitted via email, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and no legal requirements mandate longer storage.
If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case, unless legal requirements mandate longer storage.

 

2. Applications at PrimeSoft

Description of Data Processing

On our website, under the section “About Us” and “Careers” (https://primesoft-group.com/ueber-uns/karriere/), we occasionally provide information about open positions at PrimeSoft as well as opportunities for internships or training programs, or employment as part of a dual study program or as a working student.
If you send us your application in response to these postings or as an unsolicited application, we regularly process personal and contact details such as: first and last name, address, email address, telephone number, date of birth.
In addition, we process the data you provide in your application documents (CV, photographs, certificates, etc.). Which data is processed in detail depends primarily on the position to be filled. At a minimum, we require data regarding your previous educational/professional background, your qualifications, your skills, and personal details to assess whether your application matches the position to be filled. Processing your data is generally necessary in this context to prepare and conclude the application process. If you do not provide sufficient data, this may result in us being unable to consider you for the position, having to reject you as an applicant, or being unable to continue the application process.
We do not require any information that is not permissible under the German General Equal Treatment Act (AGG), the Swiss Gender Equality Act (GIG), or any other national or international equal treatment law. Please also do not send us confidential information or trade secrets of your former or current employer.
Within our company, only those employees or organizational units that need your data to fulfill our contractual and legal obligations or to process or pursue our legitimate interests will receive your data—primarily the HR department and the management level of the department in which the position is to be filled.
According to § 164 para. 1 sentence 4 SGB IX, we are obliged to inform the relevant representative for severely disabled persons about every incoming application from individuals with severe disabilities when applying to a German subsidiary and to share the relevant applicant data.

Legal Basis and Purpose of Data Processing / Data Recipients

The processing of personal data is primarily for the purpose of personnel selection to fill open positions and to initiate an employment relationship (Art. 6 para. 1 lit. b GDPR, or Art. 88 GDPR in conjunction with § 26 BDSG).
Based on a balancing of interests, data processing may also occur beyond the actual initiation of an employment contract to safeguard our legitimate interests in personnel selection and evaluation of whether an applicant and the position to be filled are a good match (Art. 6 para. 1 lit. f GDPR). This is permissible unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail. Data processing to safeguard legitimate interests occurs, for example, when using job boards, recruitment agencies, or service providers for conducting recruitment processes.
CVs, certificates, and other data you transmit to us may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in a trade union or political party, or sexual life. If you voluntarily provide us with such special categories of personal data (see Art. 9 para. 1 GDPR), processing will occur under the additional conditions of Art. 9 para. 2 GDPR.

Duration of Storage / Objection and Removal Option

Applicants with severe disabilities in Germany have the right under § 164 para. 1 sentence 8 SGB IX to refuse the involvement of the relevant representative for severely disabled persons and thus prevent notification to them. Please inform us during your application for a position in Germany if you wish to refuse such involvement.
If the application process ends with a rejection or you withdraw your application beforehand, we will store your data for a period of 6 months from that point to comply with potential proof obligations under the General Equal Treatment Act (AGG) and to defend against possible legal claims.
In the event of a successful application, we will store the applicant data provided for the purpose and duration of the employment relationship in the personnel file.

3. Newsletter

Description of Data Processing

We would like to regularly inform our customers and prospects with promotional messages about our services and other products, services, webinars, updates, or news via email or other electronic notifications (hereinafter referred to as “Newsletter”). For this purpose, we require your email address. Additional information may be requested in the respective newsletter registration forms to provide you with personalized content tailored to your interests.
You can subscribe to our newsletters by using the corresponding function in a registration form for receiving our newsletters or during a registration process by checking a box (so-called opt-in). We provide various options on our websites or within registration/order interfaces to register for our (possibly topic-specific) newsletters. The details of the respective newsletter content are specifically described in the registration form. This description is decisive for your consent.
After your registration, you will receive an email from us asking you to confirm your newsletter subscription again (so-called double opt-in procedure). This confirmation is necessary to ensure that no one else has misused your email address to subscribe to our newsletter under a false identity. Only after activating the hyperlink sent in the email will your email address be enabled for newsletter delivery.
For managing registrations and sending emails related to our newsletter, we use HubSpot, a software solution provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, and offered in Europe by HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (see Section B III.3). HubSpot enables us to automate the registration process and the required email delivery in a simple and user-friendly manner. Since HubSpot’s IT system is located in the USA, the registration data from the input forms is transferred to and processed in the USA. To ensure appropriate handling of the data we transmit, we have concluded a data processing agreement with HubSpot pursuant to Art. 28 GDPR, including EU standard contractual clauses for data transfer to third countries. Further information on HubSpot’s handling of personal data can be found at:
https://legal.hubspot.com/de/privacy-policy.
For verification purposes, the newsletter delivery also stores your email address, name, IP address, and registration date (“timestamp”).

Legal Basis and Purpose of Data Processing / Data Recipients

The legal basis for sending newsletters is the consent you provide as the recipient (Art. 6 para. 1 lit. a GDPR, Art. 7 GDPR in conjunction with § 7 para. 2 no. 3 UWG Germany (“Act Against Unfair Competition”), Art. 3 UWG Switzerland (“Federal Act Against Unfair Competition”). If consent is not required under applicable law (e.g., under § 7 para. 3 UWG Germany for existing customers), processing is based on our legitimate interest in direct marketing measures (Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG Germany).
Logging during the registration process is based on our legitimate interests under Art. 6 para. 1 lit. f GDPR in a secure and targeted newsletter system that meets both our business sales interests and the expectations and needs of recipients, as well as in the ability to provide proof of consent.

Duration of Storage / Objection and Removal Option

You can object to the sending of the newsletter at any time or revoke your consent to receive the newsletter in whole or in part. To do so, you will find an unsubscribe link at the end of each newsletter. You can also contact us directly using the contact details provided at the beginning.
Unsubscribing from the newsletter does not affect business communication. If necessary for contract processing, your data will remain stored with us. Furthermore, we reserve the right to retain the necessary evidence of lawful newsletter delivery until the expiration of statutory limitation periods.

VIII. Management Systems

1. CRM System (“HubSpot”)

Description of Data Processing

We use functionalities of the Customer Relationship Management (CRM) system HubSpot. HubSpot is a software solution provided by HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA, and offered in Europe by HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. HubSpot is an integrated software solution that covers various aspects of our online marketing, including email marketing, contact management (e.g., user segmentation & CRM), live chat, and contact forms.
We use HubSpot to manage and implement inbound marketing in connection with various functionalities of our online presences. The stored information is kept on HubSpot servers. The processed data can be used by us to gain detailed insights into how our online presences are used, to contact visitors to our website, and to determine which of our company’s services are of interest to them.
The HubSpot Forms feature enables easy creation and management of contact forms on this website to improve communication with visitors and efficiently handle inquiries.
HubSpot uses so-called “web beacons” (invisible graphics or code) and cookies embedded in websites or emails and stored on users’ devices. This involves collecting the IP address, geographic location, browser type, duration of visit, and pages accessed.
Additionally, data entered by users when subscribing to our newsletter or using one of our contact forms is processed via HubSpot Forms.
Further information on data protection at HubSpot can be found at:
https://legal.hubspot.com/de/privacy-policy.

Legal Basis and Purpose of Data Processing

We use the information collected via HubSpot based on our legitimate interest under Art. 6 para. 1 lit. f GDPR in optimizing our marketing and analyzing the use of our online presences, as well as their continuous improvement and user-friendly design, and to inform our users in a targeted manner.
The storage of HubSpot cookies and web beacons is based on Art. 6 para. 1 lit. f GDPR or § 25 para. 2 no. 2 TDDDG, unless we request your consent under Art. 6 para. 1 lit. a GDPR or § 25 para. 1 TDDDG.

Duration of Storage / Objection and Removal Option

Your data will be deleted from our CRM tool when the respective purpose of storage (e.g., processing an inquiry, termination of a customer relationship) no longer applies and no other legal exceptions exist. You may also exercise your right of objection and removal as described in Section A.

 

C. Planning and Conducting Online Events

I. Provision of Online Registration

Description of Data Processing

Our website provides contact forms that can be used for electronic communication. If a participant or interested party uses this option, the data entered in the respective input fields will be transmitted to us and stored.
Alternatively, contact can be made via the email addresses provided by us. In this case, the personal data transmitted with the email will be stored.

Legal Basis and Purpose of Data Processing

The legal basis for processing the data transmitted via a contact form or email is Art. 6 para. 1 lit. f GDPR. If the contact form inquiry or email contact aims at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the input fields serves solely to handle the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.
Other personal data processed during the sending process serves to prevent misuse of the contact form and ensure the security of our IT systems.

Duration of Storage / Objection and Removal Option

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the input fields of the contact form and those transmitted via email, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when it can be inferred from the circumstances that the relevant matter has been conclusively clarified and no legal requirements mandate longer storage.
The participant or interested party may revoke consent to the processing of personal data at any time. If the participant or interested party contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case, unless legal requirements mandate longer storage.

II. Registration for Our Digital Events

Description of Data Processing

For registration for our digital events, we use “Microsoft Teams” provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter: “Microsoft”). Through a landing page created with Microsoft Teams for the respective event, interested parties can register for our current digital events. If a user uses this option, the data entered in the respective input fields will be transmitted to us and stored after clicking the corresponding button (e.g., “Register”) or link.
We process the information provided in the respective input forms. After your registration, you will receive a confirmation email from us asking you to confirm your registration again (so-called double opt-in procedure). This confirmation is necessary to ensure that no one else has misused your email address to register for our event under a false identity. Only after activating the hyperlink sent in the email will your email address be enabled for further participation in the event.
With the registration data received, we will send you an invitation with a participation link to the event platform or online video communication service used for the respective type of digital event before the event begins.
We have concluded a data processing agreement with Microsoft pursuant to Art. 28 GDPR, under which the data provided by us may only be processed according to our instructions. In addition, we have concluded the so-called EU standard contractual clauses with Microsoft, which ensure that these providers guarantee protection of data transferred to the USA in accordance with GDPR requirements.
Shortly before the start of the event, we will usually send you a reminder email with the participation link to the respective event platform or online video communication service.

Legal Basis and Purpose of Data Processing

The legal basis for processing the data transmitted during the submission of an electronic registration is Art. 6 para. 1 lit. b GDPR, as the registration aims at concluding a contract; otherwise, Art. 6 para. 1 lit. f GDPR applies. If you consent to receiving our newsletter, Art. 6 para. 1 lit. a GDPR is the legal basis for processing the data required for this purpose. For details on newsletter delivery, please refer to Section B, item VII.3 above. Based on these legal grounds, we may also share your registration data with our event partners for planning and conducting the event, communication, and marketing purposes.
The data collected is processed and used for handling registrations, planning, and conducting the respective events. Further details on the legal and organizational framework can be found in the applicable participation terms.

Duration of Storage / Objection and Removal Option

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the registration form, this is generally the case when the respective event has ended.
All personal data stored during contact will be deleted at the latest when no legal requirements mandate longer retention.

III. III. Conducting Digital Events / Conference Tools

Description of Data Processing

At the specified date and time of the digital event, participants can log in via the participation link on the respective event platform.

When the user accesses the Microsoft Teams web application, Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA (hereinafter: “Microsoft”) is responsible for data processing. Microsoft Teams is part of the Office 365 cloud application, which generally requires a user account.

Accessing Microsoft’s website is only necessary to download the software required for using Teams. Teams can also be used by entering the meeting ID and login details directly in the Teams app. If participants do not want or cannot use the Teams app, basic functions are also available via a browser version provided by Microsoft.

Microsoft processes the following data during the execution of a digital event:

• User details: First name, last name, email address, password
• Metadata: Topic and description of the event, participant IP addresses, device/hardware information
• When dialing in by phone: Incoming and outgoing phone numbers, country name, start and end time; additional connection data such as device IP address may be stored
• Text, audio, and video data: Participants can use chat, question, or survey functions during an online meeting. Text entries made by participants are processed to display them during the event. To enable video display and audio playback, data from the device’s microphone and any video camera is processed during the meeting. Participants can disable the camera or mute the microphone at any time via the Teams application. In this case, no corresponding data is processed by Microsoft
• Recordings of the event: MP4 file of video, audio, and presentation recordings; M4A file of audio recordings; text file of the online meeting chat

The scope of data actually processed also depends on which data the user discloses before or during participation in the event.

Please note that Microsoft reserves the right to process participant data for its own purposes under the respective user agreement and Microsoft’s terms of service. We have no influence over these data processing activities by Microsoft. To the extent that Microsoft Teams processes personal data in connection with Microsoft’s legitimate business operations, Microsoft acts as an independent controller and is responsible for compliance with all applicable laws and obligations. Further information on the purpose and scope of data collection and its processing by Microsoft Teams can be found in Microsoft’s privacy statement:
https://privacy.microsoft.com/de-de/privacystatement
and Microsoft Teams privacy information:
https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.

If we record events, we will inform you transparently in advance and—where required—obtain your consent. The fact of recording will also be displayed in the Teams app. Unless we request separate consent, only the presentation part of the event will be recorded, which does not contain any personal data of participants or their content. To ensure this, we do not allow audio input or video recordings of participants during the presentation part. Any subsequent Q&A session will not be recorded.

Legal Basis and Purpose of Data Processing

The legal basis for data processing during the execution of our digital event is Art. 6 para. 1 lit. b GDPR, insofar as the events are conducted within the scope of a contractual relationship.
Where we obtain your explicit consent in special situations, such as recordings, Art. 6 para. 1 lit. a GDPR applies.
If no contractual relationship exists or the data processing is not directly necessary for contract execution, the legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the effective execution of our digital events as well as in the presentation, validation, and follow-up of our events. In particular, data on participation in our events is used to enable billing and/or proof of service delivery to third parties and to allow us to manage and administer our events. These data also help us analyze event utilization and draw conclusions about participant interests. With these insights, we can determine whether and in which areas future events need to be adapted or optimized.

 

Duration of Storage / Objection and Removal Option

The data we store will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the event, this is at the earliest after the conclusion of an event contract when the respective event service has been fully provided. As a rule, we retain contract-related data until the expiration of statutory warranty periods. In the case of subsequent statutory retention obligations, the deletion of the affected data will occur after the expiration of the retention period.

 

D. Contractual Relationships with Customers and Business Partners

I. Am I Obliged to Provide Data?

If you contact us with questions about our services, enter into contract negotiations with us, accept one of our offers, or have any other contractual agreements with us, we process the personal data you provide in this context. Which data is processed in detail depends primarily on the relevant goods or services you purchase from us or inquire about. Processing your data is generally necessary in this context for the preparation, conclusion, and execution of the contract. If you do not provide this data, we may have to refuse to conclude a contract or execute the order, or we may no longer be able to perform an existing contract.
If we use data in the context of initiating or fulfilling a contract with a customer, business, or cooperation partner, our interest in handling your data lies in enabling and maintaining communication with the customer or the respective business or cooperation partner, typically within the framework of a contractual or other relationship. If you act as a contact person—typically in your role as an employee of these companies—you generally have no overriding conflicting interest, as this interaction with us falls within your area of responsibility, so a right to object usually does not apply.
However, you are not obliged to consent to the processing of data that is not relevant for contract fulfillment or legally required.

II. Communication

We generally collect the necessary data from you personally during direct contact. However, you can also contact us by telephone, fax, post, or alternatively via the email address provided (see imprint) or the email addresses of our employees known to you. In the latter case, the personal data transmitted with the email will be stored. Please note that communication by email is technically unencrypted.
Your data will be used to process the conversation and follow up on the respective inquiry or discussion content. The processing of your data is based on Art. 6 para. 1 lit. b GDPR if the communication is related to the fulfillment of a contract or necessary for carrying out pre-contractual measures.
In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in effectively handling inquiries addressed to us.
There is no transfer of data to third parties in this context unless it is necessary to pursue our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR).

III. Data Processing in the Context of Sales

The processing of personal data is based on Art. 6 para. 1 lit. b GDPR for the provision of the service you commission us with, in particular for the execution of our contracts or pre-contractual measures, as well as all activities required for the operation and administration of PrimeSoft.
The purposes of data processing resulting from this depend primarily on the specific activities and individual services agreed with you and may include, among others, consulting activities or activities related to managing sales processes (e.g., compiling documents, sending PrimeSoft product or event information, providing PrimeSoft services) or supporting sales negotiations and contract conclusions.
Further details on the scope, purpose of data processing, and recipients of your data can be found in the respective contractual documents and associated terms and conditions.
Where necessary in the context of our business processes, we process your data beyond the actual fulfillment of the contract to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR).
We may also be subject to specific legal obligations in connection with offering or providing our services, such as requirements under tax law. The purposes of processing your data may therefore include fulfilling tax control and reporting obligations, customs or export regulations, and risk assessment and management. The necessary data processing for these purposes is based on Art. 6 para. 1 lit. c GDPR.

IV. Transfer of Data

Both during the inquiry or offer phase and during the contract execution phase, your data or documents may be transferred to public authorities or private service providers or persons with whom we regularly cooperate, depending on the scope of the service (see Section A, item V).

 

E. Miscellaneous

Due to the further development of our website, our services, or our other offerings, as well as changes in legal or regulatory requirements, it may become necessary to amend these privacy notices. The current version of the privacy notice can be accessed at any time on our website and printed if required.