Privacy Policy

We appreciate your visit to our website. Protecting your privacy is very important to us and we want you to feel safe on our website. 

This privacy policy applies to all website visitors, applicants, interested parties and customers whose personal data is provided to us in connection with a website visit, a job application (via the website or otherwise) or the implementation or initiation of a business relationship, as well as to all users of our awareness building services, insofar as we process personal data processed there for our own purposes. We are the controller in relation to the processing of the personal data listed in this Privacy Policy. 

The aforementioned personal data is information that relates to an identified or identifiable natural person (hereinafter “data subject“). This includes in particular your name and e-mail address, but also data about your use of our website (e.g. your IP address), information in your CV, etc.. 

Below, we inform you about the nature, scope and purpose of the personal data we process and inform you about your rights as a data subject. 

1. name and address of the data controller 

The responsible party within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is: 

SoSafe GmbH 
Lichtstr. 25a  
50825 Cologne  
Germany  
Managing Directors: Dr. Niklas Hellemann, Lukas Schaefer, Felix Schürholz  
E-Mail: info(at)sosafe.com 
Phone: +49 221 6508 3800 

2. name and address of the data protection officer 

The data protection officer of the controller is 

Mr. Benedikt Woltering 
SoSafe GmbH 
Lichtstr. 25a  
50825 Cologne  
Germany  
E-Mail: privacy(at)sosafe.com 

a. Website visit for informational purposes 

If you visit our website for informational purposes only, without actively providing personal data yourself, we only store access data in so-called server log files. This includes 

  • the name of the requested file, 
  • Date and time of retrieval, 
  • volume of data transferred, 
  • browser used, 
  • operating system used, 
  • IP address, 
  • requested URL, 
  • Referrer URL (URL you visited immediately before) and 
  • the requesting provider. 

The legal basis for the processing of this personal data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable you to access our website. 

The personal data listed are automatically collected by our IT systems when you visit our website. Without processing the personal data (in particular the IP address) for the duration of the session, the website may not be able to be displayed  or only to a limited extent. 

b. Contact 

On our website we provide information that enables a quick electronic contact to us as well as an immediate communication with us. This includes in particular our contact forms. If you contact us by email or contact form, the personal data you provide will be stored automatically. 

In addition, we also provide contact options via a contact field and message (via the social media presence) on various social media presences, as listed in more detail in section 5. 

In doing so, we generally process the following personal data from you: 

  • First and last name, 
  • Email address, 
  • Company/Employer, 
  • Phone number and 
  • personal data contained in the individual cover letter. 

We use the personal data you provide exclusively for processing your specific inquiry. Your information may be stored in a customer relationship management system (so-called CRM system) or another organizational tool for customer data. 

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective conversation with you has ended or a concluded contract is terminated and the data is no longer required. 

The legal basis depends in this respect on the information that you provide to us when contacting us in the course of sending an email, the contact form or a message. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b GDPR. If contact is made for other purposes, the legal basis is Art. 6 para. 1 lit. f GDPR. 

c. Job application 

The processing of certain personal data is also unavoidable to be able to carry out an application procedure. We process the following personal data in connection with a job application, which can be made via the applicant portal , via a social media presence, by e-mail or by post, until a decision is made on your application: 

Personal information includes in particular 

  • Name, 
  • Title, 
  • private contact data (e-mail addresses, telephone numbers, postal address), 
  • Gender, 
  • Date and place of birth, 
  • Marital status, 
  • Number of children, 
  • Driving license information and 
  • Disability Status. 

Specialized information also includes 

  • Resume, 
  • Letter of Recommendation, 
  • Cover letter, 
  • Work Authorization Ticket, 
  • Previous employments, 
  • Training History, 
  • Languages spoken, 
  • Skills relevant to the job, as well as 
  • Testimonials and the like. 

The aforementioned personal data are required for the selection of suitable employees, the notification of the decision on an application, the coordination of the application process (e.g. personal interview) and for the establishment of an employment relationship. 

The legal basis for this processing of personal data is Section 26 (1) sentence 1 BDSG. 

We collect the aforementioned personal data directly from you as an applicant during the application and recruitment process. If your application is unsuccessful, we will store this personal data for three months after informing you of this decision. 

d. Data collection and use for contract processing 

In order to initiate or execute the contractual relationship with you, the processing of certain personal data is unavoidable. In connection with the execution of the contract, including any registration within the scope of our awareness building services, we process the following personal data in particular 

  • Name, 
  • Company name, 
  • Business address, 
  • E-mail address, 
  • Phone number and 
  • documents or texts submitted by you that contain personal data 

and all data necessary for the processing of payments and for the prevention of fraud, in particular 

  • Credit card or debit card numbers, 
  • any security codes and 
  • other billing information. 

Insofar as we use this personal data (i) to coordinate the planning, execution, control and administration of your contractual relationship with us, (ii) to provide you with information about your registration or how to make changes in our system or (iii) to carry out payment transactions, the legal basis for these processing operations is Art. 6 (1) lit. b GDPR. 

If, on the other hand, the personal data is used for the settlement of disputes, the enforcement of the contractual agreement and the establishment, exercise or defense of legal claims, the legal basis for this processing is Art. 6 para. 1 lit. b or f GDPR, depending on the claims. 

If you have submitted your data for the purpose of initiating a contractual relationship, we may pass it on to our sales partners if they are suitable for your segment. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR 

We collect personal data in connection with the performance of the contract directly from you by you providing the personal data yourself when ordering/registering, whether via the self-service portal at https://app.sosafe.de/ or by other means. 

After complete processing of the contract, your data will be blocked for further use and deleted after expiry of the statutory retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you below. 

e. Newsletter 

Furthermore, we process your personal data when you register for our newsletter. 

To send our newsletter, we use the newsletter dispatch service Newsletter2GO, which is operated by Newsletter2Go GmbH, Nürnberger Str. 8, 10787 Berlin (“Newsletter2GO”). We have concluded an order data processing agreement with Newsletter2GO, which obliges Newsletter2GO to protect your data, to process it on our behalf in accordance with this privacy policy and not to pass it on to third parties. Your data will be stored on the servers of Newsletter2GO. 

Newsletter2GO uses this information to send and evaluate the newsletters. The evaluation takes place on our behalf, however Newsletter2GO may also use the data for quality assurance and improvement of its own service. 

To register, you must provide us with your email address. You can voluntarily provide us with additional information, such as your name. The registration takes place in a so-called double opt-in process. After registration, you will receive a confirmation email from us in which you must confirm the registration again. This entire process is documented and stored. This includes both the storage of the registration and the confirmation time, as well as your IP address. 

The legal basis for the processing of personal data in connection with the sending of the newsletter is Art. 6 para. 1 lit. a GDPR. 

You can revoke your consent to the processing of your personal data in connection with the sending of the newsletter at any time by cancelling the newsletter. For this purpose, please use the provided link at the end of the newsletter to cancel. The legality of the data processing operations already carried out remains unaffected by the revocation. 

f. Demo mail dispatch 

Personal data is also processed when you sign up for a demo mailing to test the suitability of our services for your business. 

For sending the demo mails as part of our demo (at demo.sosafe.de), but not for our phishing simulations as part of a commission, we use the services of SendGrid, Inc, 1801 California Street, Suite 500, Denver, CO 80202, USA. Cookies and web beacons (tracking pixels) are used within the emails sent by SendGrid when performing the demo mailing. With the help of SendGrid, we analyze the sending of the demo emails. The analysis is used exclusively for the statistical analysis of the messages as well as for the preparation of the evaluation of the demo mail dispatch. The personal data is transferred to the SendGrid server in the USA. Government agencies in the USA may also have access to this personal data. We have concluded the standard contractual clauses adopted by the European Commission with SendGrid in order to ensure the level of data protection of the GDPR in the USA as well. 

For demo mailings we process the following registration data 

  • Salutation, 
  • Name, 
  • E-mail address. 

As well as the following analysis data 

  • a message was opened, 
  • which links, if any, were clicked on and 
  • Time of retrieval, IP address, browser type and operating system. 

The data processing is based on your consent pursuant to Art. 6 para. 1 lit. a GDPR. 

You can revoke your consent to the processing of your personal data in connection with the demo mailings at any time by cancelling the demo mailings (by email to support@sosafe.de). The legality of the data processing operations already carried out remains unaffected by the revocation. 

Without the corresponding processing of the personal data, the demo mail dispatch may not be provided or may only be provided to a limited extent. 

g. Feedback surveys 

In addition, personal data is processed when users (employees of our customers) provide personal data in the feedback surveys included in our awareness building services. 

On the educational pages associated with our simulated phishing e-mails (links start in each case with https://learning.sosafe.de/…) as well as within the eLearning platform (at https://elearning.sosafe.de), we offer you (as a user) the opportunity to leave us feedback, praise or criticism. The rating you enter (on a scale of 1-5) as well as the optional free text will be made available to your employer, on the one hand, to give him an overview of the feedback from the workforce on the IT security training offered and, on the other hand, will be used by us to improve our services. Therefore, if you provide identification features in the free text or leave your e-mail address for queries regarding your feedback (not reported to employer), this personal data will be processed by us for the aforementioned purpose. 

In addition, an evaluation score and comment can also be submitted per eLearning module. These ratings are stored together with your eLearning account on a personal basis. 

The legal basis for the processing of this personal data by us is Art. 6 para. 1 lit. a GDPR. 

For the other processing of personal data that we perform when providing our services under a contract with a customer (e.g., your employer), the respective customer is the sole controller with respect to the personal data involved in such processing. This Privacy Policy does not apply to such processing of personal data where we process personal data only in the role of a processor on behalf of such customer. 

h. Google Ads Lead Form Extensions 

We use the Google Ads lead form extension service to give you the opportunity to contact us directly via our ads placed on Google Ads. If you provide personal data, this will be stored by Google for 30 days.  
The legal basis here is primarily your consent pursuant to Art. 6 (1) lit. a GDPR. If your contact is aimed at concluding a contract, the legal basis for the processing is Art. 6 (1) lit. b GDPR. 

4. use of cookies 

In order to make visiting our website more attractive and to enable the use of certain functions, we use so-called “cookies” on our website. These are small text files that are stored on your terminal device. 

Cookies allow us, for example, to track and determine your preferences and to identify you individually during a visit to our website. After the end of the browser session, most of the cookies we use are deleted again (“session cookies”). The permanent cookies (“persistent cookies”), on the other hand, remain on your terminal device and thus enable us, for example, to recognize you on your next visit or to analyze your usage behavior. You can revoke your consent at any time with effect for the future here:   

a. Use of necessary cookies 

The purpose of using technically necessary cookies is to simplify the use of our websites for you. Some functions of our website cannot be offered without the use of these cookies. For these, it is partly necessary that your browser is recognized even after a page change. In case of non-acceptance or deactivation of cookies, the functionality of our website may be limited. 

In these purposes also lies our legitimate interest in the processing of personal data for this purpose according to Art. 6 para. 1 lit. f GDPR. 

b. Use of cookies for analysis purposes and online marketing 

In this section, we inform you which services of technology partners we use for reach measurement and online marketing purposes. Insofar as no anonymous or anonymized data is processed or we do not obtain your prior consent in the context of the use of cookie management (Art. 6(1)(a), Art. 7 GDPR), their use is based on our legitimate interest (Art. 6(1)(f) GDPR) in increasing user-friendliness and for the optimization and more targeted control of our offer. 

Insofar as you have given your consent to the processing, you can revoke this at any time via the settings in our cookie management. If processing is based on our legitimate interest, you generally have the option to object (opt-out). If no explicit opt-out option of the respective service provider used by us has been specified below, it is possible for you to disable cookies in the settings of your browser. However, this may restrict functions of our online offer. Alternatively or additionally, you can also use the following general opt-out options: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-territory: https://optout.aboutads.info. 

In all cases, the categories of data processed include usage data and metadata. Reach measurement and online marketing are carried out in particular on the basis of cookie and web beacon technology. Special categories of data are not processed in this context. Further explanations can be found in the definitions of terms at the end of this privacy policy. 

Unless otherwise stated, the deletion of data is determined in accordance with the privacy statements of the technology partners. 

Google Tag Manager 

Google Tag Manager is a solution that allows us to manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any user data. With regard to the processing of users’ data, please refer to the following information on Google services. 

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy of the service provider: https://policies.google.com/privacy; Within the scope of this service, a data transfer to a third country, i.e. a country outside the European Union or the European Economic Area, takes place or such a transfer cannot be excluded. Guarantee in case of processing in third countries: EU standard contractual clauses https://privacy.google.com/businesses/processorterms/. 

Google Analytics 

We use Google Analytics for the purposes of range measurement and target group formation. We only use Google Analytics with activated IP anonymization. This means that we have activated the IP anonymization function offered by Google on our website, so that the last octet (type IPv4) or the last 80 bits (type IPv6) of your IP address are deleted. In addition to cookie management in our cookie management tool, you also have the option of using the following opt-out options: http://tools.google.com/dlpage/gaoptout?hl=de (browser add-on), https://adssettings.google.com/authenticated (setting for advertisements). 

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy of the service provider: https://www.google.com/policies/privacy; Within the scope of this service, a data transfer to a third country, i.e. a country outside the European Union or the European Economic Area, takes place or such a transfer cannot be excluded. Guarantee for processing in third countries (USA): EU standard contractual clauses https://privacy.google.com/businesses/processorterms/ 

Google Ads 

We use Google Ads to place ads on the websites of Google, Google partners and in the display network and to measure their success (conversion measurement). In doing so, we only receive an anonymous overall evaluation, but not information related to individual users. You have the option to use the following opt-out option of the service provider: https://adssettings.google.com/. 

Service Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; privacy policy of the service provider: https://www.google.com/policies/privacy. Within the scope of this service, a data transfer to a third country, i.e. a country outside the European Union or the European Economic Area, takes place or such a transfer cannot be excluded. Guarantee for processing in third countries (USA): EU standard contractual clauses https://privacy.google.com/businesses/processorterms/ 

GDPR 

Facebook Pixels (Facebook Custom Audiences) 

The Facebook pixel is a solution for displaying interest-based advertisements to users of our website when they visit the Facebook social network or other websites that also use the method.  

Service provider: Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information. for data collection: http://www.facebook.com/help/186325668085084 , http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo.. 

Twitter Ads 

We use the remarketing function of Twitter Inc. (“Twitter”) on our website. With the Twitter remarketing function, we can address you with advertising based on your interests on the Twitter platform. For this purpose, Twitter uses so-called “tags”. Via this tag, visits to our website as well as data on usage are recorded in pseudonymous, non-personal form. If you subsequently visit Twitter, you will be shown advertisements based on your interests. 

Service provider: Twitter International Company, One Cumberland Place, Fenian Street, D02 AX07 Dublin 2, Ireland. More information: https://support.twitter.com/articles/20171528 https://support.twitter.com/articles/20171528, https://business.twitter.com/de/help/troubleshooting/how-twitter-ads-work.html. 

HubSpot 

We use HubSpot as an integrated marketing solution to unify our email marketing, social media publishing & reporting, reporting, contact management, and contact forms. 

Service Provider: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland More. Information: https://legal.hubspot.com/privacy-policy, https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser https://knowledge.hubspot.com/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser, https://knowledge.hubspot.com/account/hubspot-cookie-security-and-privacy. 

5. social media 

In addition to this website, we also maintain presences on various social media providers (see the social media providers listed under 5. b.) in order to communicate with the customers, interested parties and applicants active there and to be able to inform them about our services and open job positions. 

a. Icons on our website 

In this context, only simple links are used on this website https://sosafe-awareness.com/de/ for the icons, which do not establish a connection to the respective social media presence when the website is loaded. This distinguishes the social media links used here from the widespread “like” buttons, which already transmit data to the social media providers when the website is loaded, without the button having to be clicked. 

b. Processing of your data when visiting the website of the social media providers 

Insofar as you visit such a social media presence of ours by clicking on the link or directly, your personal data will only be processed by us there to the extent determined under 3. b. and c. above. 

In addition, however, your personal data will also be transmitted to the provider of the social media platform on the website of the social media provider. It is possible that in addition to the storage of the data specifically entered by you on this social media platform, further information is also collected, processed or used by the social media provider. If you are logged in with your personal user account of the respective network while visiting such a social media platform, the social media platform can assign the visit to your account. If you do not wish such an assignment, you must log out of your account and delete the cookies before visiting our social media presence. 

We are not able to track which specific data is processed by the social media providers. For more information on the purpose and scope of the data collection there and on the further processing and use of your data, please refer to the privacy policy of the respective social media provider: 

Facebook 

Facebook is operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. 

Privacy Policy: https://www.facebook.com/about/privacy/ 

Opt-Out: https://www.facebook.com/settings?tab=ads 

Twitter 

Twitter is operated by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. 

Privacy Policy: https://twitter.com/de/privacy 

Opt-Out: https://twitter.com/personalization 

LinkedIn 

LinkedIn is operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. 

Privacy Policy:https://www.linkedin.com/legal/privacy-policy 

Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

Xing 

Xing is operated by New Work SE, Dammtorstraße 29-32, 20354 Hamburg, Germany. 

Privacy policy and opt-out: https://privacy.xing.com/de/datenschutzerklaerung 

6. integrated contents and services of third parties 

We partly integrate third-party content on our website, such as YouTube and Vimeo videos, maps from Google Maps or graphics from other websites. 

This content is integrated in “extended data protection mode”, which means that no data about you as a user is transmitted if you do not play or click on the content. Only if you agree to the data transmission and play or click on the content, the data mentioned in the next paragraph will be transmitted. We have no influence on this data transmission. The legal basis for the processing of data after your consent is Art. 6 para. 1 p. 1 lit. a GDPR. 

a. Third party graphics 

In the case of graphics from other websites, the transmission of your IP address to the third-party provider is necessary to display this content. Unfortunately, we have no influence on whether the third-party provider collects or stores the IP address for other purposes beyond the mere display of the content. If we become aware of such use, we will inform you about it in this privacy policy. 

b. Youtube 

When YouTube videos are played, YouTube (YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA) receives the information that you have accessed the corresponding subpage of our website. In addition, the data collected during the informational visit to our website is transmitted. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment to your YouTube profile, you must log out of your Google account before playing the YouTube videos. YouTube stores this data as usage profiles and uses it for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. For more information on the purpose and scope of data collection and processing by YouTube, please refer to YouTube’s privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de 

c. Google Maps 

By clicking on the Google Maps map on our website, Google (Google Maps is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA) receives the information that you have accessed the corresponding subpage of our website. In addition, the data collected during the informational visit to our website is transmitted. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the map. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising. For more information on the purpose and scope of data collection and processing by Google, please refer to Google’s privacy policy. There you will also find further information on your rights and setting options for protecting your privacy: https://policies.google.com/privacy?hl=de&gl=de. 

You can terminate this consent at any time by clicking the following button. The legality of the data processing operations already carried out remains unaffected by the revocation. 

d. reCAPTCHA 

With reCAPTCHA (provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). it should be checked whether the data input on our websites (e.g. in the demo form) is done by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. 

The data processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our web offers from abusive automated queries. 

For more information about Google reCAPTCHA and Google’s privacy policy, please see the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html. 

7. data deletion and storage period 

Unless otherwise specified in the individual sections, the stored personal data will be deleted if you revoke your consent to storage or if knowledge of this data is no longer required to fulfill the purpose for which it was stored. Furthermore, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. 

We regularly check whether the purpose for which the data was stored is still valid and delete your data immediately if this is no longer the case. However, with regard to the relevant data, the deletion will only take place after the expiry of the deadlines of the tax and commercial law regulations. 

8. disclosure of personal data and recipients 

We will not disclose personal data without your express consent, unless there is a legal reason for permission, e.g. if we are legally obliged to disclose data (information to law enforcement agencies and courts; information to public bodies that receive data based on legal regulations, e.g. social insurance agencies, tax authorities, etc.) or if we involve third parties bound to professional secrecy to enforce our claims. We share your personal data with the following recipients: 

  • We use processors to process personal data for the above-mentioned purposes, who process the personal data on our behalf. We always retain control over the respective personal data and remain the data controller. 
  • For payment processing in the course of orders, we transmit payment details to banks and payment service providers if required by the payment method. 
  • We transmit personal data in individual cases to courts, law enforcement agencies, supervisory authorities, other authorities, tax advisors and lawyers, insofar as this is legally permissible and necessary. 

9. automated decision making 

We will not use your personal data to make automated decisions (including profiling) concerning you that have legal effect on you or similarly significantly affect you. 

10. your rights 

You have the following rights. 

a. Right to information 

Pursuant to Art. 15 GDPR, you have the right to request information about your personal data stored by us free of charge. This also allows you to obtain a copy of the personal data we process about you and to verify whether we are processing it in a lawful manner. 

b. Right to rectification 

In the event of incorrect data, you have the right to rectification in accordance with Art. 16 GDPR. We are obliged to make the correction without delay. 

c. Right to restriction of processing 

You have the right under Article 18 of the GDPR to request that we restrict processing. This allows you to request the suspension of the processing of your personal information, for example, if you want us to determine its accuracy or the basis for processing. 

d. Right to deletion 

Pursuant to Art. 17 GDPR, you have the right to demand that we delete the personal data concerning you without undue delay if the data is no longer required for the purposes for which it was collected or, if the processing is based on your consent, you have revoked your consent. In this case, we must stop processing your personal data and remove it from our IT systems and databases. A right to deletion does not exist insofar as 

  • the personal data may not be deleted due to a legal obligation or must be processed due to a legal obligation; or 
  • the data processing is necessary for the assertion, exercise or defense of legal claims. 
e. Right to data portability 

Pursuant to Art. 20 GDPR, you have the right under certain circumstances to have the personal data concerning you, which you have provided to us, transferred to another controller in a structured, common and machine-readable format. 

f. Right of objection 

You have the right to object to the processing of your personal data insofar as the processing is based on our legitimate interests (or those of a third party) and there are grounds arising from your particular situation on the basis of which you wish to object to the processing on said basis. In particular, you have the right to object if we process your data for direct marketing purposes. 

g. Right to revoke consent under data protection law 

You have the right to revoke your consent to the processing of personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. 

h. Right to complain to a supervisory authority 

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR. 

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR. 

11. contact 

If you have any questions about the collection, processing or use of your personal data, for information, correction, blocking or deletion of data or general questions and suggestions on the subject of data protection, please contact us directly: 

Mr. Benedikt Woltering 
SoSafe GmbH 
Lichtstr. 25a  
50825 Cologne  
E-Mail: info(at)sosafe.de 

The appointed data protection officer is: Mr. Benedikt Woltering, Internal Data Protection Officer, can be reached at privacy(at)sosafe.de. 

Managing Directors: Dr. Niklas Hellemann, Lukas Schaefer, Felix Schürholz 

Commercial register: HRB96220, Cologne Local Court 

Status: July 2020 

Mandatory information according to Article 13 GDPR 

In the event of initial contact, we are obliged pursuant to Art. 12, 13 GDPR to provide you with the following mandatory data protection information:  
If you contact us by e-mail, we will only process your personal data if there is a legitimate interest in the processing (Art. 6 ( 
1) (f) GDPR), you have consented to the data processing (Art. 6 (1) (a) GDPR), the processing is necessary for the initiation, establishment, content or amendment of a legal relationship between you and us (Art. 6 (1) (b) GDPR) or another legal norm permits the processing. Your personal data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions – in particular retention periods under tax and commercial law – remain unaffected. You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to object, to data portability and the right to complain to the competent supervisory authority. Furthermore, you can request the correction, deletion and, under certain circumstances, the restriction of the processing of your personal data. For details, please refer to our privacy policy above. 

  • Bundesministerium für Wirtschaft und Energie
  • Exist - Existenzgründungen aus der Wissenschaft
  • ESF - Europäischer Sozialfonds für Deutschland
  • Europäische Union
  • Zusammen. Zukunft. Gestalten.