1. General information on data protection
The protection of your personal data is very important to us. We process your data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). This privacy policy informs you about the nature, scope and purpose of the processing of personal data on our website as well as your rights.
2. Data Controller
Promecon GmbH
Kreuslerstraße 10
20095 Hamburg
Phone: +49 40 3690 1690
Email:
3. Data processing when visiting the website
When visiting our website, data is automatically transmitted by your browser and temporarily stored in log files:
- IP address (anonymised)
- Date/time of access
- URL of the accessed page
- Referrer URL
- Browser type/version and operating system
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical stability).
4. Processing of personal data
We only process personal data if you provide it to us voluntarily. Depending on the context, the processing is based on:
- Art. 6(1)(b) GDPR (contract/pre-contractual request)
- Art. 6(1)(a) GDPR (consent)
- Art. 6(1)(f) GDPR (legitimate interest, e.g. effective communication, service optimisation or legal obligations)
Purposes:
- Communication & contact requests
- Contract fulfilment
- Customer relationship management
- Analysis & improvement of our services
- Legal obligations
- Exchange of product information and service offerings (e.g. online training, product presentations)
5. Data retention period
We only store personal data for as long as necessary for the respective purposes or statutory retention periods apply.
6. Contact form (ConvertForms)
Data submitted via our contact forms is stored on the server side within our Joomla! CMS backend. It is not shared with third parties.
7. Google reCAPTCHA
To secure our web forms, we use the service Google reCAPTCHA provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Purpose: Protection of our website against automated misuse (e.g. bots, spam)
Functionality:
- Behavioural analysis (e.g. IP address, time spent on the site, cursor movements)
- Analysis starts automatically when the page is loaded
- Analysis runs entirely in the background – users are not specifically notified
- Data collected is transmitted to Google
Legal bases:
- Art. 6(1)(f) GDPR (legitimate interest in protecting our online services)
- Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG (where cookies or device access, e.g. fingerprinting, is involved)
- Consent can be withdrawn at any time
Further information:
Google is certified under the EU-U.S. Data Privacy Framework (DPF), which ensures an adequate level of data protection for transfers to the USA.
8. Telephone communication (RingCentral)
- Only connection data is processed (e.g. phone number, call duration)
- Chat, video or recording functions are not used
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest in effective communication)
- RingCentral is a participant in the EU-U.S. Data Privacy Framework. More information
9. AI-based communication tools
ChatGPT Teams (OpenAI)
Used for text optimisation and generation (e.g. for emails, documents):
- No training of content
- Processing takes place exclusively on EU servers
- No entry of sensitive data
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest in internal efficiency)
- More information
DeepL Pro incl. “Write”
Used for machine translation and text style optimisation:
- Processing exclusively within the EU
- No storage or training usage
- Encrypted data transmission
- No entry of sensitive data
- Legal basis: Art. 6(1)(f) GDPR (legitimate interest in linguistic quality)
- More information
10. Cookies
We use the Cookie Consent Manager provided by Promecon GmbH, Kreuslerstraße 10, 20095 Hamburg, Germany, to manage consent for the use of cookies and similar technologies.
A cookie is set to store the consent status. The name of the cookie is ccm_consent, and it has a storage duration of 1 year. The cookie stores which categories of cookies the user has accepted or rejected.
- Processing is based on Art. 6 (1) Sentence 1 lit. c GDPR (fulfillment of legal documentation obligations).
- Processing takes place exclusively in Germany.
- Consent can be adjusted or revoked at any time via the cookie settings on our website.
11. Web analytics with Google Analytics (Consent Mode v2)
- Only used after explicit consent via a consent management tool
- Consent Mode v2 is active
- IP anonymisation is activated
- Transfer to third countries (USA) cannot be ruled out (Google participates in the EU-U.S. Data Privacy Framework)
- Data is retained for a maximum of 14 months
- Legal basis: Art. 6(1)(a) GDPR
- More information
12. Newsletter distribution via Brevo
- Processing based on your consent (Art. 6(1)(a) GDPR)
- Data processing agreement pursuant to Art. 28 GDPR
- Data stored until consent is withdrawn
- More information
13. Embedded YouTube videos
YouTube videos are embedded using “enhanced privacy mode”. Data is only transferred after active consent via CMP.
Controller: Google Ireland Ltd.
More information
14. Google Web Fonts
Our website uses Google Fonts embedded locally. No connection is made to Google servers.
More information
15. Microsoft Teams
- Used for training, webinars, product presentations etc.
- Data processing based on Art. 6(1)(b) or (f) GDPR
- Microsoft participates in the EU-U.S. Data Privacy Framework
- Data processing agreement pursuant to Art. 28 GDPR
- More information
16. External pages
LinkedIn
We operate a LinkedIn company page. When visited, LinkedIn processes personal data. We receive anonymous usage statistics. LinkedIn is a joint controller with us under Art. 26 GDPR.
More information
YouTube
We operate our own YouTube channel. When visited, Google's privacy policies apply.
More information
17. Your rights as a data subject
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
18. Contact Data Protection Officer
Promecon GmbH
Data Protection Officer
Kreuslerstraße 10
20095 Hamburg
Email: