Privacy Policy
Last updated: 7/10/2026
Data Privacy Policy
1. General Information and Principles of Data Processing
We are pleased that you are using our platform. Protecting your privacy and your personal data—known as “personal data”—when you use our platform is a top priority for us.
According to Article 4(1) of the GDPR, personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your first and last name, your address, your phone number, your email address, and your IP address.
Data for which no connection to your person can be established, such as through anonymization, is not personal data. Processing (e.g., collection, storage, retrieval, consultation, use, disclosure, erasure, or destruction) pursuant to Article 4(2) of the GDPR always requires a legal basis or your consent. Processed personal data must be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally prescribed retention obligations to be observed.
Here you will find information about how your personal data is handled when using our platform. In order to provide the functions and services of our platform, it is necessary for us to collect personal data about you.
We also explain to you the nature and scope of the data processing in question, the purpose and the applicable legal basis, as well as the retention period.
This Privacy Policy applies only to this platform. It does not apply to other websites to which we merely provide hyperlinks. We cannot be held responsible for the confidential handling of your personal data on these third-party websites, as we have no control over whether these companies comply with data protection regulations. Please refer directly to these websites for information on how these companies handle your personal data.
2. Data Privacy Officer
The entity responsible for the processing of personal data on this platform is (see Legal Notice): Mathias Heymann, Kronberger Straße 56, 61440 Oberursel
3. Provision and Use of the Platform / Server Log Files
a) Nature and scope of data processing
If you use this platform without otherwise providing us with data (e.g., by registering or using the contact form), we collect technically necessary data via server log files, which is automatically transmitted to our server, including:
IP address
Date and time of the request
Name and URL of the file accessed
Website from which the request originated (referrer URL)
Access status/HTTP status code
Browser type
Language and version of the browser software
Operating system
b) Purpose and Legal Basis
This processing is technically necessary to display our platform to you. We also use the data to ensure the security and stability of our platform.
The legal basis for this processing is Article 6(1)(f) of the GDPR. The processing of the aforementioned data is necessary for the provision of a platform and thus serves to safeguard a legitimate interest of our company.
c) Retention period
Once the aforementioned personal data is no longer required for the display of the platform, it will be deleted. The collection of data for the provision of the platform and the storage of data in log files is essential for the operation of the platform. Consequently, users have no right to object to this aspect. Further storage may occur in individual cases if required by law.
4. Use of Cookies
a) Nature, scope, and purpose of data processing
We use cookies. Cookies are small files that we send to the browser on your device during your visit to our platform, where they are stored.
Some features of our platform cannot be provided without the use of technically necessary cookies. Other cookies, however, enable us to perform various analyses. For example, some cookies can recognize the browser you are using when you visit our platform again and transmit various information to us. We use cookies to facilitate and improve the use of our platform. Among other things, cookies allow us to make our website more user-friendly and effective for you by, for example, tracking your use of our platform and determining your preferred settings (such as country and language settings). If third parties process information via cookies, they collect this information directly through your browser. However, cookies do not cause any damage to your device. They cannot execute programs and do not contain viruses. Various types of cookies are used on our platform, and their nature and function are explained below.
Temporary cookies/session cookies
Our platform uses so-called temporary cookies, or session cookies, which are automatically deleted as soon as you close your browser. These cookies allow us to record your session ID. This enables us to associate various requests from your browser with a single session and to recognize your device during subsequent visits to the platform.
Persistent cookies
Our platform uses what are known as persistent cookies. Persistent cookies are cookies that are stored in your browser for an extended period of time and can transmit information. The storage duration varies depending on the cookie. You can delete persistent cookies yourself via your browser settings.
Third-party cookies
We use analytical cookies to track anonymous user behavior on our platform.
We also use advertising cookies. These cookies allow us to track user behavior for advertising and targeted marketing purposes.
Social media cookies enable you to connect to your social networks and share content from our platform within your networks.
Configuring browser settings
Most web browsers are set by default to automatically accept cookies. However, you can configure your browser to accept only certain cookies or none at all. Please note, however, that you may then no longer be able to use all the features of our platform.
You can also use your browser settings to delete cookies that are already stored in your browser. Furthermore, it is possible to set your browser to notify you before cookies are stored. Since different browsers may function differently, we ask that you consult your browser’s help menu for the relevant configuration options.
Disabling the use of cookies may require the storage of a permanent cookie on your computer. If you subsequently delete this cookie, you will need to disable it again.
b) Legal basis
Given the purposes described above, the legal basis for the processing of personal data through the use of cookies is Article 6(1)(f) of the GDPR. If you have given us your consent to the use of cookies based on a notice (“cookie banner”) provided by us on the platform, the legal basis is additionally Article 6(1)(a) of the GDPR.
c) Retention period
Once the data transmitted to us via cookies is no longer required for the purposes described above, this information will be deleted. In individual cases, the data may be retained for a longer period if required by law.
5. Data collection for the purpose of taking pre-contractual steps and fulfilling the contract
a) Nature and scope of data processing
We collect personal data about you during the pre-contractual phase and when the contract is concluded. This includes, for example, your first and last name, address, email address, phone number, and bank account information.
b) Purpose and Legal Basis of Data Processing
We collect and process this data solely for the purpose of performing the contract or fulfilling pre-contractual obligations.
The legal basis for this is Article 6(1)(b) of the GDPR. If you have also provided your consent, the additional legal basis is Article 6(1)(a) of the GDPR.
c) Retention period
The data will be deleted as soon as it is no longer necessary for the purpose for which it was processed.
In addition, there may be legal retention requirements, such as commercial or tax law retention requirements under the German Commercial Code (HGB) or the German Fiscal Code (AO). If such retention requirements exist, we will block or delete your data upon the expiration of these retention requirements.
6. Registration option
a) Nature and scope of data processing
You can register on our platform. When you register, we collect and store the information you enter in the registration form (e.g., last name, first name, email address). This information is not shared with third parties outside the platform.
b) Purpose and Legal Basis of Data Processing
Your registration is required to access certain content and services on our platform, to fulfill a contract, or to take steps prior to entering into a contract. After registering, you are free to modify the personal data you provided during registration at any time or to have it completely deleted from the data controller’s database.
The legal basis for processing is Article 6(1)(a) of the GDPR in cases where consent has been given.
If your registration serves to prepare for the conclusion of a contract, Article 6(1)(b) of the GDPR provides an additional legal basis.
c) Retention period
We will store the data collected during registration for as long as you remain registered on our platform, after which it will be deleted. Data shared on the platform as user data will be available to other users for the duration of your registration. Statutory retention periods remain unaffected.
7. Data transmission
We will only disclose your personal data to third parties if:
a) You have given your explicit consent in accordance with Article 6(1)(a) of the GDPR.
b) This is permitted by law and necessary, in accordance with Article 6(1)(b) of the GDPR, to fulfill a contractual relationship with you or to take steps prior to entering into a contract.
c) there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR.
We are legally obligated to transfer data to government authorities, such as tax authorities, social security agencies, health insurance providers, regulatory agencies, and law enforcement agencies.
d) the disclosure is necessary pursuant to Article 6(1)(f) of the GDPR to safeguard legitimate business interests, as well as to assert, exercise, or defend legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data.
e) pursuant to Article 28 of the GDPR, we engage external service providers, known as processors, in the processing of your data, who have been obligated to handle your data with due care.
Within the scope of our platform, your personal data may also be disclosed to other platform users if this is necessary to fulfill contractual obligations or to take steps prior to entering into a contract between you and other users, and you have provided your explicit consent for this purpose in accordance with Article 6(1)(a) of the GDPR. In such cases, the necessary data will only be shared to the extent required to fulfill the respective purpose.
Personal data may also be shared with other users if this is necessary to protect our legitimate interests or those of third parties and your interests or fundamental rights and freedoms, which require the protection of personal data, do not override those interests, in accordance with Article 6(1)(f) of the GDPR.
We require all recipients of your personal data to comply with the relevant data protection regulations and to treat your data confidentially.
When transferring data to external entities in third countries—i.e., outside the EU or the EEA—we ensure that these entities handle your personal data with the same level of care as within the EU or the EEA. We only transfer personal data to third countries where the European Commission has confirmed an adequate level of protection or where we ensure the careful handling of personal data through contractual agreements or other appropriate safeguards.
8. Comment feature
a) Nature and scope of data processing
On our platform, users can send messages to one another and exchange questions and answers via the VDR’s (Virtual Data Room) Q&A tool. When you send a message or a question/answer, we collect and store the data you enter into the input form. In addition to the messages, questions, or answers you submit, information regarding the time of entry and the username (pseudonym) you selected will also be stored and published. Furthermore, the IP address assigned by the data subject’s Internet Service Provider (ISP) will be stored. No data is disclosed to third parties.
b) Purpose and Legal Basis
The data you provide (e.g., your IP address) is processed for security reasons and in the event that the data subject infringes the rights of third parties through a submitted message, question, or response, or posts unlawful content. This collected personal data will not be disclosed to third parties unless such disclosure is required by law or serves to defend the legal rights of the data controller.
c) Retention period
Messages, questions, and answers, as well as the associated data (e.g., IP address), are stored and remain on our platform until the relevant content has been completely deleted or until the messages, questions, or answers must be deleted for legal reasons.
9. Contact Form
a) Nature and scope of data processing
On our platform, we offer you the option to contact us using a provided form. As part of the process of submitting your inquiry via the contact form, you will be directed to this Privacy Policy to obtain your consent.
When you use the contact form, the following personal data will be processed:
Salutation
First Name
Last Name
Title
Company
Industry
Position
Street
Street Number
Zip Code
City
Country
Email Address
Phone Number
Subject
Message
b) Purpose and Legal Basis
Providing your email address allows us to respond to your inquiry via email. When you use the contact form, your personal data will not be shared with third parties.
The legal basis for processing is consent pursuant to Article 6(1)(a) of the GDPR, based on the declaration of consent you voluntarily provide below, which you may revoke at any time in the future.
c) Retention period
The data you enter in the contact form will remain with us until you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies (e.g., after your inquiry has been processed).
This does not affect mandatory legal provisions—in particular retention periods under the German Commercial Code (HGB) or the German Fiscal Code (AO).
10. Contact us by email
Our platform provides you with the option to contact us via email.
a) Nature and scope of data processing
You can contact us via email. Our data collection is limited to the email address of the email account you use to contact us, as well as any personal data you voluntarily provide when contacting us.
b) Purpose and Legal Basis
The purpose of data processing is to enable us to respond appropriately to your inquiry. The legal basis for this is Article 6(1)(f) of the GDPR. There is a legitimate interest in processing the aforementioned personal data in order to handle your inquiry appropriately.
c) Retention Period
The duration of storage for the aforementioned data depends on the context of your contact. Your personal data will be deleted on a regular basis once the purpose of the communication no longer applies and storage is no longer necessary. This may result, for example, from the resolution of your inquiry.
11. Newsletter
a) Nature and Scope of Data Processing
On our platform, you have the option to subscribe to a free, regular email newsletter. In order to send you the newsletter on a regular basis, we need your email address.
We use the so-called double opt-in procedure for sending the newsletter.
This means that we will only send you an email newsletter once you have explicitly confirmed that you consent to receiving it. We will then send you a confirmation email asking you to click on a link to confirm that you wish to receive future newsletters from us.
This ensures that only you, as the owner of the provided email address, can subscribe to the newsletter. Your confirmation must be provided promptly after receiving the confirmation email; otherwise, your newsletter subscription will be automatically deleted from our database.
When you subscribe to the newsletter, we collect and store the data you enter in the form (e.g., last name, first name, email address).
When you subscribe to the newsletter, we also store the IP address assigned to you by your Internet Service Provider (ISP), as well as the date and time of your subscription, so that we can trace any potential misuse of your email address at a later date. In the confirmation email sent for verification purposes (double opt-in
email), we also store the date and time you clicked the confirmation link and the IP address provided by your Internet Service Provider (ISP).
b) Purpose and Legal Basis
The data we collect when you subscribe to the newsletter is used exclusively for the purpose of sending you promotional communications via the newsletter.
The processing of your email address for the purpose of sending the newsletter is based, pursuant to Art. 6(1)(a) GDPR and § 7(2)(3) UWG, on the declaration of consent you voluntarily provide below, which may be revoked at any time with future effect.
In addition, the processing is based on Article 6(1)(f) of the GDPR due to our legitimate interest in documenting proof of the required consent.
c) Retention Period
Your email address will be stored for as long as you remain subscribed to the newsletter. After you unsubscribe from the newsletter, your email address will be deleted unless you have expressly consented to the further use of your data.
12. Tracking and analytics tools
Below you will find a detailed overview of the web analytics and social media tools we use:
Cloudflare
We use the services of the company “Cloudflare” (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA) to improve the availability and security of our website.
Cloudflare provides a so-called Content Delivery Network (CDN). This means that website operators can make certain page content available not only on their own servers but also on servers operated by CDN providers. If the CDN servers are located closer to the user than the website operator’s servers, using a CDN typically results in faster loading times for the user. When a user visits the site of such a website operator, they establish a connection not only to the website operator but also to the CDN operator.
In addition, Cloudflare provides website operators with security features that can be used in particular to defend against automated attacks on the website. The use of these features helps ensure the availability of our website and the services it offers.
Cloudflare sets cookies for the purposes mentioned above and may thereby process the following categories of data in particular:
IP address,
User’s device,
Data regarding traffic between the user and the website operator, e.g., pages visited, date and time of access.
You can completely prevent Cloudflare from processing your personal data by disabling script execution in your browser settings or by installing a script blocker in your browser.
Cloudflare is contractually obligated, based on so-called EU Standard Data Protection Clauses, to ensure that when personal data is transferred from the European Economic Area, the recipients adhere to a data protection standard that is essentially equivalent to the European standard. Please note, however, that we cannot guarantee that Cloudflare will be able to comply with these contractual obligations in every case.
The legal basis for data processing is our legitimate interest in the continuous and secure operation of our website and the prevention of hacker attacks (Art. 6(1)(f) GDPR).
For more information, please refer to Cloudflare’s Privacy Policy at: https://www.cloudflare.com/de-de/privacypolicy/
Resend
We use the Resend service provided by Plus Five Five, Inc., 2261 Market St, San Francisco, CA 94114-1612, to manage and send emails. This service enables us to send and track emails efficiently and reliably. The following data is processed when using Resend:
Recipient’s email address
Recipient’s name (if provided)
Content of the email
Date and time of sending
Email status (e.g., delivered, opened, clicks)
We use Resend to communicate with our users, specifically to send confirmation emails, information about the platform, updates, and other relevant notifications. By using this service, we can ensure the reliability and efficiency of our email communications.
The legal basis for processing the aforementioned data is Article 6(1)(f) of the GDPR. The processing of this data is necessary for the purpose of conducting email communication and thus for safeguarding a legitimate interest of our company.
The personal data processed in connection with the use of Resend is stored for the duration of the user’s use of the email service. Once the data is no longer required for the purpose of email communication, it is deleted. Further storage may occur in individual cases if required by law.
Resend processes data in accordance with applicable data protection regulations and ensures data security through appropriate technical and organizational measures. For more information about Resend’s data processing practices, please refer to the service’s privacy policy at https://resend.com/legal/privacy-policy
Stripe
We offer the option of processing your payment via the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. When paying via Stripe, we will forward the information you provided during the ordering process, along with information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency, and transaction number), in accordance with Article 6 Paragraph 1 Letter b of the GDPR. Your data will be forwarded exclusively for the purpose of payment processing with the payment service provider Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. Further information on Stripe's data protection policy can be found at: https://stripe.com/de/privacy#translation
YouTube-Videos
On our YouTube channel, you can find videos and helpful tips about our services. Our customer service team also professionally answers user questions and comments on YouTube. Personal data is stored and processed by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 D04 E5W5, Ireland ("Google"), as the operator of YouTube, in accordance with Google's privacy policy. You can find the privacy policy here: https://policies.google.com/privacy?hl=de&gl=de. Using YouTube's analytics features, we can perform certain statistical analyses to optimize our channel. This includes, in particular, details about the most popular videos (e.g., user dwell time, video ranking), target groups (e.g., countries, language settings, age and gender, activity times), the reach of our channel (e.g., where users were referred to a video from), and impressions (e.g., how many users saw a specific ad). It is not possible for us to draw conclusions about individual users or access individual user profiles. For more information about YouTube's analytics features, please visit: https://support.google.com/youtube/answer/9002587?hl=de
Google Drive
We offer our users the option of using Google Drive, a cloud storage service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter “Google”), to create virtual data rooms for other users. To do so, users must log in to their own Google Account using their credentials.
When using Google Drive, users’ personal data—such as their name, email address, and other relevant information—is collected and stored in the cloud. This data is necessary for the management and security of the data.
The processing of this data is based on Article 6(1)(f) of the GDPR, as we have a legitimate interest in the secure storage and management of the data.
For more information about Google Drive's privacy practices, please see Google's Privacy Policy at: https://policies.google.com/privacy
The use of this feature constitutes a separate data processing operation that takes place outside the scope of the platform operator’s responsibility. The platform operator is neither the controller nor the processor within the meaning of the General Data Protection Regulation (GDPR) with respect to the personal data processed in the integrated data rooms.
The respective user is solely responsible for all content, including personal data, that is stored, processed, or made available in the connected Google Drive data rooms. This includes, in particular, the lawfulness of the processing in accordance with Article 6 of the GDPR, as well as compliance with all rights regarding information, erasure, and data subjects.
Providers are also solely responsible for the proper management of access and authorization structures within the connected data rooms. This includes, in particular, granting, restricting, and revoking access rights (e.g., read, download, or edit rights) for users, as well as ensuring that only authorized individuals have access to the relevant content.
The platform operator has no influence over data processing operations within Google Drive and does not review, monitor, or control the content of the data provided. To the extent permitted by law, the platform operator shall not be liable for the content of the data rooms or for any data protection violations committed by users.
When using Google Drive, the transfer of personal data to third countries, in particular to the United States of America, cannot be ruled out. Providers are required to independently verify and ensure that appropriate safeguards are in place in accordance with Articles 44 et seq. of the GDPR (e.g., by entering into standard contractual clauses).
13. Data Security and Backup Procedures
We are committed to protecting your privacy and treating your personal data confidentially. To this end, we implement comprehensive technical and organizational security measures, which are regularly reviewed and adapted to technological advancements.
This includes, among other things, the use of recognized encryption methods (SSL or TLS). However, data disclosed unencrypted, for example, via unencrypted email, may potentially be intercepted by third parties. We have no control over this. It is the responsibility of each user to protect the data they provide against misuse through encryption or other means.
14. Changes to the privacy policy
We reserve the right to update this statement as needed at any time.
15. Your rights
Here you will find information about your rights regarding your personal data. Details can be found in Articles 7, 15-22, and 77 of the GDPR. You can contact the data controller (see section 2) regarding this matter.
Right to withdraw your consent under Article 7(3) of the GDPR
You can withdraw your consent to the processing of your personal data at any time with effect for the future. However, this does not affect the lawfulness of the processing carried out before the withdrawal.
a) Right of access pursuant to Article 15 GDPR
You have the right to request confirmation as to whether we process personal data concerning you. If this is the case, you have the right to access this personal data and to further information, e.g., the purposes of the processing, the categories of personal data processed, the recipients, and the planned duration of storage or the criteria for determining the duration.
b) Right to rectification and completion pursuant to Article 16 GDPR
You have the right to request the immediate correction of inaccurate data. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.
c) Right to erasure (“right to be forgotten”) pursuant to Article 17 GDPR
You have the right to erasure if the processing is not necessary.
This is the case, for example, if your data is no longer needed for the original purposes, you have withdrawn your consent under data protection law, or the data has been processed unlawfully.
d) Right to restriction of processing pursuant to Article 18 GDPR
You have the right to restrict processing, e.g. if you believe the personal data is inaccurate.
e) Right to data portability pursuant to Article 20 GDPR
You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.
f) Right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of certain personal data concerning you.
In the case of direct marketing, you, as the data subject, have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
g) Automated decision-making in individual cases, including profiling, pursuant to Article 22 GDPR
You have the right not to be subject to a decision based solely on automated processing, including profiling, except in the cases specified in Article 22 of the GDPR.
No decision-making based solely on automated processing, including profiling, takes place.
h) Complaint to a data protection supervisory authority pursuant to Article 77 GDPR
Furthermore, you can lodge a complaint with a data protection supervisory authority at any time, for example if you believe that the data processing is not in accordance with data protection regulations.
This Data Privacy Policy is provided in German and English. In the event of any discrepancies, ambiguities, or inconsistencies between the language versions, the German version shall be binding and prevail.