About us | Training | Careers | Contact | Whitepaper

Privacy policy
(as of December 2025)

1. introduction

With the following information we would like to give you an overview of the processing of your personal data by us and explain your associated rights under data protection law.

As we take the protection of your personal data very seriously, we treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use our website, various personal data is collected, i.e. data that can be used to identify you personally.

This privacy policy outlines and explains what data we collect and what we use personal data for. It also explains how and for what purpose this is done.

We would like to highlight that data transfer over the internet (for example communication by email) can have security weaknesses and gaps. Complete protection of data against access by third parties is not possible with the current state of technology.
Your data is collected on the one hand by you communicating it to us, i.e. by your consent. For example, data that you enter into the contact form.

Other data is collected automatically or with your consent by the IT systems of our hosting provider when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

Some data is collected to ensure the smooth and error free functioning of our website. Other data may be used to analyze your user behavior or to contact you.

2. responsible person

The data controller for the processing of information on this website is:

DS DATA SYSTEMS GmbH
Pfälzerstr. 96
38112 Braunschweig

Phone: +49 (0) 531 2 30 87 – 200
E-mail: info@datasystems.de

3. data protection officer

We have appointed a data protection officer.

Izabela Salewski-Bartsch

DS DATA SYSTEMS GmbH
Pfälzerstr. 96
38112 Braunschweig

E-mail: datenschutz@datasystems.de

4. definitions

This data protection declaration is based on the terms used in the General Data Protection Regulation (GDPR), in particular Art. 4 GDPR.

5. hosting of this website

We host the content of our website at Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen (hereinafter referred to as Hetzner).
For details, please refer to Hetzner’s privacy policy: https://www.hetzner.com/de/rechtliches/datenschutz.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. We have entered into a data processing agreement for the use of the above-mentioned service. This is a contract required by data protection laws to ensure that this service only processes the personal data of the visitors on our website in accordance with our instructions and in compliance with the GDPR.

6. legal basis for data processing

  • If a separate consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. (1) (a) GDPR und § 25 1 TDDDG, insofar as the consent includes access to information in the user’s terminal device within the meaning of the TDDDG. The consent can be withdrawn at any time.
  • The legal basis for the use of technically necessary cookies and the associated data processing is § 25 para. 2 TDDDG in conjunction with. Art. 6 para. (1) (f) GDPR. The purpose of the processing is to make it easier for you to use our website and to be able to offer you our services.
  • If the processing of personal data is necessary to fulfill a contract with you or to carry out pre-contractual measures, the legal basis is based on Art. 6 para. (1) (b) GDPR.
  • If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax obligations, the processing is based on Art. 6 para. (1) (c) GDPR.
  • In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a customer or applicant were injured in our company and their name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6 para. (1) d GDPR are based.
  • Ultimately, we can base the legal basis on Art. 6 para. (1) f GDPR.
    This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
    This is the legal basis for our cooperation with Hetzner Online GmbH, for example, as we have a legitimate interest in ensuring that our website is displayed as reliably as possible.

7. transmission of data to third parties

In order to protect your data in the event of data transfer to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may be revoked in accordance with Art. 49 para. (1) a GDPR serve as the legal basis for the transfer to third countries. This sometimes does not apply to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

Specifically, we use tools from Microsoft, among others, which are also certified in accordance with the EU-U.S. Data Privacy Framework and therefore offer more security in the area of data protection. Nevertheless, it cannot be 100% ruled out that US authorities may process, evaluate and permanently store your data for surveillance purposes.

8. technical information

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as contact forms or inquiries such as consultations and/or applications that you send to us as the site operator. You can recognise an encrypted connection in the website address line in the browser as “https:” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated the data transmitted to us cannot be seen by unauthorised third parties.

9. cookies

  • We use cookies and similar technologies to statistically record the use of our website, to optimize our offer and to evaluate marketing measures. These technologies are only used if you have expressly given us your consent via the cookie banner. The legal basis is Art. 6 para. (1) a GDPR in conjunction with Section 25 (1) TDDDG. You can adjust or revoke your consent at any time with effect for the future via the cookie banner (“Settings” or “Revoke consent”). The respective storage period and further details on the technologies used can be found directly in our cookie banner or the consent overview.
  • To manage your consents, we use the consent technology Complianz, provider: Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands. Complianz stores your consent status in order to fulfill the legally required proof and documentation obligation in accordance with the GDPR. For this purpose, a technically necessary cookie is set that stores information about your selection. The explicit legal basis for this is Art. 6 para. (1) f GDPR in conjunction with Section 25 (2) No. 2 TDDDG (legitimate interest in legally secure consent management). For the logging of consents, in turn, Art. 6 para. (1) c GDPR (legal obligation) the legal justification. Further information can be found in the provider’s privacy policy: https://complianz.io/legal/privacy-statement/
  • The storage period of the cookies and technologies used depends on their respective purpose. Session cookies are automatically deleted as soon as you leave our website. Permanent cookies remain stored on your end device until you delete them yourself or the storage period expires. If data is transferred to third countries (e.g. the USA) when using individual tools, this will only be done on the basis of your express consent and in compliance with the EU-US Data Privacy Framework.
  • The following categories of technologies are used:
    • Essential: required for basic functions and security of the website
    • Functional: improved comfort functions and personalization
    • Statistics: used for anonymized analysis and reach measurement
    • Marketing: enables interest-based advertising and conversion tracking

10. contents of our website

  • If you send us inquiries of any kind via the contact form or request a free consultation, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. The processing of the contact formula data is done according to Art. 6 (1) (b) GDPR, if your request is related to pre-contractual negotiations, or for the performance of a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested. The consent can be withdrawn at any time. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains, usually after fulfilling your request. Mandatory statutory provisions, in particular retention periods, remain unaffected.
  • If you contact us by e-mail, telephone or fax, we will store and process your request, including all personal data resulting from it (e.g. name, request) for the purpose of processing your request. The regulation regarding the legal basis required for this is applicable analogously to the above point.

11. your application / job portal

  • On our website, we use the Personio service, which is provided by Personio GmbH, Rundfunkplatz 4, 80335 Munich, Germany. Personio is a software for personnel administration and applicant management.
  • The purpose of Personio is to simplify and optimize the application process. The service helps us to efficiently manage applications and communicate with candidates. The information is stored and processed on Personio servers in the European Union.
  • Data processing is carried out on the basis of Art. 6 para. (1) b GDPR (contract initiation) and Art. 6 para. (1) f GDPR (legitimate interest in the efficient execution of the application process). The data will be stored for the duration of the application process and then stored or deleted in accordance with the statutory retention periods.
  • You have the right to obtain information about your stored data, to have it corrected or deleted, and to restrict or object to its processing. Please note that deletion or objection may mean that we are unable to process your application any further.
  • You can find more information on data protection at Personio at: https://www.personio.de/privacy-policy/

12 Our activities in social networks

So that we can also communicate with you on social networks and inform you about our services, we have our own pages there. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the processing operations triggered by this, within the meaning of Art. 26 GDPR. We are not the original provider of these pages, but only use them within the scope of the possibilities offered to us by the respective providers. As a precaution, we would therefore like to point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore be associated with data protection risks for you, as it may be more difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and processing in social networks is often carried out directly for advertising purposes or for the analysis of user behavior by the providers without us being able to influence this. If user profiles are created by the provider, cookies are often used or the user behavior is assigned to your own social network member profile. The described processing of personal data is carried out in accordance with Art. 6 para. (1) f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective providers, the legal basis refers to Art. 6 para. (1) (a) GDPR. As we do not have access to the providers’ databases, we would like to point out that it is best to assert your rights (e.g. to information, correction, deletion, etc.) directly with the respective provider. Further information on the processing of your data in the social networks is provided below by the respective social network provider we use:

  • Instagram: (joint) controller for data processing in Europe:
    Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy (data policy): https://instagram.com/legal/privacy/
  • LinkedIn: (Joint) controller for data processing in Europe:
    LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
    Privacy Policy: https://www.linkedin.com/legal/privacy-policy
  • Facebook: (Joint) controller for data processing in Europe:
    Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy (data policy):
    https://www.facebook.com/about/privacy

13. analysis tools

  • Google Analytics
    Our website uses the web analysis service Google Analytics 4, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). With the help of Google Analytics 4, we can evaluate the behavior of website visitors in order to optimize our website. The following data, among others, is processed:
    o Page views, click paths, scroll movements
    o Source of origin (e.g. which website a visitor comes from)
    o Technical data such as browser, operating system and device type
    o Approximate geographical information (region, country).

     

    Google Analytics 4 works with various technologies (e.g. cookies, pixels, local storage technologies) that enable the user to be recognized for analysis purposes.
    The IP addresses of visitors are automatically shortened before they are stored or processed, so that there is no longer any direct personal reference. The collected data is not merged with other Google data.
    Google Analytics 4 uses modeling and machine learning methods to supplement incomplete data sets and analyze usage trends. These procedures are anonymized and do not create individual user profiles.
    Google Analytics is only used with your express consent in accordance with Art. 6 para. (1) (a) GDPR und § 25 1 TDDDG.
    You can revoke or adjust your consent at any time via the cookie banner. If you do not give your consent, no data will be transferred to Google.
    Google may also transfer data to servers in the USA and process it there. The transfer takes place on the basis of the EU-US Data Privacy Framework (DPF), to which Google LLC is affiliated and certified accordingly. If, in individual cases, data is processed outside this agreement, this is done on the basis of the standard contractual clauses of the EU Commission (Art. 46 para. 2 lit. c GDPR).
    The data collected via Google Analytics will be automatically deleted after 14 months, unless you withdraw your consent earlier.
    Further information on data protection at Google Analytics can be found at: https://policies.google.com/privacy and at https://support.google.com/analytics/answer/12017362
    You can deactivate the collection by Google Analytics at any time by adjusting your consent via the cookie banner (“Settings” or “Revoke consent”).

  • Facebook Pixel
    We use the Facebook Pixel as part of the technologies of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook (by Meta)” or “Meta Platforms Ireland”) described below. Facebook Pixel automatically collects and stores data (IP address, time of visit, device and browser information as well as information about your use of our website based on events specified by us, such as visiting a website or subscribing to a newsletter), from which usage profiles are created using pseudonyms. For this purpose, a cookie is automatically set by the Facebook pixel when you visit our website, which automatically enables your browser to be recognized by means of a pseudonymous cookie ID when you visit other websites. Facebook (by Meta) will merge this information with other data from your Facebook account and use it to compile reports on website activity and to provide other services related to website activity, in particular personalized and group-based advertising. The information automatically collected by Facebook (by Meta) technologies about your use of our website is usually transferred to a server of Meta Platforms, Inc, 1 Hacker Way, Menlo Park, California 94025, USA and stored there. There is no adequacy decision by the European Commission for the USA. If we are responsible for the transfer of data to the USA, our cooperation is based on standard data protection clauses of the European Commission. Further information about data processing by Facebook can be found in Facebook’s privacy policy (by Meta).
  • Facebook analytics
    As part of the Facebook business tools, statistics on visitor activity on our website are created from the data collected with the Facebook pixel about your use of our website. Data processing is carried out on the basis of an agreement on order processing by Facebook (by Meta). Their analysis serves to optimize the presentation and marketing of our website.
  • Facebook Ads (Ads Manager)
    We use Facebook Ads to advertise this website on Facebook (by Meta) and on other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users. Unless otherwise specified for the individual technologies, data processing is carried out on the basis of an agreement between joint controllers in accordance with Art. 26 GDPR. The joint controllership is limited to the collection of data and its transmission to Meta Platforms Ireland. Subsequent data processing by Meta Platforms Ireland is not covered by this.
  • We use Facebook Custom Audience to operate group-based advertising on Facebook (by Meta) on the basis of statistics on visitor activity on our website compiled via Facebook Pixel by determining the characteristics of the respective target group.
  • Based on the pseudonymous cookie ID set by Facebook Pixel and the data collected about your usage behavior on our website, we operate personalized advertising via Facebook Pixel Remarketing.
  • We use Facebook Pixel Conversions to measure your subsequent usage behavior for web analysis and event tracking if you have reached our website via a Facebook Ads ad. Data processing is carried out on the basis of an agreement on order processing by Facebook (by Meta).

14. plugins and other services

  • Google Tag Manager
    We use Google Tag Manager on our website, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager enables us to centrally manage various tracking, statistical and marketing tools and to integrate them efficiently on our website. The Tag Manager itself does not process any personal data of website visitors and does not set its own cookies. It is only used to technically trigger other tools (e.g. Google Analytics 4 or Google Ads). When the Google Tag Manager is executed, your IP address may be transmitted to servers of Google LLC in the USA. Google is certified in accordance with the EU-US Data Privacy Framework (DPF), which guarantees an adequate level of data protection in accordance with Art. 45 GDPR. If tools are activated via the Tag Manager, which in turn collect data or set cookies, this data collection takes place exclusively on the basis of your consent. You can find the relevant information on this in the cookie banner and in the sections on the individual services (e.g. Google Analytics 4). The use of Google Tag Manager itself is based on our legitimate interest in a technically uniform and efficient administration of website tools in accordance with Art. 6 para. (1) f GDPR in conjunction with Section 25 (2) No. 2 TDDDG (no access to terminal device information beyond technically necessary purposes). The triggering of the integrated tools depends on their respective legal basis (usually Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG – consent via the cookie banner). You can deactivate the execution of individual tools that are integrated via the Google Tag Manager at any time via the cookie banner or revoke your consent. The Tag Manager itself remains active, but does not process any personal data.
  • Google Web Fonts
    This website uses Google Fonts for the uniform display of fonts. The Google fonts are integrated locally on our web server so that no connection to Google’s servers is established when our pages are accessed. The local integration means that no personal data is transmitted to Google Ireland Limited or Google LLC in the USA. The use of Google Fonts is in the interest of a consistent and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. (1) f GDPR. Further general information on Google Fonts can be found in Google’s documentation: https://developers.google.com/fonts/faq
  • WPML (WordPress Multilingual Plugin)
    Our website uses the plugin WPML (WordPress Multilingual Plugin), a service of OnTheGoSystems Limited, 22/F, 3 Lockhart Road, Wanchai, Hong Kong, to provide our content in multiple languages.
    WPML uses cookies to save the language setting selected by the user and to automatically recognize it on the next visit. These cookies are technically necessary in order to display the website correctly in the language requested by the user. Personal data is not transferred to OnTheGoSystems or to third parties.
    WPML is used on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. (1) f GDPR (provision of a multilingual website) and Section 25 (2) No. 2 TDDDG (technically necessary storage of language preference).
    Insofar as additional cookies are set that go beyond the technical purpose, this is done on the basis of your consent in accordance with Art. 6 para. (1) (a) GDPR und § 25 1 TDDDG. Any consent given can be revoked or adjusted at any time via the cookie banner.
    Further information on data processing by WPML can be found in OnTheGoSystems’ privacy policy:
    https://wpml.org/documentation/privacy-policy-and-gdpr-compliance/

15 Your rights as a data subject

  • In accordance with Art. 15 GDPR, you have the right to receive free information from us at any time about the personal data stored about you and a copy of this data in accordance with the statutory provisions.
  • In accordance with Art. 16 GDPR, you have the right to request the rectification of inaccurate personal data concerning you. You also have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
  • In accordance with Art. 17 GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
  • In accordance with Art. 18 GDPR, you have the right to demand that we restrict processing if one of the legal requirements is met.
  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format.
  • You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. (1) e (data processing in the public interest) or f (data processing on the basis of a balancing of interests) GDPR. This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims. In individual cases, we process personal data for direct marketing purposes. You can object to the processing of your personal data for the purpose of such advertising at any time. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
  • In a lot of cases data processing can only take place, if you provide your express consent. You can withdraw consent at any time. The legality of the processing carried out until the withdrawal of consent remains unaffected by the revocation.
  • You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.

16. storage period

Unless specific storage periods have been defined elsewhere in this privacy policy, your personal data will be stored until the purpose of its processing no longer exists. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). In the latter case, the deletion will take place after these reasons no longer apply.

17. objection to advertising e-mails

Using the contact data published in the legal notice to send us advertising unsolicited information that has not been expressly requested is hereby strictly forbidden. We expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

18. amendment of the privacy policy

This data protection declaration is currently valid and is dated December 2025. Due to the further development of our website and offers or due to changed legal requirements, it may become necessary to change this data protection declaration.