Privacy policy.

1. Introduction

With the following information, we would like to provide you, as the "data subject", with an overview of how we process your personal data and of your rights under data protection law. As a rule, it is possible to use our websites without providing any personal data. However, if you wish to make use of special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain your consent.

The processing of personal data, for example your name, address or e-mail address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to "FTAPI Software GmbH". With this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use and process.

As the controller responsible for the processing, we have implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed through this website. Nevertheless, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us by alternative means, for example by telephone or by post.

You too can take simple and easy-to-implement measures to protect yourself against unauthorised access by third parties to your data. We therefore offer you the following guidance on how to handle your data securely:

  • Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.

  • Only you should have access to the passwords.

  • Ensure that you only use your passwords for one account (login, user or customer account).

  • Do not use the same password for different websites, applications or online services.

  • In particular, when using publicly accessible IT systems or systems shared with other persons: always log out after each session on a website, application or online service.

  • Passwords should consist of at least 12 characters and be chosen in such a way that they are not easy to guess. Therefore, they should not contain common words, your own name or the names of relatives, but rather a mix of upper- and lower-case letters, numbers and special characters.

2. Controller

The controller within the meaning of the GDPR is:

FTAPI Software GmbH
Steinerstr. 15f, 81369 Munich, Germany
Telephone: +49 (0)89 230 6954 0
Email: info@ftapi.com

Representatives of the controller: Ari Albertini

3. Data Protection Officer

You can contact our Data Protection Officer as follows:

Carsten Knoop
Telephone: 05221 87292-01
Fax: 05221 87292-49
Email: datenschutz-ftapi@audatis.de

You may contact our Data Protection Officer directly at any time with any questions or suggestions concerning data protection.

4. Definitions of Terms

This privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our aim is for this privacy policy to be easily readable and understandable for the general public as well as for our customers and business partners. To achieve this, we would like to first explain the terminology used.

We use the following terms in this privacy policy, among others:

4.1 Personal Data
Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2 Data Subject
A data subject is any identified or identifiable natural person whose personal data are processed by the controller.

4.3 Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4 Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.

4.5 Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

4.6 Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

4.7 Processor
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4.8 Recipient
A recipient is a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

4.9 Third Party
A third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4.10 Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal Basis for Processing

Art. 6(1)(a) GDPR (in conjunction with § 25(1) TDDDG, formerly TTDSG) serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are party, as is the case, for example, with processing operations required for the delivery of goods or the provision of any other service or return, the processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations which are necessary for the implementation of pre-contractual measures, such as enquiries concerning our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were to be injured in our premises and his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1)(d) GDPR.

Ultimately, processing operations could be based on Art. 6(1)(f) GDPR. This legal basis is used for processing operations which are not covered by any of the above legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator. In this respect, he considered that a legitimate interest might be assumed if you are a customer of our company (Recital 47, Sentence 2 GDPR).

Our services are generally intended for adults. Persons under the age of 16 may not transmit personal data to us without the consent of their parents or legal guardians. We do not request, knowingly collect or pass on personal data of children or adolescents.

6. Disclosure of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

  • You have given your explicit consent in accordance with Art. 6(1)(a) GDPR,

  • The disclosure is permissible in accordance with Art. 6(1)(f) GDPR for the purpose of asserting, exercising or defending legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

  • In the event that there is a legal obligation for disclosure under Art. 6(1)(c) GDPR, or

  • It is legally permissible and necessary for the execution of contractual relationships with you in accordance with Art. 6(1)(b) GDPR.

To protect your data and, where applicable, to enable data transfers to third countries (outside the EU/EEA), we have entered into processing agreements based on the European Commission's standard contractual clauses. Where standard contractual clauses are not sufficient to ensure an adequate level of protection, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for the transfer. This does not apply to transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR.

7. Technology

7.1 SSL/TLS Encryption

This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact enquiries that you send to us as the site operator. An encrypted connection is indicated by the change in the browser’s address line from "http://" to "https://" and by the padlock symbol in your browser line. We use this technology to protect your transmitted data.

7.2 Data Collection When Visiting the Website

When using our website purely for informational purposes, i.e. if you do not register or otherwise provide us with information, and do not consent to processing requiring consent, we only collect the data that your browser transmits to our server (in so-called server log files). Our website collects a series of general data and information each time a page is accessed by a data subject or an automated system. These general data and information are stored in the server’s log files. The following data may be collected:

  1. Browser types and versions used

  2. The operating system used by the accessing system

  3. The website from which an accessing system arrives at our website (referrer)

  4. The subpages accessed on our website

  5. The date and time of access to the website

  6. A shortened IP address (anonymised IP address)

  7. The internet service provider of the accessing system

We do not draw any conclusions about the data subject when using this general data and information. Rather, this information is required to:

  1. Deliver the contents of our website correctly

  2. Optimise the content of our website and the advertising for it

  3. Ensure the long-term functionality of our IT systems and website technology

  4. Provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack

These anonymously collected data and information are therefore evaluated statistically and with the aim of increasing data protection and security within our company, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest arises from the purposes listed above.

7.3 Encrypted Payment Transactions

If, after the conclusion of a contract requiring payment, there is an obligation to transmit your payment data to us (e.g. account number in the case of a direct debit authorisation), this data is required for payment processing. Payment transactions via common means of payment (Visa/MasterCard or direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser. We use this technology to protect your transmitted data.

7.4 Cloudflare (Content Delivery Network)

Our website uses functions from CloudFlare, provided by CloudFlare, Inc., 665 3rd St. #200, San Francisco, CA 94107, USA. CloudFlare provides a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through CloudFlare’s network. CloudFlare is therefore able to analyse the data traffic between users and our websites, for example, to detect and defend against attacks on our services. Additionally, CloudFlare may store cookies on your device for optimisation and analysis.

You can configure your browser to notify you about the setting of cookies, to allow cookies only in specific cases, to exclude the acceptance of cookies in certain cases or in general, and to enable the automatic deletion of cookies upon closing the browser. Deactivating cookies may restrict the functionality of this website.

We have concluded a data processing agreement with CloudFlare based on the GDPR and the EU Standard Contractual Clauses. CloudFlare collects statistical data on the visit to this website. Access data include: name of the retrieved website, file, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (previously visited page), IP address, and requesting provider. CloudFlare uses the log data for statistical evaluations for the purpose of operation, security, and optimisation of the offer.

If you have given your consent to the use of CloudFlare, the legal basis for processing personal data is Art. 6 para. 1 lit. a) GDPR. We also have a legitimate interest in using CloudFlare to optimise and secure our online offer. The corresponding legal basis is Art. 6 para. 1 lit. f) GDPR. Personal data will be retained only as long as necessary for fulfilling the processing purpose. The data will be deleted as soon as they are no longer required for this purpose. This US-based company is certified under the EU-US Data Privacy Framework. Therefore, an adequacy decision in accordance with Art. 45 GDPR exists, allowing the transfer of personal data without further guarantees or additional measures. Further information about CloudFlare: https://www.cloudflare.com/privacypolicy/

7.5 Hosting by INTERDOTLINK / SYSELEVEN

Our website is hosted within the hosting network of INTERDOTLINK / SYSELEVEN. The server is located in Germany. When you visit our website, your personal data (e.g. IP addresses in log files) are processed on our dedicated server at SYSELEVEN. Use of SYSELEVEN is based on Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in a stable, secure, and reliable provision of our website. We have concluded a data processing agreement (DPA) with SYSELEVEN pursuant to Art. 28 GDPR. This obliges SYSELEVEN to process the data of our website visitors exclusively according to our instructions and in compliance with the GDPR. Further information on data protection at SYSELEVEN: https://www.syseleven.de/datenschutz-nutzungsbedingungen/

8. Cookies

8.1 General Information on Cookies

Cookies are small files that your browser automatically creates and stores on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie which in each case results in connection with the specifically used device. However, this does not mean that we thereby obtain direct knowledge of your identity.

The use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after you leave our site.

In addition, we also use temporary cookies to improve user-friendliness, which are stored on your device for a specified period. If you visit our site again to use our services, it will automatically recognise that you have already been with us and which inputs and settings you made, so that you do not have to re-enter them.

Furthermore, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These cookies allow us to automatically recognise on a return visit that you have already been to our site. These cookies are automatically deleted after a defined period. You can find the storage duration of the cookies in the settings of the consent tool used.

8.2 Legal Basis for Cookie Use

The data processed by cookies, which are required for the proper functioning of the website, are therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Art. 6 para. 1 lit. f) GDPR.

For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Art. 6 para. 1 lit. a) GDPR.

8.3 Usercentrics (Consent Management Tool)

We use the consent management tool "Usercentrics" provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Usercentrics collects data generated by end users who use our website. When an end user consents, the following data is automatically logged by Usercentrics:

  • Browser information

  • Date and time of access

  • Device information

  • URL of the visited page

  • Geographical location

  • Page path of the website

  • Consent status of the end user, which serves as proof of consent

The consent status is also stored in the browser of the end user so that the website can automatically read and observe the end user’s consent during future visits and sessions, for up to 12 months. Consent data (consent and withdrawal of consent) are stored for three years. The storage duration corresponds to the standard limitation period according to § 195 BGB. Afterwards, the data are deleted immediately or passed on to the controller in the form of a data export upon request.

The functionality of the website cannot be guaranteed without the described processing. There is no option for the user to object as long as the legal obligation to obtain the user’s consent to certain data processing exists (Art. 7 para. 1, Art. 6 para. 1 sentence 1 lit. c) GDPR).

Usercentrics is the recipient of your personal data and acts as a processor on our behalf.

Further details on Usercentrics: https://usercentrics.com/privacy-policy/

9. Content on Our Website

9.1 Contacting Us / Contact Form

If you contact us (e.g. via contact form or e-mail), personal data will be collected. Which data is collected when using a contact form can be seen from the respective form. This data is stored and used exclusively for the purpose of responding to your enquiry and for the associated technical administration.

The legal basis for data processing is our legitimate interest in responding to your enquiry in accordance with Art. 6 para. 1 lit. f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b) GDPR.

Your data will be deleted once your enquiry has been finally dealt with, provided that there are no statutory retention obligations to the contrary.

9.2 Application Management / Job Board

We collect and process personal data of applicants for the purpose of managing the application process. Processing may also take place electronically, particularly if an applicant sends the corresponding application documents to us electronically, for example by email or via a form on the website.

If an employment or service contract is concluded with the applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal requirements.

If no contract is concluded, the application documents will be deleted six months after notification of the rejection decision, provided that no other legitimate interests of ours conflict with deletion. Such a legitimate interest may exist, for example, in the event of a legal obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 6 para. 1 lit. b), Art. 88 GDPR in conjunction with § 26 para. 1 BDSG.

10. Newsletter Distribution

10.1 Newsletter to Existing Customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by e-mail. In this case, we are not required to obtain separate consent from you pursuant to § 7 para. 3 UWG.

Data processing in this context is based solely on our legitimate interest in personalised direct marketing pursuant to Art. 6 para. 1 lit. f) GDPR. If you initially objected to the use of your e-mail address for this purpose, no emails will be sent by us.

You are entitled to object to the use of your e-mail address for the above-mentioned advertising purposes at any time with future effect by notifying the controller specified above. You will incur only the transmission costs according to the basic rates.

Once your objection is received, the use of your e-mail address for advertising purposes will be stopped immediately.

10.2 Promotional Newsletter

You have the opportunity to subscribe to our company's newsletter via our website. The personal data that is transmitted to us when you order the newsletter can be seen in the input form used for this purpose.

We regularly inform our customers and business partners about our offers via a newsletter. The newsletter can generally only be received by you if:

  • you have a valid e-mail address, and

  • you register for the newsletter.

A confirmation e-mail will be sent to the e-mail address entered for the first time for newsletter delivery, in the double opt-in procedure. This confirmation e-mail serves to verify whether the owner of the e-mail address has authorised the receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the IT system used by the data subject at the time of registration, as well as the date and time of registration. The collection of this data is necessary to trace the possible misuse of the e-mail address at a later date and therefore serves our legal protection.

The personal data collected as part of a registration for the newsletter will be used exclusively for sending our newsletter. Furthermore, newsletter subscribers could be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances.

There will be no disclosure of personal data collected as part of the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. Consent to the storage of personal data that the data subject has given us for the newsletter service may be revoked at any time. For the purpose of revoking consent, a corresponding link is included in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us in another way.

The legal basis for data processing for the purpose of newsletter distribution is Art. 6 para. 1 lit. a) GDPR.

10.3 Newsletter Tracking

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such emails that are sent in HTML format to enable log file recording and analysis. This allows statistical evaluation of the success or failure of online marketing campaigns.

Based on the embedded tracking pixel, the company can see if and when an email was opened by a data subject, and which links contained in the email were called up.

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the controller in order to optimise newsletter distribution and to better tailor the content of future newsletters to the interests of the data subject. These personal data will not be passed on to third parties.

Data subjects are entitled to revoke the separate consent given by the double opt-in procedure at any time. After a revocation, these personal data will be deleted by the controller. Unsubscribing from the receipt of the newsletter is automatically interpreted as a revocation.

This evaluation is carried out in particular pursuant to Art. 6 para. 1 lit. f) GDPR on the basis of our legitimate interests in the display of personalised advertising, market research and/or the needs-based design of our website.

10.4 Mailchimp

Our e-mail newsletters are sent via the technical service provider Intuit Inc., The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA, to whom we pass on the data you provided when registering for the newsletter.

This transfer is carried out in accordance with Art. 28 GDPR based on a data processing agreement with MailChimp. MailChimp uses this information to send and evaluate the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are one-pixel image files stored on our website. In this way, it can be determined whether a newsletter message has been opened and which links have been clicked. Technical information is also recorded (e.g. time of retrieval, IP address, browser type and operating system).

These data are collected exclusively in pseudonymised form and are not linked to your other personal data; direct personal reference is excluded. The legal basis for processing your personal data in connection with the newsletter is your consent given in the double opt-in procedure in accordance with Art. 6 para. 1 lit. a) GDPR.

You may revoke your consent at any time. Furthermore, MailChimp may use this data itself on the basis of its legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR for the purpose of designing and optimising the service according to needs and for market research purposes, e.g. to determine from which countries the recipients come.

MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

This US company is certified under the EU-US Data Privacy Framework. Therefore, an adequacy decision in accordance with Art. 45 GDPR exists.

MailChimp’s privacy policy can be found at: https://mailchimp.com/legal/privacy/

11. Our Activities on Social Media Platforms

To communicate with you on social media and inform you about our services, we maintain our own pages on these platforms. If you visit one of our social media pages, we are jointly responsible with the provider of the respective platform for the data processing activities triggered by your visit, pursuant to Art. 26 GDPR.

We are not the original provider of these pages, but use them within the scope of the opportunities provided by the respective platform providers.

Please note that your data may also be processed outside the European Union or the European Economic Area. This use may pose data protection risks for you, as it may be more difficult to enforce your rights (e.g. access, erasure, objection, etc.), and processing in social networks is often conducted for advertising purposes or user behaviour analysis by the platforms themselves—outside of our control. Where user profiles are created by the platform, cookies are frequently used or user behaviour is linked to your own profile on the social network.

These data processing operations are based on our legitimate interests and those of the respective platform provider in communicating with users in a timely manner and informing them about our services, pursuant to Art. 6(1)(f) GDPR. If you are required to give consent to the processing of data by the respective providers, the legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

Since we do not have access to the platform providers' databases, we recommend asserting your rights (e.g. access, rectification, erasure, etc.) directly with the respective provider.

Further information on the processing of your personal data by the platforms we use can be found below:

11.1 Facebook (Objection to AI training submitted)
Joint controller in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Meta reserves the right to process content of EU users—such as photos, posts or comments—for training its AI models. We as a company have no influence over this data processing. The legal basis is legitimate interest under Art. 6(1)(f) GDPR. We have explicitly objected to Meta using our content for AI training.
Privacy Policy: https://www.facebook.com/about/privacy

11.2 LinkedIn
Joint controller in Europe: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

11.3 X (formerly Twitter)
Joint controller in Europe: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Policy: https://twitter.com/privacy
Your data overview: https://twitter.com/settings/your_twitter_data

11.4 XING (New Work SE)
Joint controller in Germany: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung
Access request for XING members: https://www.xing.com/settings/privacy/data/disclosure

11.5 YouTube
Joint controller in Europe: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy?hl=en

11.6 TikTok
Joint controller in Ireland: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
Privacy Policy: https://www.tiktok.com/legal/page/eea/privacy-policy/en

11.7 Instagram (Objection to AI training submitted)
Joint controller in Europe: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Meta reserves the right to process content of EU users—such as photos, posts or comments—for training its AI models. We as a company have no influence over this data processing. The legal basis is legitimate interest under Art. 6(1)(f) GDPR. We have explicitly objected to Meta using our content for AI training.
Privacy Policy: https://instagram.com/legal/privacy

11.8 Kununu (New Work SE)
Joint controller in Germany: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung

12. Web Analytics

12.1 Meta Pixel (formerly Facebook Pixel)

This website uses the "Facebook Pixel" of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"). If explicit consent has been given, user behaviour can be tracked after they have seen or clicked on a Facebook advertisement. This method is used to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help optimise future advertising measures.

When visiting the website, the following data may be processed by Meta Pixel:

  • IP address

  • Device information

  • Browser history

  • Interactions on our website (e.g., page views, clicks, conversions)

Meta stores and processes the data so that it can be linked to the respective user profile and Meta can use the data for its own advertising purposes in accordance with Meta's data usage policy (https://www.facebook.com/about/privacy/). Meta and its partners are thereby enabled to place advertisements on and outside of Facebook. A cookie may also be stored on your device for these purposes.

The collected data is stored by Meta for 180 days and then deleted unless the website is visited again by the user.

This processing occurs solely based on explicit consent pursuant to Art. 6(1)(a) GDPR.

This US company is certified under the EU-US Data Privacy Framework. Therefore, an adequacy decision exists under Art. 45 GDPR, allowing the transfer of personal data without further safeguards or additional measures.

12.2 LinkedIn Analytics

We use the retargeting tool and conversion tracking of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn).

For this purpose, the LinkedIn Insight Tag is integrated into our website, which enables LinkedIn to collect statistical data about your visit and the use of our website and provide us with aggregated statistics. This service also enables us to display interest-specific and relevant offers and recommendations after you have visited our website and viewed certain services or information. The relevant data is stored in a cookie.

The following data is typically collected and processed:

  • IP address

  • Device information

  • Browser information

  • Referrer URL

  • Timestamp

This processing only takes place with your explicit consent pursuant to Art. 6(1)(a) GDPR. Your data will be stored until you withdraw your consent.

Data may be transferred to the USA and Singapore. LinkedIn is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists. In addition, the security of data transfers is regularly ensured by standard contractual clauses (SCCs), which guarantee that the data processing meets the security level of the GDPR. If SCCs are not sufficient to ensure adequate protection, we will obtain your consent pursuant to Art. 49(1)(a) GDPR.

Further information: https://de.linkedin.com/legal/privacy-policy

12.3 Pardot

We use Pardot on our website, a CRM and marketing automation tool by Salesforce.com, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA. Within the EU, Salesforce acts through Salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich.

Pardot is a platform for automating marketing activities, particularly for managing contacts, conducting personalised campaigns, lead scoring, and analysing user behaviour on our website. This includes analysing forms, link or button clicks, and email open rates.

Data processing purposes:

  • Advertising and marketing

  • Optimisation of website content and campaigns

  • Lead generation and customer relationship management

Pardot may collect the following data:

  • IP address

  • Device ID

  • Operating system

  • Browser type

  • Number of page views

  • Log file data

  • Usage data (e.g., clicks, scrolling)

  • Form entries (e.g., name, email address)

  • Cookies and web beacons

Tracking technologies are used to recognise users and analyse interactions. Attribution to individuals only occurs if you have voluntarily entered personal data (e.g., via a form) and provided consent.

Salesforce may access the data during technical operations. A data processing agreement under Art. 28 GDPR has been concluded.

Processing is based on your consent in accordance with Art. 6(1)(a) GDPR, provided via our cookie banner.

Data will be deleted as soon as it is no longer required for the stated purposes.

Possible data transfers to third countries:

  • United States of America (based on the EU-US Data Privacy Framework – adequacy decision under Art. 45 GDPR)

  • United Kingdom (based on a separate EU adequacy decision)

Details: https://www.salesforce.com/company/privacy/full_privacy/

12.4 Hotjar

This website uses Hotjar, provided by Hotjar Ltd., Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta.

Hotjar helps analyse user behaviour on our website. For example, mouse movements, scrolls, and clicks can be recorded. Hotjar may detect how long your mouse hovered over specific areas. This information is used to generate heatmaps indicating the most viewed parts of the website.

We can also determine how long users stay on a page and when they leave, where form entries were abandoned (conversion funnels), and collect direct user feedback.

Hotjar uses cookies to improve usability, effectiveness, and security. These cookies help detect whether the same device has visited the site and whether Hotjar functions are disabled. Cookies remain until deleted by the user.

You may configure your browser to inform you about cookie settings and restrict, block, or delete cookies. Disabling cookies may limit website functionality.

Processing occurs only with explicit consent pursuant to Art. 6(1)(a) GDPR.

More information: https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar

12.5 Plausible Analytics

We use Plausible Analytics, a privacy-friendly web analytics service provided by Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia.

Plausible allows us to evaluate the use of our website statistically. No cookies are set and no personal data is stored. All information is fully anonymised. Processing is entirely server-side and without profiling.

Collected data may include:

  • Viewed pages and URL paths

  • Referrer (previous site)

  • Device type, operating system, browser type

  • Country (based on anonymised IP)

  • Time and duration of visits

Plausible deliberately avoids tracking IDs, cookies, or cross-device recognition. Processing is based on our legitimate interest under Art. 6(1)(f) GDPR in anonymous analysis to optimise our website.

All data is processed exclusively within the EU and not shared with third parties.

More information: https://plausible.io/data-policy

12.6 Leadfeeder (B2B Website Analytics & Lead Tracking)

We use Leadfeeder, provided by Dealfront Group GmbH (formerly Liidio Oy / Leadfeeder), Durlacher Allee 73, 76131 Karlsruhe, Germany.

Leadfeeder is a tool for B2B lead generation. It uses IP addresses to identify which companies have visited our website and links this with publicly available company data.

Processed data includes:

  • IP address

  • Date and time of visit

  • Visited pages and referrer URLs

  • Device information (OS, browser type)

  • Company reference (if derivable from IP)

  • Possibly cookie or tracking data

Processing occurs based on your consent under Art. 6(1)(a) GDPR.

Purpose: targeted B2B communication, visitor behaviour analysis, and website optimisation.

Data is processed within the EU. The data is deleted once no longer required. Data recipient: Dealfront Group GmbH.

More information: https://www.leadfeeder.com/privacy/

12.7 Microsoft Clarity

We use Microsoft Clarity, a web analytics service of Microsoft Corp., One Microsoft Way, Redmond, WA, USA.

Pseudonymised user profiles are created, and cookies are set. Processed data includes:

  • Browser type/version

  • Operating system

  • Referrer URL

  • IP address

  • User behaviour on the website

  • Mouse movements and clicks

This data is used for website usage analysis, reporting, and to tailor our website for market research purposes.

Processing occurs only with explicit consent under Art. 6(1)(a) GDPR.

Microsoft is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement

13. Advertising

13.1 Google Ads (AdWords) Remarketing/Retargeting
We use Google Ads on this website. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

We use this service to advertise this website in Google search results and on third-party websites. For this purpose, Google places a cookie in your browser, which automatically enables interest-based advertising based on the pages you have visited.

Further data processing occurs only if you have given Google your consent for your web and app browsing history to be linked to your Google account and for information from your Google account to be used to personalise ads. If you are logged into Google while visiting our site, Google will use your data in combination with Google Analytics data to create and define target group lists for cross-device remarketing. For this, your personal data will be temporarily linked with Google Analytics data.

This processing occurs exclusively with your consent pursuant to Art. 6(1)(a) GDPR.

Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists, meaning data transfers to the US are permitted without further safeguards.

Privacy Policy and additional info: https://www.google.com/policies/technologies/ads/

13.2 Google Ads with Conversion Tracking
We use Google Ads with conversion tracking. When you click on a Google ad, a conversion cookie is placed on your device. This cookie expires after 30 days and does not serve to identify you.

If you visit specific subpages of our website while the cookie is active, both we and Google can detect that you clicked on the ad and were redirected to that page. The information collected using the conversion cookie is used to create conversion statistics. We receive the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

The conversion cookie stores data such as:

  • Pages visited

  • IP address

  • Device/browser information

  • Referrer URLs

This processing occurs exclusively with your consent pursuant to Art. 6(1)(a) GDPR.

Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Policy: https://www.google.de/intl/de/policies/privacy/

13.3 Google Ads with Enhanced Conversions
We also use Google Ads enhanced conversions. We transmit self-collected personal data (e.g., phone numbers, email addresses) to Google to help track and attribute conversions more accurately. This data is matched with event data from Google Ads.

As part of this, personal data including IP addresses may be transmitted to Google servers in the USA and possibly shared with third parties.

This processing occurs exclusively with your consent pursuant to Art. 6(1)(a) GDPR.

Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

More info:
https://www.google.de/intl/de/policies/privacy/
https://support.google.com/adspolicy/answer/9755941

13.4 Google Ads – Additional Information on Consent Mode (Basic Implementation)
Under the Digital Markets Act, Google is required to obtain user consent before processing data for personalised advertising. Google fulfils this requirement with "Consent Mode."

We use the basic implementation. Only when you consent to the use of Google Ads is a connection to Google established and the processing activities described above initiated. If you do not consent, no code is executed, and no cookies are set.

13.5 LinkedIn Ads
We use LinkedIn Ads on this website, provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

This service allows us to advertise our company on the LinkedIn network. A cookie placed in your browser enables interest-based advertising based on pages you visited.

Processing occurs exclusively with your consent under Art. 6(1)(a) GDPR. Data is deleted when it is no longer needed or upon withdrawal of consent.

Data may be transferred to the USA and Singapore. LinkedIn is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists. Further secured by Standard Contractual Clauses (SCCs) as needed.

Privacy Policy: https://de.linkedin.com/legal/privacy-policy

13.6 Microsoft Advertising (formerly Bing Ads)
We use Microsoft Advertising, operated by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Microsoft Advertising enables advertising on Bing and Microsoft’s ad network. Using conversion tracking, Microsoft and we can analyse actions taken by users such as clicks or purchases. Microsoft uses cookies or similar technologies for recognition.

Data processed includes:

  • Truncated IP address

  • Browser details

  • Visited URLs

  • Referrer URL

  • Time of request

  • User interactions

Processing occurs only with your explicit consent under Art. 6(1)(a) GDPR.

Microsoft is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Statement: https://privacy.microsoft.com/de-de/privacystatement

14. Partner and Affiliate Programmes

14.1 DoubleClick
This website includes components from DoubleClick by Google, a brand of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, that markets special online marketing solutions to advertising agencies and publishers.

DoubleClick transmits data with each impression, click or other activity to its servers. If your browser accepts the request, DoubleClick places a cookie on your device. This cookie is used for ad optimisation and to display advertisements. It can serve to display user-relevant ads and to compile or improve campaign reports. It also prevents the same ad from appearing multiple times.

DoubleClick uses a cookie ID necessary for its technical processes, such as displaying an ad in a browser or tracking which ads were already shown. It also facilitates conversion tracking.

The DoubleClick cookie does not contain personal data. However, it may include additional campaign identifiers used to identify campaigns you've previously interacted with.

Each time a page with a DoubleClick component is accessed, the component causes the browser to transmit data to Google for online advertising and commission billing. Google may track that you clicked certain links on our site.

This processing is carried out exclusively with your consent pursuant to Art. 6(1)(a) GDPR.

Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Policy: https://www.google.com/intl/de/policies/

15. Plugins and Other Services

15.1 Getty Images
This site integrates components from Getty Images. The operator is Getty Images International, 1st Floor, The Herbert Building, The Park, Carrickmines, Dublin 18, Ireland. Getty Images is part of the Getty Images group headquartered at 605 5th Avenue South Suite 400, Seattle, WA 98104, USA.

Getty Images offers stock photography and allows (possibly free) embedding of images. When embedded, external content (text, video, images) is displayed automatically on the site. Getty explains embedding here: https://www.gettyimages.de/resources/embed

By implementing the embed code, your IP address and browser/device data (browser type, language, access time, interaction with content) may be transmitted to Getty Images and analysed.

Processing is carried out solely with your consent pursuant to Art. 6(1)(a) GDPR.

Getty Images is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Policy: https://www.gettyimages.de/enterprise/privacy-policy

15.2 Google Maps
This website uses Google Maps (API), operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It enables geographic visualisation via interactive maps.

Upon loading pages that integrate Google Maps, your IP address and additional usage data are transmitted to Google servers in the USA, if you have consented under Art. 6(1)(a) GDPR. The service may also load Google Web Fonts, Photos, and Stats.

Google may associate this data with your Google account if logged in. To avoid this, log out of your Google account beforehand. Even for users not logged in, Google stores usage profiles and evaluates them. You can object to this profiling directly with Google.

You may disable Google Maps entirely by deactivating JavaScript in your browser. However, this will render the map display unavailable.

Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Terms: https://www.google.de/intl/de/policies/terms/regional.html
Maps Terms: https://www.google.com/intl/de_US/help/terms_maps.html
Privacy Policy: https://www.google.de/intl/de/policies/privacy/

15.3 Google Tag Manager
We use Google Tag Manager, operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It enables management of website tags via a user interface.

Tag Manager may trigger other tags that collect data, but it does not access this data itself. Disabling cookies or tags at browser/domain level applies to all tags implemented via Google Tag Manager.

Processing is carried out solely with your consent pursuant to Art. 6(1)(a) GDPR.

Google LLC is certified under the EU-US Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Policy: https://www.google.com/intl/de/policies/privacy/

15.4 Matomo Cloud
We use the web analytics service Matomo Cloud, provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo helps us analyse user behaviour on our website in order to optimise content and improve usability. Data is stored on servers located within the European Union. Matomo acts as our processor and only processes data in accordance with our instructions.

The following data may be processed:

  • Anonymised IP address (last two blocks removed)

  • Pages visited

  • Dwell time

  • Referrer URL

  • Click behaviour

  • Device type

  • Operating system

  • Screen resolution

  • Browser information

Matomo uses cookies to recognise returning visitors and enable analysis. These cookies contain no personal data.

Processing is based on your consent in accordance with Art. 6(1)(a) GDPR. No data is disclosed to third parties. Data is stored in anonymised form for 12 months and then automatically deleted.

Further information: https://matomo.org/privacy/

15.5 Chili Piper
We use Chili Piper, a service for automated scheduling and form processing, provided by Chili Piper, Inc., 228 Park Ave S, PMB 86178, New York, NY 10003-1502, USA.

Chili Piper allows efficient coordination of appointments and intelligent routing of form submissions, such as real-time booking or assigning to relevant team members.

The following data may be processed:

  • Name and email address

  • Telephone number (if entered in forms)

  • IP address

  • Device and browser information

  • Date and time of request

  • Pages visited and referrer URL

  • Form content (voluntary input)

Depending on context, processing is based either on your consent pursuant to Art. 6(1)(a) GDPR or for the performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.

Data may be transferred to the USA. Chili Piper is certified under the EU-U.S. Data Privacy Framework. An adequacy decision under Art. 45 GDPR exists.

Privacy Policy: https://www.chilipiper.com/privacy-policy

15.6 Spotlightr (Video Hosting and Tracking)
We use Spotlightr, a service for embedding and analysing video content, provided by Spotlightr, LLC, 651 N. Broad St., Suite 201, Middletown, DE 19709, USA.

Spotlightr enables privacy-compliant video playback and analysis of user interaction with videos (e.g. playback duration, play/pause, drop-off points). Spotlightr uses cookies or similar technologies and may incorporate third-party services such as jsDelivr, Cloudflare, bunny.net CDN and sc.gl.

The following data may be processed:

  • IP address

  • Browser and device information

  • Playback behaviour (e.g. start, pause, duration)

  • Referrer URL and visited pages

  • Timestamps and approximate location (derived from IP)

Processing is based on your consent pursuant to Art. 6(1)(a) GDPR.

Data may be transferred to the USA. The transfer is secured by standard contractual clauses under Art. 46 GDPR.

Further information: https://spotlightr.com/privacy-policy

16. Your Rights as a Data Subject

16.1 Right to Confirmation
You have the right to obtain confirmation from us as to whether personal data concerning you are being processed.

16.2 Right of Access (Art. 15 GDPR)
You have the right at any time to obtain from us, free of charge, information about the personal data stored about you and a copy of this data in accordance with the statutory provisions.

16.3 Right to Rectification (Art. 16 GDPR)
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

16.4 Right to Erasure (Art. 17 GDPR)
You have the right to request that the personal data concerning you be erased without undue delay, where one of the grounds provided by law applies and to the extent that the processing or storage is not necessary.

16.5 Right to Restriction of Processing (Art. 18 GDPR)
You have the right to request the restriction of processing where one of the statutory conditions is met.

16.6 Right to Data Portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, where the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that the rights and freedoms of others are not adversely affected.

16.7 Right to Object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
In individual cases, we process personal data for direct marketing purposes. You may object at any time to the processing of personal data concerning you for the purposes of such marketing. This also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, we will no longer process the personal data for these purposes.
You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
You are free, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.

16.8 Right to Withdraw Consent Under Data Protection Law
You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

16.9 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority about our processing of personal data.

17. Routine Erasure and Blocking of Personal Data

We process and store your personal data only for the period necessary to achieve the purpose of storage or where this is provided for by law.
If the purpose of storage no longer applies or a statutory retention period expires, the personal data will be routinely blocked or erased in accordance with the legal provisions.

18. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the expiry of the period, the corresponding data will be routinely erased, provided that they are no longer required for the fulfilment or initiation of a contract.

19. Currency and Amendments of This Privacy Policy

This privacy policy is currently valid and is dated July 2025.

Due to the further development of our websites and offers or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website at https://www.ftapi.com/datenschutz.

This privacy policy was created with the support of the data protection software: audatis MANAGER.