Privacy Policy

The following privacy policy applies to the website “grc.schleupen.de”.

The protection of your personal data (hereinafter referred to as “data”) is a major and very important concern for us. We would therefore like to provide you with detailed information below about what data we collect and how we process it.

I. Name and Contact Information of the Data Controller

The controller, as defined by data protection regulations, for the processing of personal data is:

Schleupen SE
Otto-Hahn-Straße 20
76275 Ettlingen, Germany
Phone: +49 (0) 7243 321-0
Email: info@schleupen.de
Website: www.schleupen.de          

II. Contact Information for the Data Protection Officer

Our Data Protection Officer is:

CL Compliance und Datenschutz GmbH & Co. KG
Douglasstr. 11-15
76133 Karlsruhe, Germany
Phone: +49 (0) 721 91250-880   
Fax:       +49 (0) 721 91250-22
Email: kontakt@compliance-datenschutz.de           

III. Purpose of the processing of personal data, legal basis, and retention period

Below, we provide information regarding the data processing activities taking place on our website (a), their purposes (b), legal basis (c), as well as the respective retention periods and, where applicable, specific options for objection and deletion (d).

1. Log Files

a) When you visit our website, the browser on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

•     IP address of the requesting computer
•     Date and time of the visit
•     Name and URL of the webpage accessed
•     Website from which the access originated (referrer URL)
•     Browser used, browser version
•     Operating system and version of your computer’s operating system, as well as the name of your Internet service provider
•     Amount of data transferred and access status (file transferred, file not found, etc.)
•     Language and version of the browser software.

b) We process the aforementioned data for the following purposes:

•     To ensure a smooth connection to the website,
•     To ensure a user-friendly experience on our website,
•     Evaluating system security and stability, as well as
•     for other administrative purposes.

c) The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data processing listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your identity.

d) The data in the log files is deleted after seven days at the latest.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notification always appears before a new cookie is created. However, completely disabling cookies may prevent you from using all features of our website.

b) The use of cookies serves, on the one hand, to make your experience of our website more pleasant.

For example, we use so-called session cookies to recognize that you have already visited individual pages of our website.

In addition, to optimize user-friendliness, we also use other temporary cookies that are stored on your device for a specific, predetermined period of time. If you visit our site again to use our services, the system automatically recognizes that you have already visited us and recalls the entries and settings you made, so you do not have to re-enter them.

We also use cookies to collect and analyze the use of our website in a pseudonymized and purely statistical manner in order to further optimize our offering for you. These cookies enable us to automatically recognize that you have already visited our site when you return. The third-party providers of the associated analytics tools, as well as the providers of social media plugins, use corresponding cookies for this purpose (details are provided in the following descriptions of the associated third-party services).

c) Cookies that are necessary for the execution of the electronic communication process (necessary cookies), for the provision of certain functions you have requested (functional cookies), or for the optimization of the website (e.g., cookies for measuring web traffic) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the storage of the relevant cookies takes place exclusively on the basis of this consent (Art. 6(1)(a) GDPR); consent may be revoked at any time.

d) Session cookies are automatically deleted when you leave our site. Cookies used for analysis purposes or third-party cookies are automatically deleted according to the timeframes specified by the respective providers.

You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent. You can delete cookies that have already been stored at any time in your browser’s security settings.

3. Google Tag Manager

a) We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface and thus integrate, for example, Google Analytics and other (Google) marketing services into our online offering. The Tag Manager itself, which implements the tags, does not process any personal data of the users. With regard to the processing of users’ personal data, please refer to the following information regarding Google services:

https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/

b) We use Google Tag Manager to manage and deploy the tools integrated through it.

c) The use of Google Tag Manager is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG; consent may be revoked at any time.

d) Since Google Tag Manager does not store any personal data, there is no retention period for personal data.

4. Google Ads

a) We use Google Ads for conversion tracking.

b) This is an online marketing method used to place content and ads within the service provider’s advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to be interested in the ads. In addition, we measure the conversion of the ads, i.e., whether users have interacted with the ads and taken advantage of the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users;

Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;

c) We use Google Ads on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG; consent may be revoked at any time.

Website: https://marketingplatform.google.com;

Privacy Policy: https://policies.google.com/privacy;

Basis for transfer to third countries: EU-US Data Privacy Framework (DPF);

d) Further information:

Types of processing and data processed:

 https://business.safety.google/adsservices/.

Data processing agreements between controllers and standard contractual clauses for data transfers to third countries:

https://business.safety.google/adscontrollerterms.

5. Microsoft Ads

a) We use Microsoft Ads for the purpose of placing content and ads.

b) This is an online marketing method used to place content and ads within the service provider’s advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to have an interest in the ads. In addition, we measure the conversion of the ads, i.e., whether users have interacted with the ads and taken advantage of the advertised offers (so-called conversion). However, we only receive anonymous information and no personal information about individual users.

Service Provider:

Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland

c) We use Microsoft Ads on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and straightforward integration and management of various tools on its website. If consent has been obtained, processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG; consent may be revoked at any time.

Website:

https://about.ads.microsoft.com/ ; Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement ;

Basis for transfers to third countries:

EU-US Data Privacy Framework (DPF);

Right to object (opt-out):

https://account.microsoft.com/privacy/ad-settings/

d) Further information:

https://about.ads.microsoft.com/de-de/policies/legal-privacy-and-security

6. Google Analytics

a) This website uses Google Analytics, a web analytics service provided by Google LLC (“Google”). Google Analytics uses so-called “cookies,” which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to and stored on a Google server in the United States. However, if IP anonymization is enabled on this website, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.

This website uses Google Analytics with the “_anonymizeIp()” extension. This ensures that IP addresses are processed in a truncated form, thereby preventing any personal identification. If the data collected about you is personally identifiable, such identification is immediately excluded, and the personal data is promptly deleted.

The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.

b) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offering and make it more interesting for you as a user.

c) The legal basis for the use of Google Analytics is Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG; consent may be revoked at any time.

d) You can prevent the storage of cookies by adjusting your browser settings accordingly; however, we would like to point out that in this case, you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser add-on available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie applies only to this browser and only to our website, and is stored on your device. If you delete the cookies in this browser, you will need to set the opt-out cookie again.

Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, Privacy Overview: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.

7. Contact form for general inquiries

a) Our website features a contact form that can be used to contact us electronically. If you use this option, the data entered in the form will be transmitted to us and stored.

The mandatory fields that must be filled out to contact us electronically via the contact form are marked with (*). Any additional data you provide to us is provided voluntarily.

b) The data is processed to enable us to contact you and handle your inquiry , as well as to prevent misuse of the contact form and to ensure the security of our IT systems.

c) The legal basis for processing the mandatory information is Article 6(1)(f) of the GDPR. The aforementioned purpose also constitutes the legitimate interest in processing the data. If contacting us via the contact form, email, or a callback request is intended to lead to the conclusion of a contract, the additional legal basis for processing is Article 6(1)(b) of the GDPR.

The legal basis for processing the data you voluntarily provide to us is Article 6(1)(a) of the GDPR.

d) The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form input field, your email, or the callback service, this is the case once the respective conversation with you has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved. If a contract is concluded, the data will be stored until the expiration of the statutory retention periods (6 years after the end of the year in which the contract was terminated) and then deleted, unless we are obligated to store the data for a longer period due to tax and commercial law retention and documentation obligations (under the German Commercial Code (HGB), the German Criminal Code (StGB), or the German Fiscal Code (AO)) or you have consented to further storage pursuant to Art. 6(1)(a) of the GDPR.

In addition, you have the option at any time to withdraw your consent to the processing of your personal data. If you contact us via email, you may object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. To exercise your right to withdraw consent, see Section VII. All personal data stored in the course of establishing contact will be deleted in this case.

8. Customer Center Registration

a) On our website, we offer customers the option to register in our Customer Center by providing personal data. The data is entered into a form, transmitted to us, and stored.

The following personal data is collected as required information (*) during the registration process:

• Business email address   
• Company name
• User’s first and last name

At the time the message is registered, the following data is also stored:

•     The user’s IP address
•     Date and time of registration
•     Your password (also required)

Providing additional data is voluntary.

As part of the registration process, the user’s consent to the processing of this data is obtained.

b) Registration on your part, including the required information, is necessary for us to provide certain content and services on our website, specifically to receive further information and tips on using the software and to receive information about training sessions and webinars. Additionally, this allows you to access our “Governance, Risk & Compliance” customer area.

We will use any additional voluntary information you provide to address you personally.

The collection of the registration and confirmation time, as well as your IP address, is carried out to fulfill our legal obligation to provide proof of registration. The password serves your security.

c) The legal basis is Article 6(1)(a) of the GDPR for the required information and your additional voluntary information, as well as Article 6(1)(c) of the GDPR and Article 7(1) of the GDPR for the time of registration and confirmation, as well as your IP address.

d) You may revoke your consent to the processing of the data voluntarily provided during registration at any time, thereby automatically unsubscribing as a customer. You may submit your revocation to the controller named in Section I. At the same time, you have the option to modify the data you have provided or delete your account in the customer area. After deletion or revocation, your personal data will be deleted immediately.

9. Unsolicited Application – Registration

a) If you would like to apply for a position with us, you can submit a speculative application via our website. All details regarding this are set forth in a separate privacy policy, which will be made available to you as part of the online application process.

10. Embedded YouTube Videos

a) We have embedded YouTube videos in our online content that are stored on www.YouTube.com and can be played directly from our website. YouTube is a service provided by Google Inc. The videos are all embedded in “enhanced privacy mode,” meaning that no data about you as a user is transmitted to YouTube unless you play the videos. At the same time, only a thumbnail image loaded from our own web server is displayed. Only when you play the videos is the data mentioned in Section III 1 transmitted. We have no influence over this data transmission. The data is transmitted regardless of whether YouTube provides a user account through which you are logged in at or whether no user account exists. If you are logged in to Google, your data is directly associated with your account.

b) YouTube stores your data as usage profiles and uses them for advertising, market research, and/or to tailor its website to your needs. Such analysis is conducted in particular (even for users who are not logged in) to deliver targeted advertising and to inform other users of the social network about your activities on our website.

c) The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. The legal basis for this processing is Art. 6(1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the underlying advertising purpose. If consent to the storage of cookies has been requested, the storage of the relevant cookies takes place exclusively on the basis of this consent (Art. 6(1)(a) GDPR); consent may be revoked at any time. If you do not wish for this data to be associated with your YouTube profile, you must log out of YouTube before starting the video. You also have the right to object to the creation of these user profiles, in which case you must contact YouTube to exercise this right. Further information on data processing, in particular regarding the legal basis and retention period by YouTube, can be found in the provider’s privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy .

11. Social Media Presence

We maintain online presences on social networks and platforms to communicate with customers, prospects, and users active there and to inform them about our services.

We have no influence over the collection of data or its further use by the social networks. We have no knowledge of the extent to which, where, and for how long the data is stored; to what extent the networks comply with existing deletion obligations; what analyses and linkages are made with the data; or to whom the data is disclosed. We therefore expressly draw your attention to the fact that your data (e.g., personal information, IP address) is stored by the operators of these networks in accordance with their data usage policies and used for business purposes.

We note that user data may be processed outside the European Union in this context. This may pose risks to users, as it could, for example, make it more difficult to enforce users’ rights.

Furthermore, user data is generally processed for market research and advertising purposes. For example, usage profiles can be created based on users’ behavior and the resulting interests. These usage profiles can in turn be used, for example, to display advertisements within and outside the platforms that are presumed to correspond to users’ interests. For these purposes, cookies are generally stored on users’ computers, in which users’ usage behavior and interests are recorded. Furthermore, data may also be stored in the usage profiles regardless of the devices used by users (particularly if users are members of the respective platforms and are logged in to them).

The processing of users’ personal data is based on our legitimate interests in effectively informing users and communicating with them pursuant to Art. 6(1)(f) of the GDPR. If users are asked by Schleupen SE or the respective platform providers to consent to the data processing described above, the legal basis for the processing is Article 6(1)(a) and Article 7 of the GDPR.

For a detailed description of the respective processing activities and the options to object (opt-out), please refer to the information provided by the providers via the links below.

We also note that requests for information and the exercise of user rights are most effectively addressed directly with the providers. Only the providers have access to user data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, please contact us.

•     Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Facebook pages based on an agreement regarding the joint processing of personal data – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com,
•     Google/YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated,
•     Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland) – Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization,
•     LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) – Privacy Policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,
•       Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung, Opt-out: https://privacy.xing.com/de/ihre-privatsphaere

IV. Cooperation with Data Processors and Third Parties

In some cases, we use external service providers (data processors) to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. These are external service providers who support us in technical matters (web hosts, programmers). This is done on the basis of data processing agreements in accordance with Art. 28 GDPR.

Otherwise, we only disclose your data to third parties if:

•     You have given your explicit consent pursuant to Art. 6(1)(a) GDPR,
•     the disclosure is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
•     there is a legal obligation to disclose the data pursuant to Article 6(1)(c) of the GDPR, or
•     this is permitted by law and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

Service providers in a third country will only be engaged if the specific requirements of Art. 44 et seq. GDPR are met.

V. Data Subject Rights

You have the right:

•     to request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as information regarding the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
•     to request, pursuant to Article 16 of the GDPR, the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
•     to request the erasure of your personal data stored by us pursuant to Article 17 of the GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or to assert, exercise, or defend legal claims;
•     pursuant to Article 18 of the GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Article 21 of the GDPR;
•     pursuant to Art. 20 GDPR, to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, or to request the transmission of such data to another controller;
•     to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR. As a rule, you may contact the supervisory authority of your habitual residence, place of work, or the location of the alleged infringement.

VI. Right to Object

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right, pursuant to Article 21 of the GDPR, to object to the processing of your personal data if there are reasons arising from your particular situation; this also applies to profiling based on these provisions. We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Of course, you may object at any time to the processing of your personal data for the purposes of advertising and data analysis. This also applies to profiling, insofar as it is related to such direct marketing.

VII. Right to Withdraw Consent

Pursuant to Art. 7(3) of the GDPR, you have the right to withdraw your consent at any time. As a result, we may no longer continue the data processing that was based on this consent in the future. The lawfulness of the processing carried out on the basis of the consent until its withdrawal remains unaffected.

VIII. Validity and Changes to This Privacy Policy

This Privacy Policy is current as of May 2026.

Due to the further development of our website and the services offered through it, or due to changes in legal or regulatory requirements, it may become necessary to amend this Privacy Policy. You may access and print the current version of the Privacy Policy at any time on the website at https://grc.schleupen.de/en/privacy-policy.