We operate our websites in accordance with the principles set out below:
We undertake to comply with the statutory provisions on data protection and strive to always observe the principles of data avoidance and data minimization.
1. Name and address of the controller and the data protection officer
1.1 The controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states of the European Union as well as other data protection regulations is
foobar Agency GmbH
Ria-Burkei-Straße 25
81249 Munich
Phone: +49 89 244174840
E-mail: [email protected]
1.2 The data protection officer
You can contact the data protection officer of the controller as follows:
SiDIT GmbH, www.sidit.de, E-mail: [email protected]
2. Explanations of terms
We have designed our privacy policy in accordance with the principles of clarity and transparency. However, if there are any uncertainties regarding the use of various terms, the relevant definitions can be viewed here.
3. Legal Basis for Data Processing
3.1 Processing of Personal Data under the GDPR
We process your personal data, such as your name, email address, and IP address, only when there is a legal basis to do so. In accordance with the General Data Protection Regulation (GDPR), the following legal grounds may apply:
- Art. 6(1)(a) GDPR: The data subject has given consent to the processing of their personal data for one or more specific purposes.
- Art. 6(1)(b) GDPR: The processing is necessary for the performance of a contract or to take steps prior to entering into a contract at the data subject’s request.
- Art. 6(1)(c) GDPR: The processing is necessary to comply with a legal obligation to which the controller is subject.
- Art. 6(1)(d) GDPR: The processing is necessary to protect vital interests of the data subject or another natural person.
- Art. 6(1)(e) GDPR: The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Art. 6(1)(f) GDPR: The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where overridden by the data subject’s interests or fundamental rights and freedoms.
We will inform you separately within this privacy policy about the specific legal basis for data processing, where applicable.
3.2 Consent by Legal Guardians under Art. 8(1)(2) GDPR
For data processing requiring the consent of minors under the age of 16, consent must be given by a parent or legal guardian. Detailed information on data processing operations, their purposes, and the data categories involved can be found in this privacy policy.
Consent can be withdrawn at any time by sending a written statement to the controller. Processing carried out before withdrawal remains lawful.
3.3 Processing of Information under § 25(1) TDDDG
We also process information under § 25(1) of the German Telecommunications-Telemedia Data Protection Act (TDDDG) by storing or accessing data on your end device. This may include both personal and non-personal data, such as cookies, browser fingerprints, advertising IDs, MAC addresses, and IMEI numbers.
Such processing is generally based on your consent pursuant to § 25(1) TDDDG.
Consent is not required if the processing falls under an exception as outlined in § 25(2)(1) and (2) TDDDG, for example, if the storage or access is solely to transmit a message or to provide a service you explicitly requested.
You may withdraw your consent at any time. Please note that the legality of processing before withdrawal remains unaffected.
4. Disclosure of Personal Data
The disclosure of personal data also constitutes processing within the meaning of section 3. We would like to inform you separately about disclosure to third parties. Protecting your personal data is very important to us. For this reason, we are particularly careful when it comes to sharing your data with third parties.
Disclosure to third parties only takes place if there is a legal basis for the processing. For example, we share personal data with individuals or companies acting as processors in accordance with Art. 28 GDPR. A processor is anyone who processes personal data on our behalf, especially within a directive and control relationship.
In accordance with the GDPR, we enter into data processing agreements with each of our processors to ensure they comply with data protection regulations and guarantee the full protection of your data.
5. Storage Duration and Deletion
We delete your personal data once it is no longer necessary for the purposes for which it was collected or otherwise processed, provided that the processing is not required for the exercise of freedom of expression and information, compliance with legal obligations, reasons of public interest, or the assertion, exercise, or defense of legal claims.
6. SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content (e.g. requests sent to us), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change from "http://" to "https://" in the browser's address bar and by the lock symbol.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
7. Use of AI Systems (Artificial Intelligence)
To optimize our processes and improve your personalized experience on our website, your personal data may be processed by AI technologies. The AI is used in particular to:
- Perform data analyses
- Create forecasts
- Identify security vulnerabilities
- Streamline routine processes
The AI used complies with the principles of the GDPR. Any decisions with legal or similar implications for you are not made solely by the AI and are supplemented by human review.
8. Cookies
We use cookies on our website. Cookies are small data packets that your browser stores on your device when you visit our site. They are used to store information related to the device used.
We differentiate between strictly necessary cookies and "additional" cookies. Strictly necessary cookies are essential to provide a service explicitly requested by you.
8.1 Technically Necessary Cookies
To make your use of our offering more pleasant, we use technically necessary cookies. These may include session cookies (e.g. language selection, cart), consent cookies, cookies to ensure server stability and security, etc.
The legal basis is Art. 6(1)(f) GDPR—our legitimate interest in the error-free operation of the website and providing optimized services.
8.2 Additional Cookies
Additional cookies are used for statistical, analysis, marketing, and retargeting purposes.
These cookies are used based on your consent under Art. 6(1)(a) GDPR.
You may withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
You can adjust your cookie preferences on our site, disable cookies in your browser (which may limit website functionality), or opt out for individual services.
We will indicate the legal basis for processing within the relevant sections of this policy.
9. Cookie Banner / Consent Management
To obtain your consent for cookie use, we use a cookie banner from Cookiebot by Usercentrics, Havnegade 39, 1058 Copenhagen, Denmark.
This service sets a technically necessary consent cookie to store your preference. The legal basis is our legitimate interest according to Art. 6(1)(f) GDPR and § 25(1) TDDDG.
For some Google/Alphabet services, we use Google Consent Mode V2 in Basic Mode. More details are available on Google's website here.
Consent Mode is technically necessary and based on our legitimate interest under Art. 6(1)(f) GDPR.
10. Collection and Storage of Personal Data and its Type and Purpose of Use
10.1 External Hosting
Our website is hosted by Webflow, 398 11th Street, San Francisco, United States. Therefore, all personal data collected on our website is stored on the servers of our hosting provider unless a third-party service is integrated. This may include IP addresses, email addresses, communication data, or similar. Specific types of personal data are described in detail in the sections about individual features and services.
The hosting provider processes your data only on our instructions and only to the extent necessary to fulfill the services provided on the website. No processing for the provider's own purposes takes place. We have signed a data processing agreement with the provider.
10.2 When Visiting the Website
When you access our website, the browser on your device automatically sends information to our server, which is temporarily stored in a so-called log file. The following information is collected automatically and stored until it is deleted:
- IP address of the requesting device
- Date and time of access
- Name and URL of the accessed file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer and the name of your access provider
This data is processed for the following purposes:
- Ensuring a smooth connection to the website
- Ensuring convenient use of our website
Data that can be linked to your identity, such as your IP address, is deleted after no more than 7 days. If the data is stored beyond this period, it will be pseudonymized so that it can no longer be linked to you.
The legal basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest arises from the purposes listed above. Under no circumstances do we use the collected data to draw conclusions about you as a person.
10.3 HubSpot CRM
We have integrated the HubSpot CRM system (HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA) on our website.
This CRM system helps us manage registered users and track customer interactions across various channels such as email, chat, social media, or phone. We use this data to stay in contact with users.
The processing of personal data in the context of our HubSpot CRM system is based on our legitimate interest under Art. 6(1)(f) GDPR.
Further information on data protection at HubSpot can be found in their privacy policy here.
10.4 Cloudflare
We use a content delivery network (CDN) and web firewall provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA.
Cloudflare processes IP addresses, routing information, system configuration data, and other traffic-related data to protect our site from DDoS attacks and enhance performance.
Data transfer between the browser and our server is routed through Cloudflare’s network, which helps improve page load speeds. The firewall prevents fraudulent activity and unauthorized access.
Processing is based on our legitimate interest in secure and efficient website performance under Art. 6(1)(f) GDPR.
Cloudflare is a subprocessor of HubSpot, with whom we have agreed to standard contractual clauses (Data Processing Addendum).
Details are available in Cloudflare's privacy policy here.
10.5 Amazon CloudFront
We use Amazon CloudFront, a CDN provided by Amazon Web Services, Inc., P.O. Box 81226, Seattle, WA 98108-1226, USA.
Amazon CloudFront allows us to deliver website content with low latency and high transfer rates by distributing it across global servers. If you access our website from outside the EU, the nearest server outside the EU may be used.
Using Amazon CloudFront may involve transferring data such as IP addresses or browser details to Amazon.
Processing is based on our legitimate interest in reliability, data loss prevention, and performance (Art. 6(1)(f) GDPR).
Amazon CloudFront is a subprocessor of HubSpot, and we have signed standard contractual clauses with them.
Amazon's CloudFront privacy policy can be accessed here.
Amazon's Web Services privacy policy can be accessed here.
10.6 Newsletter
Content and Subscription Data
We send newsletters only with your consent according to Art. 6(1)(a) GDPR and § 25(1) TDDDG.
When signing up, you provide your name, email, company, and job title. Additional optional data like phone number or gender is used solely to personalize the newsletter.
Double Opt-In and Logging
For security, we use a double opt-in process. After subscribing, you receive an email asking you to confirm your subscription. Only upon confirmation does the subscription become valid.
We log the subscription and confirmation, along with your IP and any updates to your information.
Revocation
You can unsubscribe at any time by clicking the unsubscribe link in any newsletter or by emailing [email protected].
Processing remains lawful until revocation.
Use of "HubSpot"
Our newsletters are sent via HubSpot (HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA). HubSpot stores your data on servers in the USA and may use it to optimize its services. HubSpot does not use your data to contact you directly or share it with third parties.
We have signed standard contractual clauses with HubSpot.
HubSpot’s privacy policy is available here.
10.7 Contact Form
We provide a contact form on our site. Required fields include your name (for personal salutation), company, and email.
Your submitted information, including your IP address, is processed in accordance with Art. 6(1)(b) and (f) GDPR for pre-contractual inquiries and our legitimate interest in business communication.
We use HubSpot (HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA) to provide the form. Standard contractual clauses are in place.
HubSpot’s privacy policy is available here.
Inquiries and associated data are deleted after 6 months unless needed for ongoing business relations.
10.8 Event Registration
We provide an event registration form on our website.
When registering, your information, including your IP address, is processed under Art. 6(1)(b) and (f) GDPR for pre-contractual purposes and our legitimate interest in organizing events.
We use HubSpot (HubSpot Inc., 25 First Street, Cambridge, MA 02141 USA) to provide the form and have signed standard contractual clauses with them.
HubSpot’s privacy policy is available here.
Event registration data is deleted after 3 months unless needed for further contractual relationships.
10.9 Google Tag Manager
We use Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to manage tags and integrate tracking or analytics tools.
Your IP address may be processed and transferred to the USA. Google Tag Manager does not create user profiles or analyze data itself.
Processing is based on our legitimate interest under Art. 6(1)(f) GDPR.
We have signed a data processing agreement with Google.
Google’s privacy policy is available here.
11. Analytics and Tracking Tools
We use the analytics and tracking tools listed below on our website. These are used to ensure the ongoing optimization of our website and to tailor it to your needs.
These tools are used based on the consent you have provided pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time by changing the cookie settings. The processing carried out until the revocation remains lawful.
The purposes of data processing and categories of data can be found in the respective tools. We have no influence on whether and to what extent the service providers carry out further data processing.
11.1 Google Analytics
We use Google Analytics on our website, a web analysis service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter "Google").
In this context, Google Analytics uses cookies (see section 7). The information generated by the cookie about your use of this website such as
- Name and version of the browser used
- Operating system of your computer
- Website from which access is made (referrer URL)
- IP address of the requesting computer
- Time of the server request
is usually transmitted to a Google server in the USA and stored there.
Your IP address is automatically anonymized by Google before being recorded via EU domains and servers. Therefore, your IP address is not logged or stored.
On our behalf, Google uses this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
We have concluded a data processing agreement with Google.
An overview of data protection at Google can be found here.
11.2 Google Ads Conversion Tracking
We use Google Ads on our website, an online advertising program from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The conversion tracking feature is also used.
With this tool, Google Ads sets a cookie on your device if you reach our website via a Google ad.
The cookie does not serve to personally identify you. If you visit our website and the cookie is still active, it becomes visible to us and Google that you clicked the relevant ad and were redirected to our website. Each Google Ads customer receives a different cookie. Cookies are therefore not traceable across the websites of Ads customers.
The data collected using the conversion cookie is used to generate conversion statistics for Ads customers. We, as Google Ads customers, learn the total number of users who clicked our ad and were redirected to a page with a conversion tracking tag. This allows us to determine the success of individual advertising measures. We do not receive any information that could personally identify you as a user.
When using Google Ads, your browser automatically establishes a direct connection to Google’s server and can associate the visit with your Google account if you have one and are logged in. If you do not have a Google account, Google assigns you a unique ID. We have no influence on what further data Google collects and stores.
We have concluded a data processing agreement with Google.
Details of Google’s privacy policy can be found here.
11.3 HubSpot
We use CRM software from HubSpot Inc. (25 First Street, 2nd Floor, Cambridge, MA 02141, USA), through which we manage our customer data and perform online marketing. Among other things, landing pages are analyzed and reports are generated. "Web beacons" and cookies are used for this purpose. The following personal data may be processed:
- IP address,
- Geographic location,
- Browser type,
- Duration of visit,
- Visited pages,
- Visitor sources via UTM parameters.
The IP address is usually processed and stored in shortened form on European servers operated by HubSpot. Only in exceptional cases is the IP address transferred to a server of HubSpot in the USA and shortened there.
We use the collected information to continuously optimize and improve our website and make it more user-friendly for you. Furthermore, we analyze which services of our company are of interest to customers, users, and newsletter subscribers in order to contact them for advertising purposes.
We have concluded standard contractual clauses with HubSpot. HubSpot is not granted the right to pass on your data.
You can find HubSpot’s privacy policy here.
11.4 LinkedIn Conversion Tracking
We use the conversion tracking function of LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) on our website. This allows us to target you with advertisements following a visit to our website. LinkedIn also generates a report showing how successful our ads are and how users interact with our website. If you logged in via LinkedIn before visiting our site, this will be recognized and your visit will be associated with your LinkedIn account.
We have concluded a data processing agreement with LinkedIn.
Further information can be found in LinkedIn’s privacy policy here.
You can opt out of interest-based advertising via LinkedIn here.
11.5 LinkedIn Analytics
We use LinkedIn Analytics on our website, a web analytics service from LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, hereinafter "LinkedIn").
LinkedIn Analytics uses cookies (see section 7). The information generated by the cookie about your use of this website such as:
- Login data
- Device information
- IP addresses
is logged and may be transferred to a LinkedIn server in the USA and stored there.
On our behalf, LinkedIn uses this information to evaluate your use of our website, to compile reports on website activity, and to provide us with other services related to website and internet usage. The IP address transmitted by your browser as part of LinkedIn Analytics is not merged with other LinkedIn data.
We have concluded a data processing agreement with LinkedIn.
Please click here to view LinkedIn’s privacy policy.
12. Rights of the Data Subject
You have the following rights:
12.1 Right to Access
You have the right under Art. 15 GDPR to request information about your personal data processed by us. This right of access includes information about:
- the purposes of processing
- the categories of personal data
- the recipients or categories of recipients to whom your data has been disclosed or will be disclosed
- the planned storage duration or at least the criteria for determining the storage duration
- the existence of a right to rectification, erasure, restriction of processing, or objection
- the existence of a right to lodge a complaint with a supervisory authority
- the origin of your personal data, if not collected from you
- the existence of automated decision-making, including profiling, and meaningful information about its details
12.2 Right to Rectification
According to Art. 16 GDPR, you have the right to request the immediate correction of inaccurate or incomplete personal data stored by us.
12.3 Right to Erasure
Under Art. 17 GDPR, you have the right to request the immediate deletion of your personal data, unless further processing is necessary for one of the following reasons:
- the personal data is still required for the purposes for which it was collected or otherwise processed
- to exercise the right to freedom of expression and information
- to fulfill a legal obligation requiring processing under EU or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller
- for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR
- for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing
- for the establishment, exercise, or defense of legal claims
12.4 Right to Restriction of Processing
You can request the restriction of the processing of your personal data under Art. 18 GDPR for one of the following reasons:
- You contest the accuracy of your personal data.
- The processing is unlawful, and you oppose the deletion of the personal data.
- We no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims.
- You have objected to processing pursuant to Art. 21(1) GDPR.
12.5 Notification Obligation
If you have asserted the right to rectification, erasure, or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. You may request that we inform you about these recipients.
12.6 Right to Data Portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to request that this data be transferred to another controller, provided that the processing was carried out using automated procedures and based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) or on a contract pursuant to Art. 6(1)(b) GDPR.
12.7 Right to Withdraw Consent
You have the right to revoke your consent at any time pursuant to Art. 7(3) GDPR. The revocation of consent does not affect the legality of processing carried out based on consent before its withdrawal. We may no longer continue data processing based on your withdrawn consent.
12.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR.
12.9 Right to Object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we implement without specifying any particular situation. If you wish to exercise your right of withdrawal or objection, an email to [email protected] is sufficient.
12.10 Automated Decision-Making Including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
- is necessary for entering into or performance of a contract between you and us
- is authorized by EU or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests
- is based on your explicit consent
However, such decisions may not be based on special categories of personal data under Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.
With regard to the cases referred to in points 1 and 2, we shall implement suitable measures to safeguard the rights and freedoms as well as your legitimate interests, which include at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.
13. Changes to this Privacy Policy
If we change the privacy policy, this will be indicated on the website.
Status: April 2, 2025
