Privacy Policy
atania GmbH Privacy Policy
As of Juni 2026
1. Subject Matter and Scope of Application
This Privacy Policy provides information about which personal data is collected during individual processing operations and how and for what purposes this personal data is processed.
This Privacy Policy provides information about data processing when visiting the website, but also in other contexts, e.g. about the processing of data from customers, applicants and when participating in video conferences.
Personal data will always be processed in accordance with the statutory data protection regulations and this Privacy Policy.
2. Controller and Data Protection Officer
Controller is atania GmbH Wirtschaftsprüfungsgesellschaft, Max-Herz-Ring 87, 22159 Hamburg, Germany, E-Mail: info@atania.com (hereinafter „atania“).
In the case of individual processing operations, the respective group company is the controller if the respective processing operation is not carried out centrally for the entire group of companies by one controller, but if the data processing is carried out locally for the respective group company. This is the case, for example, with job applications.
The data protection officer of the respective controller can be contacted at datenschutz@atania.com.
3. Visiting the Website
3.1 Hosting and Logfiles
The website is hosted by a service provider on the basis of a data processing agreement in the EU.
Each time the website is accessed, the system automatically collects data and information from the computer system of the accessing end device. The following data is recorded or logged:
- IP address of the calling computer
- Operating system of the calling computer
- Browser version of the calling computer
- Name of the retrieved file/website
- Date and time of retrieval
- Transferred amount of data
- Referring URL
This data is processed in order to be able to present the website, to ensure the security, availability and integrity of the website (e.g., detection and defense against DoS attacks or access by bots), to improve the quality and presentation of the website, to be able to identify and correct errors and for statistical purposes. This data is regularly deleted after a few days.
The legal basis for this data processing is the legitimate interest of the Controller in the above-mentioned purposes.
3.2 Cookies
Cookies are used on the website. Cookies are pieces of information that are transferred from our web server or third-party web servers to the browser of the website visitor and stored there for later retrieval. Cookies can be small files or other types of information storage. Information is stored in cookies that is generated in connection with the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that the identity of the website visitor can be obtained directly from a cookie.
When you visit the website, cookies are set that are absolutely necessary for the operation of the website. These absolutely necessary cookies may, for example, be cookies that are required to display the website with a content management system, that are used to recognize language settings or that are used to document whether consent has been given to the setting of further (optional) cookies or whether such storage has been rejected. The strictly necessary cookies, including their purpose and storage or deletion period, are explained below and also in the cookie banner that is displayed when the website is accessed.
Optional cookies are also used, for example, to collect additional information about the interests of visitors to the website or their usage behavior in order to analyze and optimize the website and customer interactions in general.
Optional cookies, including their purpose and storage or deletion period, are explained below and also in the banner that is displayed when the website is accessed. Optional cookies are only set if you have expressly consented to the setting of optional cookies.
To the extent that we use cookies or similar technologies to store information on your device or to access information stored on your device, the legal basis for this is your express consent. This does not apply to technologies that are strictly necessary for the provision of services expressly requested by you.
The legal basis for this data processing is the express consent of the website visitors, which can be revoked at any time.
3.3 Consent Management (CookieYes)
The consent management platform (“CMP”) of the provider CookieYes Limited, United Kingdom, is used on the website. The provider acts as a processor on the basis of a data processing agreement.
CookieYes is used to inform visitors to the website about the cookies and comparable technologies used, as well as to obtain and, where applicable, document consent to the use of optional cookies. For the purpose of storing consent, a cookie is saved in the user’s browser.
The following data is automatically logged in this context: IP address in shortened or anonymised form, date and time of consent, information about the browser and device used (user agent), the URL on which consent was obtained, as well as the consent status (which cookies were consented to or which cookies were rejected).
In this context, personal data may be transferred to third countries that do not offer an adequate level of data protection. In such cases, it is ensured that appropriate safeguards are implemented for such transfers in order to guarantee an adequate level of data protection. Proof of these appropriate safeguards can be provided by the Controller upon request.
The legal basis for the processing of data in connection with the obtaining and management of consent is the Controller’s legitimate interest in the lawful design of the website and the management of visitors’ consent preferences. Insofar as the processing of the data serves to document consent that has been granted or refused, it is carried out in order to comply with the Controller’s legal obligation to provide evidence of data protection consents.
3.4 Google Maps
The website uses the service Google Maps provided by Google Ireland Limited in Ireland.
Google Maps enables the display of interactive maps. When a website on which Google Maps is used is accessed, information about the use of the website by the respective website visitor (e.g. the IP address) is transmitted to Google’s servers in the USA and stored there.
Personal data may be transferred to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are provided for such a transfer in order to ensure an adequate level of data protection. The Controller will provide evidence of these appropriate safeguards on request.
The legal basis for the integration and use of Google Maps is the explicit and revocable consent of visitors to our website. Google Maps is only loaded after the corresponding consent has been granted.
4. Chat, Ticketing, and Support
When chatting on the website, when making support requests or creating support tickets and when processing requests, the personal data provided, the user’s contact details and the other content and information provided are collected and processed in order to manage, process and document the respective request. In addition, information about the browser, the IP address and the location of the respective user is processed.
An external service provider is used as a data processor for the chat and the ticketing system.
Personal data may be transferred to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are provided for such a transfer in order to ensure an adequate level of data protection. The Controller will provide evidence of these appropriate safeguards on request.
The legal basis for this storage and processing is the performance of the contract or the implementation of pre-contractual measures and/or the Controller’s legitimate interest in the provision of services and communication with the visitors of the website and the provision of optimal support for the visitors to the website.
5. Contact and Contact Database (CRM)
If you contact us, e.g. by email, via a contact form or via a live chat, the information you provide will be processed for the purpose of handling your inquiry.
We need the information requested in a contact form or live chat in order to process your inquiry, address you correctly and send you an answer.
We process the data of our customers, service providers and suppliers as part of the provision of our contractual services. This may involve processing inventory data (e.g. surname and first name of the contact person(s), address), contact data (e.g. email address, telephone number), contract data (e.g. subject matter of the contract, term), payment data and data that is collected as part of the provision of services and/or is necessary for the provision of services.
Inquiries and customer relationships are regularly processed in our CRM system. The data processed (surname, first name, title, postal address, date of birth if applicable, your specific interest in our products and services and your interactions with us) may also be used by us for direct marketing purposes, in particular for postal advertising, in compliance with legal requirements.
The legal basis for this data processing is the Controller’s legitimate interest in communicating with customers, service providers, suppliers, interested parties, visitors to the website and other third parties, in maintaining relationships with interested parties, customers and service providers and in marketing the products and services. If the contact is aimed at the conclusion of a contract or takes place in the context of the performance of a contract, the legal basis for the processing is the fulfillment of the contract or the implementation of pre-contractual measures.
6. Use of Artificial Intelligence (AI) in Communications
To support employees in their daily work and improve the quality and consistency of communication, the Controller uses AI applications, including ChatGPT from OpenAI, Microsoft Copilot, Google Gemini for Workspace, and Claude from Anthropic. These applications are particularly helpful in drafting or summarizing emails and documents.
The use of AI is strictly limited to internal productivity purposes, such as helping employees prepare responses or extracting relevant content from previous communications. The AI applications used only have access to content that employees themselves can access. Decisions are never made solely by AI; all results and suggestions are always reviewed by employees before being shared externally.
We ensure, through contractual agreements with the AI providers as well as through technical configurations (e.g. the use of enterprise versions or closed API interfaces), that personal data entered into the AI systems is not used by the providers for training or improving their own base models. Data sovereignty remains fully with us.
AI is used on the basis of the Controller‘s legitimate interest, as this support enables employees to respond more efficiently and effectively to inquiries and communications. Careful consideration has been given to ensuring that the interests and fundamental rights of the data subjects are not affected by this use. This is ensured in particular by the fact that the use of AI is clearly defined, strictly limited, and always subject to human control. In addition, the Controller implements comprehensive internal security measures, including clear internal guidelines on the use of AI, regular employee training, and appropriate data protection controls. This ensures that processing is fair, proportionate, and respectful of privacy.
7. Social Media
7.1 Social Media Buttons
Social media buttons of various social media networks (e.g. LinkedIn, Instagram, X, Tiktok and Facebook) are integrated on our website.
If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policy of the providers of the social media networks.
7.2 Social Media-Pages
We maintain a publicly accessible profile on various social media networks (e.g. LinkedIn, Instagram, X, Tiktok and Facebook).
If you visit our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account with the social media network and enrich it there. Even if you are not logged in or if you do not have an account with the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.
The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.
If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. For information on the collection and processing of your personal data that takes place there, we refer you to the privacy policy of the respective social media network. You can assert your data subject rights (right to information, correction, deletion, restriction of processing, data portability, etc.) both against us and against the provider of the respective social media network.
In this context, we would like to point out that we can only influence the processing of personal data and the implementation of data subject rights within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.
The legal basis for our use of social media pages is our legitimate interest in the presence and marketing of our products and services on the Internet.
8. Online Meetings and Webinars
When participating in an online meeting or a webinar offered or conducted by the Controller, the personal data of the participants is processed.
When participating in an online meeting or webinar, various categories of data are processed. The scope of the data also depends on what data the participants provide about themselves and as part of their participation.
When participating in an online meeting or a webinar, at least a name must regularly be provided when registering. However, a pseudonym can also be used. The IP address of the participants is also processed to enable participation. Login information and device/hardware information is also processed. Furthermore, if specified, the participant’s email address and profile picture will be processed. In the case of participation by telephone, the telephone number and, if applicable, the IP address are processed, if transmitted.
When participating in an online meeting or a webinar, if the participant has activated the microphone and/or a camera on the end device, the participant’s image and sound data will be processed as part of the participation. If the screen is shared, the information from this screen share is also processed. Participants are free to activate the microphone, camera or screen share.
Audio and video recordings of online meetings or webinars can be created. In this case, the data of all audio, video and presentation recordings will be processed. There will always be a reference to the recording if one is made and, if necessary, the explicit consent of the participants will always be obtained for the recording.
It is also possible to use the chat, question or survey functions in online meetings or webinars. In this respect, the text entries made by the participants are processed in order to display them in the respective online meeting or webinar and, if necessary, to record them.
An external service provider is used as a data processor to conduct and, if necessary, record online meetings and webinars.
Personal data may be transferred to third countries that do not offer an adequate level of data protection. In this case, it is ensured that appropriate safeguards are provided for such a transfer in order to ensure an adequate level of data protection. The Controller will provide evidence of these appropriate safeguards on request.
The legal basis for this processing is the fulfillment of the contract or the implementation of pre-contractual measures, provided that the implementation and participation in the online meeting or webinar within the framework of an existing contractual relationship is necessary for the fulfillment of the contract or is aimed at the conclusion of a contract. This is regularly the case for employees, customers, interested parties, service providers and suppliers. Otherwise, the legal basis for processing is the Controller’s legitimate interest in efficient communication, both internally and with external stakeholders.
9. Career Portal and Application Management System (Personio)
For the provision of our career portal, the publication of job advertisements, and the execution and administration of the recruitment process, we use the recruiting and applicant management platform of Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany.
Personio acts as a processor on the basis of a data processing agreement pursuant to Article 28 GDPR. The personal data provided by applicants in the course of the application process is transmitted in encrypted form and processed in Personio’s systems on our behalf.
When accessing our career portal, technically necessary data is also processed in order to provide the content of the recruiting pages, ensure the security and stability of the systems, and detect and remedy technical faults. In particular, this may include the processing of the IP address, date and time of access, information about the browser and operating system used, the pages accessed, referrer information as well as other technical connection data.
In addition, technically necessary cookies may be used that are required for the provision and functionality of the career portal. These include, in particular, cookies used to store language settings, to ensure the technical functionality of the recruiting pages, to attribute application channels, and to analyse the performance of job advertisements. These cookies are used exclusively to the extent necessary for the provision of the career portal.
The processing of this data is based on our legitimate interest in providing a secure, functional and user-friendly career portal and, insofar as technically required, in fulfilling the statutory requirements for the operation of telemedia services.
Further information on the processing of personal data in the context of the actual application process can be found in the following sections of this privacy notice.
10. Job Applications
10.1 Disclosure of application data within the corporate group
The companies within our corporate group work closely together when filling open positions. If, in our assessment, your qualifications are a better match for a position at another company within the group, or if several group companies are considered as potential employers for your application, your application documents may be forwarded within the corporate group to the respective responsible company.
The disclosure takes place exclusively for the purpose of conducting recruitment procedures and filling open positions within the corporate group. Only those personal data will be transferred that are necessary for assessing your suitability and for carrying out the recruitment process.
The legal basis for this processing is our legitimate interest, as well as the legitimate interest of the respective companies within the corporate group, in the efficient and needs-based filling of open positions and in the consideration of suitable applicants within the corporate group.
Applicants may object to the disclosure of their application documents within the corporate group at any time with effect for the future. An informal notice to the contact details specified above is sufficient for this purpose. In such a case, the application will be considered exclusively for the position and/or company to which it was originally submitted.
10.2 Active Sourcing
We carry out so-called active sourcing measures to identify promising potential employees on the external labor market and actively contact potential applicants and employees. The purpose of data processing is recruitment, e.g. by individually drawing the attention of promising candidates to job vacancies in our company.
We collect the following categories of data for active sourcing: Surname, first name, gender, contact details, education, professional experience, qualifications, salary data, application data, non-professional experience and interests and other information resulting from public profiles on social networks, in particular LinkedIn and Xing, and/or from other publicly accessible sources on the internet.
All personal data processed in the context of active sourcing is collected from generally/publicly accessible sources on the Internet, in particular from social networks such as LinkedIn and Xing.
The legal basis for the collection and processing of publicly accessible data in the context of active sourcing is the Controller’s legitimate interest in identifying, approaching and recruiting the best possible employees for the company.
10.3 Application Process
We collect and process personal data from applicants for the purpose of carrying out the application process.
When we conclude an employment contract with an applicant, the data provided will be processed for the purpose of implementing the employment relationship in accordance with the statutory provisions. If no employment contract is concluded, the application documents will be deleted immediately, at the latest 6 months after the end of the application process, provided that there is no overriding legitimate interest, such as the defense against claims or a function of preserving evidence in accordance with equal treatment and anti-discrimination laws.
The legal basis for this storage and processing is the implementation of pre-contractual measures (decision on the establishment of an employment relationship). If the data is required for legal defense or prosecution after the application process has been completed, data processing may be carried out to protect legitimate interests. In this case, our legitimate interests consist of defending against legal claims or asserting legal claims.
10.4 Internet Research as Part of the Application Process
As part of the application process, publicly available information about applicants may be viewed on the Internet. This includes, in particular, professional profiles on social networks (e.g., LinkedIn), publicly accessible profiles on other social media, and information from generally accessible sources (e.g., press articles, blogs, websites, search engine results).
Only publicly available information about the applicant will be processed. There is no systematic or automated decision-making or profiling.
The Internet search serves to supplement the application documents in order to better assess the professional suitability, career history, qualifications, and public professional presence of the applicants. This provides a sound basis for selecting suitable candidates.
The legal basis for this processing is the legitimate interest of the potential future employer in a comprehensive and well-founded assessment of the suitability of applicants for the advertised position.
10.5 Background Checks
As part of the application process, it may be necessary to carry out additional checks (“background checks”), particularly for security-related positions, management roles, activities involving financial responsibility, or access to confidential company information. These checks serve to verify the information provided in the application process and to assess the professional integrity, reliability, and suitability of the applicant for the respective position.
Depending on the type of position advertised and the requirements, information on education, professional career, qualifications, references, and, if applicable, creditworthiness information or information from public registers may be collected and processed in the course of such background checks. If the advertised position requires it or if legal requirements demand it (e.g., for activities in sensitive compliance, finance, or IT areas), the submission of an official certificate of good conduct may also be required in individual cases. In this case, processing is carried out exclusively on the basis of the documents voluntarily submitted by the applicant; we do not carry out any automated queries.
To carry out background checks, external service providers may be commissioned as processors to assist us in verifying qualifications or obtaining references, if necessary. In addition, in individual cases, previous employers, references, or educational institutions may be contacted, provided that the applicant has given their express prior consent.
The legal basis for the processing of personal data in the context of background checks is primarily the implementation of pre-contractual measures (decision on the establishment of an employment relationship), insofar as the check is necessary for the decision on the establishment of an employment relationship. The legal basis for these checks is their necessity for the employment relationship in conjunction with any applicable legal requirements. To the extent that checks go beyond this (e.g. reference checks with former employers), they are carried out exclusively on the basis of your express consent.
Before a background check is carried out, the applicant is always informed transparently about the nature, scope, and purpose of the planned check. If consent is required for certain checks, this is obtained separately in advance. Personal data will not be processed or passed on beyond the stated purpose.
10.6 Use of Automated (AI) Processes
As part of our application process, we use partially automated processes to preselect applications. The application documents submitted (e.g., resume, qualifications, professional experience) are analyzed using an AI-supported system according to specific, predefined criteria. The aim is to identify applications that are particularly well suited to the requirements of the advertised position.
The automated evaluation is used exclusively to support our HR managers. The final decision on the continuation of the application process is not made automatically, but always by a natural person.
The system used evaluates application documents based on predefined criteria (e.g., education, professional experience, language skills, qualifications). On this basis, a preliminary classification or weighting is carried out, which serves as a guide for the subsequent manual review.
This evaluation has no legal effect and does not have any comparable significant impairment.
Every applicant has the right to request a human review of the automated pre-selection, to present their point of view, and to challenge the decision.
10.7 Compliance/Sanctions Screening
Applicants who are shortlisted as part of the application process may be subject to an initial compliance check. The compliance check involves a comparison of the applicant’s name and address with relevant sanctions lists, in particular on the basis of the EU anti-terrorism regulations.
To carry out the compliance/sanctions list screening, we use an external service provider as a data processor on the basis of a data processing agreement.
The legal basis for this storage and processing is, if there is a legal obligation to carry out a compliance/sanctions list screening, the fulfillment of the legal obligation. In individual cases, depending on a balancing of interests, compliance/sanctions list screening can also take place if there is no mandatory legal obligation. In this case, the legal basis is our legitimate interest in avoiding potential sanctions by foreign authorities.
10.8 Talent Pool
If an applicant submits an unsolicited/speculative application without reference to a specific job posting, expressing general interest in potential future employment opportunities, or if an applicant has consented to the longer retention of their data in our talent pool in the context of an application process for a specific position, we will store the data submitted as part of the application in our talent pool for a period of 2 years after receipt of the unsolicited/speculative application or after the conclusion of the application process. This storage serves the purpose of identifying potentially suitable future positions for the applicant and contacting them if applicable. After this period, the data will be deleted.
Such consent to the storage of application data in our talent pool can be withdrawn at any time for the future. To do so, please send us an email to the contact details provided above.
The legal basis for the storage of application documents in our Talent Pool is, where applicable, the explicit consent of the applicant, which can be revoked at any time.
10.9 Statistical evaluations
We process anonymized or aggregated application data in order to analyze and improve our recruiting process (e.g., to evaluate application numbers, sources, or success rates). These evaluations are carried out using anonymized/aggregated data without personal references.
11. Mergers and Acquisitions (M&A)
If we are involved in a restructuring, acquisition, asset sale, merger, financing, transfer of services to another provider, due diligence, insolvency or receivership, your personal data may be transferred to third parties to the extent legally permitted in connection with and as part of the relevant legal process, subject to the basic principles of data protection law.
12. Age Restriction
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.
13. Recipients of Data
Within the Controller’s organization, access to data is granted to those internal departments or organizational units that need it to perform their tasks, if necessary to fulfill contracts, for data processing based on the consent of the data subject(s) or to protect overriding legitimate interests.
Data will only be passed on to third parties in accordance with legal requirements. Personal data will only be passed on to third parties if this is necessary for contractual purposes or to safeguard our overriding legitimate interest in the effective performance of our business operations.
If we use service providers or third-party providers to provide the website or other services, we take appropriate legal precautions and technical and organizational measures to ensure that personal data is adequately protected.
Data Transfers to Third Countries:
To the extent that we transfer personal data to third countries outside the European Economic Area (EEA), in particular to the United States, this is primarily based on adequacy decisions of the European Commission. With regard to the United States, we rely on the EU-US Data Privacy Framework (DPF), provided that the respective provider is certified under the DPF.
If no adequacy decision exists for the respective country or provider, the transfer is carried out on the basis of appropriate safeguards, in particular through the conclusion of EU Standard Contractual Clauses (SCC), supplemented by additional technical and organizational measures.
14. Data Subject Rights
14.1 Right of Access
Data subjects have, within the scope of the legal requirements, the right to request information about the personal data processed about them.
14.2 Right to Rectification
Data subjects have, within the scope of the legal requirements, the right to request the rectification of inaccurate personal data concerning them. They also have the right to request the completion of incomplete personal data.
14.3 Right to Erasure
Data subjects have, within the scope of the legal requirements, the right to request the erasure of personal data concerning them.
14.4 Right to Restriction of Processing
Data subjects have, within the scope of the legal requirements, the right to request that the processing of personal data concerning them be restricted.
14.5 Right to Object to Processing
Data subjects have, within the scope of the legal requirements, the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or which is based on a legitimate interest. In this case, the data will no longer be processed unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. In addition, data subjects have the right to object at any time to the processing of personal data concerning them for the purpose of direct marketing; this also applies to any profiling insofar as it is associated with such direct marketing.
14.6 Right to Withdraw Consent
Data subjects have, within the scope of the legal requirements, the right to withdraw their consent if they have given their consent for processing.
14.7 Right to Data Portability
Data subjects have, within the scope of the legal requirements, the right to receive the personal data concerning them, which they have provided to a Controller, in a structured, commonly used and machine-readable format (“data portability”) and the right to transmit those data to another Controller.
14.8 Exercising the Rights
The rights of data subjects can be exercised by notifying the Controller or, where applicable, the Data Protection Officer using the contact details provided above.
Complaint with the Data Protection Authorities
If data subjects believe that the processing of personal data concerning them breaches data protection law, they have the right to lodge a complaint with a data protection supervisory authority.
15. Mandatory Information and Profiling
The provision of personal data is neither legally nor contractually required. There is no obligation to provide personal data, however, the provision of personal information is necessary for the conclusion of a contract insofar as certain information is mandatory in order to conclude (and execute) a contract.
Automated decision-making, including profiling, is not carried out.
16. Retention and Deletion
We adhere to the principles of data avoidance and data economy and only store your personal data for as long as is necessary to achieve the respective purpose of the data processing purposes or as stipulated by the storage periods provided by law.
If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be routinely anonymized or deleted in accordance with the statutory provisions.
17. Information Security
We take appropriate technical and organizational measures in accordance with the state of the art to ensure a level of protection for the personal data we process that is appropriate to the risk of the respective processing and to protect the data we process against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data that you send to us.
Our employees receive regular training on data protection and information security and are committed to confidentiality and data protection.
A restrictive rights and roles concept on a “need to know” basis ensures that employees only have access to the personal data they absolutely need to perform their duties.
18. Amendment of This Privacy Policy
We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements and/or in order to implement changes to our services in the Privacy Policy, e.g. when introducing new services. When visiting the website or using our services, the current privacy policy always applies.