Privacy Policy

To view this policy in German follow this link

Last updated 6th May 2026

1. General Information
1.1 What is personal data

Personal data is any information that discloses or can disclose the identity of the user. We adhere to the principle of data minimisation. As far as possible, we avoid the collection of personal data.

1.2 Handling of personal data

Personal data is used exclusively for the establishment, content design, execution, or settlement of the contractual relationship (Art. 6(1)(b) GDPR).

Furthermore, personal data will only be processed if we have received your consent (Art. 6(1)(a) GDPR) or if the processing is necessary for our legitimate interests and an assessment shows that no overriding interests, fundamental rights, or freedoms on your part conflict with this (Art. 6(1)(f) GDPR).

We may use processors to process your personal data, with whom we have concluded a data processing agreement. Any further disclosure of personal data to third parties will only take place insofar as this is necessary to fulfill the purposes described in this privacy policy or where there is an appropriate legal basis.

Personal data is in particular disclosed to the following categories of recipients:

hosting providers
IT and web service providers
providers of analytics and tracking technologies
providers of security services (e.g. spam and bot detection)
credit agencies as part of credit checks

Data is only disclosed insofar as this is required to fulfill the respective purposes.

Where personal data is transferred to service providers in third countries (in particular the USA), this is carried out on the basis of an adequacy decision of the European Commission (e.g. EU-U.S. Data Privacy Framework) and, in addition, on the basis of Standard Contractual Clauses in accordance with Art. 46 GDPR.

We point out that, despite existing safeguards, there is a residual risk in the case of data transfers to the USA, in particular due to possible access by government authorities, without effective legal remedies being available against this.

1.3 Usage data

When you visit the website, general technical information is collected. This includes the IP address used, time, duration of the visit, browser type, and, if applicable, the referring page. For technical reasons, this usage data is registered in a log file. The processing is carried out for the purposes of ensuring IT security, system stability, and error analysis and may also be used for the statistical analysis of this website. This usage data is not linked with your other personal data.

1.4 Duration of storage

We store your personal data after the purpose for which it was collected has been fulfilled only for as long as is required by law (especially tax law).

In particular, the following retention periods apply:

Type of data	Retention period
Tax and commercial law accounting obligations	6 years (general) / 10 years (accounting records). The period begins at the end of the calendar year in which the last entry was made in the book, the annual financial statement was prepared, the commercial or business letter was received or sent, or the accounting record was created.
Invoices	10 years
Consents for data processing under data protection law	For as long as the data subject can assert rights.
(Electronic) correspondence with no tax relevance	For as long as necessary for the fulfillment of the task, unless the processing serves the establishment, exercise, or defense of legal claims.
Usage data according to Section 1.3 of this privacy policy	max. 30 days

1.5 Obligation to provide personal data

The provision of personal data is partly required by law or by contract or necessary for the conclusion of a contract. Without the provision of this data, we may not be able to process inquiries or conclude a contract.

2. Your Rights
2.1 Right of access

You can request information from us as to whether we process personal data about you and, if so, you have a right to access this personal data and the other information specified in Art. 15 GDPR.

2.2 Right to rectification

You have the right to have inaccurate personal data concerning you rectified and may request the completion of incomplete personal data in accordance with Art. 16 GDPR.

2.3 Right to erasure

You have the right to request that we erase the personal data concerning you without undue delay. We are obliged to erase it without undue delay, in particular if one of the following reasons applies:

your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
you withdraw your consent on which the processing was based, and there is no other legal ground for the processing;
your data has been processed unlawfully.

The right to erasure does not apply to the extent that your personal data is necessary for the establishment, exercise, or defense of our legal claims.

2.4 Right to restriction of processing

You have the right to request that we restrict the processing of your personal data if:

you contest the accuracy of the data and we are therefore verifying its accuracy;
the processing is unlawful and you oppose the erasure and request the restriction of its use instead;
we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims;
you have objected to the processing of your data and it is not yet clear whether our legitimate grounds override your grounds.

2.5 Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without hindrance from us, provided that the processing is based on consent or a contract and the processing is carried out by automated means.

2.6 Right to withdraw consent and right to object

Insofar as the processing of your personal data is based on consent (Art. 6(1)(a) GDPR), you have the right to withdraw this consent at any time. This does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

Insofar as the processing of your personal data is based on Art. 6(1)(e) GDPR or Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

2.7 General and right to lodge a complaint

The exercise of your aforementioned rights is generally free of charge for you. In case of complaints, you have the right to contact the data protection supervisory authority responsible for us directly.

2.8 Automated individual decision-making, including profiling

Automated decision-making in accordance with Art. 22 GDPR, i.e. decisions based solely on automated processing—including profiling—which produce legal effects concerning you or similarly significantly affect you, does not take place.

3. Data Security
3.1 Data security

All data on our website is secured by technical and organizational measures against loss, destruction, access, modification, and dissemination.

3.2 Sessions and cookies

To operate our website, we use cookies or server-side sessions in which data can be stored. Cookies are small files that are stored on your hard drive by a website to automatically recognize you on your next visit.

We use technically necessary cookies, which are essential for the proper operation of our website, on the basis of our legitimate interest in a flawless and functional operation of our website (Art. 6(1)(f) GDPR in conjunction with § 25(2) No. 2 TDDDG).

In addition, we use cookies and comparable technologies that require consent, in particular for analysis, marketing, and personalization purposes. The legal basis for this is your consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. You can withdraw your consent at any time with effect for the future via the cookie settings provided on our website, without affecting the lawfulness of the processing carried out until the withdrawal.

Your consents are managed via a Consent Management Platform (CMP). There you can view and change your settings at any time. Detailed information on the cookies and services used can be found in the cookie settings.

4. Presence on Social Media Platforms

We use the following social media platforms for company presentation and communication (explicit reference is made to the privacy policies and opt-out options linked below).

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany)

Kununu (NEW WORK AUSTRIA XING kununu onlyfy GmbH, Schottenring 2-6, 1010 Vienna, Austria)

These social media platforms may process personal data outside the EU; in this respect, we refer you to the privacy policies of the social media platforms listed above.

The respective social media platforms may create usage profiles from your usage behavior and the resulting interests and actions on your part and store cookies on your device in which your usage behavior is recorded. If you have an account on the respective social media platform and are logged in, your usage behavior may be stored independently of the device. Your usage profile may be used, for example, to place advertisements that presumably correspond to your interests.

We process personal data exclusively for the purpose of communicating with you via the social media platform you have chosen and for optimizing our online presence. The legal basis is our legitimate interest in external presentation and communication (Art. 6(1)(f) GDPR). Insofar as you have already given the respective operator of the social media platform effective consent to the corresponding data processing, the processing of your personal data will also be based on this consent (Art. 6(1)(a) GDPR).

Insofar as we jointly determine, together with the respective platform operator, the purposes and means of processing (e.g. for analytics and statistics functions), we act as joint controllers within the meaning of Art. 26 GDPR. The respective joint controller arrangements can be viewed from the platform operators.

5. Third-Party Services
5.1 Google Tag Manager

This website uses Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Tag Manager is a service that allows website tags to be managed centrally. The tool itself does not process any personal data; it only triggers other tags that may, in turn, collect data.

Through Google Tag Manager, other services are integrated that may themselves process personal data. The processing of this data takes place exclusively on the basis of the respective legal bases of the integrated services, in particular your consent pursuant to Art. 6(1)(a) GDPR.

The use of Google Tag Manager itself is based on our legitimate interest in the efficient management of our website technologies (Art. 6(1)(f) GDPR). Google’s privacy policy can be found at: https://policies.google.com/privacy.

5.2 Google Analytics

This website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), for the purpose of analyzing user behavior for statistical evaluation and optimization of our online offering. Google Analytics uses “cookies”, which are small text files stored on your computer that allow an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website usage.

The use of Google Analytics is based exclusively on your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG). You can withdraw your consent at any time via the cookie settings on our website.

You can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Google’s privacy policy can be found at: https://policies.google.com/privacy.

5.3 Google Maps

This website uses Google Maps, a map service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), for the purpose of providing interactive maps to improve user-friendliness. When using Google Maps, data about the use of the map functions by visitors to the website is collected, processed, and used, and in particular your IP address is transmitted to Google servers.

The use of Google Maps is based exclusively on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Google Maps is only loaded after your active consent via our consent tool. Without your consent, no connection is established to Google’s servers and no data is transferred. You can withdraw your consent at any time with future effect.

You can view Google’s privacy information at https://policies.google.com/privacy. You can view the supplementary terms of use for Google Maps at http://www.google.com/intl/de_de/help/terms_maps.html.

5.4 Google reCAPTCHA

This website uses the reCAPTCHA service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), for the purpose of protection against abusive use and the defense of automated attacks (spam/bots). The function is used to distinguish whether an input is made by a human or abusively by automated machine processing.

The use of reCAPTCHA is based exclusively on your consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. reCAPTCHA is only activated after your active consent. In this context, personal data, in particular your IP address and information about your usage behavior, is transmitted to Google. For this purpose, your input is transmitted to Google and further used there. Your IP address will be truncated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by your browser as part of reCAPTCHA will not be merged with other Google data. You can withdraw your consent at any time with future effect.

Google’s privacy policy applies, which can be found at https://policies.google.com/privacy.

5.5 Google Web Fonts

For the uniform display of fonts on this website, we use so-called Web Fonts provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). To enable these fonts to be displayed in the user’s browser, a connection to Google’s servers is established when a page is accessed. In this process, your IP address is transmitted to Google.

This process occurs exclusively on the basis of your explicit consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG, which you grant via our consent banner. Without your consent, no connection is established to Google’s servers and therefore no data is transferred. You can withdraw your consent at any time with future effect. Google’s privacy policy can be found at: https://policies.google.com/privacy. Further information on Google Web Fonts can be found at: https://developers.google.com/fonts/faq.

5.6 YouTube

This website and the integrated offers contain embedded videos from YouTube. YouTube is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). By embedding YouTube videos, a connection to YouTube’s servers is established when the respective page is called up, whereby YouTube is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile.

The use of YouTube is based exclusively on your consent (Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG). You can withdraw your consent at any time via the cookie settings on our website. For the purpose and scope of the data collection and your rights and setting options for protecting your privacy, please refer to YouTube’s privacy policy at: http://www.youtube.com/t/privacy/.

5.7 Use of ChatGPT Enterprise

For internal efficiency enhancement and to assist in the creation and editing of texts, we use the “ChatGPT Enterprise” service from the provider OpenAI, L.L.C., 3180 18th Street, San Francisco, CA 94110, USA. This is based on our legitimate interests in an efficient and technologically advanced design of our internal processes (Art. 6(1)(f) GDPR). We have chosen the Enterprise version as OpenAI contractually guarantees that the entered data and conversations (“prompts”) are not used to train its global AI models. Furthermore, data processing is carried out on servers within Europe.

5.8 Use of the Transcription Feature in Microsoft Teams

For online meetings and internal communication, we use Microsoft Teams, a service of Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Within Microsoft Teams, a feature for creating notes and transcripts (recording in text form) may be used to document the content of the conversation. This feature is only activated if all participants have given their explicit consent at the beginning of the meeting in accordance with Art. 6(1)(a) GDPR and have been notified of the recording. The purpose of creating these notes is for internal documentation and follow-up of the discussed content. You have the right to withdraw your consent at any time with future effect.

6. Hosting

Our website is hosted by the following external service provider for the purpose of providing and operating the website and ensuring stability and security:

netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe

The (personal) data collected on this website is stored on the servers of the aforementioned third-party provider. This may include, among other things, IP addresses, contact requests, meta and communication data, contract data, contact data, names, website access, and other data generated via a website. The use of the hosting provider is based on our legitimate interest in the secure, fast, and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). The aforementioned third-party provider will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

7. Application Procedure

You may apply to us electronically, by telephone, or in writing. Your information will be used exclusively for the processing of your application and will not be passed on to unauthorized third parties. Please note that if you submit your application by email, unencrypted emails are not transmitted in a manner that protects against unauthorized access.

The processing of your personal data in the context of the application procedure is primarily based on § 26 BDSG (German Federal Data Protection Act) for the purpose of carrying out the application process. In addition, Art. 6(1)(b) GDPR may apply insofar as the processing is necessary for the decision on the establishment of an employment relationship.

Your personal data will be deleted immediately after completion of the application procedure, at the latest after 6 months. Consent to longer storage is only obtained if this is required for a specific further use of your application documents (e.g. inclusion in a talent pool).

8. Creditreform Boniversum GmbH

For the purpose of assessing creditworthiness in the context of contract conclusions, our company regularly checks your creditworthiness when concluding contracts and, in certain cases where a legitimate interest exists, also for existing customers. For this purpose, we cooperate with Creditreform Boniversum GmbH, Hammfelddamm 13, 41460 Neuss, Germany, from which we receive the required data. On behalf of Creditreform Boniversum, we hereby inform you in advance of the following information in accordance with Art. 14 EU GDPR:

Creditreform Boniversum GmbH is a consumer credit agency. It operates a database in which creditworthiness information about private individuals is stored. On this basis, Creditreform Boniversum issues credit reports to its clients. Clients include, for example, credit institutions, leasing companies, insurance companies, telecommunications companies, receivables management companies, mail-order, wholesale and retail businesses, and other companies that supply goods or services. Within the framework of the applicable legal provisions, part of the data available in the credit database is also used to supply other company databases, including for the purpose of address trading. The database of Creditreform Boniversum stores information in particular on the name, address, date of birth, email address (if applicable), payment history, and shareholding relationships of individuals.

The legal basis for the processing is our legitimate interest in assessing creditworthiness in the context of contract conclusions (Art. 6(1)(f) GDPR), which exists in particular in the following areas: credit decisions, business initiation, shareholdings, receivables, credit checks, insurance contracts, and enforcement information. Where you have given your express consent, processing additionally takes place on the basis of Art. 6(1)(a) GDPR. If data is transferred to countries outside the EU, this is done on the basis of the so-called Standard Contractual Clauses.

The data is stored by the provider for as long as knowledge thereof is necessary for the fulfillment of the purpose of storage. As a rule, such knowledge is necessary for an initial storage period of three years. Upon expiry of this period, it is assessed whether continued storage is necessary; if not, the data is deleted to the exact day. If a matter is resolved, the data is deleted three years after resolution to the exact day. Entries in the debtor register are deleted in accordance with § 882e of the German Code of Civil Procedure (ZPO) three years after the date of the entry order, to the exact day. Further information can be found at www.boniversum.de/bonipedia/ under the heading “Data Deletion”.

If you have given your consent to the processing of data stored by Creditreform Boniversum, you have the right to withdraw this consent at any time. The withdrawal does not affect the lawfulness of the processing of your data carried out on the basis of your consent prior to any such withdrawal.

You can view the privacy policy of Creditreform Boniversum GmbH here: https://www.boniversum.de/datenschutzerklaerung

9. Contact

If you contact us (e.g. by email, telephone, or via a contact form), we process the data you provide, in particular your name, email address, telephone number (if provided), and the content of your inquiry, for the purpose of processing and responding to your request. The legal basis for this is Art. 6(1)(b) GDPR, insofar as the contact is related to pre-contractual or contractual measures, and otherwise Art. 6(1)(f) GDPR (legitimate interest in communication with inquirers).

To contact us regarding data protection, you can contact the controller.

Controller within the meaning of the GDPR:

Kintyre Management GmbH

Schillerstraße 27

60313 Frankfurt am Main

Phone: +49 (0) 69 800 850 10

Email: info@kintyre.de

Our Data Protection Officer is also at your disposal:

Rechtsanwalt Cornelius Matutis

Berliner Straße 57

14467 Potsdam

Phone: +49 (0) 331 813 284 70

Email: datenschutz@matutis.de