Data protection consultancy from certified data protection officers

Privacy Policy

COGITO Gesellschaft für computergestützte Unternehmensberatung mbH Konzeption und Realisierung (hereafter ““) strictly adheres to all relevant data protection regulations, in particular those of the EU General Data Protection Regulation (GDPR).

This data protection information covers the use of and its subsidiaries’ digital services on all Internet-enabled mobile devices. The digital services may contain links to other third party service provider websites that are not covered by this privacy statement.

1. Note on the data controller

The data controller for the processing of your personal data is COGITO Gesellschaft für computergestützte Unternehmensberatung mbH Konzeption und Realisierung, represented by the managing director Malte Rheingans, Am Dreisberg 8, 33617 Bielefeld, Telephone: +49 40 350 77 660, Fax: +49 40 350 77 677, If you have any questions about data protection with us, please write to us at the aforementioned postal address, with the addition “Data protection” or at the e-mail address

2. Purposes and legal basis of data processing – What do we use your data for?

2.1 Data processing for the provision of contractual services

We process your personal data in order to process the contractual relationships and to be able to submit contractual offers tailored to your requirements. The collection of the data takes place in particular for the conclusion of a contract.

We collect obligatorily only those personal data, which are absolutely necessary for the completion of the contractual relations. This information is marked with an asterisk in the respective contracts and forms. The collection of data, which is not absolutely necessary, but in which we are interested is only optional. In this case you decide on a voluntary basis if and which data you want to give us.

For your order we may need your correct name, address and payment data. We ask for your e-mail address and possibly your telephone number so that we can confirm your order and communicate with you in case of questions or problems regarding the service you have commissioned.

The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

2.2 Data processing for communication with you

In addition to the contract data, we process your communication data (address, telephone number, e-mail address) in order to be able to contact you. Personal data that you provide to us by e-mail or via the contact form on this website will only be processed for correspondence with you or only for the purpose for which you have made the data available to us.

The basis for data processing is Art. 6 para. 1 s. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

2.3 Log files

Each time our websites are accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. The stored data records contain the following data: Date and time of access, name of the page accessed, shortened IP address of the website visitor, referrer URL (URL from which you came to the website), the amount of data transferred, as well as product and version information of the browser used. The shortened IP addresses are deleted or made anonymous after seven days. This data cannot be assigned to specific persons. These data will not be merged with other data sources.

The data processing is based on Art. 6 para. 1 s. 1 lit. f GDPR, which permits the processing of data to safeguard the legitimate interests of the data controller, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. Our interest is to avoid illegal use of our website.

2.4 Data processing for the fulfilment of legal obligations

In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations). The basis for data processing is Art. 6 para. 1 s. 1 lit. c GDPR, which permits processing to fulfil a legal obligation.

3. Data security

Your personal data will be transmitted securely by us through encryption. We use the coding system SSL (Secure Socket Layer). You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.

If you would like to send us encrypted e-mails, we will be happy to provide you with our public key. You need a PGP encryption software (e.g. PGP or GnuPG). If you would also like to receive encrypted e-mails from us, please let us know your public key at the same time.

4. Categories of recipients of personal data

Your personal data will only be passed on to third parties or otherwise transmitted if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the passing on of such data. Service providers who support us in providing our services to you are software (SaaS) providers, hosting providers and e-mail service providers.

5. Duration of data storage

In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep your data for the period during which claims can be asserted against our company (statutory limitation period of three or up to thirty years).

6. Rights of the data subject

You can request information about your personal data stored by us and under certain conditions request the correction or deletion of your data by contacting us via our contact data given above. You may also have the right to restrict the processing of your data and to have the data you provide disclosed in a structured, common and machine-readable format. If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future. You may object to the processing of your data for direct marketing purposes. If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation. You can also contact a data protection supervisory authority.