Skip to main content

Data Protection

1. Preamble

Below we inform you about the details of data protection when visiting our website. The use of our website is usually possible without providing personal data.

Insofar as personal data is collected when visiting our websites, we process this exclusively in accordance with the Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG).
The processing of personal data takes place exclusively in accordance with this privacy policy.

This privacy policy applies to the use of the website at the address For linked content from other providers, the data protection declaration stored on the linked website is authoritative.

We point out that in the context of data transmission via the Internet security gaps may occur, which can not be prevented even by the technical design of this website. Complete protection of personal data is not possible when using the Internet.

2. Definitions

This data protection declaration is based on the terms used by the European Directive and Ordinance when adopting the Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this Privacy Policy:

Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Person concerned
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

Profiling is any type of automated processing of personal data which consists in using such personal data in order to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller or person responsible for the processing
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.

Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

3. Responsible entity, Art. 13 para. 1 lit. a DSGVO

Responsible for the processing of personal data in the context of the use of this website:

SGS proderm GmbH

Kiebitzweg 2

22869 Schenefeld/Hamburg

Telefon: (040) 839 358-0

E-Mail: info(at)

Managing director authorized to represent the company: Alida Helena Scholtz

4. Data Protection Officer

We have appointed as data protection officer: 

Magnus Johannsen
Heidenkampsweg 99
20097 Hamburg


5. Hosting

Our website is operated on servers of

Mittwald CM Service GmbH & Co.KG

Königsberger Str. 4 - 6

32339 Espelkamp

We have concluded an order processing agreement with 'Mittwald CM Service GmbH & Co.KG'.

When our websites are accessed, data is automatically collected and stored in log files on our hoster's server. This data may have a personal reference. Among the data collected are:

  • IP address
  • Date
  • Time
  • Pages accessed
  • Logs Status code
  • Data volume
  • Referrer
  • User agent called
  • Hostname

The IP addresses are stored anonymously. For this purpose, the last one to three digits are removed, i.e. becomes 127.0.0.*. IPv6 addresses are also anonymized.

The hoster uses the collected data to ensure the trouble-free operation of the website as well as to ensure IT security and to improve our offer. In case of concrete indications, the log data may be analyzed subsequently. The temporary storage of the IP address by the hoster is necessary to enable delivery of the website to the user's computer. For this purpose, your IP address must remain stored for the duration of the session.

This data is not merged with other data sources.

The legal basis for the data collection is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest in the data collection results from the purposes mentioned.
The data is deleted by the hoster as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the event that the data is stored in log files, this technical information is deleted or made unrecognizable after 60 days at the latest.
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility for you to object.

6. Cookies

In addition to the previously mentioned data, cookies are used on your computer when you use and visit our website.

When you visit our website for the first time, you will be asked whether you agree to the use of cookies and, if so, which categories you agree to. Cookies are small text files that are stored by your browser on your terminal device to store certain information. Furthermore, these cookies are used to make the use of our offer more pleasant and comfortable for you or for analytical purposes.
Most of the cookies we use are so-called "session cookies". They serve to make the services of our website technically available to you. After your visit, these cookies are automatically deleted from your browser.

Other cookies remain on your computer and cause us to recognize your terminal device on your next visit (so-called persistent or permanent cookies).
The next time you visit our website with the same terminal device, the information stored in cookies is read either by our website ("first party cookie") or by another website to which the cookie belongs ("third party cookie").

These cookies are automatically deleted from your system after a preset period of time, which differs depending on the cookie. Through the stored and returned information, the respective website recognizes that you have already called up and visited it with the browser of your end device.

We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your terminal device.
Any further storage of personal data will only take place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.
This website uses the following types of cookies, the scope and functionality of which are explained below:

- Essential cookies: Essential cookies ensure functions without which you cannot use our websites as intended. These cookies are used exclusively by us and serve, for example, to ensure that you, as a registered user, always remain logged in when accessing various sub-pages of our website and thus do not have to re-enter your login data each time you call up a new page. The legal basis of the use is our legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f DSGVO.

- Functional cookies: Enable our website to save information already provided and offer you improved functions based on this. The legal basis for the use of these cookies is your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.

You can revoke this consent to the cookies at any time with effect for the future under the following link:

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, e.g. third-party cookies (cookies that are set by a third party, i.e. not by the actual Internet site on which you are currently located), exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. You can delete cookies stored with the help of your web browser at any time.

You have the option to generally deactivate cookies in your browser at any time. However, when cookies are disabled, the functionality of this website may be limited.

Delete cookies
Cookies are stored on your terminal device until you delete these cookies, which is possible at any time. Furthermore, expired cookies are automatically deleted by your browser if you have set up your browser accordingly. Expired cookies are no longer sent to our servers by your browser and can therefore no longer be used by us.

Here you can find information on how to delete cookies from your browser and manage cookie settings for the most popular browsers:

Desktop-PC / Laptop

-           Microsoft Edge

-           Mozilla Firefox

-           Apple Safari

-           Google Chrome

Mobile devices

-           Google Chrome (Android)

-           Google Chrome (iOS)

-           Apple Safari (iOS)

-           Samsung Internet (Android)

-           Mozilla Firefox (Android)

If you have not made or do not make any deviating settings, cookies that enable or are intended to ensure the required technical functions remain on your terminal device until you close the browser; other cookies may remain on your terminal device for longer (maximum 6 months).

To safeguard your privacy, you should regularly check the cookies on your respective terminal device as well as your browsing history and delete them on your own.

7. SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties (end-to-end encryption). The protocols authenticate the communication partner and ensure the integrity of the transported data.

8. Storage duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be deleted once these reasons no longer apply.

9. Contact options

On our website there is the possibility to contact us by e-mail and contact form.

In this context, your information from the form and from the e-mail, including the contact data you provide there, will be stored and processed by us for the purpose of processing the request and in case of follow-up questions. This data (e.g. first name, last name, company, e-mail address, IP address) will not be disclosed to third parties without your consent.

The data is not merged with other data collected on this website.

The contact form is sent encrypted using TLS technology. The encryption serves to prevent unauthorized access to your personal data by third parties.

The processing of this data is based on Art. 6 (1) p. 1 lit. b DSGVO, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 p. 1 lit. f DSGVO).

The data you provide in the contact form or in the e-mail will remain with us until you request us to delete it, you object to the processing or the purpose for storing the data no longer applies (e.g. after processing your request has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

10. Applications (e-mail/application form)

On our website you have the opportunity to apply in our company.

For this purpose, we accept digital applications, regardless of whether you are applying for a position we have advertised or whether it is a speculative application. You can find the separate data protection information for applicants under this link.

11. Newsletter sending with Inxmail

We use the service Inxmail for sending newsletters. The provider is Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany (hereinafter called "Inxmail").

Inxmail is a software for personalized newsletters and automated email campaigns, as well as for the analysis and evaluation of newsletter campaigns. The data you enter for the purpose of receiving newsletters is stored on Inxmail's servers.

The following personal data may be processed by Inxmail as a result:

  • Name
  • Address
  • E-mail address
  • Meta and communication data
  • Device information
  • IP address Usage
  • Data Interests
  • Access times

We would like to point out that we evaluate your user behavior when sending the newsletter.

For example, we can determine whether a newsletter message has been opened and which links, if any, have been clicked. This serves purely statistical purposes.

For this purpose, the newsletters contain so-called web beacons or tracking pixels. These are pixel-sized files that are retrieved from the Inxmail GmbH server when the newsletter is opened. These web beacons or tracking pixels can be used to measure interactions with the newsletters.

Cookies from Inxmail are stored on your terminal device.

Technical information, such as data on the browser and your system, your IP address and the time of the retrieval are collected by the retrieval of the tracking pixel.

This technical and statistical information is used by Inxmail exclusively for the technical improvement of the services.

Inxmail also allows us to subdivide ("cluster") newsletter recipients based on various categories. In doing so, the newsletter recipients can be subdivided according to age, gender or place of residence, for example.

This information is not assigned to individual newsletter recipients, but is only processed anonymously.

The evaluations allow us to recognize the reading habits of our users and to adapt our content to you.

Under certain circumstances, you as a newsletter recipient may be directed to an Inxmail website, e.g. if you select the link contained in our newsletters, under which you can call up the newsletters online (for example, in the event of display problems in the email program).

The data processing is based on your consent according to Art. 6 para. 1 p. 1 lit.a DSGVO. You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

If you do not want any analysis by Inxmail, you must unsubscribe from the newsletter. For this purpose, we provide you with a corresponding link in each newsletter. Furthermore, you can unsubscribe from the newsletter using the following link:

Unsubscribe Newsletter

At the same time, your consent to sending via Inxmail and the statistical analyses will expire.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter list and will be deleted from our servers as well as from the servers of Inxmail after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

You can also prevent the collection as well as the processing of your personal data by Inxmail by preventing the storage of third-party cookies on your computer, using the ""Do Not Track"" function of a supporting browser, deactivating the execution of script code in your browser or installing a script blocker such as NoScript ( or Ghostery ( in your browser.

You can find more information on objection and removal options for the Inxmail service at:

We have concluded an order data processing contract with Inxmail. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

Revocation of consent: You can object to the use of your data at any time with effect for the future. You will find a way to de-subscribe from the newsletter at the end of each newsletter mail or under this link.

12. hCaptcha

We use the anti-spam system hCaptcha for our website. The service provider is the American company Intuition Machines Inc, 350 Alabama St, San Francisco, CA 94110, USA.

The purpose of hCaptcha is to check whether the data entry on our websites (e.g. in a contact form) is made by a human or by an automated program. For this purpose, hCaptcha analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, hCaptcha evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). This analysis starts automatically as soon as a page with activated hCaptcha is called. If hCaptcha is used in "invisible mode", these analyses can run completely in the background. In that case, you will not be notified about this analysis as long as no prompt is displayed.

The data processing is based on Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in protecting our website from abusive automated spying and SPAM.

hCaptcha also processes data from you in the USA, among other places. We would like to point out that according to the opinion of the European Court of Justice, there is currently no adequate level of protection for the transfer of data to the USA. This may be associated with various risks for the legality and security of data processing.

As a basis for data processing with recipients located in third countries (outside the European Union, Iceland, Liechtenstein, Norway, thus especially in the USA) or a data transfer there, hCaptcha uses so-called standard contractual clauses (= Art. 46. para. 2 and 3 DSGVO).

Standard Contractual Clauses (SCC) are templates provided by the EU Commission and are intended to ensure that your data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA). Through these clauses, hCaptcha undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here, among other places:

The Data Processing Agreements, which reference the Standard Contractual Clauses, can be found at

To learn more about the data processed through the use of hCaptcha and Intuition Machines' privacy policy, please see the privacy policy at and

13. Profiles in social networks

Our presences on social networks and video platforms, which we name in the following, serve an active and up-to-date communication with our customers and interested parties. We provide information there about our services, products and interesting special promotions relating to our company and our services. For more information about us as a social media channel provider, please visit our

In the following, we provide you with the data protection information pursuant to Art. 13 of the General Data Protection Regulation (DSGVO) regarding the social media sites operated by us:

13.1.  LinkedIn (company profile)

For recruitment purposes, we use the professional and career network "LinkedIn" and maintain a company profile there. LinkedIn is operated by LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085 USA, or if you have your registered office or place of residence in the EU, LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn").

When visiting our company profile on LinkedIn, your data may be automatically collected and stored by LinkedIn for market research and advertising purposes as well as for the placement of job offers that are presumably of interest to you. So-called usage and interest profiles are created from this data using pseudonyms. Cookies are generally used on your terminal device for this purpose.

You will be informed about the function of cookies as part of the data protection instruction and the cookie policy of LinkedIn, so please see the corresponding notes there. In these cookies, the visitor behavior and the interests of the users are stored.

Furthermore, we obtain a statistical evaluation from the data collected as to which groups of people are interested in our company website. The data is processed anonymously in such a way that it cannot be traced back to individual persons, for statistical evaluations that may contain information on the approximate geographical location or age group and other summary characteristics.

If you are asked by LinkedIn for consent (agreement) to data processing, e.g. with the help of a checkbox, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future, whereby you must contact LinkedIn for this purpose. Data processing carried out up to the time of the revocation remains lawful.

For detailed information on the processing and use of data by LinkedIn, as well as a contact option and your rights and settings options in this regard to protect your privacy, please refer to LinkedIn's privacy policy, which can be found at the following link:

LinkedIn's cookie policy can be found at the following link:

The data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 DSGVO, which you can view here:

Regardless of the internal responsibilities agreed between us and LinkedIn, you can contact us or our data protection officer as well as LinkedIn with all data protection-related inquiries.

Since there is no EU Commission adequacy decision for the transfer of personal data to the USA, we have concluded standard data protection clauses with LinkedIn within the meaning of Art. 46 (2) lit. c DSGVO.

14. Your rights and assertion of rights

You are entitled to the rights listed below. You can assert these against us. To assert them, please use the above data or contact us by e-mail at: info(at)


In accordance with Art. 15 DSGVO, you have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

Pursuant to Art. 16 DSGVO, you have the right to request the correction of inaccurate or incomplete personal data stored by us without delay;

In accordance with Art. 17 DSGVO, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims;

Restriction of processing:
In accordance with Art. 18 DSGVO, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;

Data portability:
In accordance with Art. 20 DSGVO, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;

Revocation of your consent:
In accordance with Art. 7 (3) DSGVO, you have the right to revoke your consent at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Please address your revocation to the data given above or by mail to: info(at)

Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1. p. 1 lit. e) or f) DSGVO; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
You have the possibility, in connection with the use of information society services

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision is necessary for the conclusion or performance of a contract between you and the controller, is permitted by Union or Member State law to which the controller is subject, and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or is made with your explicit consent.

However, these decisions must not be based on special categories of personal data pursuant to Article 9(1) of the GDPR, unless Article 9(2)(a) or (g) of the GDPR applies and appropriate measures have been taken to protect the rights and freedoms and your legitimate interests.

Complaint to a supervisory authority:
In accordance with Art. 77 DSGVO, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

15. Status of the data protection notice

The constant development of the Internet makes it necessary to make adjustments to our privacy policy from time to time. We reserve the right to make corresponding changes at any time.

Status: December 2022

proderm is now part of SGS proderm is now part of SGS