Privacy Policy

1. General information

1a) What does this privacy policy apply to?

This privacy policy informs the user (hereinafter also referred to as the "data subject") of this website about the handling of personal data. The operator and controller of this website is our company (hereinafter also referred to as the "controller").

This privacy policy contains in particular the precise, transparent and easily understandable information pursuant to Art. 13 f. GDPR. The privacy policy also informs the user about their rights as a data subject in accordance with Articles 15 to 18, 20 and 21 GDPR.

Furthermore, the scope of this privacy policy also extends to the processing of personal data of customers, interested parties, suppliers and other partners outside the website by our company.

The scope of this data protection declaration of our company expressly does not extend to external links that are indicated on the website. It should be noted that the corresponding data protection provisions of the respective website operator apply here. For this reason, we expressly recommend that you read these in full and take note of them before using the respective website.


1b) Which terms are particularly important?

What is personal data?

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject" or "user"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person." (Art. 4 No. 1 GDPR)


 What is meant by processing?

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." (Art. 4 No. 2 GDPR)


1c) Note

If only the male gender is mentioned in this declaration or on the website, this expressly does not constitute discrimination against another gender (f/d), but serves solely to improve readability.

2. Which body is responsible for the processing?

The controller pursuant to Art. 4 Abs. 7 GDPR is responsible for the processing of personal data:


PromoTool GmbH

Technology and innovation agency

Damerowstr. 65
13187 Berlin

Phone: +49 30 4746596
Fax: +49 30 4746597


Management: Eileen Kammann, Dr Thomas Rüsch


If users have any concerns about data protection, they can contact the person responsible by e-mail at .

3. What personal data does the website operator process?

When processing personal data, the website operator always works in accordance with the principles set out in Art. 5 Abs. 1 GDPR. These include the principles of transparency, purpose limitation and data minimisation.

Only those persons (employees) who actually need personal data and who are trained and obliged to handle personal data are granted access to personal data by the controller.


a) automatically collected personal data

This website does not automatically collect any personal data without the user's consent to the use of cookies or the voluntary provision of information (e.g. via the contact form).

The user is asked for consent to the use of cookies and external media immediately at the start of use. If the user does not give their consent, external media and their content will not be displayed. Beyond this, the selected settings have no further effect on the usability of the website.

Further information on cookies can be found in Article 6 "Cookies".



The transmission of the IP address is necessary for successful data transmission to the device used by the user. This is stored anonymised in the server log files to protect personal data.


In addition to the IP address, the following information is stored in a log file:

  • Date and time of the website visit
  • Useful life
  • Usage path within the website
  • Referrer URL (from which page the user came to this page)
  • Operating system and / or browser used
  • Amount of data transferred in bytes
  • Errors during website use (status codes)
  • used screen resolution

All data collected in a server log file is only used for (anonymised) statistical evaluations, for improvement and to enable error-free and secure use of the website. However, the controller reserves the right to check the server log files retrospectively as soon as there are concrete indications of illegal use of the website.

By anonymising the IP addresses, it is not possible to assign the individual log files to a user or an individual device. For this reason, the automatically generated server log files are no longer personal data within the meaning of the GDPR from the time of anonymisation. Anonymisation is carried out by the provider (hosting provider) after 7 days at the latest. To protect personal data, we can only view the IP addresses in anonymised form before they are anonymised by the provider.


b) voluntary information via the contact form

By filling out the contact form on this website, the user voluntarily enters personal data. By clicking on "Send", the user consents to the processing of their personal data for the purpose of processing their enquiry. This involves the following information:

  • Name of the company
  • Name of contact person (mandatory)
  • E-mail address (mandatory)
  • Phone number (mobile if applicable)
  • Individual message with details of the respective request (mandatory)
  • Address

In order to respond to enquiries via the contact form, it is necessary to provide your name and a valid e-mail address. If you do not provide us with the necessary personal data in full when making an enquiry via the contact form, this may result in us not being able to process your enquiry or only being able to process it in part. All data is transmitted in SSL/TSL encrypted form.

You can revoke your consent at any time without giving reasons. We will only process the data for as long as is necessary for the purpose of your enquiry. If there is a legal obligation to retain data, we will restrict the processing.


c) Direct marketing measures

The website operator may use the address voluntarily provided by users on the website within the meaning of Art. 6 para. 1 lit. f GDPR to advertise current services, promotions and our website by post. If these are existing customers or interested parties in the narrower sense, our company can also carry this out by e-mail within the meaning of Art. 6 para. 1 lit. f and taking into account § 7 para. 3 UWG. According to current case law, presumed consent (within the meaning of Section 7 (2) UWG) is sufficient for telephone advertising for companies (B2B), provided that this does not conflict with overriding interests pursuant to Art. 6 (1) (f) GDPR. Of course, you have the right to object to the sending of advertising or other contact for advertising purposes at any time with effect for the future without giving reasons.

4. Customer data protection - personal data of customers and interested parties

In particular, our company processes the following personal customer data (processing outside this website):

  • Name of the company
  • Name of the contact person
  • Contact details (address, e-mail address, telephone number (mobile if applicable), fax if applicable)
  • Details of concerns / enquiries
  • Order-related data
  • Invoice and, if applicable, financial data
  • if available, data in the context of order processing (a separate agreement on order processing (AVV) is concluded in accordance with Art. 28 GDPR)
  • Consents for advertising purposes (and revocations)
  • other personal data that are necessary in the context of pre-contractual measures and/or for the fulfilment of the contract

In the case of interested parties, our company processes in particular the name of the company, the name of the contact person, contact details and data on concerns / enquiries.

The legal bases specified below in Art. 5 also apply, where applicable, to the processing of personal data of customers, interested parties, suppliers and other partners. The processing is carried out in particular in accordance with Art. 6 para. 1 lit b, f GDPR.

5. Lawfulness of the processing

Our company processes all personal data provided via this website for the following purposes:

  • to respond to enquiries (pursuant to Art. 6 para. 1 lit. b GDPR)
  • for communication with the user (pursuant to Art. 6 para. 1 lit. a, b and f GDPR)
  • the purpose of contractual or pre-contractual service provision (pursuant to Art. 6 para. 1 lit. b GDPR)
  • for the provision of information and / or services intended for the user (pursuant to Art. 6 para. 1 lit. f GDPR)
  • Examination of complaints or other information from users (pursuant to Art. 6 para. 1 lit. f GDPR)
  • for the improved operation and corresponding administration of the website (pursuant to Art. 6 para. 1 lit. f GDPR)
  • to detect and prevent fraud and criminal offences and/or to ensure the necessary network and data security, insofar as these interests are consistent with the applicable law and with the rights and freedom of the user (pursuant to § 24 para. 1 BDSG and Art. 6 para. 1 lit. f GDPR)
  • if the controller is obliged to do so for legal reasons (pursuant to Art. 6 para. 1 lit. c GDPR)

If the data subject does not provide us with all the personal data required before, during or after order processing, this may mean that the order / enquiry cannot be processed or can only be processed incompletely. This also applies to a restriction of data, where the respective data is blocked for further use. However, this does not affect your visit to the website.

6. Cookies / External media

We use cookies and external media on our website. All cookies (with the exception of technically necessary cookies) and any other tracking technologies are only set/used if the user has consented to this by opting in. Consent is voluntary and can be revoked at any time.


Cookies are small text files that are temporarily stored on the user's hard drive. Each time our website is accessed again, the browser accesses the relevant cookies and sends the data they contain to the website server.

A distinction must be made between technically necessary cookies and cookies that are not necessary for the operation of the website (cookies for personalisation, marketing and analysis purposes). For example, the cookie for storing consent to the cookie notice is technically necessary.

External media are software provided by third parties and integrated into the website by the controller for optimal presentation and usability. Examples include social media buttons. In particular, third-party cookies that process personal data are used to display external media. Therefore, the voluntary consent of the user, which can be revoked at any time, is required for the display of external media.

Other tracking & analysis technologies: If other tracking and analysis technologies are used on this website after consent has been given, we will inform you accordingly in this privacy policy. Of course, consent to the use of other tracking and analysis technologies is voluntary and can be revoked at any time with effect for the future.


a) Which cookies for personalisation (third-party cookies) does this website use?

The third-party cookies used on this website are stored on the computer / mobile device for the specified period of validity after the first storage. In the event of a subsequent update, the cookie is then stored for a maximum of the respective validity period. The cookies actually set may vary slightly depending on the browser / end device or due to changes made by the third-party provider. Users can view a current overview of the cookies actually used depending on the browser and integrated external media at any time via the link to the cookie plugin.

XXXInsert link cookie overviewXXX

b) How can I manage cookies within the website?

A cookie plugin is used for this purpose. With the help of this plugin, users can customise their preferences for cookies and external media easily and with just a few clicks directly when visiting the website. You can customise the settings at any time using the "Change cookie settings" button at the top of the privacy policy


The following options are available to the user:

- Opt-in / opt-out of all cookies / external media

- Opt-in / opt-out of individual cookies / individual external media


The cookie required for this is essential (necessary) and is set for a maximum of one year. If cookies are deleted prematurely by your browser or on your end device, your previous settings will also be deleted. When you visit this website again, cookies (with the exception of technically necessary / essential cookies) will only be set if you consent to this.

The third-party cookies used on this website are stored on the computer / mobile device for the specified period of validity after the first storage. In the event of a subsequent update (such as a new visit to the website), the cookie is then stored for a maximum of the respective validity period.


c) How can cookies be managed in the browser settings?

In principle, internet browsers offer their users the option of changing the settings for allowing and informing about the placement of cookies themselves. This allows users to completely reject the use of cookies. However, this setting may mean that some functions of this website are only available to a limited extent or are no longer available at all. However, this only applies to content and functions (external media) that can only be displayed by setting cookies (technically unnecessary cookies).


Under the following links, users can manage their cookie preferences in the most frequently used browsers themselves:

Google Chrome

Internet Explorer



7. Other plugins

    a) Cookie plugin

    With the cookie plugin provided by this website, users can make individual cookie settings on this website at any time (for more information, see Article 6 b).


    b) WP Statistics

    We use WP Statistics software on our website for statistical and analysis purposes. To protect your personal data, we completely anonymise the IP address of the device used immediately when you visit the website. This means that it is no longer possible to assign it to a specific natural person and it is no longer personal data within the meaning of the GDPR.

    We can use the software to statistically analyse the following data, among others, without assigning it to an individual person:

    • Referrer URL (from which page the user came to this page)
    • Operating system used
    • Browser used, search engine used, country and approximate location

    The software is integrated exclusively on the servers of our website in appropriately secured high-security data centres located in Germany; there is expressly no transfer of data to third parties or to a third country.




    d) Reviews via third-party providers - Proven Expert

    The person responsible offers customers the opportunity to rate the cooperation with our company at Proven Expert. A valid e-mail address is required to submit a review. Furthermore, the customer can submit reviews with his name / company name. The current overall rating score is displayed on this website.

    Our company has access to the following personal data:

    • E-mail address
    • Name / Company of the customer
    • Date / Time
    • Rating score in stars
    • Evaluation text


    The data is used in particular to check the reviews submitted in order to be able to check for possible misuse in accordance with § 24 para. 1 BDSG and Art. 6 para. 1 lit. f GDPR. The privacy policy applies accordingly to the submission of reviews and when visiting the Proven Expert profile.

    Reviews from other third-party providers are subject in particular to the respective terms of use and data protection provisions.

    8. Data from other sources

    If permitted by applicable law, our company may merge data provided by the user with other information that our company has already collected and stored about you at an earlier point in time for a legally compliant purpose (Art. 6 para. 1 lit a, b and f GDPR). This may be the case, for example, if the user provides personal data via the contact form and our company merges this with data from an order form or offer.

    9. Will my personal data be passed on to third parties?

    Personal data will not be sold, distributed, transferred to third parties for a fee or used commercially in any other way by our company. The only exception to this is if we are obliged to do so by law or official regulations or if the data subject has given their consent.

    If our company offers a service in co-operation with a third party, we will inform the customer of this in advance. In this context, we will only pass on the data to such a co-operation partner (third party) with express consent. In doing so, our company limits the transferred data to what is absolutely necessary and strictly complies with the applicable data protection regulations (in particular the GDPR and the BDSG).

    Personal data is only passed on to third parties by this website in the following cases:

    1. If the data subject has given their consent in accordance with Art. 6 para. 1 lit. a and Art. 7 GDPR.
    2. The transfer is necessary for the fulfilment of contractual or pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR.
    3. There is a legal obligation to do so in accordance with Art. 6 para. 1 lit. c GDPR.
    4. If this is necessary in accordance with Art. 6 para. 1 lit. f GDPR for the establishment, exercise or defence of legal claims and there are no overriding legitimate interests to the contrary.
    10. Social Media

    Our company uses social media pages on the following social media platforms:

    • Facebook
    • Instagram
    • Twitter 
    • LinkedIn

    For pure HTML links to social media pages of our company (without tracking), no consent is generally required.

    If we use buttons on our website, in particular share or like buttons, which collect personal data by means of cookies or other tracking technologies, data processing will only take place after consent has been given. Consent can be actively given, in particular by opting in at the start of using the site or later using the so-called 2-click procedure.

    The cookies and tracking technologies link the use of the website to an existing social media profile. If there is no profile with a platform, the data can be assigned to the IP address of the device used, depending on the network operator. By clicking on "Decline" immediately at the beginning of the website visit, no cookies are set and no social media buttons are displayed. These will only be displayed and personal data transmitted if the user actively consents to this. The previous settings can be viewed and customised at any time using the "Change cookie settings" button at the beginning of this privacy policy. Alternatively, cookies can also be customised in the browser settings.

    For the social media sites operated by our company, there is joint responsibility together with the respective network operator. This means that both our company and the network operator are responsible for the protection of personal data. Insofar as this falls within the sphere of influence and responsibility, our company consistently implements data protection in accordance with this privacy policy. However, the controller (in accordance with this privacy policy) has only limited influence on the specific organisation of and compliance with data protection by the respective network operator.

    11. Where will my personal data be processed (processing area)?

    In principle, all personal data collected and transmitted by our company via this website is processed exclusively within the European Union. However, individual cookies, external media or plugins may send personal data to servers outside the European Union (third countries). A transfer will only take place if you have consented to its use or if we expressly state another legal basis in this privacy policy in certain cases. The basis for the transfer of data to third countries is either an adequacy decision of the EU Commission pursuant to Art. 45 para. 3 GDPR, standard data protection clauses and on the basis of Art. 49 para. 1 lit. b GDPR. These bases ensure adequate protection of your personal data within the meaning of the GDPR.

    You can change the settings for the use of cookies and external media, in particular within the website, at any time by clicking on the "Change cookie settings" button at the beginning of this privacy policy. Further information on cookies and external media can be found in Article 6 of this privacy policy.

    Unless otherwise stated, all personal data of customers, interested parties and applicants are processed by our company exclusively within the European Union.

    12. Storage period / deletion of personal data

    In principle, our company only stores your personal data within the meaning of Art. 17 para. 1 lit. a GDPR or processes it in any other way for as long as is necessary for the purposes for which the personal data was collected. Our company will then delete the data of the data subjects immediately. However, in certain cases, our company may be legally obliged to store certain data for a longer period of time.


    The cookies used by the controller will be deleted from the hard drive or your device/storage location at the latest upon expiry of the validity period specified in Art. 6 lit. a of this data protection declaration (cookies) after storage on the device memory or, in the case of an update, at the latest after expiry of the specified validity period after an update.

    13. How secure is my data? - Data security

    Our company's website is hosted exclusively on servers located in certified high-security data centres within Germany. In addition, our company takes appropriate technical and organisational measures to protect your personal data from any unauthorised access.


    SSL-encrypted data transmission

    When data is transmitted via the website server(s), all data is encrypted using the HTTP/2 SSL/TSL transmission protocol. This means that all data transmitted via the contact form or application form in particular is SSL/TSL encrypted. In addition, we regularly review our security policies and procedures to ensure the highest level of security for our systems and thus for personal data.

    Despite all security measures taken to protect personal data, it is not possible to guarantee one hundred per cent security of data transmitted via our website when transmitting data over the Internet. If we become aware in any way that personal data may have been lost or stolen via our website, we will inform those affected immediately upon becoming aware of this in accordance with Art. 34 GDPR.

    14. Rights of data subjects

    The rights of data subjects (in particular users, interested parties, customers and suppliers) to their personal data are extremely important to our company.


    In particular, you have the following rights vis-à-vis the controller:

    a) Right of access to processed personal data in accordance with Art. 15 GDPR:

    Data subjects have a right to a copy of the processed data (if actually processed) as well as further information about its use. This is intended to enable users to determine whether the controller processes their own personal data and whether this processing complies with applicable data protection law. The controller may refuse to disclose information in certain cases. This is particularly justified if the rights and freedoms of other persons are impaired or the provision of information would involve a disproportionate effort.

    b) Right to rectification of the personal data stored about the data subject in accordance with Art. 16 GDPR:

    You may require the controller to take reasonable steps to rectify your personal data. Examples include a change of name, a new address or a new e-mail address.

    c) Right to erasure ("right to be forgotten" Art. 17 para. 1 GDPR):

    As a data subject, you generally have the right to request the erasure of your personal data. This right exists in particular if the data is no longer necessary for the purpose for which it was collected by the controller or if the processing is unauthorised. However, the right to erasure of personal data for the duration of statutory retention periods and in particular for the defence and enforcement of legal claims does not exist or only exists to a limited extent.

    d) Right to restriction of processing Art 18 GDPR:

    Data subjects have the right to restrict the further processing of their personal data. This means that the data may only be stored and further processing is generally excluded. You can request the restriction of your data if we are reviewing a request for rectification of your data or as a weakened alternative to erasure.

    e) Right to data portability pursuant to Art. 20 GDPR

    In accordance with Art. 20 GDPR, you are entitled to receive your data from the controller in a machine-readable format or to request that it be transferred to a third party.

    f) Right to object Art. 21 GDPR

    Data subjects have the right to object to the processing of personal data pursuant to Art. 6 para. 1 lit. e or f GDPR. This objection arises from your particular situation and is possible at any time. In this case, the controller may only continue to process your personal data if the company can demonstrate compelling legitimate interests for the processing and there are no overriding interests, rights and freedoms to the contrary, or if the controller requires the data for the establishment, exercise or defence of legal claims.

    g) Revocation of consent

    Data subjects have the right to withdraw their consent (such as the sending of advertising information) at any time.


    For questions and other concerns relating to data protection at our company, please contact us at the e-mail address listed in Article 2 of this Privacy Policy.


    15. Complaint to the supervisory authority

    Data subjects have the right to complain to the competent data protection supervisory authority about legal violations in the processing of personal data by the controller.

    16. Other

    The controller reserves the right to amend this privacy policy if necessary. The updated privacy policy will be published on this website in its current version. Subject to the applicable legal provisions, all changes will take effect as soon as the updated privacy policy is published on this website.

    Status: October 2023



    Created by Pabst Data