Privacy policy

We take the protection of your personal data seriously. This information applies to the processing of your personal data when you visit our website.

1. responsible person and data protection officer

The controller within the meaning of the EU General Data Protection Regulation („GDPR“) is

Cosphatec GmbH
Hopfenmarkt 33
20457 Hamburg
Germany

Telephone number: +49 40 3501699-0
E-Mail: info@cosphatec.com

We have appointed a data protection officer. You can reach our data protection officer at privacy@cosphatec.com.

Your data may also be processed by one of our affiliated companies. In this case, you will find a corresponding note in the data protection information. Our other companies are

Cosphatec Paris SAS, Work & Share, 1 Rue du Débarcadère, 92700 Colombes, France
Cosphatec (Shanghai) Co., LTD., Unit 812A, Towe 1, German Centre, 88 Keyuan Road, Pudong 201203 Shanghai P.R., China

2. processing on our website

The following personal data is processed in connection with your visit to our website.

2.1 Web hosting

When you visit our website, we process personal data in order to guarantee the smooth, functional and secure operation of our website. The following data may be processed (so-called log files):

Operating system and current IP address (last octet truncated) of the device you use to visit our website
Browser (type, version and language setting)
the amount of data retrieved
Date and time of access
the URL of the previously visited website (referrer)
the URL of the (sub)page that you call up on the website
the Internet service provider of the accessing system

The collection of log files is technically necessary in order to display our website to you and to ensure the stability and security of the website. This is also our legitimate interest in data processing. The legal basis is Art. 6 para. 1 lit. f GDPR.

The hosting and administration of this website is carried out by the service provider HmbG GmbH. Your data will be processed in a German data centre by Estugo, Alexander Mehner, Schuhhagen 18, 17489 Greifswald. Your IP address is anonymised 24 hours after collection by deleting the last octet and completely deleted after 7 days.

2.2 Making contact

If you contact us via our form or by e-mail, we will process the data you provide, as well as any additional personal data transmitted by your message. The data includes your first and last name as well as your e-mail address and other information that you provide when contacting us, such as completed order forms.

The data is processed on the basis of Art. 6 para. 1 lit. b GDPR as part of the initiation or implementation of pre-contractual measures or on the basis of our legitimate interest in processing and responding to your other concerns in accordance with Art. 6 para. 1 lit. f GDPR. Further information is not mandatory for establishing contact and is therefore provided voluntarily on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

Your personal data will be deleted - subject to statutory retention periods - as soon as the purpose of storage no longer applies, i.e. your enquiry has been fully processed and no further communication with you is required or requested by you. Your enquiries are generally processed by Cosphatec GmbH, but may be transmitted to our affiliated companies in the course of processing your enquiry.

To provide our e-mail inbox, we work with the Microsoft Ireland Operations Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. The data is generally processed in the EU. However, as a data transfer to Microsoft Inc. in the USA (third country) cannot be completely ruled out, an order processing contract has been concluded with Microsoft using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Microsoft Inc. is certified in accordance with the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data.

2.3 Newsletter and existing customer advertising

If you register for our newsletter, we will process your e-mail address to inform you about news and offers. You can voluntarily subscribe to our newsletter at any time on our website. The registration for our newsletter takes place in a so-called double opt-in procedure. After registering, you will receive a confirmation link to the email address you have provided. By clicking on the link provided there, your registration is complete. We store your e-mail address as well as the date and time of registration.

For the dispatch of our newsletter, we work with the service Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. We have concluded an order processing contract with the service provider. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you can revoke at any time and without giving reasons with effect for the future (e.g. via the corresponding link at the end of each newsletter).

We store your data for as long as you have given your consent to receive the newsletter. The legal basis for sending the newsletter as a result of the sale of goods or services is our legitimate interest in advertising to existing customers in accordance with Art. 6 para. 1 lit. f GDPR.

The sending of newsletters is analysed. The data you enter for the purpose of subscribing to the newsletter is stored on our provider's servers in Germany. If you do not want us to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent contain a so-called tracking pixel, which connects to the servers of our service provider when the email is opened. This allows us to determine whether a newsletter message has been opened. We can also determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links with which your clicks can be counted.

The data is generally stored for as long as your consent or our legitimate interest in the processing exists. The data will be deleted immediately in the event of an objection or revocation of your consent.

2.4 Partner and distributor area

We also provide an area on our website for our registered partners and distributors with additional information on all Cosphatec products, marketing materials, press releases and other helpful content. For access to this separately protected area, a corresponding contractual relationship between Cosphatec and the customer is required, which authorises you to use the access. As part of the use of the protected area, we process further personal data, such as your log-in information and content used and downloaded (date, time, content).

The legal basis for the processing of your data is our legitimate interest in providing a secure and informative service for our partners and distributors in accordance with Art. 6 para. 1 lit. f GDPR. We only store your data for this purpose for as long as it is necessary to fulfil the purpose and delete it, subject to statutory retention periods, as soon as processing is no longer necessary for the purpose.

2.5 Webinars

When you participate in webinars and online events, we process your name, e-mail address, IP address and other technically required data, as well as the audio, video and text content you send, your telephone number and, if applicable, your profile picture for the purpose of organising the event.

Your data is processed for the purpose of conducting the webinars, which is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. For paid webinars, Art. 6 para. 1 lit. b GDPR is also the relevant legal basis, insofar as the data is processed to fulfil a contract with you. The provision of the information is necessary for participation in the webinars. We store your data for as long as it is necessary for the realisation of the corresponding event and delete it, subject to relevant statutory retention obligations, as soon as processing is no longer necessary.

We work with the following software for the organisation of webinars and online events Zoom, Provided by Zoom Video Communications, Inc, 55 Almaden Blvd, Suite 600, San Jose, CA 95113, the data is generally processed in the EU. However, as a data transfer to Zoom in the USA (third country) cannot be completely ruled out, an order processing agreement has been concluded with Zoom using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission.

2.6 YouTube videos

We have integrated YouTube videos into our online offering that are based on http://www.YouTube.com and can be played directly from our website. YouTube is a Google service and is provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. YouTube videos are all integrated in „extended data protection mode“, i.e. no data about you is transmitted to YouTube if you do not play videos. Only when you play the videos will the following data be transmitted. We have no influence on this data transfer. The legal basis for the processing is our legitimate interest in the presentation of video content on our website.

When you visit the website and play a video, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, further information about the use of this online offer (including your IP address) is transmitted to a YouTube server and, if necessary, to the USA and stored there. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to YouTube, your data will be assigned directly to your account. If you do not want this assignment to your profile on YouTube, you must log out before interacting with the content. YouTube stores data as user profiles and uses them for the purposes of advertising, market research and/or customising its website.

Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy, as well as further information on rights and settings to protect privacy: https://www.google.de/intl/de/policies/privacy. The data is generally processed in the EU. However, since a data transfer to Google LLC in the USA (third country) cannot be completely ruled out, an order processing contract has been concluded with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Google is certified in accordance with the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data.

3. tracking and advertising

We process your data on our website to analyse and improve our online offering and our advertising efforts. You can find an overview of the processing purposes and service providers used in our Cookie Policy. The following processing operations describe the purposes we pursue and your data processed in the process:

3.1 Cookies

Cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the location that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer. They are used to make the website more user-friendly and effective overall. We use technically necessary cookies that are required for the provision of the website. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR i.V.m. § Section 25 para. 2 no. 2 TDDDG. Our legitimate interest lies in the technically flawless and user-friendly presentation of the website.

For cookies that are not technically necessary, the processing is based on your consent in accordance with Section 25 (1) TDDDG and Art. 6 (1) sentence 1 lit. a GDPR. We request your consent as part of our cookie banner. You can revoke your consent at any time and without giving reasons with effect for the future by removing the tick you have set for consent in the cookie banner under the respective category and then saving the settings. You can open the cookie banner at any time via the overlay displayed in the bottom left-hand corner of your screen. You can find more information about the cookies used on this website in our cookie banner.

3.2 Compliance consent management

We use the Complianz consent manager to store your consent. The provider is Complianz BV, Kalmarweg 14-5, 9723 JG, Groningen, Netherlands. This software enables us to request consent on our website. Your IP address and your corresponding decisions are processed and stored in the consent manager. The legal basis for the processing is Art. 6 para. 1 lit. c GDPR i.V.m. § Section 25 para. 1 sentence 1 TDDDG.

We store the consent you have given in a cookie on your end device. Your data will be stored for a maximum of 24 months. You can use our Cookie Policy adapt and revoke your consent at any time.

3.3 Plausible analytics

We use the web analytics service Plausible Analytics to continuously optimise our website, both technically and in terms of content. Plausible is a trademark of Plausible Insights OÜ, Västriku tn 2, 50403, Tartu, Estonia, registration number 14709274, hereinafter referred to as „Plausible“. Plausible pursues a particularly data protection-friendly approach to analysing your visit. For this purpose, Plausible collects the following information, among other things Date and time of your visit, title and URL of the pages visited, incoming links, the country in which you are located and the user agent of your browser software.

Plausible does not use or store any „cookies“ on your end device. All personal data (e.g. your IP address) is stored completely anonymised in the form of a so-called hash. In addition, Plausible only allows the aggregated evaluation of visitor statistics, which means that we cannot track your individual behaviour on our site. In this way, we can analyse your visit without storing personal data in a form that could be read by us, Plausible or third parties.

The legal basis for the processing is our legitimate interest in the improvement and further development of our website in accordance with Art. 6 para. 1 lit. f) GDPR. Your personal data will be deleted or anonymised immediately after collection. You can find further information on data protection at Plausible at https://plausible.io/data-policy.

3.4 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 E5W5, Ireland. The cookie used for this purpose enables us to analyse the use of our website. Google uses this information on our behalf to analyse the use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.

The information generated by the cookie can also be transmitted to a Google LLC server in the USA and stored there. On our website, Google Analytics has therefore been extended by the code „anonymizeIp“ to ensure anonymised collection of IP addresses (so-called IP masking). This means that the IP address of the user is first truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA (third country) and truncated there. The IP address transmitted by the browser used as part of Google Analytics is not merged with other Google data.

The legal basis for the use of Google Analytics is your consent in accordance with Section 25 (1) sentence 1 TDDDG, Art. 6 (1) sentence 1 lit. a GDPR, which you can give via the cookie banner and also revoke at any time without giving reasons with effect for the future in cookie management. The personal data processed by Google Analytics is stored for 14 months and then automatically deleted.

We have concluded an order processing contract with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Google is certified in accordance with the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data.

3.5 Google reCAPTCHA

We use the open source technology reCAPTCHA from Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland on our website.

This service helps our website to prevent spam and block bots. The programme recognises whether the user is a real person or a bot in order to protect our website from cyber attacks.

reCAPTCHA works with an algorithm that collects and analyses a user's interactions with a website to create a score. The final score indicates whether the activity is suspicious. This version aims to improve the user experience by eliminating the need for queries and creating a seamless user experience.

The following data is processed by reCAPTCHA: Mouse and keyboard behaviour (every action you perform with the mouse or keyboard), information about your operating system, date and language settings of your browser, the Google cookies placed on the website, your answers to the question fields on the website, referrer URL (via which website/advertising media you came to this website), CSS information, all JavaScript objects, screen resolution and the plug-ins installed in your browser. The algorithm also recognises IP addresses that were previously recognised as human by cookies.

The legal basis for the processing of your personal data is our legitimate interest in protecting our contact options from misuse and spam in accordance with Art. 6 para. 1 lit. f GDPR. You have the right to object to the processing under the contact options mentioned.

3.6 LinkedIn Insight Tag

Our website uses the „LinkedIn Insight Tag“ conversion tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2 („LinkedIn“). This tool collects the following data, among others IP address, device and browser characteristics and page events (e.g. page views). This data is encrypted, anonymised within seven days and the anonymised data is deleted within 90 days. LinkedIn does not share any personal data with Cosphatec, but offers anonymised reports on the website target group and display performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. Cosphatec can use this data to display targeted advertising outside its website without identifying you as a website visitor.

The legal basis for the use of LinkedIn Insight Tag is your consent in accordance with § 25 para. 1 sentence 1 TDDDG, Art. 6 para. 1 lit. a GDPR, which you can give via the cookie banner and also revoke at any time without giving reasons with effect for the future in cookie management.

Processing generally takes place on servers within the EU. However, a transfer of data to the parent company of LinkedIn in the USA cannot be ruled out. Any transfers take place on the basis of the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, LinkedIn is certified under the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data.

3.7 Google Maps

We use the map service Google Maps from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 E5W5, Ireland on our website. The purpose of the processing is to display our locations on our website. Your IP address and connection data (device type, session, browser, device dimensions, operating system) are transmitted to Google and Google sets cookies on your end device.

The legal basis for the use of Google Maps is your consent in accordance with Section 25 (1) sentence 1 TDDDG, Art. 6 (1) lit. a GDPR, which you can give via the consent management and also revoke at any time without giving reasons with effect for the future.

Data processing is generally carried out on servers within the EU, but a transfer to Google's parent company in the USA cannot be ruled out. We have concluded an order processing contract with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. In addition, Google is certified in accordance with the EU-US Data Privacy Framework. The adequacy decision of the European Commission therefore applies to transfers of personal data. Further information on the data processed through the use of Google Maps can be found in the privacy policy at https://policies.google.com/privacy.

3.8 Google Ads Conversion Tracking

We use the online advertising programme „Google Ads“ on our website and, in this context, conversion tracking (visit action analysis). Google Conversion Tracking is an analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you click on an advert placed by Google, a cookie for conversion tracking is stored on your computer. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognise that you have clicked on the ad and have been redirected to this page. Each Google Ads customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of Ads customers.

The information collected with the help of the conversion cookie is used to compile statistics on the effectiveness of our adverts. This tells us the total number of users who clicked on one of our adverts and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

Google Ads Conversion Tracking is used with your consent on the basis of Section 25 (1) sentence 1 TDDDG in conjunction with Art. 6 (1) lit. a GDPR. Art. 6 para. 1 lit. a GDPR. Your personal data is processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future.

Your data may be transferred to the USA. We have therefore concluded an order processing contract with Google using the EU standard contractual clauses. The EU standard contractual clauses are available on the website of the European Commission. Your processed personal data will be deleted by us after 90 days.

4. social media accounts

4.1 Instagram

We operate the Instagram account https://www.instagram.com/cosphatec/ and work together with Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Meta“). When you visit these pages, your personal data is processed by Meta. This includes your connection data, such as your IP address, data on the end device used and data on your activities on the respective social media platform. If you are logged into your platform account while visiting our pages on the respective social network, this information can also be assigned to you personally and your account. To avoid this, you should log out of your account.

It is important for us to make it clear that we have no control over the personal data used by Meta for its own purposes or the extent to which activities are assigned to users, stored, analysed or passed on to third parties. Meta ensures that it provides a legal basis for the processing of your personal data and informs you of this. We have no precise information about the storage period of the data processed by Meta. For („German“) IP addresses, anonymisation and deletion takes place after 90 days. To assert your rights mentioned below in the context of data processing by Meta, please contact Meta directly at https://help.instagram.com/639208781107982/?helpref=hc_fnav.

4.2 LinkedIn

We operate a company page on the LinkedIn platform: https://www.linkedin.com/company/cosphatec?originalSubdomain=de and work together with LinkedIn Ireland Unlimited Company, Gardner House, 2 Wilton Pl, Dublin 2, D02 CA30, Ireland („LinkedIn“). LinkedIn and Cosphatec process your personal data as joint controllers. LinkedIn provides Cosphatec with so-called Insight data. This is exclusively aggregated information on the reach and success of our company presence on LinkedIn. When you visit our company page, follow our page or otherwise interact with our page, personal data is processed by LinkedIn. This includes data on profession, country, industry, seniority, company size and employment status.

It is important for us to clarify that we have no influence on the personal data used by LinkedIn for its own purposes or the extent to which activities are assigned to users, stored, analysed or passed on to third parties. To assert your rights mentioned below in the context of data processing by LinkedIn, please contact LinkedIn directly using the form available here: https://www.linkedin.com/help/linkedin/ask/cp-master.

4.3 YouTube

We continue to process personal data together with YouTube as part of our YouTube channel (https://www.youtube.com/@cosphatecgmbh). When operating our channel, YouTube processes personal data in order to provide us with analyses of our viewers and videos. We receive the following information about our viewers as part of YouTube's YouTube Analytics service:

Number of total video views and average video views per person and their trend (by how much decreasing/increasing)
Number of subscribers and their trend
Number of visitors to the channel
Interactions from viewers (likes, comments, shared content)
Time spent by visitors on the channel, with videos or until they subscribe
The reach of the video
The percentage of videos that a user watches on average from the videos

We have no influence on the analysis of user data for this purpose. Further information on the processing of personal data, such as the legal basis and the storage period of this information by YouTube, can be found here: https://policies.google.com/privacy?hl=de. To exercise your rights, you should therefore contact YouTube directly.

We only process personal data for the operation of our YouTube channel when interacting with our viewers. We respond to comments and interact with our viewers via the comment function. The legal basis for the processing is our legitimate interest in the interaction with our viewers and the appealing presentation of Cosphatec on common online platforms in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. To exercise rights in connection with Cosphatec's processing activities, you can contact us using the contact information above.

5. your rights

You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, we will be happy to provide you with information about this personal data and the information listed in Art. 15 GDPR. In addition, you have the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to data portability (Art. 20 GDPR) and the right to object to processing (Art. 21 GDPR) under the respective legal requirements. If the processing is based on your consent, you have the right to withdraw this consent at any time (Art. 7 para. 3 GDPR); however, the lawfulness of the processing carried out on the basis of the consent and until the withdrawal remains unaffected.

To exercise your rights as a data subject, please contact the address stated in section 1.

You also have the right to lodge a complaint with a competent supervisory authority at any time if you are of the opinion that the processing of your personal data by us violates data protection regulations (Art. 77 GDPR).

6. updating and amending the privacy policy

We reserve the right to amend this privacy policy at any time in compliance with the applicable data protection regulations.

The current status is: May 2026