Privacy Policy
This Privacy Policy informs you about the nature, scope and purpose of our processing of personal data (hereinafter “data”) within our online offering and its associated websites, functions and content, as well as external online presences such as our social-media profiles (collectively referred to as the “online offering”). For the terminology used—e.g. “personal data” or “processing”—please refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Dr. Christoph Gummersbach
Webfield Consulting Dr Gummersbach
Schiffgasse 3
69151 Neckargemünd
Germany
Types of Data Processed
Inventory data (e.g. names, addresses)
Contact data (e.g. e-mail addresses, telephone numbers)
Usage data (e.g. pages visited, interest in content, access times)
Meta / communication data (e.g. device information, IP addresses)
Processing of Special Categories of Data (Art. 9 (1) GDPR)
No special categories of data are processed.
Categories of Data Subjects
Customers / prospects / suppliers
Visitors and users of the online offering
Hereinafter we refer to data subjects collectively as “users.”
Purpose of Processing
Provision of the online offering, its content and functions
Responding to contact requests and communicating with users
Marketing, advertising and market research
Security measures
Applicable Legal Bases
Pursuant to Art. 13 GDPR, we inform you of the legal bases for our data processing:
Purpose Legal basis
Obtaining consent Art. 6 (1) (a) and Art. 7 GDPR
Performance of our services and contractual measures; answering enquiries Art. 6 (1) (b) GDPR
Compliance with legal obligations Art. 6 (1) (c) GDPR
Safeguarding our legitimate interests Art. 6 (1) (f) GDPR
Changes and Updates to this Privacy Policy
Please review this Privacy Policy regularly. We will adapt it whenever changes in our data-processing activities make this necessary. We will notify you if specific cooperation on your part (e.g. renewed consent) or another individual notification becomes required.
Security Measures
In accordance with Art. 32 GDPR, and considering the state of the art, implementation costs and the nature, scope, context and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and digital access to the data, input, disclosure, ensuring data availability and separation. We also maintain procedures to enable data-subject rights, data deletion and responses to data-threat incidents. Furthermore, we take data protection into account during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).
Cooperation with Processors and Third Parties
If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transmit it to them or otherwise grant them access, this is done only on the basis of a legal permission (e.g. if transmission of the data to third parties—such as payment service providers—is necessary for contract fulfilment under Art. 6 (1) (b) GDPR), if you have provided consent, if a legal obligation so provides or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). Where we commission third parties to process data on the basis of a so-called “processing contract,” this is done in accordance with Art. 28 GDPR.
Transfers to Third Countries
If we process data in a third country (i.e. outside the EU or EEA) or this occurs in the context of using third-party services or disclosing or transferring data to third parties, it is done only to fulfil our (pre)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or permit the processing of data in a third country only under the special conditions of Art. 44 ff. GDPR. Processing takes place, for example, on the basis of special guarantees such as the officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA via the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
Rights of Data Subjects
Right of access (Art. 15 GDPR): You have the right to obtain confirmation of whether data concerning you is being processed, information about this data, further information and a copy of the data.
Right to rectification (Art. 16 GDPR): You have the right to request completion or correction of inaccurate data concerning you.
Right to erasure (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR): You may request that data be deleted immediately or, alternatively, processing be restricted.
Right to data portability (Art. 20 GDPR): You have the right to receive data you have provided to us and to transmit it to another controller.
Right to lodge a complaint (Art. 77 GDPR): You may lodge a complaint with the competent supervisory authority.
Right of Withdrawal
You have the right to withdraw consents granted under Art. 7 (3) GDPR with future effect.
Right to Object
You may object at any time to the future processing of data concerning you in accordance with Art. 21 GDPR, particularly to processing for direct-marketing purposes.
Cookies and Right to Object to Direct Marketing
We use temporary and permanent cookies—small files stored on users’ devices (for an explanation, see the last section of this Privacy Policy). Some cookies are required for security or operational reasons (e.g. display of the website or storing the user’s decision in the cookie banner). We and our technology partners also use cookies for reach-measurement and marketing purposes; users are informed about this below.
You can declare a general objection to cookies used for online-marketing purposes—especially tracking—via the website Your Online Choices. You can also disable cookies in your browser settings; however, some functions of this online offering may then be unavailable.
Deletion of Data
Data processed by us is deleted or restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this Privacy Policy, stored data is deleted as soon as it is no longer required for its purpose and deletion does not conflict with legal retention obligations. If data is not deleted because it is required for other and legally permissible purposes, its processing is restricted (i.e. the data is blocked and not processed for other purposes).
Legal retention is especially six years under § 257 (1) HGB (e.g. trading books, inventories, opening balances, annual financial statements, business letters) and ten years under § 147 (1) AO (e.g. books, records, management reports, accounting vouchers, commercial and business letters, documents relevant to taxation).
Contacting Us
When contacting us (e.g. via contact form or e-mail), user details are processed to handle and respond to the enquiry in accordance with Art. 6 (1) (b) GDPR.
Collection of Access Data and Log Files
On the basis of our legitimate interests under Art. 6 (1) (f) GDPR, we collect data on each access to the server hosting this service (server log files). Access data includes: name of the accessed web page, file, date and time, data volume transferred, confirmation of successful retrieval, browser type and version, user operating system, referrer URL, IP address and requesting provider.
Log-file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted, unless further retention is required for evidentiary purposes.
Online Presences in Social Media
We maintain online presences within social networks and platforms to communicate with active customers, prospects and users and to inform them about our services. The terms and data-processing policies of the respective operators apply when you access these networks. Unless stated otherwise in this Privacy Policy, we process users’ data when they communicate with us within social networks (e.g. by posting on our profiles or sending messages).
Cookies
Cookies are pieces of information stored by our web server or third-party web servers in users’ browsers for later retrieval. Cookies may be small files or other types of information storage.
Users are informed about the use of cookies for pseudonymous reach-measurement within this Privacy Policy. If users do not wish cookies to be stored on their device, they can disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings. Disabling cookies may limit the functionality of this online offering.
You can object to cookies used for reach-measurement and advertising purposes via the Network Advertising Initiative deactivation page or the website Your Online Choices.
Google Services
Based on our legitimate interests (analysis, optimisation and economic operation of our online offering pursuant to Art. 6 (1) (f) GDPR), we use Google Analytics, a web-analysis service of Google LLC (“Google”). Google uses cookies. Information generated by the cookie about users’ use of the online offering is generally transmitted to and stored on a Google server in the USA.
Google is certified under the Privacy-Shield framework, guaranteeing compliance with European data-protection law.
Google processes this information on our behalf to evaluate the use of our online offering, compile reports on activities and provide us with further services associated with the use of this online offering and the internet. Pseudonymous user profiles may be created.
We use Google Analytics to display ads within Google and its partners’ advertising services only to users who have shown an interest in our online offering or who exhibit certain characteristics (e.g. interests in specific topics or products identified by the websites they visit) that we transmit to Google (“remarketing” or “Google-Analytics audiences”).
We employ Google Analytics with IP anonymisation enabled, meaning users’ IP addresses are truncated within the EU or EEA before transmission. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent cookie storage via browser settings and prevent Google from collecting and processing data generated by the cookie by installing the browser plug-in available at Google Analytics Opt-out Browser Add-on.
For more information on Google’s data use, settings and opt-out options, see Google’s pages:
Privacy & Terms - How Google uses information from sites or apps that use our services
Privacy & Terms - Advertising
My Ad Centre - Ads that you can control
We use the marketing and remarketing services (“Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on the basis of our legitimate interests (Art. 6 (1) (f) GDPR).
Google Marketing Services allow us to display ads for and on our website in a more targeted manner so users are shown ads that potentially match their interests. When our and other websites on which Google Marketing Services are active are accessed, Google executes code and embeds (re)marketing tags (invisible graphics or code, also known as “web beacons”) into the site, whereby a unique cookie is stored on the user’s device. The cookie records which websites the user visits, what content they are interested in and which offers they click, as well as technical information such as browser, operating system, referrer URLs, visit time and other usage data. The IP address is also collected but is truncated within the EU/EEA or, in rare cases, only in the USA. The IP address is not merged with other Google data.
Data is processed pseudonymously: Google does not store or process users’ names or email addresses but processes relevant data within pseudonymous user profiles. Information collected by Google Marketing Services is transmitted to and stored on Google servers in the USA.
We also use the Google Tag Manager to integrate and manage Google analysis and marketing services on our website.
Further information on Google’s data-use for marketing can be found at Privacy & Terms - Advertising; Google’s Privacy Policy is available at Privacy & Terms. To opt out of interest-based advertising by Google Marketing Services, use the Google settings and opt-out options at My Ad Centre - Ads that you can control.
Newsletter
The following notes inform you about the contents of our newsletter, the sign-up, dispatch and statistical-evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (“newsletter”) only with the recipients’ consent or legal permission. If the newsletter’s content is specifically described during sign-up, it is decisive for your consent.
Double-opt-in and logging: Sign-up for our newsletter occurs via a double-opt-in procedure. After registering, you receive an e-mail asking you to confirm your registration. This confirmation is necessary so no one can sign up with someone else’s e-mail address. Sign-ups are logged to prove the registration process in accordance with legal requirements (recording sign-up and confirmation times and IP address). Changes to your data stored by the mailing service provider are also logged.
Required data: Only your e-mail address is needed to sign up.
Legal basis for dispatch and performance measurement: Art. 6 (1) (a) and Art. 7 GDPR in conjunction with § 7 (2) no. 3 UWG, or § 7 (3) UWG for existing customers. Logging is based on our legitimate interests under Art. 6 (1) (f) GDPR.
Termination / withdrawal: You can cancel our newsletter at any time—i.e. withdraw your consent. A link to cancel is included at the end of every newsletter. If you have signed up only for the newsletter, your personal data will be deleted after cancellation.
Last updated: 2025-06-05