Legal notice and privacy policy

Company

LF Consult GmbH
Im Himmelsberg 16
70192 Stuttgart
Tel:  +49 711 614078-54
Fax: +49 711 614078-50
Mail: info@lfconsult.de

Company headquarters: Stuttgart
Commercial register entry: Stuttgart Local Court HRB 23134
Managing Directors: Ulrich Färber, Pit Löllmann
VAT ID No.: DE223743222

Legal notice

Copyright

The texts, images, and videos used on this website are protected by rights of use or other industrial property rights of LF CONSULT GmbH or third parties. They are for informational purposes only and may not be reproduced, distributed, modified, or stored for commercial purposes.

All contact details published on this website are subject to data protection: Use by third parties to send unsolicited information is not permitted. LF CONSULT GmbH and all persons named on this website object to any commercial use of the data. LF CONSULT GmbH reserves the right to take legal action in the event of violations of this prohibition.

Liability

LF CONSULT GmbH is responsible for all information on this website in accordance with § 7 (1) TMG. This does not apply to linked external websites. LF CONSULT GmbH does not endorse their content and is not responsible for the content of linked sites. Their use is at your own risk. No illegal content was apparent at the time the links were created.

Privacy policy

As of August 2025 

I. Name and address of the controller 

The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is: 

LF CONSULT GmbH
Im Himmelsberg 16
70192 Stuttgart
Germany 
+49 711 614078-54
info@lfconsult.de
www.lfconsult.de

II. Name and address of the data protection officer 

The data protection officer of the controller is:   

DataCo GmbH
Sandstr. 33
80335 Munich
Germany
+49 89 7400 45840
www.dataguard.de 

III. General information on data processing 

1. Scope of personal data processing 

How we collect and use your personal data depends on how you interact with us or which services you use. We only collect, use, or share your personal data if we have a legitimate purpose and legal basis for doing so. 

2. Legal basis for processing personal data 

Consent (Art. 6(1)(a) GDPR)—You have given us your consent to process your personal data for the specific purpose we have explained to you. You have the right to withdraw your consent at any time. For more information on how to withdraw your consent, please refer to the “Exercising your rights” subsections in the following sections of this privacy policy. 

Contract (Art. 6 (1) (b) GDPR) - We need to use your data to fulfill a contract you have with us. Alternatively, it is necessary to use your data because we have asked you to do so or you have taken certain steps yourself before entering into this contract. 

Legal obligation (Art. 6 (1) (c) GDPR) - We must use your data to comply with the law. 

Vital interests (Art. 6 (1) (d) GDPR) - The processing of your data is necessary to protect your vital interests or those of another person. For example, to protect you from serious physical harm. 

Public task (Art. 6 (1) (e) GDPR) - The processing of your data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us, e.g. for a legal function. 

Legitimate interests (Art. 6(1)(f) GDPR) - The processing of your data is necessary to support a legitimate interest that we or another party have, only if your own interests do not outweigh this. 

Please note that we may not be able to provide you with our website services if your data is processed to fulfill a contract or legal obligation and you do not provide the requested data. 

3. Sharing of data and international transfer 

As explained in this privacy policy, we use various service providers to help us provide our services and ensure the security of your data. When we use these service providers, it is necessary for us to share your personal data with them. 

We have entered into agreements with all service providers to whom we disclose your data, obliging them to protect your data. 

If your personal data is transferred outside the EU, we ensure that your personal data receives an equivalent level of protection, either because the country to which your data is transferred has an “adequate” data protection standard according to the European Commission, or by applying another protective measure, such as an extended contractual agreement, i.e., the Standard Contractual Clauses (SCCs) adopted by the European Commission. 

For example, when we use US service providers, we rely on either the SCC or the EU-US Data Privacy Framework, depending on the provider. You can request a copy of the SCCs we have entered into with our service providers by sending an email to the email address provided in this Privacy Policy. 

IV. Rights of the data subject 

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller: 

1. Right of access (Art. 15 GDPR) 

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this data and to the following information: 

1. die Zwecke, zu denen die personenbezogenen Daten verarbeitet werden;
2. die Kategorien von personenbezogenen Daten, welche verarbeitet werden;
3. die Empfänger bzw. die Kategorien von Empfängern, gegenüber denen die Sie betreffenden personenbezogenen Daten offengelegt worden sind noch offengelegt werden;
4. die geplante Dauer der Speicherung der Sie betreffenden personenbezogenen Daten oder, falls konkrete Angaben hierzu nicht möglich sind, Kriterien für die Festlegung der Speicherdauer;
5. das Bestehen eines Rechts auf Berichtigung oder Löschung der Sie betreffenden personenbezogenen Daten, eines Rechts auf Einschränkung der Verarbeitung durch den Verantwortlichen oder eines Widerspruchsrechts gegen diese Verarbeitung;
6. das Bestehen eines Beschwerderechts bei einer Aufsichtsbehörde;
7. alle verfügbaren Informationen über die Herkunft der Daten, wenn die personenbezogenen Daten nicht bei der betroffenen Person erhoben werden;
8. das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling gemäß Art. 22 Abs. 1 und 4 DSGVO und – zumindest in diesen Fällen – aussagekräftige Informationen über die involvierte Logik sowie die Tragweite und die angestrebten Auswirkungen einer derartigen Verarbeitung für die betroffene Person.

Ihnen steht das Recht zu, Auskunft darüber zu verlangen, ob die Sie betreffenden personenbezogenen Daten in ein Drittland oder an eine internationale Organisation übermittelt werden. In diesem Zusammenhang können Sie verlangen, über die geeigneten Garantien gem. Art. 46 DSGVO im Zusammenhang mit der Übermittlung unterrichtet zu werden.

2. Right to rectification (Art. 16 GDPR)

If your personal data is inaccurate or incomplete, you have the right to request that it be corrected or supplemented without delay. 

3. Right to restriction of processing (Art. 18 GDPR) 

If one of the following conditions is met, you have the right to request a restriction on the processing of your personal data: 

• You dispute the accuracy of your personal data, for a period enabling us to verify the accuracy of the personal data.
• In the context of unlawful processing, you refuse to have the personal data deleted and instead request that the use of the personal data be restricted.
• We no longer need your personal data for the purposes of processing, but you need your personal data to assert, exercise, or defend your legal claims, or
• after you have objected to the processing, for the duration of the review of whether our legitimate reasons outweigh your reasons.

4. Right to erasure (“right to be forgotten”) (Art. 17 GDPR) 

If one of the following reasons applies, you have the right to request the immediate erasure of your personal data: 

• Your data is no longer necessary for the processing purposes for which it was originally collected.  
• You withdraw your consent and there is no other legal basis for the processing.  
• You object to the processing and there are no overriding legitimate grounds for the processing, or you object in accordance with Art. 21 (2) GDPR.  
• Your personal data is being processed unlawfully.  
• The erasure is necessary to comply with a legal obligation under Union law or the law of the Member State to which we are subject.  
• The personal data has been collected in relation to information society services offered in accordance with Article 8(1) GDPR. 

Please note that the above reasons do not apply if the processing is necessary: 

• To exercise the right of freedom of expression and information;  
• To fulfill a legal obligation or to perform a task carried out in the public interest and to which we are subject.  
• For reasons of public interest in the area of public health.  
• For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.  
• To assert, exercise or defend legal claims.  

5. Right to data portability (Art. 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format or to request its transfer to another controller. 

6. Right to object to certain data processing (Art. 21 GDPR) 

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR. This also applies to profiling based on these provisions. 

If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing. 

7. Right to lodge a complaint with a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. 

A list of the locally competent supervisory authorities in Germany can be found on the website of the Federal Commissioner for Data Protection at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html 

V. Provision of the website and creation of log files 

1. Description and scope of data processing 

Every time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. 

The following data is collected: 

• Information about the browser type and version used
• Date and time of access 

This data is stored in our system's log files. This data is not stored together with other personal data of the user. 

2. Purpose of data processing 

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. 

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context. 

3. Legal basis for data processing 

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR. 

4. Duration of storage 

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. 

In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or alienated so that it is no longer possible to assign the calling client. 

5. Exercising your rights 

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user can object to this. Whether the objection is successful must be determined by weighing up the interests involved. 

VI. Use of cookies

1. Description and scope of data processing 

When you visit our website, we use technical tools for various functions, in particular cookies, which may be stored on your device. When you visit our website and at any time thereafter, you have the choice of whether to generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our consent manager. 

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can be sent to the entity that sets the cookie. 

Below we describe the types of cookies we use: 

We use technically necessary cookies that are required for the technical structure of the website. Without these cookies, our website cannot be displayed (completely correctly) or the support functions are not possible. 

The following data is stored and transmitted by the technically necessary cookies: 

• Language settings
• Login information
• Search terms entered
• Frequency of page views
• Use of website functions

We use cookies on our website that are not technically necessary. Text files that do not solely serve the functionality of the website but also collect other data are considered technically unnecessary cookies. 

The following data is processed by setting technically unnecessary cookies: 

• IP address
• Date and time of the website visit

2. Purpose of data processing

The purpose of using technically necessary cookies is to ensure the functionality of our website. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change. 

We require technically necessary cookies for the following applications: 

• Transfer of language settings 
• Remembering search terms 
• Functionality of the website 

The use of technically unnecessary cookies is for the purpose of improving the quality of our website, its content, and thus our reach and profitability. By setting these cookies, we learn how the website is used and can thus continuously optimize our offering. In particular, these cookies serve the following purposes: 

We use cookies to analyze user behavior and recognize visitors. These cookies are only set if you have given your consent via our cookie banner in accordance with Art. 6 (1) (a) GDPR. 

3. Legal basis for data processing 

The provisions of the Telecommunications Digital Services Data Protection Act (TDDDG) apply to the storage of information on the end user's terminal equipment and/or access to information already stored on the end user's terminal equipment. If the setting and reading of cookies is technically necessary, this is done to ensure the functionality of our website. In this case, cookies are stored on and accessed from your terminal equipment on the basis of Section 25 (2) No. 2 TDDDG. This storage and access to the information on your terminal equipment serves to facilitate your use of our website and to offer you our services as you wish. Some functions of our website do not work without the use of these cookies and therefore cannot be offered. Cookies are generally deleted after the end of the session (e.g., logging out or closing the browser) or after a specified period of time. Information on different storage periods for cookies can be found in the following sections of this privacy policy. 

  

If cookies are used that are not technically necessary, this is done on the basis of your express consent, which you can give via the cookie banner. In this case, the basis for the storage and access to information is § 25 (1) TDDDG in conjunction with Art. 6 (1) lit. a), Art. 7 GDPR. You can revoke your consent at any time with effect for the future or grant it again retrospectively by configuring your cookie settings accordingly. Alternatively, you can prevent the storage of cookies by adjusting the settings of your browser software. Please note that the browser settings you make will only apply to the browser you are currently using. If personal data is processed following the storage of and access to the information on your terminal device, the provisions of the GDPR apply. Information on this can be found in the following sections of this privacy policy. 

4. Exercising your rights 

You can revoke your consent to the use of cookies at any time by deleting the cookies for the website and reloading it. 

VII. Contact form

1. Description and scope of data processing

Our website features a contact form that can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. 

When the message is sent, the following data is stored: 

• Email address 
• Last name 
• First name 
• IP address of the calling computer 
• Date and time 
• Company 

2. Purpose of data processing

The processing of personal data from the input mask of the contact form or via the email address provided serves us solely for the purpose of processing the contact request. 

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. 

3. Legal basis for data processing

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) (f) GDPR. Our legitimate interest is to respond to your inquiry, which you send to us via the contact form, in the best possible way. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 sentence 1 lit. b GDPR. 

4. Duration of storage 

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. 

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest. 

5. Exercising your rights

If the user contacts us via the input mask in the contact form, they can object to the storage of their personal data at any time in the following manner: 

You can unsubscribe from these notifications at any time. For more information on unsubscribing, our privacy practices, and how we protect and respect your privacy, please see our Privacy Policy. In this case, all personal data stored in the course of contacting us will be deleted. 

VIII. Application by email

1. Description and scope of data processing 

You can send us your application by email. We will collect your email address and the data you provide in the email. 

2. Purpose of data processing

The processing of personal data from your application email is used solely for the purpose of processing your application. 

3. Legal basis for data processing 

The legal basis for the processing of your data is the initiation of a contract at the request of the data subject, Art. 6 (1) (b) Alt. 1 GDPR and § 26 (1) (1) BDSG. 

4. Duration of storage 

After completion of the application process, the data will be stored for up to 6 months. Your data will be deleted at the latest after 6 months. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions. 

IX. Company profiles 

Instagram: 

Instagram, part of Meta Platforms Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland 

We provide information on our company page and offer Instagram users the opportunity to communicate. 

If you perform an action on our Instagram company profile (e.g., comments, posts, likes, etc.), you may be making personal data (e.g., your real name or photo from your user profile) public. 

However, as we generally or largely have no influence on the processing of your personal data by Instagram, we cannot make any binding statements about the purpose and scope of the processing of your data. 

We use our company profile on social networks to communicate and exchange information with (potential) customers. In particular, we use the company profile for: 

Our website www.lfconsult.de serves to present our services, products, and company information. We use this platform to give you an insight into our range of consulting and IT services and to get in touch with you. 

The publications on the company's social media presence may contain the following content: 

• Information about products
• Information about services 

Every user is free to publish personal data through their activities. 

Insofar as we process your personal data to evaluate your online behavior, offer you competitions, or carry out lead campaigns, this is done on the basis of your express declaration of consent, Art. 6 (1) (a), Art. 7 GDPR. 

The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) (f) GDPR. Our legitimate interest in this is to respond to your enquiry in the best possible way and to provide you with the requested information. 

If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR. 

The data generated by the company website is not stored in our own systems. 

We have provided appropriate safeguards in the form of standard data protection clauses pursuant to Art. 46 (2) (c) GDPR for the processing of your personal data in third countries. A copy of the standard data protection clauses can be requested from us. 

You may object to the processing of your personal data that we collect in connection with your use of our company website at any time and assert your rights as a data subject as set out in the “Your rights” section of this privacy policy. To do so, please send us an informal email to info@lfconsult.de. For more information about the processing of your personal data by Instagram and the corresponding options for objection, please visit: 

Instagram: https://help.instagram.com/519522125107875 

X. Use of company profiles on professional networks

1. Scope of data processing

The company profile is used for job applications, information/PR, and active sourcing. We have no information about the processing of your personal data by the companies jointly responsible for the company profile. Further information can be found in the privacy policy of: 

• LinkedIn 

On our site, we provide information and offer users the opportunity to communicate. 

The company profile is used for applications, information/PR, and active sourcing. 

We have no information about the processing of your personal data by the companies jointly responsible for the company profile. Further information 

can be found in the privacy policy of:  

LinkedIn: 

https://www.linkedin.com/legal/privacy-policy 

If you perform an action on our company profile (e.g., comments, posts, likes, etc.), you may be making personal data (e.g., your real name or photo from your user profile) public. 

2. Legal basis for data processing

The legal basis for the processing of personal data for the purpose of communicating with customers and interested parties is Art. 6 (1) (f) GDPR. Our legitimate interest in this is to respond to your inquiry in the best possible way and to provide you with the requested information. 

If the purpose of the contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.

3. Purpose of data processing

Our company website serves to inform users about our services. Users are free to publish personal data through their activities. 

4. Duration of storage

The data generated by the company website is not stored in our own systems. 

5. Exercising your rights

You can object to the processing of your personal data that we collect in connection with your use of our company website at any time and assert your rights as a data subject as set out in the “Your rights” section of this privacy policy. To do so, please send us an informal email to the email address provided in this privacy policy. 

Further information on exercising your rights can be found here: 

LinkedIn: 

https://www.linkedin.com/legal/privacy-policy 

XI. Hosting

The website is hosted on servers by a service provider commissioned by us.

Our service provider is:

Host Europe GmbH, Hansestraße 111, 51149 Cologne, Germany 

Further information about the processing of personal data by HostEurope can be found at: https://www.hosteurope.de/AGB/Datenschutzerklaerung/ 

The servers automatically collect and store information in so-called server log files, which your browser automatically transmits when you visit the website. The information stored is: 

• Information about the browser type and version used 
• Date and time of access 

This data is not merged with other data sources. This data is collected on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest in processing this data is to display our website without errors and to optimize its functions. 

The website server is located in Germany. 

XII.Integrated third-party services

We use various service providers to provide the services offered on our website. 

In general, we have a legitimate interest in sharing your data with the relevant service providers if these services are essential for the provision of the basic service offered on the website in order to provide the relevant website service. 

If such services are required for additional services, extended functions, or additional purposes, your personal data will only be shared with service providers if you give your consent. 

You can revoke your consent to the use of integrated third-party services and manage your consent settings at any time here: link to follow. 

XIII. Use of Google Analytics 4 GA 4) 

1. Scope of processing personal data 

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as Google). 

Google Analytics examines, among other things, how website visitors use our site. Google places cookies on your device for this purpose. During your visit, user behavior is recorded in the form of “events.” This allows personal data to be stored and evaluated, including: 

• First visit to the website 
• Interaction with the website, usage path 
• Clicks on external links 
• Video usage 
• File downloads 
• Ad impressions and clicks 
• Scroll behavior (if to the bottom of the page) 
• Searches on the website 
• Language selection 
• Page visits 
• Location (region) 
• Your IP address (in abbreviated form) 
• Technical information about your browser and the devices you use (e.g., language settings, screen resolution) 
• Your internet service provider 
• Referrer URL   

IP address anonymization is enabled by default in GA 4. This means that your IP address is truncated by Google within the member states of the European Union or other signatory states to the Agreement on the European Economic Area. In exceptional cases, the full IP address is transferred to a Google server in the USA and truncated there. Google states that the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. 

Further information on the processing of data by Google can be found here: https://policies.google.com/privacy 

2. Purpose of data processing 

We use GA 4 to evaluate the use of our online presence and to generate reports on the activities on our website. The reports are used to analyze the performance of our website and to target advertising to people who have already expressed an initial interest by visiting our site. 

3. Legal basis for the processing of personal data 

The legal basis for the processing of users' personal data is, in principle, the user's consent in accordance with Art. 6 (1) (a) GDPR. 

4. Duration of storage

Your personal data will be deleted after 2 months. This deletion takes place automatically once a month. 

5. Exercising your rights 

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent until revocation. You can revoke your consent via our cookie consent tool. 

You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, by using the " Do Not Track" function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net) or Ghostery (https://www.ghostery.com) in your browser. 

Further information on objection and removal options vis-à-vis Google can be found at: https://policies.google.com/technologies/partner-sites 

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online presence (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de 

You can deactivate Google's use of your personal data by clicking on the following link: https://adssettings.google.de 

XIV. Use of Google Maps

1. Scope of processing of personal data

We use the online map service Google Maps from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the EU, Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as Google). We use the Google Maps plugin to visually display geographical data and embed it on our website. By using Google Maps on our website, information about the use of our website, your IP address, and addresses entered in the route planner function are transmitted to a Google server and stored there. 

Further information on the processing of data by Google can be found here: 

https://policies.google.com/privacy?gl=DE&hl=en 

2. Purpose of data processing 

The Google Maps plugin is used to improve the user-friendliness and appeal of our website. 

3. Legal basis for the processing of personal data 

The legal basis for the processing of users' personal data is generally the user's consent in accordance with Art. 6 (1) (a) GDPR. 

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. 

5. Exercising your rights

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation. You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https:// noscript.net/) or Ghostery (https://www.ghostery.com) in your browser.
You can disable Google's use of your personal data by clicking on the following link:
https://adssettings.google.de
For more information on how to object to and remove your data from Google, please visit:
https://policies.google.com/privacy?gl=DE&hl=en 

XV. Use of Google Recaptcha

1. Scope of processing of personal data

We use Google ReCaptcha from the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and its representative in the EU, Google Ireland Ltd., Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland. This tool is designed to check whether data entry is compliant and has not been made by a bot. To do this, Google ReCaptcha analyzes and authenticates the behavior of an online visitor with regard to a wide range of characteristics. This may result in the storage and evaluation of personal data, in particular the user's activity (especially mouse movements and which elements have been clicked on) and device and browser information (especially the time, IP address, and operating system). 

The data is not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail. 

Further information on the processing of data by Google can be found here:

https://policies.google.com/privacy?gl=DE&hl=en 

2. Purpose of data processing

The use of Google ReCaptcha serves to protect our online presence from misuse.

3. Legal basis for the processing of personal data

The legal basis for the processing of users' personal data is, in principle, the user's consent in accordance with Art. 6 (1) (a) GDPR. 

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law, e.g., for tax and accounting purposes. 

5. Exercising your rights 

You have the right to revoke your declaration of consent under data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation. 

You can prevent Google from collecting and processing your personal data by preventing third-party cookies from being stored on your computer, using the using the “Do Not Track” function of a supporting browser, deactivating the execution of script code in your browser, or installing a script blocker such as NoScript (https://noscript.net/) or Ghostery (https://www.ghostery.com) in your browser. 

You can disable the use of your personal data by Google via the following link: 

https://adssettings.google.de 

Further information on objection and removal options vis-à-vis Google can be found at: 

https://policies.google.com/privacy?gl=DE&hl=en

XVI. Integration of plugins via external service providers

1. Description and scope of data processing

We integrate certain plugins on our website via external service providers in the form of content delivery networks. When you visit our website, a connection is established to the servers of the providers we use in order to retrieve content and store it in the cache of the user's browser. This may result in personal data being stored and evaluated in server log files, in particular device and browser information (especially the IP address and operating system). We use the following services: 

• Hubspot  

2. Purpose of data processing

The use of the functions of these services serves to deliver and accelerate online applications and content. 

3. Legal basis for data processing 

This data is collected on the basis of Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website. 

4. Duration of storage

Your personal information will be stored for as long as necessary to fulfill the purposes described in this privacy policy or as required by law. 

5. Exercising your rights 

Information on exercising your rights vis-à-vis Hubspot can be found at: https://legal.hubspot.com/privacy-policy 

This privacy policy was created with the support of DataGuard.