for use from time:matters – January 23, 2020.

General information

At time:matters, we are particularly committed to protecting your personal data. We wish to provide you below with comprehensive and transparent information regarding how your personal data are processed.

As a private-law company, we must comply with various legal requirements in respect of data protection. Besides the German Data Protection Act (BDSG)/European General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG), we are also subject to the rules of the German Postal Service Data Protection Regulation (PDSV) and the German Postal Law (PostG). Furthermore, our data protection principles are in line with internal Lufthansa Group policies.

As a matter of principle, we only process your personal data in accordance with the applicable legal regulations. This includes processing required to establish and define the content of our contractual relationship pursuant to Art. 6(1)(b) GDPR in the case of contracts with end users or pursuant to Art. 6(1)(f) GDPR in the case of contracts with business customers and to protect our legitimate interests pursuant to Art. 6(1)(f) GDPR. A legitimate interest may also arise, for example, from internal organizational and administration purposes or the need to protect the company’s equipment, systems and assets. We also process personal data to comply with our legal obligations, e.g. in respect of retention periods and burdens of proof, pursuant to Art. 6(1)(c) GDPR. To the extent legally permissible and only to a minor degree, we process personal data for advertising purposes pursuant to Art. 6(1)(f) GDPR in conjunction with Section 7(3) of the German Act Against Unfair Competition (UWG) or if this has been consented to pursuant to Art. 6(1)(a) GDPR. Of course, the use of personal data for advertising purposes may be objected to at any time with immediate future effect. Art. 6(1)(a) and Art. 7 GDPR form the legal basis if consent is given. Of course, any consent given to data processing may be withdrawn at any time. Art. 6(1)(f) GDPR forms the legal basis for processing for the purposes of our legitimate interests. Art. 6(1)(d) GDPR forms the legal basis if processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person.

The data controller is

time:matters GmbH
Gutenbergstr. 6
63263, Neu-Isenburg
(also referred to as “time:matters,” “we” or “us” in this Privacy Policy)

For further information, please refer to our Legal Notice

The Lufthansa Group Data Protection Officer is the controller’s appointed Data Protection Officer. For queries relating to the processing of your personal data, please do not hesitate to contact the Data Protection Officer, who can be reached via mail (Lufthansa AG (DLH), FRA CJ/D, 60546 Frankfurt) and email (

If you have queries regarding data protection in connection with our website or the services offered, please contact:

time:matters GmbH
Data Protection
Gutenbergstr. 6
63263 Neu-Isenburg

or via email:

We adhere to the principles of data avoidance and data minimization. Therefore, we store personal data (i) only for as long as this is necessary to achieve the purposes set forth herein, or (ii) until you withdraw your consent (provided you have consented to time:matters using your personal data), or (iii) until you object to the use of your personal data (provided time:matters has a legitimate interest in using your personal data). Once the respective purpose ends or you withdraw your consent or the processing is no longer permitted by law or is objected to, the relevant data are routinely blocked or erased in accordance with legal provisions.

If, however, your personal data must by law be stored for a longer period (statutory retention periods) or time:matters requires your personal data to enforce legal claims, time:matters shall store your personal data accordingly until the relevant retention period expires or the claims have been settled.

Personal data

Personal data are specific information on personal or actual characteristics relating to a specific natural person or which can be used to identify a natural person. Examples of such data include name, address, telephone number and date of birth. Data which cannot be linked directly to a specific identity – such as analysis and statistical data (e.g. favorite websites or number of users of a site) – are not considered personal data.

Duration of processing

Your data shall be erased or blocked once the purpose for which they have been stored ceases to exist. They may also be stored due to statutory retention periods (such as Section 257 of the German Commercial Code (HGB) or Section 147 of the German Fiscal Code (AO)). If such statutory retention periods do not exist or have expired, the data shall be stored to fulfill and settle the contract and to prove correct fulfillment until liability periods expire and shall then be erased.

We collect and use personal data from you provided these are necessary to facilitate use of our Internet offering.

We collect data regarding every access to the server on which this service is located (“server log files”) based on our legitimate interests in the analysis, optimization and cost-effective operation of our online offering within the meaning of Art. 6(1)(f) GDPR. These access data include:

  • Name of the website accessed
  • Date and time of access
  • Transferred data volume/file
  • Notification of successful access
  • Browser type and version
  • User’s operating system
  • Referrer URL (the last page visited)
  • IP address
  • Requesting provider

Log file information is stored for eight days for security reasons (e.g. to investigate misuse or fraud) and is then erased. Data which must be kept for longer for evidential purposes are excluded from erasure until final clarification of the respective incident.

Our website, the log files and therefore the website user data are hosted by our contractually bound service provider. The service provider in this instance is makandra GmbH, Werner-von-Siemens-Str. 6, 86159 Augsburg, Germany. For further information on makandra GmbH and its privacy policy, please visit:

We also process personal data in order to make this online offering available. This includes processing with the purpose of enabling us to provide marketing and security measures to the extent permissible by law and with the purpose of further expanding these. Within the context of our legitimate interest in the analysis, optimization and cost-effective operation of our online offering, we reserve the right to use your data for our own advertising purposes as well within the limits of what is legally possible.

When you use a contact form to contact us, the information provided is processed in our CRM system for the purpose of processing the request and for possible follow-up questions. Likewise, we use our CRM system to document and manage customer relationships. Our contractually bound vendor for the CRM system is Pipedrive EU, Paldiski mnt 80, Tallinn 10617, Estonia. For further information on data protection at Pipedrive, please check the Pipedrive privacy policy:

We use cookies on our website so that we can provide you with all of the technical features of the website and to collect statistics. Cookies are small text files that are transferred by the website to the cookie file of the browser on the user’s device and are kept locally for later retrieval so that the user can be recognized when they visit the website again. A cookie typically contains the name of the domain from which the cookie originates, the “lifetime” of the cookie and a unique identifier.

If you do not wish to accept cookies, you may block them and refuse access to previously stored information by changing your browser settings accordingly. However, please note that you may not be able to use all of the interactive features and functions of the website if cookies are blocked or deleted.

Please be aware that opt-out cookies are also deleted and will have to be reactivated if you delete all cookies from your browser cache.

Art. 6(1)(f) GDPR forms the legal basis for the use of cookies, as the cookies must be used for the purposes of the provider’s legitimate interests. The provider’s legitimate interests lie in analyzing usage of the website in order to improve it and the provider’s offerings and to make both more appealing to users. Below is information on the analytical tools used on our websites.

Our websites use the Matomo web analytics service. Matomo is a software provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. Further information is available on the website

This software is used to collect and store data for statistical analysis of website usage. Cookies are used for this purpose. The data are collected and stored for the purpose of statistical analysis of user behavior. This facilitates analysis of website usage and a user-oriented website design. Anonymous user profiles may be created from the data for this purpose. The IP addresses collected are automatically anonymized by making part of the IP address unidentifiable (IP masking). The IP address and other information in the anonymous user profile are not used to identify users and are not merged with other personal data of users. The data are collected, stored and processed on time:matters systems and are not shared with third parties.

Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (i.e. interest in the analysis, optimization and cost-effective operation of our online offering within the meaning of Section 15(3) TMG and Art. 6(1)(f) GDPR). Google uses cookies for this. The information generated by cookies about users’ use of the online offering is usually transmitted to and stored on a Google server in the USA.

Google is certified under the Privacy Shield Agreement and thus guarantees its compliance with European data protection legislation. Further information is available via the following link:

On our behalf, Google uses this information to analyze usage of our online offering by users, to compile reports on activities within this online offering and to render further services to us connected with the usage of this online offering and of the Internet. Pseudonymous usage profiles of users may be created from the processed data.

We only use Google Analytics with activated IP anonymization. This means that user IP addresses are truncated by Google within European Union member states and other states party to the Agreement on the European Economic Area. Full IP addresses are only transmitted to a Google server in the USA and truncated there in exceptional cases.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookies being stored by adjusting their browser software appropriately; they can also prevent the data generated by the cookie and related to their usage of the online offering being collected by Google and the processing of these data by Google by downloading and installing the browser plugin available via the following link: or they can disable the cookie via consent manager here. This information is stored until your browser cache is cleared.

More information on how Google uses data and the various settings and opt-outs is available on the Google websites.
How Google uses data when you use our partners’ sites or apps:


Control the information Google uses to show you ads:

We collect, process and use personal data submitted to us in connection with a request for transport services or provided to make the shipping process easier in the future (e.g. customer address data). We only process these personal data in relation to the specific shipment.

The shipping customer is solely responsible for lawful collection, processing and transmission and the accuracy of customer data. For transportation processing, we may transmit your personal data to our shipping partners on the basis of the German Postal Service Data Protection Regulation (Section 5 PDSV).

If a contractual relationship is to be established between you and us, or if the content of such a relationship is to be defined or amended, time:matters processes the personal data you enter in an order or registration form or share with us in any other way (especially required contact and address details).

Such a requirement for processing exists, for example, when taking the necessary steps prior to entering into a contract, answering your questions in relation to these, providing dispatch and invoice information, and processing or providing customer feedback and support.

All mandatory information which we must collect to provide our services is easily identified for you either by means of brief notes or an asterisk (*). Non-required information is provided by you to us voluntarily so that we can offer you a solution for your assignment or request that is perfectly tailored to your needs.

Based on our legitimate interest in the integrity and security of business processes and compliance with legal provisions, we transfer your data to an external service provider for checking using a web-based ASP solution. It checks your information on our behalf, e.g. against relevant sanctions and no-fly lists. Art. 6(1)(1)(b) and (f) GDPR form the legal basis for this transfer. Our contractually bound service provider for the checks mentioned is SAPPER INSTITUT für interaktive Lernsysteme GmbH & Co. KG, Möhlenring 48, 47906 Kempen, Germany.

Based on internal processes, especially to perform concluded contracts, we or our customers themselves also share the personal contract data of our customers with the following contractually bound companies within the context of Art. 6(1)(b) GDPR. The transfer depends on the company with which the customer has concluded a contract.

  1. time:matters GmbH, Gutenbergstraße 6, 62363 Neu-Isenburg, Germany
  2. time:matters Netherlands B.V., Beechavenue 30 – 50, 1119 PV Schiphol-Rijk, The Netherlands
  3. time:matters Austria GmbH, Air Cargo Center Obj. 262/8/3, 1300 Vienna Airport, Austria
  4. time:matters (Asia Pacific) Pte Ltd., 390 Orchard Road, Palais Renaissance #08-01, 238871 Singapore, Singapore
  5. time:matters (Shanghai) International Freight Forwarding Ltd., Huashan Road No. 1568, NanFung Tower, Room 1204, (Changning District), 200052 Shanghai, China
  6. time:matters Courier Terminals GmbH, Gate 26, Building 455d, Airportring, 60549 Frankfurt am Main, Germany
  7. time:matters Americas, Inc., 5201 Blue Lagoon Drive, Suite 900, Miami, Florida 33126, USA

Internally, we identify (potential) new customers in various categories. This is based on internal evaluation standards, e.g. using the industry and size of the (potential) new customer. If we determine during this that further business relationships may develop in the future, we create a profile in our customer relationship management (CRM) system for our (potential) new customers. We use our CRM system to manage existing and new customers and also to analyze potential new customers/contacts. Data processing in relation to this covers (I) general information, such as general company information and contact details, and/or (II) more comprehensive data processing, such as records of visits and discussions, etc.

Art. 6(1)(b) GDPR forms the legal basis for the data processing of general information regarding existing and new customers in our CRM system for the performance of contracts and to take steps prior to entering into contracts. Furthermore, the legitimacy of the processing of more comprehensive information is based on Art. 6(1)(f) GDPR for the purposes of our legitimate interest. As a private company with commercial dealings on the market, we have a legitimate interest in managing and tracking our customer relationships and identifying possible improvements internally.

Art. 6(1)(f) GDPR forms the legal basis for the data processing of potential new customers in our CRM system with regard to general company information and contact details for the analysis of potential new business. Art. 6(1)(f) GDPR forms the legal basis for the processing of more comprehensive data and information. Our internal processes are designed in such a way that potential new customers receive an email from our systems in which we reference our Privacy Policy and give them the option to object. This objection can be enforced vis-à-vis us via a link contained in the email. The profile remains comprehensive until an objection is submitted, i.e. we also process information that helps us to track our communication and prepare new appointments and communication. If we receive an objection from the data subject (either directly via the information email or later), we erase all personal data from the profile without undue delay. We then put the profile in a “blocked” state. In other words, we do not undertake any new processing of personal data in relation to the profile. If data subjects expressly request more comprehensive processing of the personal data at a later point in time, we manually trigger this process and inform them once again of the data processing.

Our contractually bound vendor for the CRM system is Pipedrive EU, Paldiski mnt 80, Tallinn 10617, Estonia. For further information on data protection at Pipedrive, please check the Pipedrive privacy policy:

We only process the data until they are no longer required to meet the purpose or the data subject requests from us an erasure/blocking or withdraws their consent. The internal erasure processes are designed in such a way that any employee entrusted with data processing is obliged to regularly check the appropriateness and timeliness of the data processing and its justification.

Customer account

We set up user accounts for our customers. User accounts are created using the email address provided to us. Customers generate their own login details. For this, customers receive an automated email with an activation link, an email with a summary of their data and instructions on selecting a password.

We also allow interested parties to set up a customer account with us. The registration form on our website can be used for this. We collect general contact details and payment information for our user accounts.

For registration, we process the contact details and address information for contract performance or initiation on the basis of Art. 6(1)(b) GDPR. Information can also be provided voluntarily in order to facilitate communication or accelerate subsequent booking processes (payment information, contact partner details, etc.). Art. 6(1)(f) GDPR forms the legal basis for processing optional data for the purposes of our legitimate interest in being able to contact you as quickly as possible in exceptional cases.

On Board Courier quote via

Interested parties can use our website to search online for the best quotes for personally escorted (goods) shipments.

We use the given email address to provide a personalized quote. If that price improves within 24 hours, we send another quote as a one-off. Quotes may become cheaper due to unforeseen changes or price fluctuations within the fare search system. We consider it part of the service for our interested parties to be able to offer the best price. The given email address is not used for any other purpose and is anonymized within 48 hours of being entered and only used for internal statistical purposes. Once the email address has been anonymized, it can no longer be attributed to any identified or identifiable natural person. Of course, we never use the given email address for other advertising purposes. We process the given email address on the basis of Art. 6(1)(b) GDPR in order to take steps prior to entering into a contract at the behest of the data subject.

Besides their email address, interested parties can also voluntarily provide their phone number. In this case, we may also contact the interested party by phone and are pleased to advise them based on their current search. We save the phone number for 48 hours after the last contact. If erasure is required sooner than this, please let our team know this at any time. Your phone number is then marked with a blocking flag and you are no longer contacted by us before its erasure. Alternatively, you can request the erasure via email at any time. However, due to internal processes, it may take up to two working days for the request to be implemented. Therefore, we recommend notifying our team by phone if you would like your contact details to be blocked quickly. We process the given telephone number on the basis of Art. 6(1)(b) GDPR for taking steps prior to entering into a contract at the behest of the data subject.

Data processing in relation to our On Board Couriers (airmates)

Potential couriers must first create a user profile so that the functions of (the website and app) can be made available to our potential On Board Couriers. The login details collected during this process are stored together with the profile. Login details must always be kept secret; shared profiles are never permitted. Login details are limited to the given email address and a password picked by the courier themselves so that we can identify them. We also record cell phone numbers to verify account users. There is also the option of receiving orders directly via SMS to a cell phone if there is no further use of the app we offer.

Users provide some personal information during the registration process. All mandatory information which we absolutely require to provide our service is easily identifiable by an asterisk (*). Information without an asterisk is provided voluntarily so that we can send couriers orders tailored to them. Of course, personal data are never used for other purposes.

During the registration process, potential couriers must verify themselves with our service provider IDnow GmbH, Auenstraße 100, 80469 Munich, Germany so that we can meet our legal and contractual obligations. A valid ID is needed for this; we never receive copies of IDs from our contractually bound partner. For further information on IDnow GmbH, the registration process and contact details, please visit:

Our “airmates” service and therefore our courier data as well are hosted by our contractually bound service provider. The service provider in this instance is makandra GmbH, Werner-von-Siemens-Str. 6, 86159 Augsburg, Germany. For further information on makandra GmbH and its privacy policy, please visit:

We process the following data in connection with an airmates profile:

  • Identity data
  • Contact and/or location data
  • Preferences and skill set
  • Verification status
  • Information on orders already completed

Art. 6(1)(b) GDPR forms the legal basis for collecting courier data as a step taken prior to entering into a contract and, following this, to perform a contract between ourselves and our couriers. Furthermore, we process the personal data of our (potential) couriers based on Art. 6(1)(c) GDPR for compliance with legal obligations.

The personal data are only processed for as long as this is necessary to fulfill the processing purpose. We reserve the right to also keep so-called blacklists based on Art. 6(1)(f) GDPR. Our legitimate interest lies in sustaining high quality standards for our services. We process the data in our blacklists for 5 years at most.

In some cases, we may put a profile on hold. We normally make this change if we cannot guarantee orders in the near future (e.g. because a lot of potential couriers have already registered for a particular region). In this case, we store the identity, contact and/or location data and process these if the order situation changes, e.g. if it becomes more likely that we will be able to assign an order or we wish to inform the data subject about the current status of their profile. Art. 6(1)(a) GDPR forms the legal basis for processing the personal data. We normally process the data for 12 months. The data subject is given the option to agree to extended data processing (extended by another 12 months) shortly before this period comes to an end.

Rating our services

When our services are rated, we process the personal data given if these have been provided to us voluntarily. These are usually the contact details of the data subject and the rating comment provided. Of course, data subjects can request of us that ratings provided are erased or their processing is restricted. Processing up to the point of the retraction remains unaffected by this.

As a company, we rely on our service ratings to continuously improve. We collect the data in the ratings given based on Art. 6(1)(b) GDPR (for following up on a contractual relationship) and Art. 6(1)(f) GDPR (for improving our services).

The data are only stored until they are no longer required to meet this purpose. In particular, we anonymize the ratings provided as quickly as possible when there is no need for a personal reference when processing the rating. If you give a personalized rating, it may be quickly anonymized internally so that we are no longer in a position to determine that we received a rating comment from you if you request such information.

You have at all times the following rights, which you may assert vis-à-vis us without charge on request:

  • Pursuant to Art. 15 GDPR, you have the right to obtain confirmation as to whether data concerning you are being processed and to access these data as well as other information and a copy of the data
  • Pursuant to Art. 16 GDPR, you have the right to have data concerning you completed and inaccurate data concerning you rectified
  • Pursuant to Art. 17 GDRP, you have the right to obtain the erasure of data concerning you without undue delay or alternatively, pursuant to Art. 18 GDPR, to obtain restriction of processing of the data
  • Pursuant to Art. 20 GDPR, you have the right to receive the data concerning you which you have provided to us in a structured, commonly used and machine-readable format and to request that they be transmitted to another controller
  • Furthermore, pursuant to Art. 77 GDPR, you have the right to lodge a complaint with the relevant supervisory authority
  • Pursuant to Art. 7(3) GDPR, you have the right to withdraw consent given with effect for the future
  • Pursuant to Art. 21 GDPR, you may object at any time to future processing of the data concerning you for direct marketing or profiling purposes. You may also object at any time to processing based on Art. 6(1)(e) or (f) GDPR by giving grounds relating to your particular situation.

Please note we may have to query you further if we cannot identify you on the basis of your request. In spite of our endeavors, it is not possible to process your request without the minimum required information.

Please feel free to contact us by mail (time:matters GmbH, Data Protection, Gutenbergstr. 6, 63263 Neu-Isenburg) or email (

Complete confidentiality and data security cannot be ensured at all times when communicating via the Internet (e.g. via email). Therefore, we recommend that you use a postal service if confidential information is involved.

Relevant supervisory authority

If there are data breaches, the data subject has the right to lodge a complaint with the relevant supervisory authority. The relevant supervisory authority for matters of data protection is the data protection commissioner (Landesdatenschutzbeauftragter) of the state in which our company has its registered office.

For time:matters, that is the Hessische Beauftragte für den Datenschutz und die Informationsfreiheit (Hessian Commissioner for Data Protection and Freedom of Information,  Please click on the following link for a list of the data protection commissioners and their contact details:

Our Privacy Policy expressly does not include third-party services. Therefore, the privacy policies of the respective providers apply. Of course, we ensure that our requirements in respect of data processing are always complied with insofar as your data are processed by third parties (our contractual partners, in other words).

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties), transmit these to them or otherwise give them access to the data (e.g. via our online portal) within the scope of our processing, this takes place on the basis of legal permission (e.g. if the data must be transmitted to third parties, such as payment service providers, for the performance of a contract pursuant to Art. 6(1)(b) and (f) GDPR), if you have consented, if there is a legal requirement or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we commission third parties to process personal data based on a “commissioned processing contract,” this is carried out on the basis of Art. 28 GDPR. We take the greatest possible care when selecting our processors and regularly verify the security concepts guaranteed to us.

External payment service providers

We use payment service providers to perform contracts on the basis of Art. 6(1)(b) GDPR. Otherwise, we use external payment service providers based on our legitimate interests pursuant to Art. 6(1)(b) GDPR in order to offer our users an effective and secure means of payment. In order to invoice for our services, your data are transferred by our IT service provider to our in-house invoicing process. Our contractual arrangements and the technical and organizational protective measures taken ensure a secure processing environment for your personal data in this regard also.

Our customers can select from various payment options. Our payment service provider (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, Luxembourg) offers payment by credit card and via the PayPal payment service. We never collect additional information on the credit card or PayPal account used. For more information on data protection and contact details, please visit:

Social network integration

We offer social network functionality in various parts of our website through what are known as social plugins. This also includes linking to our content on social networks.  We maintain an online presence on social networks and platforms in order to actively communicate there with customers, interested parties and users and inform them there about our services. Please note that we have neither knowledge about nor influence over how social networks use information provided by you and whether this information is disclosed to other websites. We recommend that you read the respective privacy information carefully. Therefore, the terms and conditions and data processing guidelines of the respective operators apply when you access the networks and platforms. Unless otherwise stated in our Privacy Policy, we process the data of users who communicate with us on social networks and platforms, e.g. post to our online pages or send us messages.

Of course, all of our online offerings can be accessed and used without the use of social networks. When you visit our website, the social plugin buttons are disabled by default, i.e. they do not automatically send any data to third parties. Before you can use a button, you must activate it using the consent manager first. Please note that the button will remain active until you either disable it again or delete your “cookies.” A direct connection is established with the server of the respective social network following activation. The button content is then passed directly to your browser by the social network and integrated by this into the website.

The information below provides an overview of third-party providers as well as links to their privacy policies, which contain further information on data processing and opt-outs, some of which is also mentioned here:

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data is processed on the basis of an agreement on the joint processing of personal data pursuant to Art. 26 GDPR.
Privacy Policy:

XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy Policy:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy:

YouTube and Google+
Videos from the YouTube platform of third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy:

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA
Privacy Policy:

Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Privacy Policy:

Google Maps
In various parts, we offer the use of the Google Maps positioning and map service through the Google Maps API.
Google Maps is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you use Google Maps, information concerning your visit to our website or your use of the app (including your IP address) may be transmitted to and stored on a Google server in the USA. Google may also share the information obtained through Maps with third parties where required to do so by law or where third parties process these data on Google’s behalf.

Google never associates your IP address with other Google data. Nevertheless, it may still be technically possible for Google to identify at least some users based on the data obtained. It is possible that personal data and personality profiles of website users may be processed by Google for other purposes over which we have and can have no influence.

The Google Privacy Policy and Google Maps Additional Terms of Service can be found at


We provide the information below to make data subjects aware of the content of our newsletter as well as the subscription, dispatch and statistical analysis procedures and their right to object to us. When interested parties subscribe to our newsletter, they agree to receive it and to the described procedures.

We only send the newsletter with the recipients’ consent and therefore on the basis of Art. 6(1)(a) GDPR. If the content of a newsletter is specifically described within the context of subscribing to the newsletter, this is authoritative for users’ consent. Otherwise, our newsletters contain information about our services and us.

All an interested party needs to provide to subscribe to the newsletter is their email address. We ask the interested party to optionally provide the recipient’s salutation, first and last names and home country so that we can address them personally in the newsletter.

A double opt-in process is used to subscribe to our newsletter. This means that interested parties receive an email after they subscribe in which they are asked to confirm their subscription. This confirmation is needed to avoid abuse of the newsletter registration process. Newsletter subscriptions are logged so that it is possible to document the subscription process in accordance with legal requirements. This includes storing the time and date of subscription and confirmation, as well as the IP address. The current status in the registration procedure is also logged by the mailing service provider.

The sending of the newsletter and success tracking linked with this are based on the recipients’ consent pursuant to Art. 6(1)(a) GDPR, Art. 7 GDPR in combination with Section 7(2)(3) UWG and on the basis of legal permission pursuant to Section 7(3) UWG. The success tracking normally does not involve processing personal data and is only used for statistical analysis. However, personal data may be processed in certain cases so that it is possible to determine why an email could not be sent.

The subscription process is logged on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR. Our interest is focused on the use of a user-friendly and secure newsletter system that serves our business interests, meets user expectations and, furthermore, allows us to prove consent.

Termination/withdrawal of consent: You may unsubscribe from our newsletter at any time, i.e. withdraw your consent. You will find an unsubscribe link at the bottom of every newsletter.

Please note that your email address may automatically be placed on a blacklist (blacklist for the receipt of any further newsletters) if you object to receipt of the newsletter. This is purely in your own interest of not receiving any further undesired mailings in the future. We base this on our legitimate interest in defending legal claims pursuant to Art. 17(3)(e) GDPR, alternatively a legitimate interest in compliance with legal requirements in the market pursuant to Art. 17(3)(f) GDPR. If you wish to be removed from the blacklist as well, please let us know this explicitly. We cannot then guarantee that we will no longer contact you in the course of regular communication. You may submit an individual request for erasure at any time provided the former existence of consent is confirmed at the same time.

Press distribution list: We also offer individuals engaged in journalism the option to receive a newsletter for journalistic purposes. If you contact us to ask to be added to the press distribution list, we manually add your email address to our distribution list. We then trigger the consent process described above through our mailing service provider. If you do not respond to this email, your email address is automatically blocked after 48 hours.

Newsletter – mailing service provider

The newsletter is sent via mailing service provider Kajomi (kajomi GmbH, Lochhamer Str. 9, 82152 Martinsried, Germany, The mailing service provider’s privacy policy can be viewed here: The mailing service provider is used on the basis of our legitimate interests pursuant to Art. 6(1)(f) GDPR and a commissioned processing contract pursuant to Art. 28(3), Sub-paragraph 1 GDPR.

The mailing service provider may use recipients’ data in pseudonymized form, i.e. without association with any user, for optimizing or improving its own services, e.g. to technically optimize the sending and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to write to them itself or to share the data with third parties.

According to Art. 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

In particular, these measures include safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as other access, input, disclosure and guarantee of availability and their separation in relation to them. We have also set up processes that ensure the exercise of data subjects’ rights, the erasure of data and response to threats to the data. Furthermore, we take into account the protection of personal data right from development and when selecting hardware, software and processes, in accordance with the principle of data protection through technology design and through default privacy settings (Art. 25 GDPR).

Transfers to third countries

If we process data in a third country (i.e. outside of the European Union (EU) and European Economic Area (EEA)) or carry this out in the context of the use of third-party services or disclosure or transfer of data to third parties, this is only carried out if necessary to fulfill our (pre-)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the specific requirements of Art. 44 et seq. GDPR are met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognized determination of a data protection level in accordance with the EU (e.g. through the “Privacy Shield” for the US) or in compliance with officially recognized special contractual obligations (known as “standard contractual clauses”).

We reserve the right to update these privacy provisions from time to time to take into account changes in law or extensions to the functional scope of our online offering. The date of the last update at the bottom of the Privacy Policy is amended accordingly in such cases. Therefore, we recommend that you regularly read the privacy provisions in order to remain up to date on the protection of the personal data we store.

Neu-Isenburg, January 23, 2020