Introduction and Terms

1. Introduction

The operation of our website (in the following both also “website”) involves the processing of personal data. This data will be handled by us in a confidential manner and processed in accordance with the applicable laws, especially the General Data Protection Regulation (GDPR) and Germany’s Data Protection Act (BDSG). These data protection regulations are designed to inform you about the personal data we collect from you, what we use it for, the legal basis for the usage and, where applicable, with whom we share it. They will also inform you of your rights in regard to the protection of your data.

2. Terms

Our data protection regulations contain specialist terms used in GDPR and BDSG. For your better understanding we want to explain these terms in simple words:

2.1 Personal Data

“Personal data” is all information relating to an identified or identifiable person (art. 4 no. 1 GDPR). Details of an identified person could be their name or email address. However, data can also be described as personal if, despite the fact that a person’s identity cannot be deduced directly from the data, their identity can nonetheless be deduced by combining the data with other information. A person could for example be identified via their address or bank details, date of birth, username, IP address or location details. The key point is that any information that can be used in any way to identify a person can be described as personal data.

2.2 Processing

Under art. 4 no. 2 GDPR, “processing” describes any process applied to personal data. This especially includes the collection, capture, administration, classification, recording, amendment, printing , making available, use, disclosure, sharing, dissemination, provision, comparison, linking, restriction, erasure or destruction of personal data.

Data Controller and data protection officer

3. Data controller

The party responsible for data processing is:

Company:                                Gertrud digital GmbH (“wir”)

Statutory representative:     Sven Rebbert, Nils Langemann (managing director)

Address:                                  Nobistor 10, 22767 Hamburg


4. Data protection officer

We have appointed an external data protection officer:

C/O BBS Bier Brehm Spahn Partnerschaft Rechtsanwälte
Brandstwiete 46
20457 Hamburg

Processing parameters

5. Processing parameters: Website

We will process the personal data listed in detail under Article 6-11 below, when you use the website In this process, we will only process data from you that you actively enter on our Website (e.g. by completing forms) or that you provide automatically when using our offer.

Your data will exclusively be processed by us and these data will, as a matter of principle, not be sold, leased or provided to any third parties. Insofar as we use external service providers for the processing of your personal data, that will be done in the context of a cooperation with a so-called data processor, where we act as principal and are authorized to give instructions to our contractors. For the operation of our Website, we use external service providers for hosting, and for the maintenance, update and further development. Insofar as other external service providers will be used for individual processing activities that are listed in Article 6-11, they will be specified there.

We do, in general, not transfer any data to any third countries and this is not planned for the future either. Any exemptions from this principle will be explained in the types of processing activities listed below.

The Processing activities in detail

6.  Provision of website and logfiles

6.1  Description of processing

Whenever anybody visits our Website, we automatically collect information that their browser transfers to our server. These data will also be stored in the so-called log files of our system. This concerns the following data:

  • Your IP address
  • Your browser software, its version and language
  • Your operating system
  • The pages you visit on our website
  • The date and time of your visit to our website
  • Internet-Service-Provider

Your IP address is recorded in the log files only shortened by the last three digits.

6.2 Purpose

Your data is processed in order to facilitate access to our website, to ensure the website’s stability and security and to enable the statistical evaluation and improvement of our online service.

6.3 Legal Basis

The processing is required to protect our overriding legitimate interests (art. 6 para. 1 f) GDPR). Our legitimate interest lies in the purpose specified in 6.2.

6.4  Duration of Storage

Your data will be erased as soon as it is no longer required for the purpose for which it was collected. Where your data has been collected for the purposes of providing our website, it will no longer be required for this purpose when your session ends. The logfiles will be deleted after thirty days.


7.1 Description of processing

For contacting us we have provided a contact form on our website. In this form you will be asked to enter your e-mail address, your name and a message to us. If you press the “Send” button, the data will be transmitted to us using SSL encryption (see 12). The contact form can only be transmitted if you accept our data protection regulations by clicking on the corresponding checkbox. You can also contact us via the e-mail addresses provided on the website. In this case, the personal data transmitted with the e-mail will be processed by us.

7.2 Purpose

By providing a contact form on our website, we want to offer you a convenient way to get in touch with us. The data transmitted with and in the contact form or your e-mail will be used exclusively for the purpose of processing and answering your request.

7.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 7.2. If the e-mail contact is aimed at the conclusion or fulfilment of a contract, data processing is carried out to fulfil the contract (Art. 6 para. 1 lit. b DSGVO).

7.4 Storage period

The data is deleted by us as soon as it is no longer required for the purpose of its collection. This is usually the case when the respective communication with you has ended. The communication is terminated when it can be inferred from the circumstances that your request has been conclusively clarified. If statutory retention periods prevent deletion, deletion will take place immediately after expiry of the statutory retention period.

8. Google Analytics

8.1 Description of Processing

Our Website uses “Google Analytics”, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Analytics uses cookies (see Art. 11), which allow for an analysis of your use of our offer. We use Google Analytics in the version offered as “Universal Analytics” which allows for this analysis across devices by allocating the data to a pseudonymized user ID. The information created by the cookie are generally transferred to a Google server in the U.S. and stored there. But, we use Google Analytics exclusively with IP anonymization. This means that your IP address will be shortened by Google within the European Union member states or other states which are part of the European Economic Area before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S. and shortened there. The IP address transferred by your browser in the context of Google Analytics will not be combined with any other data from Google. The statistics created by Google Analytics record, in particular, how may users visit our Website, from which country or place they access the Website, which sub-pages they visit and through which links or search terms visitors come to our Website. For the terms of use for Google Analytics please visit An overview of the data privacy at Google Analytics can be retrieved from

You can see Google’s data privacy policy at

8.2 Purpose

The processing is done to be able to evaluate the use of our Website. The information gained in the process serve to improve our online presentation and to design it according to demand.

8.3 Legal Basis

The processing is necessary for the purposes of the legitimate interests pursued by the controller (Article 6(1) point f) of the GDPR). Our legitimate interest is the purpose mentioned in Article 8.2.

8.4 Storage period and right to object

For information on the storage period and an explanation of your control and setting options for cookies, please refer to Art. 11. You may object to the data processing by Google Analytics, at any time, by downloading and installing the browser add-on offered by Google at . Alternatively, you have the option to click on the following link. This will place an opt-out cookie on your device which prevents the future collection of your data when visiting this Website.

We will automatically delete any analysis data processed and stored by Google Analytics after 14 months.

8.5 Recipients and transfer to third countries

Google Analytics works for us as a service provider within the scope of an order processing. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. For more information on the EU-US Privacy Shield, please visit


9.1 Description of processing

Our website uses “reCAPTCHA”, a service operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (hereinafter referred to as “Google”). With reCAPTCHA we can use forms to check whether the input is made by a person or by automated software – in particular so-called bots. This enables us to protect our website from spam and misuse. In this context, your IP address, the time spent on the website, mouse movements made by you and possibly other data required for the service reCAPTCHA are transmitted to Google. You can find further information on data protection at Google at

9.2 Purpose

The processing takes place in order to protect forms on our website against misuse and spam.

9.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 9.2. If you are asked by us for consent within the scope of a cookie banner or cookie consensus tool, the legal basis is Art. 6 Para. 1 lit. a DSGVO. Such consent is voluntary.

9.4 Recipients and transfer to third countries

Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield. Further information on the EU-US Privacy Shield can be found at .

10.1 Description of processing

Our website does not use social media plugins. The logos of the social networks Twitter, LinkedIn and Xing displayed on our website are only linked to the corresponding profiles of our company. If you click on one of the logos, you will be redirected to the external website of the respective social network.

The social networks with which you communicate store your information using pseudonyms as usage profiles and use it for advertising and market research purposes. For example, advertisements within the social network and on other third-party websites may be displayed to you that correspond to your presumed interests. For this purpose, cookies are usually used, which the Social Network stores on your terminal device. Further information on cookies can be found in section 11. You have the right to object to the creation of these user profiles, for the exercise of which you must contact the social networks directly.

10.2 Purpose

We maintain profiles with the aforementioned social networks for the purpose of contemporary and supportive public relations and corporate communication with customers and interested parties.

10.3 Legal basis

The legal basis for data processing within the framework of our profiles on social networks is the protection of our overriding legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Section 10.2. If you are asked by us to give your consent within the scope of a cookie banner or cookie consensus tool, the legal basis is Art. 6 Para. 1 lit. a DSGVO. Such consent is voluntary. If the respective operator of a social network requests your consent, the legal basis is Art. 6 para. 1 lit. a DSGVO.

10.4 Recipients and transmission in third countries

The respective social networks are operated by the companies listed below. Further information on data protection with regard to our profile on the social networks can be found in the linked data protection provisions.

10.5 Linkedin Insight Tag Exception

We use the retargeting tool and the conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose the LinkedIn Insight Tag is incorporated into our webpage. LinkedIn uses it to collect statistical, pseudonymized data from your visit and use of our website and to provide us with the corresponding aggregated statistics based on these. In addition, this information serves to be able to show you relevant offers and recommendations specific to your interests, after you have inquired on the website about certain services, information and offers. The information in this regard is stored in a cookie. More information about Data Privacy of LinkedIn can be found here.

In this process this data will be collected and processed:

IP Address

Device information

Browser information

Referrer URL


The legal basis of the processing is your consent according to Art. 6 (1)(a) GDPR. If you do not want LinkedIn to collect and process the aforementioned data, you can refuse your consent or withdraw it at any time with effect for the future.

The data will be stored for as long as it is necessary for the purpose of the procession. The data will be deleted as soon as it is no longer needed for the processing purposes.

Data may be transferred to the USA as part of processing by LinkedIn. The security of the transmission is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a security level that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to ensure an adequate level of security, we will obtain your consent in accordance with Art. 49 (1)(a) GDPR prior to the data processing.

11.1 Description of processing

Our website uses cookies. Cookies are small text files that are stored on the user’s terminal device when a website is visited. Cookies contain information that enables the recognition of a terminal device and, if necessary, certain functions of a website. In most cases, we only use so-called “session cookies”. These are automatically deleted when you end your Internet session and close your browser. Other cookies remain stored on your end device for a longer period of time and enable partner companies to recognize your browser or computer (persistent cookies). Depending on the cookie, persistent cookies are automatically deleted depending on the specified storage period.

11.2 Purpose

We use cookies to make our website more user-friendly and to provide the features described in Clause 11.1. Among other things, we work with advertising partners to help us make our website as interesting as possible for you. For this purpose, cookies from third parties, our partner companies, may also be stored on your hard drive on our website. If we allow third parties to use such cookies, we will inform you in the following sections about the information collected in this way.

11.3 Legal basis

Processing is necessary to safeguard the overriding legitimate interests of the data controller (Art. 6 para. 1 lit. f DSGVO). Our legitimate interest lies in the purpose specified in Clause 11.2. If you are asked by us for consent within the scope of a cookie banner or cookie consensus tool, the legal basis is Art. 6 Para. 1 lit. a DSGVO. Such consent is voluntary.

11.4 Storage period, revocation of consent

Cookies are automatically deleted at the end of a session or at the end of the specified storage period. Since cookies are stored on your terminal device, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. If we obtain consent for the use of cookies via a cookie banner or a cookie consensus tool, you can revoke this consent at any time within the settings of the cookie banner or cookie consensus tool with effect for the future.

We have compiled the following links for you, which will lead you to instructions on how you can change the settings of common browsers. Further information can be found in the support menu of your browser:

Internet Explorer:





Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, individual functions of our website cannot be used or can only be used to a limited extent.

Security Measures

12. Security Measures

In order to protect your personal data from third-party access, we use SSL (secure sockets layer) or TLS (transport layer security) technology that encrypts the communication of data between our website and your device. You can identify SSL/TLS encryption via the small padlock logo on the left of the address bar of your browser.

Your rights

13. Data subject rights

With regard to the aforementioned data processing carried out by us, you have the following rights as a data subject:

13.1 Right of Access (Art. 15 GDPR)

You have the right to be informed by us if we are processing your personal data. If we are processing it, you have the right under art. 15 GDPR to be informed as to what data we are processing and the right to additional information as specified in art. 15 GDPR.

13.2 Rectification (Art. 16 GDPR)

You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you and were applicable to have incomplete personal data completed, including by means of providing a supplementary statement.

13.3 Erasure (Art. 17 GDPR)

You have the right to obtain from us the erasure of your personal data concerning without undue delay and we shall have the obligation to erase your personal data without undue delay where one of the following grounds under art. 17 GDPR applies (e.g. if your data is no longer required for the purpose for which we were using it).

13.4 Restriction of Processing (Art. 18 GDPR)

You have the right to demand that we restrict the processing of your personal data, provided that one of the criteria specified under art. 18 GDPR is met (e.g. if you dispute the accuracy of your personal data, its processing will be restricted for the period necessary for us to check its accuracy).

13.5 Data Portability (Art. 20 GDPR)

Subject to the criteria specified under art. 20 GDPR, you have the right to be given your data in a structured, commonly used and machine-readable format.

13.6 Withdrawal of Consent (Art. 7 Abs. 3 GDPR)

You have the right to withdraw your previously provided consent for data processing. The withdrawal will take effect from the time you request it (i.e. it will have future effect but no retroactive affect).

13.7 Complaints (Art. 77 GDPR)

If you believe that the processing of your personal data is in breach of GDPR, you can complain to a supervisory authority. You can submit your complaint to a supervisory authority in the EU member state where you are habitually resident or work or where the alleged breach took place.

13.8 Restraint on automated decision making/profiling (Art. 22 DSGVO)

Decisions that have legal consequences for you or that could have a significant detrimental affect on you must not be based solely on the automated processing of personal data, including profiling. We do not apply any such processing or profiling to your personal data.

13.9 Objection (Art. 21 DSGVO)

Where we process your personal data on the basis of art. 6 para. 1 f) GDPR in pursuit of our overriding legitimate interests, you have the right subject to art. 21 GDPR to object, provided your objection is based on grounds relating to your specific situation. Once you have objected, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Regardless of the aforementioned restrictions, and regardless of whether any special circumstances apply, you have the right to object at any time to the processing of your personal data for direct marketing purposes.