Skip to main content

Privacy Policy

Here you will find information on how Barrierenlos℠ handles your data in accordance with the GDPR.

Preamble

With this Privacy Policy, we want to inform you about the types of personal data we process, for what purposes, and to what extent. This statement applies to all data processing carried out by us – whether within the scope of our services, on our websites, in mobile applications, or on external online presences such as our social media profiles.

Date: October 16, 2025

Controller

Overview of Processing

The following overview summarizes the types of data processed, the purposes of their processing, and refers to the data subjects.

1 Types of Processed Data

  • Inventory data (stock data)
  • Payment data
  • Contact data
  • Content data
  • Contract data
  • Usage data
  • Meta, communication, and procedural data
  • Protocol data (log data)

2 Categories of Data Subjects

  • Service recipients and clients
  • Prospects
  • Communication partners
  • Users
  • Business and contractual partners

3 Purposes of Processing

  • Provision of contractual services and fulfillment of contractual obligations
  • Communication
  • Security measures
  • Direct marketing
  • Reach measurement
  • Tracking
  • Office and organizational procedures
  • Conversion measurement
  • Target group formation
  • Organizational and administrative procedures
  • Feedback
  • Marketing
  • Creation of profiles with user-related information
  • Provision of our online offering and ensuring user-friendliness
  • Operation of the information technology infrastructure
  • Public relations
  • Sales promotion
  • Support for business processes and commercial procedures

Relevant Legal Bases according to the GDPR: Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the GDPR regulations, national data protection requirements in your or our country of residence or establishment may also apply. Should more specific legal bases be relevant in individual cases, we will inform you of these in this privacy policy.

  • Consent (Art. 6 para. 1 sentence 1 lit. a GDPR): You have given your consent to the processing of your personal data for one or more specific purposes.
  • Performance of Contract and Pre-Contractual Inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR): Processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract.
  • Legal Obligation (Art. 6 para. 1 sentence 1 lit. c GDPR): Processing is necessary for compliance with a legal obligation.
  • Legitimate Interests (Art. 6 para. 1 sentence 1 lit. f GDPR): Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your rights.

National Data Protection Regulations in Germany: In addition, specific regulations apply in Germany, namely the Federal Data Protection Act (BDSG) – particularly regarding access, deletion, objection, processing of special categories of personal data, as well as transmission and automated decision-making.

Note on the Applicability of the GDPR and Swiss DPA: This privacy notice serves both to inform in accordance with the Swiss DPA (Data Protection Act) and the GDPR. For reasons of better comprehensibility, we use the terms of the GDPR. However, the legal definitions are based on the respective law.

Security Measures

In accordance with legal requirements – taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing – we take appropriate technical and organizational measures to ensure a level of security commensurate with the risk.

Important measures include:

  1. Ensuring the confidentiality, integrity, and availability of your data by controlling access and processing.
  2. Establishing procedures for exercising your data subject rights and for erasing or restricting processing.
  3. Considering data protection already when selecting hardware, software, and procedures through data-protection-friendly default settings.

Securing Online Connections: We use TLS/SSL encryption (HTTPS). A website protected by an SSL/TLS certificate displays "HTTPS" in the URL, signaling to you that your data is transmitted securely and encrypted.

Transfer of Personal Data

We may transmit or disclose your personal data to other bodies, companies, legally independent organizational units, or persons – for example, to IT service providers or providers of services and content that are integrated into our website. In doing so, we always comply with legal requirements and conclude corresponding contracts or agreements.

International Data Transfers

If we process or transfer your data in a third country (outside the EU/EEA), this will only take place in compliance with legal requirements. If the data protection level of a third country is recognized by an Adequacy Decision (Art. 45 GDPR), this serves as the basis. Otherwise, the data transfer only takes place if the data protection level is otherwise secured, for example, through Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR), explicit consent, or contractual/statutory requirements.

Further information can be found at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_en?prefLang=de and at https://www.dataprivacyframework.gov/.

General Information on Data Storage and Deletion

We delete your personal data in accordance with statutory provisions as soon as the underlying consents are revoked or no further legal bases exist – this applies if the original processing purpose ceases to apply or the data is no longer required. Exceptions exist if legal obligations or special interests require longer retention.

Data that must be retained for commercial or tax reasons or for legal prosecution will be archived accordingly.

Further information on specific retention and deletion periods can be found in the following points:

  1. 10 years: Retention period for books, records, annual financial statements, inventories, management reports, opening balance sheets, and related working instructions (§ 147 para. 1 no. 1 in conjunction with para. 3 AO, § 14b para. 1 UStG, § 257 para. 1 no. 1 in conjunction with para. 4 HGB).
  2. 8 years: Retention period for booking documents (e.g., invoices, cost receipts) (§ 147 para. 1 no. 4 and 4a in conjunction with para. 3 AO, § 257 para. 1 no. 4 in conjunction with para. 4 HGB).
  3. 6 years: Retention period for other business documents, insofar as they are relevant for taxation (§ 147 para. 1 no. 2, 3, 5 in conjunction with para. 3 AO, § 257 para. 1 no. 2 and 3 in conjunction with para. 4 HGB).
  4. 3 years: Storage of data to consider potential warranty and damage claims (§§ 195, 199 BGB).

Rights of Data Subjects

According to the GDPR, you have the following rights as a data subject:

  • Right to Object: You can object at any time to the processing of your personal data based on Art. 6 para. 1 lit. e or f GDPR – even if this relates to profiling. In particular, you have the right to object to processing for direct marketing purposes.
  • Right to Withdraw Consent: You can withdraw your given consent at any time.
  • Right of Access (Information): You have the right to know whether and what data of yours is being processed, as well as to receive a copy of this data and further information in accordance with statutory provisions.
  • Right to Rectification: You can request the completion or correction of inaccurate data.
  • Right to Erasure and Restriction of Processing: You can request the erasure of your data or a restriction of processing in accordance with statutory provisions.
  • Right to Data Portability: You have the right to receive your data in a structured, common, and machine-readable format or to request transmission to another controller.
  • Complaint to Supervisory Authority: You can lodge a complaint with a supervisory authority if you believe that the processing of your data violates the GDPR.

Business Services

We process data of our contractual partners – i.e., customers and prospects – within the framework of contractual and similar legal relationships and in communication (also pre-contractual), such as for answering inquiries.

This data serves to fulfill our contractual obligations, such as providing the agreed services, update obligations, and support in case of warranty or service disruptions. It is also processed to safeguard our rights, for administrative tasks, and the organization of our company – based on our legitimate interests in ensuring proper business management and security measures.

Data is only passed on to third parties if this is necessary for the fulfillment of the mentioned purposes or for compliance with legal obligations. We will inform you about further processing, for example for marketing purposes, in this privacy policy.

You will usually find out which data is necessary for this purpose before or during data collection (e.g., in online forms or through specific markings).

We generally delete this data after four years, unless longer statutory periods apply (e.g., ten years for tax purposes). Data transmitted within the scope of an order is deleted after the end of the order.

  • Types of Data Processed: Inventory data, payment data, contact data, contract data, usage data, and meta, communication, and procedural data.

  • Data Subjects: Service recipients, clients, prospects, communication partners, and business and contractual partners.

  • Purposes of Processing: Contract fulfillment, security measures, communication, organizational procedures, business processes.

  • Legal Bases: Performance of contract and pre-contractual inquiries, legal obligations, legitimate interests (see Section 4).

  • Online Shop, Order Forms, E-Commerce, and Delivery: We process your data so that you can select, order, pay for, and receive digital products such as our BFSG Checklist or the BFSG Audit. This also includes delivery information marked in the corresponding forms. Legal Bases: Performance of contract and pre-contractual inquiries.

  • Use of Stripe for Payment Processing: We use Stripe for payments, whereby your email address, tax number, website, and other relevant data are collected. Legal Bases: Performance of contract.

  • Processing Purchases and License Management via Freemius: We use the service of Freemius for the sale of our digital products (e.g., the Semanticality™ Plugin), payment processing, and license management. Freemius acts as our "Merchant of Record," meaning they are your direct contractual partner for the purchase. We receive the data necessary for contract fulfillment from Freemius (e.g., name, email address, acquired license). Freemius also processes your payment data and sends necessary transaction emails such as order confirmations, invoices, and license keys. Additionally: Emails for Abandoned Carts (Cart Recovery): Provided you have given us your express consent before the payment process, Freemius processes your email address and information about your shopping cart on our behalf to send you one or more reminder emails in the event of an abandoned purchase. This processing is solely for the purpose of allowing you to easily continue and complete your purchase. The Legal Basis for this data processing is your Consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. Withdrawal of Consent: You can withdraw this consent at any time. Every cart recovery email contains an unsubscribe link, through which you can immediately stop receiving future reminder emails. Service Provider: Freemius, Inc., 111 Peter St, Suite 700, Toronto, ON M5V 2H1, Canada / 100 Gansevoort Street, 6th Floor, New York, NY 10014, USA. Legal Bases: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR). Website: https://freemius.com Privacy Policy: https://freemius.com/privacy Basis for Third Country Transfers: Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR) as well as additional technical and organizational protective measures by Freemius.

Business Processes and Procedures

We process personal data within the framework of our business processes to efficiently manage customer management, sales, payment transactions, accounting, and project management. This data supports us in transaction processing, building customer relationships, and internal administrative tasks.

Data may be passed on to third parties (e.g., tax or legal advisors, banks, shipping service providers, IT services) if this is legally required or necessary for the fulfillment of our obligations. We conclude corresponding contracts for this purpose.

  • Types of Data Processed: Inventory data (name, address, contact info, customer number, date of birth, nationality); Payment data (bank details, invoices, payment history, credit card data, IBAN, BIC); Contact data (postal/email addresses, phone numbers, messenger IDs, social media profiles); Content data (messages, contributions, authorship, publication times); Contract data (contract subject, term, customer category, payment modalities); Usage data (page views, dwell time, click paths, interactions); Meta, communication, and procedural data (IP addresses, time details, IDs, log files).

  • Data Subjects: All groups mentioned above.

  • Purposes of Processing: Contract fulfillment, administration, organization, and commercial procedures.

  • Legal Bases: See Section 4.

  • Economic Analyses and Market Research: We analyze data on business transactions and contracts to identify market trends and make business decisions. These analyses are carried out internally and based on pseudonymized or anonymized data. Legal Bases: Legitimate Interests.

Provision of the Online Offering and Web Hosting

We process user data to provide our online services. This includes, in particular, the IP address, which is required to send content and functions to your browser or device.

  • Types of Data Processed: Usage data, meta, communication, and procedural data, protocol data, and content data.

  • Data Subjects: Users of our websites and online services.

  • Purposes of Processing: Provision of the online offering, ensuring user-friendliness, operation of the IT infrastructure, and security measures.

  • Legal Bases: Legitimate Interests.

  • Collection of Access Data and Log Files: All accesses to our online offering are logged in server log files, which include, among others, IP addresses, access times, and browser information. This serves to protect against overload and misuse. Legal Bases: Legitimate Interests. Deletion: Log files are deleted or anonymized after a maximum of 30 days.

  • Hosting of musnuss.de with STRATO: Our website musnuss.de is hosted by STRATO AG (Pascalstraße 10, 10587 Berlin, Germany). Legal Bases: Legitimate Interests. Website: https://www.strato.de Privacy Policy: https://www.strato.de/datenschutz/

  • Hosting of barrierenlos.com via Cloudflare: Our website barrierenlos.com is provided via Cloudflare, which offers a Content Delivery Network (CDN) and other security and optimization services. Legal Bases: Legitimate Interests. Website: https://www.cloudflare.com/de-de Privacy Policy: https://www.cloudflare.com/de-de/privacypolicy/

  • Instart: A Content Delivery Network that delivers content (especially large media files) via a network of distributed servers. Service Provider: Instart Logic, Inc., 450 Lambert Avenue, Palo Alto, CA 94306, USA. Legal Bases: Legitimate Interests. Website: https://www.instart.com Privacy Policy: https://www.instart.com/company/legal/privacy-policy

Use of Cookies

Cookies are functions that store and read information on your devices. They serve, among other things, the functionality, security, and user-friendliness of our offerings, as well as the creation of visitor statistics. We use cookies in accordance with legal regulations. Where necessary, we obtain your consent. Otherwise, we rely on our legitimate interests, especially when storing and reading information is essential to provide content and functions requested by you.

Notes on Data Protection Legal Bases: The processing of personal data using cookies is based on your consent or our legitimate interests.

Storage Duration: We distinguish between:

  • Temporary Cookies (Session Cookies): These are deleted as soon as you leave our offer or close your browser.
  • Permanent Cookies: These remain stored even after the browser is closed (up to two years, unless otherwise specified).

General Notes on Withdrawal and Objection: You can withdraw your consent and object to the processing at any time – for example, via your browser settings.

  • Types of Data Processed: Meta, communication, and procedural data (e.g., IP addresses, time details, IDs).
  • Data Subjects: Users of our websites and online services.
  • Legal Bases: Consent or legitimate interests (see above).

Further Notes:

  • Processing of Cookie Data based on Consent: We use a consent management solution that obtains, logs, and manages your consent to the use of cookies. This consent is stored server-side and/or in an opt-in cookie – usually for up to two years. Legal Bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
  • Affiliate Tracking Cookie (30 Days): For our partner program, the service we use (Freemius) sets a cookie with a validity of 30 days, provided you have consented to this in the cookie banner. The cookie contains only a pseudonymous affiliate/campaign ID and serves to assign a subsequent purchase to the referring partner (last-click model). It does not contain directly personal data. You can withdraw your consent at any time via the cookie banner or delete the cookie in your browser settings. Legal Basis: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Blogs and Publication Media

We use blogs or similar media to provide content and communicate with you. The data of readers is only processed to the extent necessary for the presentation of the content, communication between authors and readers, or for security reasons.

  • Types of Data Processed: Inventory data, contact data, content data, usage data, and meta, communication, and procedural data.
  • Data Subjects: Users of our websites and online services.
  • Purposes of Processing: Feedback and provision of our online offering.
  • Legal Bases: Legitimate Interests.

Contact and Inquiry Management

If you contact us – whether by post, contact form, email, phone, or via social media – or are already in a business relationship, we process your information to the extent necessary to process your inquiry.

  • Types of Data Processed: Inventory data, contact data, content data, usage data, meta, communication, and procedural data.
  • Data Subjects: Communication partners.
  • Purposes of Processing: Communication, administrative and organizational procedures, feedback.
  • Legal Bases: Performance of contract, pre-contractual inquiries, and legitimate interests.

Further Notes:

  • Contact Form: If you contact us via a contact form, we process the data you submit (name, contact data, etc.) to process your inquiry. Legal Bases: Performance of contract and pre-contractual inquiries, legitimate interests.
  • HubSpot CRM: We use HubSpot for customer contact management, marketing automation, and analysis. Service Provider: HubSpot Ireland Limited, Dublin 1, Ireland. Legal Bases: Performance of contract, pre-contractual inquiries, and legitimate interests. Website: https://www.hubspot.de/pa/crm Privacy Policy: https://legal.hubspot.com/de/privacy-policy

Newsletter and Electronic Notifications

We send newsletters, emails, and other electronic notifications (hereinafter "Newsletter") only if you have consented or there is a legal basis. When registering, your email address is usually sufficient. We may ask for further data for personal address.

Deletion and Restriction of Processing: Unsubscribed email addresses may be stored for up to three years to prove former consent. This storage is solely for the purpose of potentially defending against claims. You can request deletion or object at any time. In case of permanent objection, the relevant data will be stored in a blocking list.

Logging of the Registration Process: We document the registration process to prove proper procedure.

Content

In our newsletter, we inform you about news in the field of digital accessibility – for example, about new deadlines, legal updates, best practices, case studies, and frequently asked questions. You will also receive information about our products and services.

In addition, we regularly send free accessibility audits for selected websites and send the reports to the business email addresses found in the imprint information of the respective websites.

  • Types of Data Processed: Inventory data, contact data, meta, communication, and procedural data, and usage data.

  • Data Subjects: Communication partners and users.

  • Purposes of Processing: Direct marketing, fulfillment of contractual obligations.

  • Legal Bases: Consent and legitimate interests.

  • Objection Option (Opt-Out): At the end of each newsletter, you will find an unsubscribe link, or you can contact us by email to stop receiving it.

  • Measurement of Open and Click Rates: Our newsletters contain "web beacons" that record technical data (e.g., browser, operating system, IP address, time) when opened to optimize the performance of the newsletter. This data is only stored with your consent. Legal Bases: Consent.

  • Prerequisite for Utilizing Free Services: Consent to newsletter dispatch may be used as a prerequisite for accessing free services (e.g., special content or promotions). If you wish to receive these services without the newsletter, please contact us directly.

  • MailerLite: We use MailerLite for sending newsletters. Service Provider: MailerLite Limited, 88 Harcourt Street, Dublin 2, D02 DK18, Ireland. Legal Bases: Legitimate Interests. Website: https://www.mailerlite.com Privacy Policy: https://www.mailerlite.com/legal/privacy-policy Data Processing Agreement: https://www.mailerlite.com/legal/data-processing-agreement Basis for Third Country Transfers: Data Privacy Framework (DPF).

Promotional Communication via Email, Post, Fax, or Phone

We also process personal data for advertising purposes – for example, via email, phone, post, or fax – provided this complies with legal requirements.

You can withdraw your consent or object to promotional communication at any time. After a withdrawal or objection, we store the necessary data (e.g., email address, phone number) for up to three years to secure proof of previous authorization. This storage is solely for the defense against possible claims. If withdrawal or objection is permanently respected, the data will be stored in a blocking list.

  • Types of Data Processed: Inventory data, contact data, and content data.
  • Data Subjects: Communication partners.
  • Purposes of Processing: Direct marketing, sales promotion.
  • Legal Bases: Consent and legitimate interests.

Cold Emails to Business Email Addresses: Additionally, we occasionally send emails with a free Accessibility Audit Report and brief notices about our services to business, non-personal email addresses that we extract from the imprint information on our websites. This so-called "cold acquisition" is based on our legitimate interests. If you do not wish to be contacted in this way, you can object at any time.

Web Analysis, Monitoring, and Optimization

Our web analysis (also called "reach measurement") serves to evaluate the visitor flows of our online offering. It collects pseudonymized data about the behavior, interests, and demographic information (e.g., age, gender) of users, so we can understand when and how our offer is used and where improvements are needed.

We also use testing procedures (e.g., A/B tests) to compare and optimize different versions of our offer. Profiles may be created in your browser or device. If you have consented, location data will also be processed.

We store the IP addresses of users, but pseudonymize them using IP masking to prevent personal identification.

  • Types of Data Processed: Usage data, meta, communication, and procedural data.
  • Data Subjects: Users of our websites.
  • Purposes of Processing: Reach measurement, creation of user profiles, optimization of our offering.
  • Legal Bases: Consent or legitimate interests.

Further Notes:

  • Google Analytics: We use Google Analytics for measuring and analyzing user behavior, using pseudonymous IDs. No personal data such as name or email address is stored; instead, rough geodata is derived from IP addresses and deleted. Service Provider: Google Ireland Limited, Dublin 4, Ireland; Legal Bases: Consent; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms/; Basis for Third Country Transfers: Data Privacy Framework (DPF).
  • Google Tag Manager: This tool allows us to centrally manage website tags without storing user data ourselves. It loads other services that then process their data. Service Provider: Google Ireland Limited, Dublin 4, Ireland; Legal Bases: Consent; Website: https://marketingplatform.google.com.
  • Hotjar: We use Hotjar to analyze clicks, mouse movements, and scrolling behavior (heatmaps). This involves anonymizing IP addresses, collecting technical device specifications, and interactions, among other things. Service Provider: Hotjar Ltd., Malta; Legal Bases: Consent or legitimate interests; Website: https://www.hotjar.com; Privacy Policy: https://www.hotjar.com/legal/policies/privacy; Opt-Out/Objection: Activation of the “Do Not Track” setting or instructions at https://www.hotjar.com/policies/do-not-track/ or simply refusal when using non-essential cookies on our website.
  • Microsoft Ads (Bing Ads) and Conversion Measurement: We use Microsoft Ads to place advertisements in the Bing advertising network and measure the success of these advertisements. A cookie is set that contains a pseudonymous ID, so only statistical, anonymized data is collected. Service Provider: Microsoft Corporation, USA; Legal Bases: Consent or legitimate interests; Website: https://ads.microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement; Opt-Out/Objection: Change settings at https://account.microsoft.com/privacy/ad-settings or simply refusal when using non-essential cookies on our website.

Online Marketing

We process personal data for online marketing purposes – this includes, in particular, placing advertising spaces or displaying content that is based on your potential interests, as well as measuring the effectiveness of these measures.

For this purpose, we may create user profiles and store data in cookies or similar procedures. Information on viewed content, visited websites, technical data (e.g., browser, device), usage times, and communication partners, and – if you have consented – also location data, are stored.

We store IP addresses and pseudonymize them using IP masking. No directly personal data such as name or email address is stored.

Notes on Legal Bases: Processing takes place either on the basis of your consent or based on our legitimate interests in showing you personalized advertising and measuring the effectiveness of our marketing measures.

Notes on Withdrawal and Objection: You can object to personalized advertising via the privacy notices of the respective providers. Alternatively, you can disable cookies in your browser – however, this may limit the functionality of our website.

  • Types of Data Processed: Usage data, meta, communication, and procedural data.

  • Data Subjects: Users of our websites and online services.

  • Purposes of Processing: Reach measurement, tracking, target group formation, personalized marketing, and conversion measurement.

  • Legal Bases: Consent or legitimate interests.

  • Google Ads and Conversion Measurement: We use Google Ads to place ads in Google's advertising network and measure their success. Service Provider: Google Ireland Limited, Dublin 4, Ireland; Legal Bases: Consent and legitimate interests; Website: https://marketingplatform.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for Third Country Transfers: Data Privacy Framework (DPF).

  • Microsoft Ads (Bing Ads) and Conversion Measurement: We use Microsoft Ads to place ads in the Bing advertising network and measure the success of these measures. A cookie is set that contains a pseudonymous ID – only aggregated, anonymous data is collected. Service Provider: Microsoft Corporation, USA; Legal Bases: Consent or legitimate interests; Website: https://ads.microsoft.com; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement.

  • Partner Program and Affiliate Tracking: We participate in a partner program. If you access our website via an advertising link from one of our partners (affiliates), this is recorded to correctly assign any commission due. This process serves our legitimate interest in processing commission payments. A cookie or similar technology is used for tracking. Purpose of Processing: Assignment of sales to the referring partner (affiliate) for commission settlement. Processed Data: The cookie stores a pseudonymous identification number (affiliate ID) as well as information about the advertising medium and the time of the click. No directly personal data such as your name or email address is stored in the cookie. Cookie Duration: 30 days (based on the last-click principle). Service Provider for Technical Processing: Freemius, Inc., 111 Peter St, Suite 700, Toronto, ON M5V 2H1, Canada / 100 Gansevoort Street, 6th Floor, New York, NY 10014, USA. Legal Bases: Processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR), which you give via our cookie banner and can withdraw there at any time. Service Provider Website: https://freemius.com Service Provider Privacy Policy: https://freemius.com/privacy Basis for Third Country Transfers: Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR) as well as additional protective measures secure the data transfer.

Presences in Social Networks (Social Media)

We maintain online presences in social networks to communicate with active users and offer information about us. Please note that your data may be processed outside the EU, which may limit your rights.

Processing usually takes place for market research and advertising purposes using cookies that record your usage behavior.

Partner Program and Affiliates

We operate a partner or affiliate program to advertise our products and services. If you participate in this program as a partner, we process your personal data to manage the contractual relationship with you, track your referred sales, and pay out the commissions due to you.

  • Types of Data Processed: Inventory data (e.g., name, company), Contact data (e.g., email address), Contract data (e.g., partner ID, contract start), Payment data (e.g., payout details), and Usage data (e.g., clicks, conversions, referred sales).
  • Data Subjects: Business and contractual partners (affiliate partners).
  • Purposes of Processing: Provision of contractual services (management of the partner program, commission settlement), communication.
  • Legal Bases: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR).

Further Notes:

  • Technical Processing via Freemius: We use the affiliate platform of Freemius to manage our partner program, track referrals, and pay out commissions. As a partner, you gain access to a Freemius dashboard where your performance data is viewable. Service Provider: Freemius, Inc., 111 Peter St, Suite 700, Toronto, ON M5V 2H1, Canada / 100 Gansevoort Street, 6th Floor, New York, NY 10014, USA. Legal Bases: Performance of contract (Art. 6 para. 1 sentence 1 lit. b GDPR). Website: https://freemius.com Privacy Policy: https://freemius.com/privacy Basis for Third Country Transfers: Standard Contractual Clauses (Art. 46 para. 2 lit. c GDPR) as well as additional technical and organizational protective measures by Freemius.

Management, Organization, and Auxiliary Tools

We use services, platforms, and software from third-party providers to support our organization, administration, planning, and service delivery. Personal data may be processed on the servers of the third-party providers.

  • Types of Data Processed: Content data, usage data, and meta, communication, and procedural data.

  • Purposes of Processing: Communication, provision of contractual services, administrative and organizational procedures.

  • Legal Bases: Legitimate Interests.

  • WeTransfer: For the secure transfer of files. Service Provider: WeTransfer BV, Amsterdam, Netherlands; Legal Bases: Legitimate Interests; Website: https://wetransfer.com; Privacy Policy: https://wetransfer.com/legal/privacy.

  • Google Drive: To distribute our digital products, such as the BFSG Checklist and the BFSG Audit, we host files on Google Drive. The content is distributed via links leading to Google Drive. Service Provider: Google Ireland Limited, Dublin 4, Ireland; Legal Bases: Legitimate Interests (e.g., efficient and secure data provision) and, if necessary, your consent; Website: https://drive.google.com; Privacy Policy: https://policies.google.com/privacy; Note: When accessing shared links, Google cookies may be set, and log data (e.g., IP address, time stamp) may be collected. Note that Google Drive may also operate servers outside the EU, which may result in a third-country transfer.

Amendment and Update

Please regularly inform yourself about the content of this privacy policy. We will adapt it as soon as changes in our data processing make this necessary. As soon as a change requires your cooperation (e.g., renewed consent) or an individual notification is necessary, we will inform you.

Please note that addresses and contact data of companies mentioned in this privacy policy may change over time. Please check this information before contacting them.

Definitions of Terms

Below you will find an overview of the terms used in this privacy policy. Where legal definitions exist, they apply. The following explanations serve for better comprehensibility:

  • Inventory Data (Stock Data): Essential information necessary for the identification and management of contractual partners, user accounts, profiles, etc. (e.g., name, contact information, date of birth, user IDs).
  • Content Data: Information generated during the creation, editing, and publication of content (e.g., texts, images, videos, audio files, and associated metadata such as author, date, tags).
  • Contact Data: Information that enables communication (e.g., phone numbers, email addresses, postal addresses).
  • Conversion Measurement: Procedure for recording the reaction to marketing measures (e.g., clicks on ads, purchases), often with the help of cookies.
  • Meta, Communication, and Procedural Data: Data about the handling of information (e.g., file size, creation date, communication histories, audit logs).
  • Usage Data: Information about how and when users interact with digital offerings (e.g., page views, click paths, device information, location data).
  • Personal Data: All information relating to an identified or identifiable natural person (e.g., name, ID, location data, online identifier).
  • Profiles with User-Related Information: Automated processing in which personal data is analyzed or evaluated to determine personal aspects (e.g., interests, behavior).
  • Protocol Data (Log Data): Records of events or activities in a system (e.g., timestamps, IP addresses, error messages).
  • Reach Measurement: Also known as Web Analytics, used to evaluate visitor flows to optimize the offering.
  • Tracking: The monitoring of user behavior across various offers, often using cookies and profiling.
  • Controller: The person or organization that decides on the purposes and means of the processing of your personal data.
  • Processing: Any operation related to personal data, be it collection, evaluation, storage, transmission, or deletion.
  • Contract Data: All details of an agreement between parties (e.g., services, term, payment modalities).
  • Payment Data: Information required for processing transactions (e.g., credit card number, bank details, invoice information).
  • Target Group Formation: Procedure for identifying specific user groups for advertising purposes (e.g., Custom Audiences), often using cookies.

On this page

Your privacy is important to us

We use cookies to improve your browsing experience and analyze website traffic. Choose which cookies we may use. You can find more information in our Privacy Policy.

These cookies are required for the basic functionality of the website and cannot be disabled.

These cookies help us understand how visitors interact with our website by anonymously collecting and reporting information.

  • Google Analytics: Collects anonymous statistics on page usage.
  • Hotjar: Analyzes click and scroll behavior to improve user-friendliness (anonymized).

These cookies are used to show you relevant advertising on other platforms and to provide content based on your interests.

  • Google Ads & Microsoft Ads: Measure the success of advertisements and enable personalized advertising.
  • Meta Pixel: Enables targeted advertising on Facebook and Instagram.
  • Affiliate Tracking (Freemius): Assigns purchases to a referring partner for commission settlement (30 days storage duration) - if you came to us via an affiliate link, these cookies must be activated for the partner to receive their commission.