Privacy Policy of the Amadeus Fire Group
Preamble
With the following Privacy Policy, we would like to inform you about the types of personal data (hereinafter also referred to as “data”) we process, the purposes for which we process it, and the scope of such processing. This Privacy Policy applies to all processing of personal data carried out by us, both in connection with the provision of our services and, in particular, on this website and in mobile applications.
The terms used are gender-neutral.
Last update: 30.06.2026
More information
Controller:
Controller as defined by the GDPR:
Amadeus Fire AG
Hanauer Landstr. 160
60314 Frankfurt am Main
Telefon: 069 96876-150
Fax: 069 96876-199
Email address: info@amadeus-fire.de
Contact information of the data protection officer:
Amadeus Fire AG
Data protection officer
Hanauer Landstr. 160
60314 Frankfurt am Main
E-mail address: datenschutzbeauftragter@amadeus-fire.de
Note on the Applicability of the GDPR and the Swiss Data Protection Act (DSG):
This Privacy Policy serves to provide information in accordance with both the Swiss Federal Act on Data Protection (Swiss DSG) and the General Data Protection Regulation (GDPR). For this reason, please note that the terms used in the GDPR are employed here due to its broader geographical scope and clarity. In particular, instead of the terms “processing” of “personal data,” “overriding interest,” and “personal data requiring special protection” used in the Swiss Data Protection Act, the terms “processing” of “personal data,” “legitimate interest,” and “special categories of data” used in the GDPR are employed. However, the legal meaning of these terms continues to be determined in accordance with the Swiss Data Protection Act (DSG) within the scope of its applicability.
Security Precautions
We take appropriate technical and organizational measures to adequately protect your personal data, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of the processing. These include, in particular, measures to ensure confidentiality, integrity, and availability (e.g., access and authorization policies), as well as procedures for exercising data subject rights and responding to security incidents. Data transmission via our online services is encrypted using TLS/SSL (HTTPS) to protect users’ data from unauthorized access.
Transmission of Personal Data
As part of our processing of personal data, it may happen that the data is transferred to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.
Data Transfer within the Organization: We may transfer personal data to other departments within our organization or grant them access to this data. If this transfer is for administrative purposes, it is based on our legitimate business and operational interests, or it occurs when necessary to fulfill our contractual obligations, or when the data subjects have given their consent or when permitted by law.
International data transfers
If we process personal data in third countries (outside the European Union/European Economic Area) or transfer it there (e.g., in connection with third-party services), this is done only in accordance with legal requirements, in particular on the basis of an adequacy decision (Art. 45 GDPR) or appropriate safeguards (e.g., EU Standard Contractual Clauses, Art. 46 GDPR) or, where necessary, an exception (e.g., explicit consent) under Art. 49 GDPR. We provide details on any transfers to third countries in the respective service descriptions.
EU-US Data Privacy Framework (DPF): For certain companies in the U.S. certified under the DPF, the European Commission has determined, by means of an adequacy decision dated July 10, 2023, that an adequate level of data protection exists. If we use service providers certified under the DPF, we will indicate this in the respective privacy notices.
If personal data is transferred to third countries in connection with the use of cookies, we will provide separate information about this in our cookie settings.
Erasure of data
The data we process is deleted in accordance with legal requirements as soon as the consent authorizing its processing is revoked or other legal grounds for processing no longer apply (e.g., if the purpose for processing this data no longer exists or the data is no longer necessary for that purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing is limited to those purposes. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary to assert, exercise, or defend legal claims, or to protect the rights of another natural or legal person. As part of our privacy policy, we may provide users with further information regarding the deletion and retention of data that applies specifically to the respective processing operations.
Rights of Data Subjects
Rights of Data Subjects Under the GDPR: As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 through 21 of the GDPR:
- Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6 (1) (e) or (f) of the GDPR; this also applies to profiling based on these provisions. If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing.
- Right to withdraw consent: You have the right to withdraw any consent you have given at any time.
- Right of access: You have the right to request confirmation as to whether your personal data is being processed, as well as access to this data, further information, and a copy of the data in accordance with legal requirements.
- Right to rectification: In accordance with legal requirements, you have the right to request that data concerning you be completed or that inaccurate data concerning you be corrected.
- Right to erasure and restriction of processing: In accordance with legal requirements, you have the right to request that data concerning you be erased without delay or, alternatively, to request a restriction on the processing of such data in accordance with legal requirements.
- Right to data portability: You have the right, in accordance with legal requirements, to receive the data concerning you that you have provided to us in a structured, commonly used, and machine-readable format, or to request that it be transmitted to another data controller.
- Complaint to a supervisory authority: In accordance with legal requirements and without prejudice to any other administrative or judicial remedy, you also have the right to lodge a complaint with a data protection supervisory authority – in particular, a supervisory authority in the Member State where you habitually reside – the supervisory authority of your place of work or the location of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.
Use of Cookies
Cookies are small text files or other storage mechanisms that store information on end devices and retrieve information from them. For example, they are used to store a user’s login status in an account, the contents of a shopping cart in an online store, the content accessed, or the features used on a website. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online services, as well as analyzing visitor traffic.
Information on consent: We use cookies in accordance with legal requirements. Therefore, we obtain prior consent from users unless such consent is not required by law. In particular, consent is not required if the storage and retrieval of information – including cookies – are strictly necessary to provide users with a telemedia service (i.e., our online offering) that they have expressly requested. Strictly necessary cookies generally include cookies with functions that serve to display and ensure the operability of the online service, balance server load, ensure security, store user preferences and selections, or serve similar purposes related to the provision of the primary and secondary functions of the online service requested by users. The revocable consent is clearly communicated to users and includes information regarding the specific use of cookies.
Information on the legal basis for data protection: The legal basis under data protection law on which we process users’ personal data using cookies depends on whether we ask users for their consent. If users consent, the legal basis for the processing of their data is their expressed consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in the business operation of our online service and improving its usability) or, if this occurs in the context of fulfilling our contractual obligations, when the use of cookies is necessary to fulfill our contractual obligations. We explain the purposes for which we process cookies in this Privacy Policy or as part of our consent and processing procedures.
Storage duration: The following types of cookies are distinguished based on their storage duration:
- Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user leaves an online service and closes their device (e.g., browser or mobile application).
- Persistent cookies: Persistent cookies remain stored even after the device is closed. This allows, for example, the login status to be saved or preferred content to be displayed immediately when the user visits a website again. Likewise, user data collected via cookies may be used for audience measurement. Unless we provide users with explicit information regarding the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and may be stored for up to two years.
General Information on withdrawal of consent and objection (so-called “opt-out”): Users may withdraw the consent they have provided at any time and object to the processing of their data in accordance with legal requirements. To do so, users may, among other things, restrict the use of cookies in their browser settings (although this may also limit the functionality of our online services). An objection to the use of cookies for online marketing purposes can also be submitted via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.
- Legal basis: Consent (Art. 6 (1) (a) GDPR).
Additional information on processing procedures, methods, and services:
- Processing of cookie data based on consent: We use a cookie consent management system through which users can grant, manage, and revoke their consent to the use of cookies, as well as to the processing activities and providers specified within the cookie consent management system. In this context, the declaration of consent is stored so that the user does not have to be asked for consent again and so that consent can be demonstrated in accordance with legal requirements. Storage may occur on the server and/or in a cookie (a so-called opt-in cookie, or using comparable technologies) in order to associate the consent with a user or their device. Subject to specific information provided by the providers of cookie management services, the following applies: Consent may be stored for up to two years. In this process, a pseudonymous user identifier is generated and stored along with the time of consent, details regarding the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, operating system, and device used; Legal basis: Consent (Art. 6 (1) (a) GDPR).
- Usercentrics: Cookie consent management; Service provider: Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany; Website: https://usercentrics.com/de/. Privacy Policy: https://usercentrics.com/de/datenschutzerklaerung/.
Provision of online services and web hosting
We process users’ data in order to provide them with our online services. For this purpose, we process the user’s IP address, which is necessary to deliver the content and features of our online services to the user’s browser or device.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); content data (e.g., entries in online forms).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online services and user-friendliness; IT infrastructure (operation and provision of information systems and technical equipment (computers, servers, etc.)). Security measures.
- Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
Additional information on processing activities, procedures and services:
- Provision of online services on leased storage space: To provide our online services, we use storage space, computing capacity, and software that we lease or otherwise obtain from a server provider (also known as a “web host”); Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
- Collection of access data and log files: Access to our online service is logged in the form of so-called “server log files.” Server log files may include the address and name of the web pages and files accessed, the date and time of access, the amount of data transferred, a notification of successful access, the browser type and version, the user’s operating system, the referrer URL (the previously visited page), and, as a rule, IP addresses and the requesting provider. The server log files may be used, on the one hand, for security purposes – for example, to prevent server overload (particularly in the event of malicious attacks, known as DDoS attacks) – and, on the other hand, to ensure server capacity and stability; legal basis: legitimate interests (Art. 6 (1) (f) GDPR). Data deletion: Log file information is stored for a maximum of 30 days and is then deleted or anonymized. Data that must be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.
- Emailing and hosting: The web hosting services we use also include the sending, receiving, and storage of emails. For these purposes, we process the addresses of the recipients and senders, as well as other information related to email transmission (e.g., the providers involved) and the content of the respective emails. The aforementioned data may also be processed for the purpose of detecting spam. Please note that emails are generally not sent in encrypted form over the Internet. While emails are typically encrypted during transmission, they are not encrypted on the servers from which they are sent and received (unless a so-called end-to-end encryption method is used). We therefore cannot assume any responsibility for the transmission of emails between the sender and our server; Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
Contact and Inquiry Management
When you contact us (e.g., by mail, contact form, email, or phone), as well as in the context of existing user and business relationships, the information provided by the individuals making the inquiry is processed to the extent necessary to respond to the inquiries and take any requested actions.
- Types of data processed: Contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); Meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Data subjects: Communication partners.
- Purposes of processing: Contact requests and communication; managing and responding to inquiries; feedback (e.g., collecting feedback via online forms). Provision of our online services and user-friendliness.
- Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR). Performance of a contract and pre-contractual inquiries (Art. 6 (1) (b) GDPR).
Additional information on processing activities, procedures, and services:
- Contact form: When users contact us via our contact form, email, or other communication channels, we process the data provided to us in this context to handle the matter raised; Legal basis: Consent (Art. 6 (1) (a) GDPR).
Privacy Information for Whistleblowers
In this section, you will find information on how we handle data from whistleblowers, as well as from affected parties and other involved individuals, within the framework of our whistleblower procedure. Our goal is to provide a straightforward and secure way to report potential misconduct on the part of us, our employees, or our service providers – particularly actions that violate laws or ethical guidelines. In addition, we ensure that reports are processed and handled appropriately.
Legal basis: To the extent that we process data to fulfill our legal obligations under the Whistleblower Protection Act (HinSchG), the legal basis for the processing is Art. 6 (1) (c) of the GDPR and, in the case of special categories of personal data, Art. 9 (2) (g) of the GDPR and Section 22 of the Federal Data Protection Act (BDSG), in conjunction with Section 10 of the HinSchG. This concerns the obligation to establish and operate an internal whistleblower reporting office, the fulfillment of its legal obligations, and – in the case of the use of data collected during the reporting process – the initiation of further investigations or labor law measures against individuals who have committed a violation.
To the extent that we process data (particularly in cases of confirmed misconduct) for the purpose of or in preparation for legal defense, this is done on the basis of our legitimate interests in lawful and ethical conduct pursuant to Art. 6 (1) (f) of the GDPR.
To the extent that consent to the processing of personal data has been granted for specific purposes, the processing is carried out on the basis of this consent in accordance with Art. 6 (1) (a) of the GDPR and, in the case of special categories of personal data, in accordance with Art. 9 (2) (a) of the GDPR. An example would be the disclosure of a whistleblower’s identity or the preparation of a verbatim report during a face-to-face conversation. Consent that has been given may be withdrawn at any time with future effect.
Types of data processed: In the course of receiving and processing reports, as well as during the subsequent whistleblower proceedings, we may collect various types of data. This includes, in particular, the information provided by a whistleblower, such as
- Name, contact information, and location of the person making the report
- Names and information about potential witnesses or individuals affected by the report,
- Names and information about the individuals who are the subject of the report,
- Details regarding the alleged misconduct,
- Other relevant details, if provided by the whistleblower.
For the purposes of investigating the facts and determining further action, we also process the following personal data:
- Unique identifier for the report
- Contact information of the reporting individual, if provided,
- Personal data of the individuals mentioned in the report, if provided
- Personal data of individuals indirectly affected by the investigation, if applicable,
- Personal data of individuals in other involved companies (e.g., within the legal department), if relevant,
- Additional data related to the circumstances.
Special categories of personal data: In the course of our activities, we may collect special categories of personal data, particularly when such data is provided by a whistleblower. These include:
- Data concerning a person’s health
- Data regarding a person’s racial or ethnic origin,
- Information regarding a person’s religious or philosophical beliefs,
- Information regarding a person’s sexual orientation.
This data is processed only if it is relevant to the handling of the respective report and is expressly provided by the whistleblower.
Using our online forms: Please note that you have the option to submit feedback anonymously. To ensure the security of your data when using our online forms, we recommend that you access them in your browser’s “incognito mode.” Here’s how to open an incognito window: a) On a Windows PC: Open your browser and press Ctrl+Shift+N; b) On a Mac: Open your browser and press Command+Shift+N; c) On mobile devices: Switch to private mode via the tab menu.
When you access our website in normal mode, your browser automatically sends certain information to our server, such as your browser type and version, and the date and time of your visit. This also includes your device’s IP address. This data is temporarily stored in a log file and automatically deleted after 30 days at the latest.
The processing of the IP address serves technical and administrative purposes for establishing a connection to our website. It ensures the security, stability, and functionality of the whistleblower form and is an essential part of our measures to guarantee the confidential submission of reports.
The processing of the logged data is based on Art. 6 (1) (f) of the GDPR. Our legitimate interest lies in the need for security and the necessity to ensure the technical prerequisites for the smooth and uninterrupted submission of reports.
Disclosure of names: You have the option to submit reports anonymously. However, unless prohibited by national law, we recommend that you provide your name and contact information. This allows us to better investigate the report and, if necessary, contact you directly. If you choose to provide your name and contact information, your identity will be treated as strictly confidential. Exceptions to this confidentiality apply only if we are legally required to disclose your identity. This may be necessary to protect or defend our rights or the rights of our employees, customers, suppliers, or business partners. Another exception applies if it is determined that the allegations were made with malicious intent.
Disclosure of data to third parties: Data related to the report is disclosed to third parties only under certain circumstances. This occurs either a) if you have given us your explicit consent in accordance with Art. 6 (1) (a) of the GDPR, or b) if there is a legal obligation to disclose the data in accordance with Art. 6 (1) (c) of the GDPR. Possible third parties include public authorities, government agencies, regulatory bodies, or tax authorities, if disclosure is necessary to comply with a legal or regulatory obligation. In addition, within the framework of legal provisions, we may engage attorneys and other professional advisors who are authorized to investigate alleged misconduct and, following an investigation, take the necessary measures, such as initiating disciplinary or legal proceedings. Furthermore, carefully selected and monitored service providers that we engage may also receive data for these purposes (e.g., operators of a web-based reporting tool). However, these service providers are contractually obligated to comply with applicable data protection regulations under a so-called data processing agreement.
Data retention and deletion: Personal data is processed only for as long as necessary to fulfill the processing purposes described above. Once the data is no longer needed for these purposes, it is deleted. In certain situations, however, the data may be retained for a longer period to comply with legal requirements, provided this is necessary and proportionate. In such cases, the data will be deleted as soon as it is no longer required for these purposes.
Technical and organizational measures: We have implemented the necessary contractual, technical, and organizational measures to ensure the security of all data we process. This data is processed exclusively for the stated purposes. Incoming reports are handled by authorized personnel who access the respective reports and conduct the subsequent fact-finding investigation. Our employees are specifically trained and educated to conduct these fact-finding investigations properly and are bound to strict confidentiality.
Types of data processed: Master data (e.g., names, addresses); employee data (e.g., employee master data, personnel files, job applications); contact information (e.g., email, phone numbers); Content data (e.g., text entries, photos, videos); usage data (e.g., websites visited, interest in content, access times).
Data subjects: Employees (e.g., staff members, job applicants); third parties; whistleblowers.
Purposes of processing: Protection of whistleblowers.
Legal basis: Consent (Art. 6 (1) (a) GDPR); compliance with a legal obligation (Art. 6 (1) (c) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).
Whistleblower Systems
We use external service providers as part of our whistleblower procedure. In doing so, we operate within the framework of legal requirements and ensure that the technical and organizational security measures we adhere to are also met by the external service providers.
Types of data processed: Master data (e.g., names, addresses); Employee data (e.g., employee master data, personnel files, job applications); contact data (e.g., email, phone numbers); content data (e.g., text entries, photos, videos); usage data (e.g., websites visited, interest in content, access times).
Data subjects: Employees (e.g., staff members, job applicants); third parties; whistleblowers; users (e.g., website visitors, users of online services); business and contractual partners.
Purposes of processing: Protection of whistleblowers. Security measures.
Legal basis: Consent (Art. 6 (1) (a) GDPR); compliance with a legal obligation (Art. 6 (1) (c) GDPR); legitimate interests (Art. 6 (1) (f) GDPR).
Additional information on processing activities, procedures, and services:
EQS Integrity Line: Whistleblowing channel and whistleblowing system; Service provider: EQS Group AG, Karlstraße 47, 80333 München, Germany; Legal basis: Compliance with a legal obligation (Art. 6 (1) (c) GDPR); Website: https://www.eqs.com/; Privacy Policy: https://www.eqs.com/about-eqs/data-protection/. Data processing agreement: Provided by the service provider.
Newsletter and Electronic Communications
We send newsletters and emails (hereinafter “newsletters”) only with the recipients’ consent or when permitted by law. If the content of a newsletter is specifically described during the sign-up process, that description is decisive for the user’s consent. In addition, our newsletters contain information about our services and our company.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name – so that we can address you personally in the newsletter – or additional information, if such information is necessary for the purposes of the newsletter.
Double-opt-in procedure: Subscription to our newsletter generally follows a so-called double-opt-in procedure. This means that after you subscribe, you will receive an email asking you to confirm your subscription. This confirmation is necessary to ensure that no one can subscribe using someone else’s email address. Newsletter subscriptions are logged so that we can verify the subscription process in accordance with legal requirements. This includes storing the time of subscription and confirmation, as well as the IP address. Changes to your data stored with the email service provider are also logged.
Deletion and restriction of processing: If you unsubscribe from our newsletter, we will delete your data immediately.
Content:
Information about us, our services, promotions, and special offers.
- Types of data processed: Master data (e.g., names, addresses); contact information (e.g., email, phone numbers); metadata, communication data, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status); usage data (e.g., websites visited, interest in content, access times).
- Data subjects: Communication partners.
- Purposes of processing: Direct marketing (e.g., via email);
- Legal basis: Consent (Art. 6 (1) (a) GDPR).
- Right to object (opt-out): You may unsubscribe from our newsletter at any time, i.e., withdraw your consent or object to receiving further newsletters. You will find a link to unsubscribe from the newsletter either at the end of each newsletter or you may use one of the contact options listed above, preferably email, for this purpose.
Additional information on processing procedures, methods and services.
- EQS Newsletter Formular: Advertising service for distributing the Investor Relations newsletter; Service provider: EQS Group AG, Karlstraße 47, 80333 München, Germany; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.eqs.com/de/ Privacy Policy: https://www.eqs.com/de/ueber-eqs/datenschutz/
Commerical communication by E-Mail
We process personal data for the purpose of sending promotional communications, which may be sent via various channels, such as email, in accordance with legal requirements.
Recipients have the right to revoke their consent at any time or to object to promotional communications at any time.
Following revocation or objection, we store the data necessary to prove prior authorization for contacting you or sending communications for up to three years, beginning at the end of the year in which the revocation or objection occurred, based on our legitimate interests. The processing of this data is limited to the purpose of potentially defending against claims. Based on the legitimate interest in permanently honoring users’ revocations or objections, we also store the data necessary to prevent further contact (e.g., depending on the communication channel, the email address and name).
- Types of data processed: Master data (e.g., names, addresses); contact information (e.g., email).
- Data subjects: Communication partners.
- Purposes of processing: Direct marketing (e.g., via email).
- Legal basis: Consent (Art. 6 (1) (a) GDPR). Legitimate interests (Art. 6 (1) (f) GDPR).
Web Analysis, Monitoring and Optimization
Web analytics (also referred to as “reach measurement”) is used to analyze visitor traffic to our online platform and may include pseudonymized data on visitor behavior, interests, or demographic information, such as age or gender. With the help of web analytics, we can, for example, determine at what times our online offering, its features, or its content are used most frequently, or encourage repeat visits. We can also identify which areas require optimization.
In addition to web analytics, we may also use testing methods to, for example, test and optimize different versions of our online offering or its components.
Unless otherwise specified below, profiles – that is, data aggregated for a specific usage session – may be created for these purposes, and information may be stored in a browser or on a device and retrieved from it. The information collected includes, in particular, websites visited and elements used on those sites, as well as technical details such as the browser and computer system used, and information regarding usage times. If users have consented to the collection of their location data by us or by the providers of the services we use, location data may also be processed.
Unless otherwise specified below, profiles – i.e., data aggregated for a specific usage session or user – may be created for these purposes and stored in a browser or on a device (so-called “cookies”), or similar methods may be used for the same purpose. The information collected includes, in particular, the websites visited and the elements used there, as well as technical information such as the browser used, the computer system used, and information regarding usage times. If users have consented to the collection of their location data or profiles by us or by the providers of the services we use, this data may also be processed, depending on the provider.
Users’ IP addresses are also stored. However, we use an IP masking process (i.e., pseudonymization by truncating the IP address) to protect users. In general, no personally identifiable user data (such as email addresses or names) is stored in the context of web analytics, A/B testing, and optimization; instead, pseudonyms are used. This means that neither we nor the providers of the software we use know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective processes.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication, and procedural data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Audience measurement (e.g., access statistics, identification of returning visitors); profiles containing user-related information (creation of user profiles); click tracking; A/B testing; feedback (e.g., collection of feedback via online forms); heat maps (users’ mouse movements, aggregated into an overall picture); marketing; conversion tracking (measuring the effectiveness of marketing measures). Provision of our online services and user-friendliness.
- Security measures: IP masking (pseudonymization of the IP address).
- Legal basis: Consent (Art. 6 (1) (a) GDPR).
Additional information on processing procedures, methods, and services:
- Microsoft Clarity: an analytics tool used to provide website usage statistics, session recordings, and heat maps, which are primarily generated by tracking mouse movements. The purpose is data collection and processing. Service provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521, Ireland. Legal basis: Consent (Art. 6 (1) (a) GDPR). Website: https://clarity.microsoft.com/; Privacy Policy: https://docs.microsoft.com/en-us/clarity/faq#privacy
- Piwik PRO: Audience measurement and web analytics; Service provider: Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany; Legal basis: Consent (Art. 6 (1) (a) DSGVO); Website: https://piwikpro.de. Privacy Policy: https://piwikpro.de/datenschutz.
Customer Reviews and Ratings
We participate in review and rating processes to evaluate, optimize, and promote our services. When users rate us or provide feedback through the participating review platforms or processes, the providers’ Terms and Conditions or Terms of Use and Privacy
Policies also apply. As a rule, submitting a review also requires registration with the respective providers.
To ensure that the reviewers have actually used our services, we transmit the necessary data regarding the customer and the service used (including name and email address) to the respective review platform with the customer’s consent. This data is used solely to verify the user’s authenticity.
- Types of data processed: Contract data (e.g., subject matter of the contract, term, customer category); usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
- Data subjects: Customers; users (e.g., website visitors, users of online services).
- Purposes of processing: Feedback (e.g., collecting feedback via an online form). Marketing.
- Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR).
Additional information on processing procedures, methods, and services:
- kununu: Review platform; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Legal basis: Legitimate interest (Art. 6 (1) (f) GDPR); Website: https://www.kununu.com/de. Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
- Google customer reviews: Service for collecting and/or presenting customer satisfaction and customer feedback; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; Legal basis: Legitimate interest (Art. 6 (1) (f) GDPR); Website: https://www.google.com/; Privacy Policy: https://policies.google.com/privacy; Legal basis for transfers to third countries: EU-US Data Privacy Framework (DPF); Further information: As part of the process of collecting customer reviews, we process an identification number and the date and time of the transaction being reviewed; for review requests sent directly to customers, we also process the customer’s email address and country of residence, as well as the review information itself. For more information on the types of processing and the data processed: https://business.safety.google/adsservices/. Privacy Policy for Google Ads (Controller-to-Controller) and Standard Contractual Clauses for data transfers to third countries: https://business.safety.google/adscontrollerterms.
Plugins and embedded functions and content
We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These may include, for example, graphics, videos, or city maps (hereinafter collectively referred to as “content”).
This integration always requires that the third-party providers of this content process the users’ IP addresses, as they would be unable to send the content to the users’ browsers without the IP address. The IP address is therefore necessary for the display of this content or these features. We make every effort to use only content whose respective providers use the IP address solely for the purpose of delivering the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. These “pixel tags” allow information – such as visitor traffic on the pages of this website – to be analyzed. This pseudonymous information may also be stored in cookies on the user’s device and may include, among other things, technical information about the browser and operating system, referring websites, the time of the visit, and other details regarding the use of our online service; it may also be linked to such information from other sources.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times); meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status); master data (e.g., names, addresses); contact data (e.g., email, phone numbers); content data (e.g., entries in online forms); location data (information regarding the geographic position of a device or a person).
- Data subjects: Users (e.g., website visitors, users of online services).
- Purposes of processing: Provision of our online services and user-friendliness.
- Legal basis: Consent (Art. 6 (1) (a) GDPR).
Additional information on processing procedures, methods, and services:
- Frankfurter Börse: An advertising service that allows users to display the stock price of Amadeus Fire AG; Service provider: ARIVA.DE AG, Neudeldtstraße 9, 24118 Kiel, Germany; Legal basis: Consent (Art. 6 (1) (a) GDPR); Website: https://www.ariva.ag/ Privacy Policy: https://www.ariva.ag/info/datenschutz/.
Changes and Updates to the Privacy Policy
We ask that you review the content of our Privacy Policy regularly. We will update the Privacy Policy as soon as changes to our data processing activities make it necessary to do so. We will notify you as soon as the changes require action on your part (e.g., consent) or any other individual notification.
If we provide addresses and contact information for companies and organizations in this Privacy Policy, please note that these addresses may change over time, and we ask that you verify the information before contacting them.