The following information provides you with an overview of how our company processes your personal data, as well as the rights you have under the GDPR.
1 Privacy Notice for Users of Our Websites
Übersicht
2 Why These Privacy Notices?
When you visit our websites, your personal data may be processed. We carry this out in accordance with legal data protection regulations and the requirements of the General Data Protection Regulation (GDPR). In this context, we act as the data controller under the GDPR, and as the owner of your personal data, you are the data subject of this processing. With the information provided on this page, we are fulfilling our information obligations under the GDPR and would like to inform you about the processing of your data and your associated rights.
3 Data Controller under the GDPR
The controller responsible for data processing is:
viadee Unternehmensberatung AG
Anton-Bruchausen-Str. 8
48147 Münster
Email: info@viadee.de
You can find further information about our company, details about authorized representatives, and additional contact options in the legal notice (Impressum) on our website.
4 What Personal Data Is Processed?
4.1 Web Hosting and Website Operation
4.1.1 What Data Do We Process from You and for What Purpose?
When you visit our website, we collect and process your browser type and version, operating system, referrer URL, the hostname of the accessing computer, the time of the server request, and the IP address. We store this information in so-called server log files that your browser transmits to us.
The purpose of processing this data is to ensure the functionality and security of our websites, for technical administration, and to defend against and trace attacks or incidents of misuse.
4.1.2 What Is the Legal Basis for This?
The legal basis for processing your personal data is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure operation of our websites.
4.1.3 How Long Is the Data Stored?
As a rule, server log files are deleted no later than 30 days after they have been stored. For analysis in case of errors or suspected misuse, server log files may be stored longer. In such cases, they are deleted after the analysis is complete.
4.1.4 To Whom Is the Data Disclosed?
The recipient of the data is our hosting service provider, Mittwald CM Service GmbH & Co. KG, with whom we have entered into a data processing agreement pursuant to Article 28 GDPR.
4.1.5 Where Is the Data Processed?
The data is processed exclusively in data centers located in Germany.
4.2 Content Management System
4.2.1 What Data Do We Process from You and for What Purpose?
We use the content management system Kirby, developed by Bastian Allgeier GmbH, to create and manage the content of our websites. Kirby is installed on our server at Mittwald. Kirby itself does not transmit any personal data to the system’s developers. All processing operations take place exclusively on our server at Mittwald. In connection with its use, personal data may be processed as necessary to provide certain features — for example, technically necessary cookies/sessions (e.g., for login or form functions), input data entered into forms (such as name, email address, message), or usage and access data (as collected in server log files, see above).
4.2.2 What Is the Legal Basis for This?
The processing is carried out on the basis of Article 6(1)(f) GDPR (legitimate interest in technically flawless and user-friendly website provision) and, where applicable, Article 6(1)(b) GDPR (fulfillment of a contract or implementation of pre-contractual measures, for example when you contact us via a form).
4.2.3 How Long Is the Data Stored?
As a rule, server log files are deleted no later than 30 days after being stored. For analysis purposes in the event of errors or suspected misuse, server log files may be kept longer. In such cases, they are deleted after the analysis is complete.
Contact/form data is stored for the purpose of handling your request and possible follow-up questions for up to 6 months.
4.2.4 To Whom Is the Data Disclosed?
Personal data is not disclosed to any third parties.
4.2.5 Where Is the Data Processed?
The data is processed exclusively in data centers located in Germany.
4.3 Cookie Consent Management
4.3.1 What Data Do We Process from You and for What Purpose?
We use the consent management platform provided by Usercentrics GmbH to obtain, store, and manage consents under the TTDSG/GDPR and to activate services only after receiving your consent. Depending on the configuration, the following data may be processed: consent data (e.g., consent ID/number, timestamp, opt-in/opt-out status, banner/language settings, configuration/template version), device/browser data (user agent, device type), IP address, and geolocation (country/region) for correct banner display, consent signals to connected services to control whether scripts/tags are loaded.
4.3.2 What Is the Legal Basis for This?
Reading and storing technically necessary consent information on the end device (e.g., uc_settings, uc_user_interaction, ucString, ucData) is carried out without consent under Section 25 (2) no. 2 TTDSG (strictly necessary for the provision of the telemedia service/consent documentation).
Processing of the associated personal data for the documentation and management of consents is based on Article 6(1)(c) GDPR (legal obligation under Article 7(1) GDPR, "burden of proof"), supplemented by Article 6(1)(f) GDPR (legitimate interest in legally compliant and user-friendly consent management).
Consent signals are only shared with third-party services (e.g., analytics/ads providers) after you have given your consent for the respective category.
4.3.3 How Long Is the Data Stored?
As a rule, your data is stored in the Usercentrics system for a maximum of 1 year.
In exceptional cases, longer retention within our internal systems may occur if required for the establishment, exercise, or defense of legal claims (Article 5(2) GDPR – accountability).
4.3.4 To Whom Is the Data Disclosed?
The recipient of this data is Usercentrics GmbH, with whom we have signed a data processing agreement under Article 28 GDPR.
4.3.5 Where Is the Data Processed?
Data is processed within the EU/EEA; no data is transferred to third countries. If Usercentrics uses sub-processors outside the EU/EEA, transfers only take place with appropriate safeguards (e.g., EU Standard Contractual Clauses or agreements based on the Data Privacy Framework).
4.4 Tracking and Analytics Tools
4.4.1 What Data Do We Process from You and for What Purpose?
We use the web analytics service Matomo to analyze and track visits to our websites. The following data is collected as part of these analyses: truncated IP address, date/time, accessed URLs/referrer, device/browser data (user agent, language, screen resolution), interactions (page views, downloads, outbound links, internal search), campaign parameters; optionally (with cookies): visitor ID/session ID. We carry out such analyses for the purposes of measuring reach, error analysis, and for the technical optimization and customization of our websites.
For analysis with Matomo, we utilize IP anonymization. Your IP address is truncated before analysis so that it can no longer be directly associated with you.
4.4.2 What Is the Legal Basis for This?
The primary legal basis for processing your personal data is Article 6(1)(f) GDPR. Our legitimate interest lies in initiating and maintaining business relationships, marketing our products and services, and promoting our company’s purpose.
Additionally, processing of your personal data may be based on your consent under Article 6(1)(a) in conjunction with Article 7 GDPR. You can withdraw your consent at any time with effect for the future. The lawfulness of data processing carried out before withdrawal remains unaffected.
4.4.3 How Long Is the Data Stored?
Raw data (visitor logs) are deleted after 3 months; we retain aggregated reports for 24 months. Cookies used for website analytics are generally stored for a maximum of 1 year; see the relevant description regarding data storage duration in the Cookie Consent Management section.
4.4.4 To Whom Is the Data Disclosed?
We use Matomo on-premises with our hosting provider. The recipient of the data is therefore our hosting service provider, Mittwald CM Service GmbH & Co. KG.
For the maintenance of the Matomo software and consulting on its use, we are supported by chop solutions GmbH. In the course of these support and consulting services, individual employees of chop solutions GmbH may have access to the personal data described above.
We have entered into data processing agreements with both companies in accordance with Article 28 GDPR.
4.4.5 Where Is the Data Processed?
Data is processed exclusively in data centers located in Germany.
4.5 Plugins and Other Tools
4.5.1 YouTube
This website integrates YouTube videos that are not stored on our own servers. The operator of these pages is Google Ireland Limited (“Google”), Ireland.
To ensure that visiting our website with embedded videos does not automatically result in third-party content being loaded, we initially display only locally stored preview images of the videos. This means no information is sent to the third party at this stage.
Only after clicking on the preview image is the third-party content loaded. At that point, the third party receives information that you have accessed our site, along with any usage data that is technically required. If you are logged in to your YouTube account, YouTube may be able to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. In addition, when a video is started, YouTube can store various cookies on your device. These cookies allow YouTube to collect information about visitors to this website, which may be used, among other things, to collect video statistics, improve user experience, and prevent fraud. The cookies remain on your device until you delete them. We have no influence over any further data processing by the third party. For more information about data protection at YouTube, please see their privacy policy at https://policies.google.com/privacy?hl=en.
By clicking on the preview image, you grant us consent to load content from the third-party provider.
Embedding is based on your consent, provided you gave it by clicking the preview image. Please note that embedding many videos may result in your data being processed outside the EU or EEA (in particular, in the USA). There is a risk that authorities may access your data for security and surveillance purposes without informing you or allowing you to seek legal remedy. If we use providers in insecure third countries and you consent, the transfer to an insecure third country is based on Article 49(1)(a) GDPR.
4.5.2 Google reCAPTCHA
We use “Google reCAPTCHA” (hereafter referred to as “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Ireland.
reCAPTCHA is intended to check whether the data entered on this website (e.g., in a contact form) is being provided by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of website visitors based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information for the analysis (e.g., IP address, time spent on the website, or mouse movements made by the user). The data collected during the analysis is transmitted to Google. In the course of using this service, personal data may also be transferred to the servers of Google LLC. (USA). The reCAPTCHA analyses run entirely in the background. Website visitors are not advised that such an analysis is taking place.
You can find more information about Google reCAPTCHA in Google’s privacy policy and terms of service at the following links: https://policies.google.com/privacy?hl=en and https://policies.google.com/terms?hl=en.
The processing of your personal data for these purposes takes place, if you grant us your consent, pursuant to Article 6(1)(a) GDPR. The transfer to a third country takes place on the basis of Article 49(1)(a) GDPR. If the data is processed outside the EU or EEA in this context, please be aware that there is a risk that authorities may access your data for security and surveillance purposes without informing you or allowing you legal recourse.
4.6 Contact and Communication
4.6.1 What Data Do We Process from You and for What Purpose?
We process your business or personal contact information (name, phone number, email, salutation, mobile number) to communicate with you and, if applicable, within the internal communication processes of our company. The purposes of processing are making and maintaining contact, responding to inquiries, scheduling appointments, as well as public relations to promote and increase the visibility of our company by providing information about our products and services, professional content, and events. To communicate with you, we use contact forms, chats, newsletters, phone calls, and in-person conversations.
4.6.2 What Is the Legal Basis for This?
The primary legal basis for processing your personal data is Article 6(1)(f) GDPR. Our legitimate interest lies in initiating and maintaining business relationships, marketing our products and services, and promoting our company’s purpose.
Processing may also take place based on your consent according to Article 6(1)(a) in conjunction with Article 7 GDPR. You may revoke your consent at any time with effect for the future. The lawfulness of the processing carried out before revocation remains unaffected.
4.6.3 How Long Is the Data Stored?
We regularly delete your personal data and check whether further contact is expected or a contractual relationship is likely based on practical experience. We also follow the principle of data minimization and delete personal data that is no longer current or no longer serves the original purpose of processing.
If you have given us your consent according to Article 6(1)(a) (e.g., to receive a newsletter or other regular information), we will store your data in accordance with your consent as long as the consent is valid.
4.6.4 To Whom Is the Data Disclosed?
To communicate and stay in contact, we use applications provided by Microsoft Ireland Operations Ltd. (MS Office 365 including Microsoft Bookings for scheduling appointments with employees, and potentially Teams for video calls), HubSpot Inc. (integration of forms for event and seminar registrations, newsletters, contact forms, content download forms, chat with the option to provide an email address), Salesforce and its subsidiary Slack Technologies, LLC (Slack for answering chat inquiries), and Zoom Video Communication Inc. These companies act as service providers for us and may, in the context of system maintenance and support, also gain access to your personal data.
We have entered into data processing agreements with these providers to ensure lawful data processing. Within our company, only those persons who need access to your data to perform their duties (marketing, sales, website management) are given such access.
4.6.5 Where Is the Data Processed?
Data processed by Zoom Video Communication Inc., Salesforce/Slack Technologies, and HubSpot Inc. is handled in the USA.
Data processed by Microsoft Ireland Operations Ltd. is generally handled within the European Union or European Economic Area (EU/EEA). However, data processing outside the EU cannot be completely ruled out—especially since, within communications via Microsoft Teams, routing may occur through internet servers located outside the EU. This is particularly the case if participants in a video conference are located in a third country.
5 Your Rights as a Data Subject
You have the right to obtain information about the personal data we process concerning you.
If your request for information is not made in writing, please understand that we may require proof verifying your identity.
You also have the right to rectification, erasure, or restriction of processing, insofar as you are entitled to these rights by law.
Furthermore, you have the right to object to the processing of your data in accordance with legal requirements. The same applies to your right to data portability.
6 Contact Information for the Data Protection Officer
If you have any questions about data protection, please first contact our data protection coordinator at datenschutz@viadee.de.
We have also appointed the following Data Protection Officer for our company:
Heike Wedekind
datenschutz süd GmbH
Hohenzollernring 54
50672 Köln, Germany
Email: office@datenschutz-sued.de
7 Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.
8 No Automated Decision-Making
We do not use automated decision-making processes for the processing of personal data, including profiling as defined in Article 22(1) and (4) of the GDPR.
9 Changes to This Privacy Notice
We update this privacy notice whenever changes in our internal business processes or other circumstances make it necessary. The current version can always be found on this website.
If you have any questions about data protection, please feel free to contact us.
Last updated: August 29, 2025