ePrivacy GmbH Privacy Policy


With this privacy policy we would like to inform you (our customers and business partners, interested parties, applicants and website visitors) about how we process personal data. The protection of your privacy is of the utmost importance to us, so it goes without saying that we comply with the legal stipulations on data protection.

Name and Contact Details of the Responsible Party

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21, 20354 Hamburg


Personal Data

Personal data is all information about an identified or identifiable persons. This includes the following categories of personal data that we process:

  • Your contact details and address information (such as first and last name, address, e-mail address, phone number) if you have provided us with your contact information
  • Payment information
  • Your correspondence with us
  • Log files with information about your visit to our website
  • Application data (such as diplomas and certificates)
  • Company and contact data, namely when you use the "ePrivacyaudit"
  • Company and contact data of publishers and vendors collected in the context with our Vendor Compliance (VENCO) platform
  • Data on breaches of the law and irregularities in connection with a report in the whistleblower system (Whistly)
  • Online identifiers (e.g. your IP address - anonymized), approximate location of the user based on the anonymized IP address, as far as technically possible
  • The referrer URL, the file name, the amount of data transferred, the date and time of the server request, web pages accessed and time of access, time spent on the website, browser type and browser version with which plug-ins, which operating system and which screen resolution is used

Use of Cookies

General Information About Cookies

A cookie is a text file containing an identification number which, when the website is used, is transmitted to the user's computer together with the other data actually requested and stored there. The file is kept there for later access and serves to authenticate the user. Since cookies are only simple files and not executable programs, they do not pose any danger to the computer.

Depending on the settings selected by the user in their internet browser, the latter automatically accepts cookies. This setting can, however, be changed and the storage of cookies deactivated or set in such a way that the user is informed as soon as a cookie is set. If the use of cookies is deactivated, some functions of the website may not be available or may only be available to a limited extent. You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the internet browser used and thus permanently object to the setting of cookies.

Cookies that are already active can be deleted at any time via the settings of your internet browser or other software programs. We may work together with advertising partners who help us to make our online offer more interesting for you. In this case, cookies from partner companies may also be stored on your hard drive when you visit our website (cookies from third parties).

Session Cookies

Session cookies are used for the duration of a session and are automatically deleted when the executing browser is closed. They ensure, for example, that video and audio files can be played, that your user input is temporarily stored during the time of entry and thus the user-friendliness is improved.

Persistent Cookies

Persistent cookies remain on your end device after closing the browser. These cookies can, for example, save your user preferences, such as language settings, and analyse user behaviour on our website. Storage duration of persistent cookies corresponds to the respective duration of the individual cookie. Afterwards they are automatically deleted.

Revocation of consent for cookies

The change of consent or revocation of consent for the setting of cookies can be made at the following link:


Purpose of Processing

  • We process your data for the following purposes:
  • For corresponding with you
  • For processing contracts with you
  • For advertising purposes such as the dispatch of our newsletter
  • On quality assurance and statistics
  • In order to provide our services
  • To process reports in the digital whistleblower system
  • Reviewing and reporting for our business partners as part of the vendor compliance platform
  • For your participation in our events
  • To consider your application
  • In order to improve our services

Legal Basis

  • We base the processing of your data on the following legal bases: 
  • Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR)
  • The initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)
  • The fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR)
  • The implementation of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) 

Legitimate Interests

  • Offer of our services 
  • The storage of our correspondence with you 
  • When processing your data, we pursue the following legitimate interests:
  • The improvement of our offer
  • Protection of our systems against misuse
  • On the production of statistics 

Data Sources

If we do not receive the data from you, or from the devices you use, we receive it from the following sources:

  • B2B contacts from our project/business partners and from publicly available source

Requirement or Obligation to Provide Data

Unless this is expressly stated, the provision of your data is not required or obligatory.

Storage Period

We store your data,

  • if you have consented to the processing, at most until you revoke your consent;
  • if we need the data for the execution of a contract, at most for as long as the contractual relationship with you exists;
  • if we use the data on the basis of a legitimate interest, at most for as long as your interest in deletion or anonymisation does not outweigh the data;
  • insofar as statutory storage obligations exist, until the end of the storage periods. 

Data Recipient

When processing your data, we work together with the following service providers who have access to your data:

  • Web hosting and web development providers
  • Conference and Webinar Software
  • Email providers and communication software
  • CRM service provider

In addition, in individual cases, business partners such as lawyers or project partners receive your data.

Also, when processing your data, we work together with the following service providers who have access to your data:


For our newsletter distribution we use the service rapidmail, Augustinerplatz 2, 79098 Freiburg, Germany. This allows us to analyse the newsletter usage, e.g. the number of actually opened newsletters or if and how often a link in the newsletter was clicked. The data you enter for newsletter reception is transmitted to rapidmail.

Privacy policy of rapidmail: https://www.rapidmail.de/datenschutz

In order to object to the provision of data, you must unsubscribe from the newsletter using the link in the e-mail.


We use the service "Matomo Cloud" of InnoCraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand for the web analysis of our website in order to improve the quality of our website and to constantly optimize our offer. For this purpose, InnoCraft Ltd. processes cookies (a text file) from you. 

When you call up our web pages, the function duration of the cookies amounts to a maximum of 12 months. For more information, please visit the privacy policy of InnoCraft Ltd. at https://matomo.org/matomo-cloud-privacy-policy/.

If you wish to revoke the use of cookies, please go to our cookie tool via the following link. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

LinkedIn Page

We operate a LinkedIn Page (“Business Services”) on LinkedIn, a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”).

We use our company page to contact and communicate with LinkedIn members and visitors, to provide information about our company and its products and services. If you contact us, we may view the information you have posted on LinkedIn as a LinkedIn member. If you share, like or comment on our content or if you mention our company profile on LinkedIn, we can also access to this information.

When a Member visits, follows or engages with the Page, LinkedIn processes personal data to provide Page Insights to us. It enables us to improve our marketing activities.  LinkedIn will process data that was provided by the Member to LinkedIn, such as job function, country, industry, seniority, company size, and employment status data from a member’s profile. Additionally, LinkedIn will process information on how a member has interacted with our company page.

We have concluded an agreement with LinkedIn, the Page Insights Joint Controller Addendum (the “Addendum”). This user agreement is incorporated into the LinkedIn Pages Terms and sets out the responsibilities of LinkedIn and us with respect to the processing of Page Insights. The Page Insights Joint Controller Addendum is available here: https://legal.linkedin.com/pages-joint-controlleraddendum

For more information about Page Insights and how to exercise your data subject rights, please see the "Page Insights Information". For more detailed information about how LinkedIn processes what personal data, including how you can exercise your data subject rights against LinkedIn, please see LinkedIn’s privacy policy is published here: https://www.linkedin.com/legal/privacy-policy.

XING Business Profile

We operate a XING Business Profile, a service of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (“XING”).

We use our company page to connect and communicate with XING members and visitors, to provide information about our company and its products and services.  We also present recruiting information as part of job postings. When you contact us we may view the information you have posted on your XING Profile (e.g., job title, education, contact details, photo).

When you visit our profile or interact with our site, XING processes personal data. XING may also use tracking tools and cookies. Information about your privacy and opt-out options can be found at https://www.xing.com/settings/privacy.

For more detailed information about how XING processes personal data, including how you can exercise your data subject rights against XING, please see XING’s privacy policy and other information: https://privacy.xing.com/en/your-privacy.


We use Cookiebot, Cybot A/S, Havnegade 39, 1058 Copenhagen Denmark, to comply with EU regulations regarding the use of cookies and to obtain relevant user consents for the use of cookies on our website. For this purpose, the following data is collected: The end-user's IP number in anonymised form (the last three digits are set to '0'), date and time of consent, user agent of the end-user's browser, the URL from which the consent was sent, an anonymous, random and encrypted key, the end-user's consent status, which serves as proof of consent. For more information about the provider, please visit https://www.cookiebot.com/de/privacy-policy/


We use the whistly service from Whistly digital GmbH, Torstraße 195, 10115 Berlin, Germany, to provide our customers with a digital whistleblowing system. This enables their employees, contractors and business partners, among others, to submit reports of breaches of the law and irregularities via whistly. We can communicate with the whistleblower via whistly and process the reports. The following data is collected: Contact and identification data (first and last name, addresses, etc.); data on breaches of the law and irregularities in connection with a report; information on payment for the whistleblower system.
Further information on the service can be found at https://whistly.org/privacy

Transfer to Third Countries

Data is being transferred to countries outside the European Economic Area. We only transfer personal data to third countries where the EU Commission has confirmed an adequate level of protection or where we can ensure the careful handling of personal data by means of contractual agreements or other suitable guarantees, such as certifications or proven compliance with international security standards.

  • USA (Standard contractual clauses/Adequacy Decision)
  • New Zealand (Adequacy Decision)

Your Rights

As a data subject, you have the following rights:

  • To request information about the processing of your data, as well as to receive a copy of your personal data. You may request information on, among other things, the purposes of the processing, the categories of personal data processed, the recipients of the data (if a transfer is made), the duration of the storage or the criteria for determining the duration;
  • To receive personal data relating to you in a structured, common and machine-readable format or to transfer it to another person in charge;
  • To correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;
  • To have your data deleted or blocked.
  • To have the processing restricted;
  • To object to the processing of your data;
  • To revoke your consent to the processing of your data for the future and
  • To complain to the responsible supervisory authority about unauthorised data processing. 

Version of the Privacy Policy

If our processes change, we adjust the information in this privacy policy.

Status of this privacy policy: May 2024

Do you have questions or recommendations for us?

We are glad to receive your comments.