This Privacy Policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter "data") in connection with the provision of our services and within our online offering and the websites, functions and content associated with it. With regard to the terminology used, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
The controller responsible for data processing within the meaning of the GDPR is:
Our company is not legally required to appoint a data protection officer. For questions regarding data protection, please contact us directly using the contact details provided in section 1.
We collect and use personal data of our users only to the extent necessary to provide a functional website and our content and services. The collection and use of personal data of our users is generally only carried out with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by law.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place beyond this if provided for by the European or national legislature in EU regulations, laws or other provisions to which the controller is subject (e.g. commercial and tax law retention periods of generally 6 to 10 years pursuant to Section 257 HGB and Section 147 AO).
Our website is hosted by IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany. Each time our website is accessed, IONOS automatically collects information on our behalf that your browser transmits to our server. This includes:
This data is processed to ensure a smooth connection, convenient use of our website, evaluation of system security and stability, and for other administrative purposes.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a technically
error-free presentation of the website).
Data processing agreement: A data processing agreement (DPA) pursuant to
Art. 28 GDPR exists with IONOS.
Retention period: Server log files are generally deleted after a maximum
of 7–14 days.
Our website uses cookies and comparable technologies. Cookies are small text files stored on your device. We distinguish between technically necessary cookies, which are required for the operation of the website, and optional cookies (e.g. for marketing and analytics purposes).
To manage the cookies and similar technologies used and the related consents, we use the consent management tool "Cookiebot". The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Cookiebot enables us to obtain, manage and document users' consent to the storage of certain cookies on their devices. When you visit our website, a cookie is set to store the consents you have given or their withdrawal.
The following data may be processed in this context:
Processing is carried out to fulfil our legal obligations pursuant to Art. 6(1)(c) GDPR (documentation of consents) and on the basis of Art. 6(1)(f) GDPR (legitimate interest in legally compliant consent management). The use of cookies is based on Section 25 TDDDG.
You can withdraw or adjust your consent at any time with effect for the future by accessing the cookie settings on our website.
Further information can be found in Cookiebot's privacy policy: www.cookiebot.com/en/privacy-policy/
On our website, we offer you the option to book an appointment with us via the "HubSpot Meetings" tool. The provider is HubSpot Inc., 2 Canal Park, Cambridge, MA 02141, USA, represented in the EU by HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland.
The following data is processed when booking an appointment:
Purpose: Scheduling, preparation and conduct of the meeting.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures) or
Art. 6(1)(f) GDPR (legitimate interest in efficient appointment management).
Third-country transfers: HubSpot may transfer data to the USA. The
transfer is based on the EU–US Data Privacy Framework, on which HubSpot is listed, as
well as supplementary EU Standard Contractual Clauses.
Data processing agreement: A data processing agreement exists with HubSpot.
Further information:
legal.hubspot.com/privacy-policy
Our website provides an upload form through which you can send us files and related information. The transmitted data and files are stored exclusively on our own servers operated in Germany at our company premises. No transfer to third parties or to third countries takes place.
The following data is processed:
Purpose: Processing your request and fulfilling the services agreed with you.
Legal basis: Art. 6(1)(b) GDPR (contract performance / pre-contractual
measures) or Art. 6(1)(a) GDPR (consent).
Retention period: We store data for as long as necessary to process your
request or perform the contract. Statutory retention obligations (in particular under
commercial and tax law) remain unaffected.
If you contact us by e-mail, your details will be stored for the purpose of processing the enquiry and in case of follow-up questions. We will not pass this data on without your consent. The legal basis is Art. 6(1)(b) or (f) GDPR.
We use the online advertising programme "Google Ads" and, within Google Ads, conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").
Google Ads enables us to place advertisements in the Google search engine or on third-party websites. As part of conversion tracking, a cookie is set after a click on a Google advertisement, which allows us to track whether users perform certain actions on our website (e.g. using the upload form).
The use of Google Ads and conversion tracking is carried out exclusively with your explicit consent via our consent management tool "Cookiebot". No corresponding cookies are set and no data is transmitted to Google prior to granting your consent.
The following data may be processed in this context:
Legal basis: Your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You can withdraw or adjust your consent at any time with effect for the future by accessing the cookie settings on our website.
Third-country transfers: A transfer of data to the USA cannot be excluded. Google is certified under the EU–US Data Privacy Framework. In addition, EU Standard Contractual Clauses exist as appropriate safeguards pursuant to Art. 46 GDPR.
Retention period: Conversion cookies set by Google generally expire after 90 days.
Further information: policies.google.com/privacy
We use the CRM system of HubSpot Ireland Limited, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland (parent company: HubSpot Inc., USA), to manage our customer and prospect data and maintain our business relationships.
The following data is processed in HubSpot in particular:
Purpose: Customer relationship management, sales, marketing, contract
initiation and processing.
Legal basis: Art. 6(1)(b) GDPR (contract initiation and performance)
and Art. 6(1)(f) GDPR (legitimate interest in efficient customer management).
Data processing agreement: A data processing agreement pursuant to
Art. 28 GDPR exists with HubSpot.
Third-country transfers: A transfer to the USA may take place. HubSpot is
certified under the EU–US Data Privacy Framework. EU Standard Contractual Clauses exist
as supplementary safeguards.
Retention period: Data will be deleted as soon as it is no longer required
for the purposes of processing, at the latest upon expiry of statutory retention periods.
HubSpot Privacy Policy:
legal.hubspot.com/privacy-policy
We use the Microsoft 365 office and communication suite as well as Microsoft Teams for internal and external communication, collaboration, document management and online meetings. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent company: Microsoft Corporation, USA).
The following data may be processed when using Microsoft 365 and Teams:
Purpose: Communication with employees, customers and business partners,
conducting online meetings, collaboration on documents.
Legal basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(f)
GDPR (legitimate interest in efficient communication) and Art. 6(1)(a) GDPR (consent,
e.g. for meeting recordings).
Data processing agreement: A data processing agreement (Microsoft Products
and Services Data Protection Addendum, "DPA") pursuant to Art. 28 GDPR exists with
Microsoft.
Third-country transfers: A transfer to the USA may take place. Microsoft is
certified under the EU–US Data Privacy Framework. EU Standard Contractual Clauses and the
EU Data Boundary exist, through which data of EU customers is generally processed within
the EU.
Recordings: If online meetings are recorded, we inform participants in
advance and obtain their consent.
Microsoft Privacy Statement:
privacy.microsoft.com
In addition to the external services mentioned, we store and process customer and business data on our own servers operated on our premises in Germany. These servers are exclusively under our control.
The following data is processed on our own servers in particular:
Purpose: Fulfilment of services agreed with the customer, internal business
processes, statutory retention obligations.
Legal basis: Art. 6(1)(b) GDPR (contract performance), Art. 6(1)(c)
GDPR (legal obligations) and Art. 6(1)(f) GDPR (legitimate interest in efficient
business operations). Where special categories of personal data within the meaning of
Art. 9 GDPR are processed, this is done exclusively on the basis of separate consent
pursuant to Art. 9(2)(a) GDPR or another applicable legal basis.
Technical and organisational measures: We implement appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect data against unauthorised access, loss and manipulation. These include in particular access controls, encryption, regular backups, firewalls, up-to-date antivirus solutions and employee training.
Retention period: Data will be deleted as soon as the purpose of processing ceases to apply and no statutory retention obligations remain in force.
If you send us a job application by e-mail, we process your personal data for the purpose of conducting the application process. The following data is processed in particular:
Legal basis: Art. 6(1)(b) GDPR and Section 26(1) BDSG (initiation of an employment relationship) as well as Art. 6(1)(a) GDPR (consent, e.g. for inclusion in a candidate pool).
Note on e-mail transmission: Please note that sending data via unencrypted e-mail involves security risks. We recommend transmitting sensitive data via secure channels.
Retention period: In the event of hiring, your application documents will be transferred to your personnel file. Otherwise, application documents will be deleted no later than 6 months after the conclusion of the application process, unless you have consented to longer storage (e.g. for a candidate pool).
Your data will only be passed on if:
Recipients include in particular:
Transfers to third countries outside the EU/EEA are made only to the services explicitly named in this policy (Google, HubSpot, Microsoft) and only under the guarantees stated there (EU–US Data Privacy Framework and EU Standard Contractual Clauses). Otherwise, data is processed exclusively within the EU.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
To exercise your rights, please use the contact details provided in section 1.
You have the right to lodge a complaint with a data protection supervisory authority at any time. The authority responsible for the federal state in which our company is based is:
Where your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing (Art. 21(2) GDPR).
We use the common SSL/TLS encryption method in connection with the highest encryption level supported by your browser during your website visit. In addition, we implement appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
This Privacy Policy is currently valid and was last updated in 05/2026. Due to the ongoing development of our website and services, or as a result of changed legal or regulatory requirements, it may become necessary to amend this Privacy Policy. The current version of the Privacy Policy can be accessed and printed at any time on the website at inline-process.solutions/en/privacy-policy.html.