EU Group Companies

Privacy Policy (applied to the group companies in EU except the Netherlands)

We take data protection seriously

The protection of your privacy when processing personal data (hereinafter referred to as “data”) is an important concern for us. We process your data only according to the legal requirements.

When you visit our website, our web servers store the IP address of your Internet service provider, the website from which you visit us, the web pages you visit on our website and the date and duration of your visit. This information is absolutely necessary for the technical transmission of the web pages and secure server operation. A personalized evaluation of this data does not take place.

If you send us data using the contact form, this data is stored on our servers in the course of data backup. Your data will only be used by us for processing your request. Your data will be treated in strictest confidence. It will not be forwarded to third parties.

Automatically saved data

Server log files

The provider of the site automatically collects and saves information in so-called server log files, which your browser automatically sends to us. These are:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transmitted, file not found, etc.)
  • Web browser and operating system used
  • Complete IP address of the requesting computer
  • Transmitted data quantity


This data is not combined with other data sources. Processing is carried out in accordance with Article 6 (1) (f) of the GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

For reasons of technical security, in particular to prevent attempts to attack our web server, this data is temporarily stored by us. It is not possible for us to draw conclusions about individual persons on the basis of this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. The data is also processed in anonymous form for statistical purposes; it is not compared with other databases or forwarded to third parties, even in excerpts. Only in the context of our server statistics, which we publish every two years in our activity report, does a presentation of the number of page views take place.


When you visit our internet site we may save information on your computer in the form of cookies. Cookies are small files which are transferred from an internet server to your browser and stored on its hard disk. Only the Internet Protocol address is stored here - no personal data.

This information, which is saved in the cookies allows us automatically to recognize you when you next visit our website, which makes usage easier for you. The legal basis for the use of cookies is the legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Naturally, you can also visit our web pages without accepting cookies. If you do not want your computer to be recognized on your next visit, you can also reject the use of cookies by changing the settings in your browser to "Reject cookies". You will find the respective procedure in the operating instructions of your corresponding browser. However, if you refuse cookies, this may lead to a limitation in the use of some areas of our web pages.

Google Tag Manager

This website uses Google Tag Manager. The Tag Manager does not record any personal data.

The tool triggers other tags, which, in turn, may collect data. Google Tag Manager does not access this data. If a deactivation was undertaken at domain or cookie level, this remains for all tracking tags which are implemented with Google Tag Manager. Google's privacy policy for this tool can be found here:

Google Analytics with Anonymization function

We use Google Analytics, a web analysis service of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter "Google". Google Analytics uses so-called cookies, text files which are stored on your computer and thereby enable an analysis of your use of the website.

The information generated by these cookies, such as the time, location and frequency of your website visits, including your IP address are sent to Google in the USA and stored there.

On our website we use Google Analytics with the suffix "_gat._anonymizeIp". In this case, Google will already reduce your IP address within member states of the European Union, or in other signatory states to the Agreement on the European Economic Area and thereby anonymize it.

Google will use this information to evaluate your use of our site, to compile reports on website activity for us and to provide other services related to website and internet use. Google may also forward this information to third parties if this is required by law or if third parties process this data on behalf of Google.

Google will, according to its own statements, under no circumstances, associate your IP address with other Google data. You can prevent the installation of cookies by a corresponding setting of your browser software; however, we would like to point out that, in this case, you may not be able to use all the functions of our website to their full extent.

Furthermore, Google offers a Deactivation add-on for the most popular browsers, which gives you more control over what information Google collects about the websites you visit. The add-on informs the JavaScript (ga.js) of Google Analytics that no information should be forwarded to Google Analytics about website visits. However, the deactivation add-on for browsers from Google Analytics does not prevent information from being forwarded to us, or to other web analysis services that we may use. You can get more information on installation of the browser add-on via the following link:

If you visit our site using a mobile end device (smartphone or tablet) instead, you must click on this link in order to prevent tracking by Google Analytics within this website in future. This is also possible as an alternative to the browser add-on mentioned above. By clicking the link an opt-out cookie is set in your browser, which is only valid for this browser and this domain. If you delete the cookies in this browser, the opt-out cookie is also deleted so that you have to click on the link again.

If you agree that Google can link your web and App browsing history to your Google Account and can use information from your Google Account to personalize ads, Google will use your information with Google Analytics data to create cross-device remarketing target group lists. To do this, Google Analytics first collects your Google-authenticated ID on our website, which is associated with your Google account (personally identifiable information). Google Analytics will then temporarily link your ID to your Google Analytics data in order to optimize our target groups.

If you don't agree to this, you can turn it off using the corresponding settings in the "My Account" section of your Google account.

Google CSE (Google Custom Search)

Within our web pages, the Google Custom Search Engine "Google CSE" is used as a central search service based on Art 6 (I) (f) GDPR. The integrated search service enables a comfortable full text search for the contents of the website's internet offer. Access to this search function is possible using a search box integrated into the header of the individual web pages. The text Google™ user-defined search is displayed in the search box to inform users of the internet offer. The search field on these web pages ("search field") is provided by Google LLC ("Google") and is installed by us as a software module unmodified on our web pages. By entering a search term in the search box and pressing the enter key, the user activates the search function and the search results page is called up, which loads the corresponding search results from Google using a plug-in provided by Google. The plug-in enables an automated communication between the search results page called up and the Google service when the search results page is called up. The use of the search function provided by Google includes a dynamic transfer of data by the service provider, Google, to the search results page.

Data is only transferred to Google after the user has activated the search box, started a full text search and called up the search results page. By using the search function within the search results page, user data is also transferred to Google at the same time. By using the full-text search and the associated access to the search results page, you agree to the use of the Google search service and thus also the transfer of data to the Google service. This includes, for example, the search terms you have entered and the IP address of the computer you are using. If you are logged in to Google at the same time, the Google service is able to assign the information directly to your user profile.

You should logout to prevent a collection of profile information about you. Google is certified under the EU-US Privacy Shield. A current certificate can be viewed at Under this agreement between the US and the European Commission, the latter has established an adequate level of data protection for companies certified under the Privacy Shield. You can view more information from Google about handling user data (privacy statement) at


We have taken technical and administrative security precautions to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees and service providers working for us are bound by the applicable data protection laws.

Whenever we collect and process personal information, it is encrypted before it is transmitted.

This means that your data cannot be misused by third parties. Our security precautions are subject to a continuous improvement process and our privacy statements are constantly revised. Please make sure you have the latest version.

Information Obligations according to Article 13 of the GDPR

1. Who is responsible for the data processing and who can you turn to?

The responsible body is

Dr. Hans-Vogt-Platz 1
94130 Obernzell, Germany
Tel.: +49 (0) 8591 9370

The company data protection officer is

Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg, Germany
Tel.: +49 (0) 941 2986930

2. Which data is processed and from which sources does this data come?

We process the data which we receive from you in the context of contractual preparation or processing through authorizations or in the context of your application to us or as part of your employment.

Personal data includes:

Your master/contact data, including, for customers, e.g. forename and surname, address, contact data (e-mail address, telephone number, fax), bank data.

In the case of applicants and employees, this includes, for example, forename and surname, address, contact data (e-mail address, telephone number, fax), date of birth, data from CVs and work references, bank data.

In the case of business partners and shareholders, this includes, for example, forename and surname, your legal representative, company, corporate register number, VAT ID No., operating number, address, contact data (e-mail address, telephone number, fax), bank data.

In addition, we also process the following additional personal data:

  • Information of the type and content of contractual data, order data, turnover and receipt data, customer and supplier history and consultancy documents,
  • Advertising and sales’ data,
  • Information from your electronic interaction with us (e.g. IP address, login data),
  • Other data which we have received from you in the context of our business relationship
    (e.g. in customer discussions),
  • Data which we generate ourselves from master / contact data and other data, such as data from customer requirements and customer potential analyses,
  • The documentation of your approval declaration for the receipt of newsletters, for example.


3. For which purposes and upon which legal basis is the data is processed?

We process your data in accordance with the requirements of the GDPR and the 2018 German Federal Data Protection Act in the appropriately applicable version:

  • To fulfil (pre-)contractual obligations (Art. 6 Para. 1 lit.b of the GDPR):

Your data is processed for contractual processing online or in one of our subsidiary companies, for contractual processing of your employment in our company. In particular, the data is processed for potential business and execution of contracts with you.

  • To fulfil legal obligations (Art. 6 Para. 1 lit.c of the GDPR):

Processing of your data is required for the purpose of fulfilling different legal obligations, e.g. included in the German Commercial Code or the German Fiscal Code.

  • To maintain justified interests (Art. 6 Para. 1 lit.f of the GDPR):

Due to a weighing of interests, data processing can take place beyond the actual fulfilment of the contract to maintain our justified interests and those of third parties. Data processing to maintain justified interests takes place, for example, in the following cases:

- Publicity or marketing (see No. 4)

- Measures for business control and further processing of services and products;

- Management of a group-wide customer database to improve customer service;

- In the context of prosecutions. 

  • In the context of your consent (Art. 6 Para. 1 lit.a of the GDPR):

If you issue us with consent to process your data, for example, to send you our newsletter.

4. Processing of personal data for publicity purposes 

You can revoke the use of your personal data for publicity purposes at any time in total or for individual activities, without incurring any costs additional to the transmission costs according to the basic tariffs. 

We are authorized according to the legal stipulations of § 7 Para. 3 of the German Fair Trade Act to use the e-mail address you provided on contractual completion for direct marketing of similar goods and services of our own. You will receive these product recommendations from us, irrespective of whether you have received the newsletter or not.

If you do not wish to receive such recommendations from us by e-mail, then you can revoke the use of your address for this purpose at any time, without incurring any costs additional to the transmission costs according to the basis tariffs. A text message is sufficient for this. Of course, each e-mail always contains an unsubscribe link.

5. Who receives my data? 

If we employ a service provider for any order processing, then we still remain responsible for the protection of your data. All the order processors are contractually obliged to treat your data confidentially and only to process it in the context of service provision. The order processors we appoint receive your data if they require the data to fulfil their appropriate service. They include, for example, service providers, who we require for the operation and security of our IT system, as well as publicity and address publishing companies for our advertising campaigns.

Your data is processed in our customer database. The customer database supports the increase in the data quality of the existing customer data (elimination of duplicates, moved/deceased notes, address correction) and allows enrichment with data from public sources.

This data is made available to companies, within the group if required for data processing.
Customer data is stored separately and according to the company, whereby our parent group functions as the service provider for the individual participating companies.

If a statutory obligation exists or legal actions are being undertaken, then authorities and courts as well as external auditors may be recipients of your data.

In addition, for the purpose of contractual preparation and fulfilment, insurance companies, banks, information providers and service providers can be recipients of your data.

6. For how long is my data saved? 

We will process your data up to the termination of the business relationship or up to the expiry of the valid statutory storage periods (derived from the German Commercial Code, German Fiscal Code, Institutional Care Act or Working Hours Act), and also up to the termination of any legal disputes, in which the data is required as proof. 

7. Is personal data transmitted to a third country? 

Personal data is transmitted to SUMIDA companies based in non-EU countries. Transmission may take place in individual cases only on the basis of a determination of appropriateness by the European Commission, standard contractual clauses, suitable guarantees or your express approval.

8. Which data protection rights do I have? 

At all times, you have a right to information, correction, deletion or restriction of the processing of your stored data, a right of objection against the processing as well as a right to data transferability and to a complaint in accordance with the conditions of data protection law.

Right to information:

You can request information from us as to whether and to what extent we process your data.

Right of correction:

If we process your data that is incomplete or incorrect, you can request that we correct or supplement it at any time.

Right of deletion:

You can request us to delete your data if we process it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, unless there is a legal transaction or legal obligation to retain it.

Right to restrict processing:

You may request us to restrict the processing of your data if

  • you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse deletion and instead request a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • you have lodged an objection to the processing of the data.


Right to data portability:

You may require us to provide you with the data you have provided to us in a structured, current and machine-readable format and to allow you to pass this data to another responsible person without our interference, provided that

  • we process this data on the basis of revocable consent you have given or to fulfil a contract between us, and
  • this processing takes place with the aid of an automated process.

If it is technically feasible, you can ask us to transfer your data directly to another responsible person.

Right of objection:

If we process your data for legitimate reasons, or on basis of your freely given consent, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right of complaint:

If you are of the opinion that we have violated German or European data protection law when processing your data, please contact us to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective national office for data protection supervision.

If you wish to assert any of the above rights against us, please contact our data protection officer.
In case of doubt, we may request additional information to confirm your identity.

As described above, you have special rights concerning your stored data. To claim one of these rights, or to get in contact with us in case of privacy concerns, please use this link to get directly to the corresponding contact form.

9. Am I obliged to provide data? 

The processing of your data is required for the completion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually be required to refuse the completion of the contract or not be able to execute an existing contract, meaning that we must terminate it. However, you are not obliged to issue approval for data processing of data which is not relevant to contractual completion or which is not required by law.

Changes to this privacy statement 

We reserve the right to change our privacy policy should this be necessary due to new technologies. Please make sure you have the latest version. If fundamental changes are made to this privacy policy, we will post them on our website.

All interested parties and visitors to our website can contact us about data protection issues at:

Christian Volkmer
Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg, Germany

Tel.:  + 49 (0) 941 2986930
Fax:  + 49 (0) 941 29869316

Contact Form concerning European General Data Protection Regulations (the GDPR)

To exercise your rights in accordance with the GDPR you can contact us.

If you send the data entered in the contact form by clicking on the following button, you agree that we may use your details to answer your enquiry or contact you.

A transfer to third parties does not take place in principle, unless data protection regulations justify a transfer or we are legally obliged to do so.

You can revoke your consent at any time with effect for the future.

In the event of revocation, your data will be deleted immediately.

Your data will otherwise be deleted once we have processed your request or the purpose of storage has ceased to apply.

You can inform yourself at any time about the data stored about your person. Further information on data protection can also be found in the privacy policy of this website.

I have understood the declaration and expressly agree to the use of my data.