Privacy Policy

Privacy Policy

Below we inform you according to the legal requirements – in particular the EU General Data Protection Regulation (GDPR, which can be downloaded here) – regarding the processing of personal data through our company.

Table of Contents:

  1. General information
    1. Important terms
    2. Scope
    3. Responsible party
    4. Data protection officer
  2. Data processing in detail
    1. General information regarding data processing
    2. Accessing our services
  3. Rights of the persons affected
    1. Right of objection
    2. Right of access
    3. Right of rectification
    4. Right to erasure (“Right to be forgotten”)
    5. Right to restriction of processing
    6. Right to data portablility
    7. Right to withdraw a consent
    8. Right to lodge a complaint

I. General information

In this section of the privacy policy you will find information on the scope, the person responsible for the data processing, the data protection officer and data security. We also explain in advance the meaning of important terms used in the privacy policy.

1. Important terms

Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari)

Cookies: Text files that the called web server places on the user's computer by means of the browser used. The stored cookie information may contain both an identifier (cookie ID) that serves to recognize, as well as content such as registration status or information about visited websites. The browser sends the cookie information back to the web server with each new request on later, new visits to this page. Most browsers accept cookies automatically. You can manage cookies with the help of browser functions (mostly under “Options” or “Settings”).This may disable the storage of cookies d be made dependent on your approval in individual cases or otherwise restricted. You can also delet cookies at any time.

Third countries: Countries outside the European Union (EU)

GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), available here.

Personal data: Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, who can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Profiling: Any type of automated processing of personal data, which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests to analyze or predict the reliability, behavior, location or change of location of this natural person.

Services: Our offers to which this privacy policy applies (see Scope).

Tracking: The collection of data and their evaluation regarding the behavior of visitors relating to our services.

Tracking technologies: Tracking can be done either via the activity logs (log files) stored on our web servers or by collecting data from your device via pixel, cookies and similartracking technologies.

Processing: Any process or series of operations related to personal information, such as collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, performed with or without the aid of automated procedures through transmission, dissemination or any other form of provision, settlement or linking, restriction, erasure or destruction.

Pixel: Pixel also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered there. This allows the operator of the server to see if and when an email has been opened or a website has been visited. This function is usually realized by calling a small program (JavaScript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.

2. Scope

This Privacy Policy applies to the following offers:

  • our online offer „CyberSolutions GbmH (website), available in particular under,
  • whenever one of our offers (such as websites, subdomains, mobile applications, web services, or third-party affiliations) refers to this Privacy Policy, regardless of the way you access or use it.

All these offers are collectively referred to as „services

3. Responsible party

The responsible party for the processing of data - that is, the one who decides on the purpose and means of processing personal data - in connection with the services is:

CyberSolutions GmbH
Arabellastr. 23,
81925 München
Phone: +49 89 9250 3784

4. Data protection officer

You can contact our data protection officer via the contact data, mentioned under 3., to the attention of Data Privacy Department, or via aufnehmen.

II. Data processing in detail

In this section of the privacy policy, we will inform you in detail about processing of personal data as part of our services. For better clarity, we divide this information according to certain functionalities of our services. During the normal use of the services, different functionalities and thus also different processing operations can be used successively or simultaneously.

1. General information regarding data processing

The following applies to all processing operations described below, unless otherwise stated:

a) No obligation to provide & follow non-provisioning

The provision of personal information is not required by law or contract and you are under no obligation to provide any data. We will inform you as part of the submission process when the provision of personal information for the relevant service is required (for example, by the designation as "mandatory field"). In the case of required data, non-provisioning means that the service in question cannot be provided. Otherwise, the non-provision may result in our being unable to provide our services in the same form and quality.

b) Consent

In some cases, you may also give us your consent to further processing in connection with the processing described below (possibly for some of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent of all modalities and the scope of the consent and the purpose, which we pursue with these processing operations. The processing based on your consent is, therefore, not listed here again (Art. 13 (4) GDPR).

c) Transfer of personal data to third countries

When we send data to third countries, i.e. countries outside the European Union, then the transfer takes place only in compliance with the statutory eligibility requirements.

If the transmission of the data to a third countrydoes not serve the purpose of fulfilling our contract with you, we do not have your consent, the transmission is not required to assert, exercise or defend legal claims and otherwise no exceptions under Art. 49 GDPR apply, we only transfer your data to a third country, if there is an adequacy decision pursuant to Art. 45 GDPR Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR are given.

One of these adequacy decisions is Commission Implementing Decision (EU) 2016/1250 of 12th July 2016 on the so-called "US-US Privacy Shield" for the USA. For transfers to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered appropriate in the meaning of Art. 45 GDPR..

Alternatively or additionally, by concluding the EU standard data protection clauses issued by the European Commission with the receiving agency, appropriate guarantees pursuant to Art. 46 (2) c) GDPR and an adequate level of data protection are created. Copies of EU standard privacy clauses are available on the European Commission's website, available here.

d) Hosting with external service providers

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and, according to our instructions, also process personal data on our behalf. For all the functionalities listed below, personal data may be transmitted to hosting service providers. These service providers process data either exclusively in the EU or we have guaranteed an appropriate level of data protection using the EU standard data protection clauses (see c.).

e) Transmission to state authorities

We provide personal information to governmental agencies (including law enforcement agencies) when required to fulfill a legal obligation to which we are subject (legal basis: Art. 6 (1) c) GDPR)or it is required to assert, exercise or defend legal claims (legal basis Art. 6 (1) f) GDPR).

f) Storage period

In the section "Storage period" it is indicated in each case, how long we use the data for the respective processing purpose. At the end of this period, the data will no longer be processed by us but will be deleted at regular intervals, unless continuing processing and storage is required by law (in particular because it is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims ) or you give us an additional consent.

g) Data category labels

The following sections use the following summary category labels for specific types of data:

  • Account data: Login/user ID and password
  • People master data: Title, salutation/gender, first name, last name, date of birth
  • Address data: Street, house number, if necessary, addresses, zip code, city, country
  • Contact data: Telephone number(s), fax number(s), email address(es)
  • Registration data: : Information about the service you have signed up for; dates and technical information on registration, confirmation and deregistration; at the registration of you specified data
  • Order data: Ordered products, prices, payment and delivery information
  • Payment data: Account information, credit card details, other payment services like Paypal
  • Usage data distribution list:Accreditation topic, accreditation date, approval of usage restriction/consent, downloads of press materials.
  • User profile data newsletter: Opening the newsletter (date and time), contents, selected links, as well as the following information of the accessing computer system: used Internet Protocol address (IP address), browser type and version, device type, operating system and similar technical information.
  • Access data: Date and time of visit of our service; the page from which the accessing system came to our site; pages accessed during use; session identification data; and the following information about accessing the computer system: Internet Protocol address (IP address) used, browser type and version, device type, operating system and similar technical information.

2. Accessing our services

Here's how we describe how your personal information is processed when you access our services services (such as loading and viewing the website, opening and navigating within the mobile app). In particular, we point out that the transmission of access data to external content providers (see under b.) is inevitable due to the technical functioning of information transmission on the Internet. The third-party providers are responsible for the privacy-compliant operation of the IT systems they use. The decision on the storage period of the data is up to the service providers.

a) Intended purpose of the data processing and legal basis as well as possibly justified interests, storage period

Data category:
Access data
Intended purpose:
Connection setup; representation of the contents of the service; discovery of attacks on our site based on unusual activity; fault diagnosis
Legal basis:
Art. 6 (1) letter f) GDPR

Legitimate interest:

Proper function of the services; security of data and business processes; prevention of abuse; prevention of damage through interference with information systems

Storage period:
30 days

b) Recipient of personal data

Category or recipient:
External content providers who provide content (such as images, videos, embedded social networking postings, banner ads, fonts, update information, shortened links) required to view the service
Access data
Legal basis:
Art. 6 (1) letter f) GDPR

Legitimate interest:

Proper function of the services; (accelerated) presentation of the contents

Category of recipient:
IT security service
Affected data:
Access data
Legal basis:
Art. 6 (1) letter f) GDPR

Legitimate interest:

Preventing attacks by exploiting security breaches / vulnerabilities

III. Rights of the persons affected

1. Right of objection

If we process your personal data in order to operate direct mail, you have the right at any time, with future effect, to object to the processing of personal data relating to the Purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct mail.

For reasons arising out of your particular situation, you also have the right to object at any time, with future effect, to the personal data relating to processing, which occurs in accordance with Art. 6 (1) letters e) or f) GDPR; based on these provisions, this also applies to Profiling.

The right to object can be exercised free of charge.

Alternatively, you can reach us inter alia via the contact data contact data mentioned under I.3 or use the following approaches:
By email to:
By phone: +49 89 9250 3784

2. Right of access

You have the right to request confirmation from us as to whether personal data relating to you are being processed and, if applicable, for information about this personal data and the other information listed in Art. 15 GDPR..

3. Right of rectification

You have the right to demand immediate correction of incorrect personal data concerning you (Art. 16 GDPR). Taking into account the purpose of processing, you have the right to demand the completion of incomplete personal data, including by means of a supplementary statement.

4. Right to erasure ("right to be forgotten")

You have the right to demand that personal data relating to you be deleted without delay if one of the reasons stated in Art. 17 (1) GDPR applies and the processing is not required for one of the purposes set out in Art. 17 (3) GDPR.

5. Right to restriction of processing

You are entitled to request a restriction on the processing of your personal data, if one of the requirements set forth in Art. 18 (1) letters a) - d) GDPR..

6. Right to data portability

You have the right, under the conditions specified in Art. 20 (1) GDPR to obtain the personal data that you have provided us in a structured, common and machine-readable format, and the right to transfer that data to another person without Obstruction by us. In exercising the right to data transferability, you have the right to obtain that your personal data is transmitted directly by us to another responsible party, as far as technically feasible.

7. Right to withdraw a consent

Insofar as processing processing is based on your consent, you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of the consent until the revocation is not affected.

8. Right to lodge a complaint

You have the right of appeal to the supervisory authority responsible for our company. The supervisory authority responsible for our company is:
Landesamt für Datenschutzaufsicht [Data Protection Authority of Bavaria for the Private Sector], Promenade 18 (Schloss), 91522 Ansbach,

As of: 22nd May 2019