Privacy Policy

Personal data (hereinafter also referred to as “data”) is processed by us only as necessary and for the purpose of providing a functional and user-friendly website, including its content and the services offered there.

Pursuant to Art. 4 no. 2 of Regulation (EU) 2016/679, known as the General Data Protection Regulation (referred to below simply as the “GDPR”), “processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following privacy policy, we inform you about the nature, scope, purpose, duration and legal basis for processing personal data, insofar as we decide either alone or jointly with others on the purposes and means of processing. In addition, we inform you below about the third-party components we use for optimization purposes and to increase the quality of use, insofar as third parties process data under their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as controllers
II. Rights of users and data subjects
III. Information on data processing

I. Information about us as controllers

The provider of this website who bears responsibility for it as the controller under data protection law is:

Wintergerst Societät für
Unternehmer-Beratung GmbH & Co. KG
Augustenstraße 1
70178 Stuttgart

Phone: +49 (0) 711 699 855-0
Fax: +49 (0) 711 699 855-20

The data protection officer at the provider is:

Thomas Lang
Oberer Kirchhaldenweg 9b
70195 Stuttgart

Phone: +49 (0) 711 699 855-19

II. Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • to obtain confirmation as to whether or not data concerning them is being processed, to obtain information about the data being processed, and, where that is the case, additional information about the data processing and copies of the data (see also Art. 15 GDPR);
  • to rectify inaccurate data or have it completed (see Art. 16 GDPR);
  • to the immediate erasure of the data concerning them (see also Art. 17 GDPR), or, alternatively, insofar as further processing is required pursuant to Art. 17 (3) GDPR, to restrict processing of data in accordance with Art. 18 GDPR;
  • to receive the data concerning them and provided by them and to transmit this data to other providers/controllers (see also Art. 20 GDPR);
  • to lodge a complaint with the supervisory authority if they are of the opinion that the data concerning them is being processed by the provider in breach of data protection provisions (see also Art. 77 GDPR).

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any correction or deletion of data or restriction of processing that takes place on the basis of Articles 16, 17 (1), 18 GDPR. However, this obligation shall not apply if such notification is impossible or involves disproportionate effort. Notwithstanding the above, the user has a right to information about these recipients.

Likewise, to the extent that data is processed by the provider in accordance with Art. 6 (1) lit. f) GDPR, users and data subjects have the right to object to the future processing of data concerning them in accordance with Art. 21 GDPR. In particular, the provider must observe any objection made to data processing for the purpose of direct marketing.

III. Information on data processing

Your data, which is processed during the use of our website, will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information on individual processing procedures provided below applies.

Server data

For technical reasons, in particular to ensure a secure and stable internet presence, data is transmitted by your internet browser to us and/or our web hosting provider. These server log files collect data such as the type and version of your internet browser, the operating system, the website from which you have accessed our website (referrer URL), the website(s) of our website that you visit, the date and time of the respective access as well as the IP address of the internet connection from which the use of our website takes place.

The data collected in this way is temporarily stored, but not together with other data from you.

The legal basis for such data storage is provided by Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

The data is deleted again after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is exempt from deletion in whole or in part until final clarification of an incident.


a) Session cookies

Our website uses cookies. Cookies are small text files or other storage technologies that are placed and stored on your terminal device by the internet browser you use. Through the use of these cookies, certain information from you, such as your browser or location data or your IP address, is processed to an extent specific to you individually.

This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our website in different languages or the offer of a shopping cart function.

The legal foundation for such processing lies in our legitimate interest in improving the functionality and security of our website. The legal basis is found in Art. 6 (1) lit. f GDPR.

The cookies are set by the content management system when the contact form is submitted and are used to prevent cross-site request forgery (CSRF) attacks.

These session cookies are deleted when you close your internet browser.

b) Elimination option

You can prevent or restrict the installation of cookies by setting your internet browser. Likewise, you can delete cookies that have already been stored at any time. However, the steps and measures required for this depend on the specific internet browser you use. If you have any questions, please use the help function or documentation of your internet browser or contact its manufacturer or support service. However, in the case of Flash cookies, processing cannot be prevented via the browser settings. Rather, you will need to change the setting of your Flash player to this extent. The steps and measures required for this also depend on the specific Flash player you use. Likewise, if you have any questions, please use the help function or documentation of your Flash player or contact its manufacturer or user-support.

Preventing or restricting the installation of cookies may mean, however, that not all functions of our website can be fully used.

Contract processing

The data transmitted by you for the purpose of using our range of goods and/or services are processed by us for the purpose of processing the contract and are necessary to this extent. It is not possible to conclude and process contracts without the provision of your data.

The legal basis for processing this data is provided by Art. 6 (1) lit. b) GDPR.

We delete the data when the contract has been fully processed, but must observe the retention periods under tax and commercial law.

Within the scope of contract processing, we pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.

The legal basis for the transmission of this data is provided by Art. 6 (1) lit. b) GDPR.

Contact requests / contact options

If you contact us via contact form or email, the data you provide will be used to process your request. The provision of this data is necessary for processing and responding to your request – without it we cannot answer your request or at best only to a limited degree.

The legal basis for processing this data is provided by Art. 6 (1) lit. b) GDPR.

Your data will be deleted if your inquiry has been answered conclusively and the deletion does not conflict with any legal obligations to retain data, e.g. in the case of subsequent contract processing.

Online job applications / publication of job advertisements

We offer you the option of applying for a job via our website. For such digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.

The legal basis for this processing is Sec. 26 (1) sentence 1 BDSG [“Bundesdatenschutzgesetz”: German Federal Data Protection Act] in conjunction with Art. 88 (1) GDPR.

If an employment contract is concluded as a result of the application process, we will store the data you provided during the application in your personnel file for the purposes of the usual organizational and administrative process – this, of course, in compliance with the more extensive legal obligations that apply.

The legal basis for such processing also lies in Sec. 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) GDPR.

In the event that an application is rejected, we automatically delete the data submitted to us two months after notification of the rejection. However, the data will not be deleted if it is required to be stored for a longer period of up to four months or until the conclusion of legal proceedings due to statutory requirements, e.g. due to the obligation to provide evidence in accordance with the AGG [“Allgemeines Gleichbehandlungsgesetz”: German Equal Treatment Act].

The legal basis in this case is found in Art. 6 (1) lit. f) GDPR and Sec. 24 (1) No. 2 BDSG. Our legitimate interest lies in the defense or assertion of legal claims.

If you expressly consent to your data being stored for a longer period of time, e.g. to be included in a database of applicants or interested parties, the data will be processed on the basis of your consent. The legal basis is then found in Art. 6 (1) lit. a GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) GDPR by declaration to us with effect for the future.


We use Adobe Typekit to display fonts on our website. Adobe Typekit is a service that provides access to a font library and is provided by Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. In the course of providing the Typekit service, no cookies are placed or used to provide the fonts. In order to provide the Typekit service, Adobe may collect information about the font that is used to identify the website itself and the associated Typekit account.

For more information, please visit the Adobe Typekit privacy policy and the Adobe privacy policy.

Linking social media via graphic or text link

We also promote links to our presence on the social networks listed below on our website. The integration takes place via a linked graphic to the respective social network. The use of this linked interface prevents the automatic establishment of a connection to the respective server of the social network when calling up a website that advertises a social media application in order to source the graphic from the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.

After the user is redirected, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.

This initially relates to data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a “share” button of the respective network, this information may be stored in the user’s personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.

Links to the following social networks are integrated in our website:


LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy Policy:


kununu GmbH, Neutorgasse 4-8, Top 3.02, A - 1010 Vienna, responsible: New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany

Privacy Policy:

Model privacy policy of the law firm Weiß & Partner