Privacy policy

Legal information
as of 20.07.2022

Your trust is very important to us. neosfer GmbH takes the protection of your personal data very seriously and complies with all appropriate data protection regulations. Personal data is only collected, processed and used if the person concerned has given their consent or if the collecting, processing or using of data is allowed or required by law.

Personal data is only collected to the extent that it is required for technical reasons. Under no circumstances will the data that is collected be passed on to third parties without the consent of the person concerned. The following information provides an overview of how neosfer GmbH ensures that your data is protected, what type of data is collected on the website and for which purposes it is processed or used.

1.    Contact details of the controllerand the data protection officer

Responsible for the processing of data on this website: neosfer GmbH
Eschersheimer Landstraße 6
60322 Frankfurt am Main
(Hereinafter referred to as “Company”)

You can reach our Data Protection Officer at neosfer GmbH
Data Protection Officer
Eschersheimer Landstraße 6
60322 Frankfurt am Main

2. Information regarding the processing of your personalised data

2.1.      Data categories
Within the scope of use of our websites, hereinafter referred to as “Online offer”, we process the following personalised data: Personalised data such as first name and surname, e-mail address, phone number, or other information provided within the scope of contacting us or details pertaining to a planned project that you have provided to us voluntarily within the scope of an online offer (e.g., during registration, request for more information, within the scope of soliciting an offer/quotation). HTTP data references protocol files that are generated when accessing the website via the Hypertext Transfer Protocol (Secure) (HTTP(S)): This includes the IP address, the browser type and version, the operating system used, the websites accessed prior to visiting the reference URL, as well as the date and time of the access. HTTP(S) data is also generated on the servers of third-party providers (e.g., when accessing third-party content). Error data is a saved error message generated by the server or individual applications.

2.2.      Purposes and legal basis for data processing
In some cases, we expressly request your approval in order to process your personalised data. In this case, the legal basis for the processing of your personalised data is the consent provided by you as per Article 6, Sec. 1(a) GDPR in conjunction with Article 7 GDPR. This consent can be revoked by you at any time with effect for the future.

2.2.1.  Technical administration of the website
When using the website, the browser installed on your device will send certain technically relevant information to our website’s server (among other information: HTTP data, search function data, cookies settings, as well as error data). This data is stored on the services of our hosting provider Firebase Inc. as explained in paragraph 5.

The data processing serves to repel and detect fraudulent activities or similar acts, including attacks on our IT infrastructure, as well as to enable user verification. At the same time, the processing serves to provide the requested website content and to manage all required troubleshooting. The legal basis for this data processing is our legitimate interest (Article 6, Sec. 1(f) GDPR). The use of the website is not possible without divulging personalised data such as the IP address. Communication via the website without the provision of data is not technically feasible.

2.2.2.  Provision of services
Furthermore, we process data to enable the use of our website and to process queries, or to send marketing information upon request. This data is processed via Firebase Inc. as described in paragraph 5. The legal basis for this data processing is the initiation of contractual relationships or the fulfilment of our contractual obligations (Article 6, Sec. 1(b) GDPR) as well as our legitimate interest (Art. 6, Sec. 1(f) GDPR). Without the ability to process your personalised data, we would not be able to fulfil the existing contract and/or process your enquiries.

2.3.      Request for contact
In order to contact us, we provide e-mail addresses our website. It can be used for contacting us electronically. If a user selects this option, the data entered into the e-mail is transferred to us and some of the data is stored. In this regard, the data is not forwarded to third parties not affiliated with the company. The data is exclusively used for the processing of the correspondence between the parties.

The legal basis for the processing of the data that is transferred via e-mail is Article 6, Sec. 1(f) GDPR. If the e-mail correspondence is targeting or insinuating the conclusion of a contract, then Article 6 Sec. 1(b) GDPR provides an additional legal basis for the processing. The data will be deleted as soon as the grounds for its collection are no longer valid and no other legal retention periods exist, for example due to tax-specific laws.

The user always has the ability to object to the processing of their personalised data. In these cases, the communication with the user must be discontinued. To do so, please send an e-mail requesting deletion to All personalised data that is stored within the scope of communication will be deleted, insofar as no other (statutory) retention periods apply.

3. Processing of personalised data for customer service surveys and direct marketing

Insofar as you have provided us with your consent – or if we are authorised within the scope of existing customer relationships – your contact data will also be used for direct marketing purposes (such as event invitations, newsletters) or for conducting customer satisfaction surveys. You have the right to object to the use of your contact data for these purposes. If you would like to exercise your right of objection, then please send an e-mail to or follow the appropriate instructions provided in any of the advertising mails you have received from us. The legal foundations for the processing of your data for advertising purposes are listed in Article 6, Sec. 1(f) GDPR (in case of an existing business relationship) or Article 6, Sec. 1(a) GDPR if you have provided us with your consent.

4.        Social media

On the basis of Article 6, Sec, 1 (1f) GDPR, we use links to the social networks LinkedIn, Twitter,, and YouTube, to advertise our products and services as well as to contact you as the user sand visitors to our social media sites. The links can be recognised by the respective logo of the social network. By clicking on the logo, your browser will connect to the server of the respective service and you will be forwarded to the service provider’s website.

4.1.     LinkedIn
This website links to our page on LinkedIn, a service which is used for expanding business contacts and networking. The operating company of LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. We point out that LinkedIn is responsible for corresponding transmission and processing procedures. What specific data LinkedIn receives and how this data is used is generally described in LinkedIn’s Data privacy policy.

4.2.     Twitter
On our website, we provide a link at the footer of the page that links to the short message service Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA. The responsible party for the data processed for individuals living outside of the United States is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. By using Twitter, your personalised data is recorded, transferred, stored, published, and used by Twitter Inc., whether you reside in the United States, Ireland, or in any other country in which Twitter operates its business. Once transferred, your data may continue to be stored and used. First, Twitter processes any information you voluntarily enter, such as your name and user ID, email address, phone number, and the contacts in your address book when you upload or sync it. Furthermore, Twitter also analyses the content shared by you in terms of what topics interest you. In some cases, Twitter may store and process confidential messages. Information about what data Twitter processes and for what purposes this data is used is available in Twitter’s Privacy Policy.

On our website, we link to the social media platform, which is operated by A Medium Corporation, 760 Market Street, San Francisco, CA 94102United States. The EU representative is VeraSafe Ireland Ltd., Unit 3D North Point House, North Point Business Park, New Mallow Road Cork T23AT2P, Ireland. The data collected by Medium is processed by A Medium Corporation and, if required, transferred to other companies. Information about what data the Medium Corporation processes and for what purposes this data is used is available in their Data Privacy Policy.

5. Website Hosting via Firebase Inc.

We host our website with Firebase Inc. When you visit our website, Firebase collects various log files including your IP addresses. Firebase is a tool for hosting websites. The use of Firebase is based on a processing agreement according to Art. 28 GDPR.

5.1      Commissioned data processing
We have concluded a processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

6. Recipients andrecipient categories

Within our company, access to your data is granted to those departments that need it to fulfil contractual and legal obligations. Moreover, the service providers and vicarious agents commissioned by us can receive data from us if they particularly ensure confidentiality and integrity. These service providers are companies representing the IT services industry, printing services, telecommunication services, as well as sales and marketing.

When forwarding data to recipients not affiliated with our company, it must be considered that only mandatory personalised data is forwarded under consideration of the applicable data protection provisions. We are fundamentally only permitted to forward your data if required by law, if you have provided your consent, or if we are authorised to provide information. Under these requirements, the recipients of personalised data can be:

  • Public bodies and institutions (e.g., tax authorities, law enforcement agencies, family courts, land registry offices) if there is a legal or official obligation,
  • Financial institutions and financial services or similar institutions, to whom we transfer personalised data within the scope of our business relationship (e.g., banks, credit agencies),
  • Other affiliated companies for risk management due to legal or regulatory obligations,
  • Creditors or insolvency administrators inquiring in the context of a foreclosure/compulsory execution,
  • Auditors (CPAs),
  • Service providers whose services we utilise for order processing.
7.         Transfer tothird-party countries

We do not transfer data to third-party countries.

8.         Duration of storage

We process and store your personalised data as long as this is required for fulfilling our contractual obligations and exercising our rights. If the data is no longer required for fulfilling our contractual or legal obligations, then this data will be regularly deleted unless its – limited – processing is required for the following reasons:

  • Fulfilment of commercial or fiscal retention periods listed in the German Commercial Code (HGB), Tax Code (AO), and the Money Laundering Act (GwG). The prescribed periods for retention and documentation are usually two to ten years.
  • Preservation of evidence within the limits of the statutory limitation provisions. In accordance with Article 195 and sequential of the German Civil Code (BGB),these statutory limitation periods can be up to 30 years, whereby the typical statutory limitation period is three years.
9.         Data security

Our employees and the service providers used by us are obligated to retain confidentiality and compliance with the provisions of applicable data protection laws. The company makes the required technical and organisational precautions in order to protect your personalised data from loss, alteration, deletion, and access through an unauthorised party or due to unauthorised forwarding. Our security measures are continually being updated and improved in accordance with the most recent technological developments.

10.      Rights of the affected parties

Every affected party has the right to information as per Article 15 GDPR, the right to correction of data as per Art. 16 GDPR, the right to deletion as per Art. 17 GDPR, the right to limitation of processing as per Art. 18 GDPR, as well as the right to data transferability as per Art. 20 GDPR.

With regard to the right to information and the right of deletion, the restrictions pursuant to Articles 34 and 35 BDSG (Federal Data Protection Act) apply. Beyond this, the affected party has a right of appeal to a responsible data protection supervisory authority (Art. 77 GDPR in connection with Art. 19 BDSG).

You can revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent, which were provided to us prior to 25 May 2018, the date the GDPR became effective. Please consider that the revocation only applies to the future.

You have the right, for reasons related to your personal situation, to object the processing of your personal data, which particularly is processed in accordance with Article 6, Sec.1(f) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms. In particular, this includes that the processing of the data is mandatory for the assertion, exercise, or defence of legal claims.

Beyond this, you have the right, in accordance with Article 22 GDPR, not to be subject to fully automated decision making. We generally do not use any fully automated decision-making function for establishment, implementation, and termination of the business relationship. If we employ this process in individual cases (e.g.,to improve our products and services) we will inform you about this as well as about your related rights, insofar as this is prescribed by law.

11.      Obligation to provide data

Within the scope of our business relationship, you must provide the personalised data that is essential for the initiation, execution, and termination of that business relationship and for the fulfilment of the resulting contractual obligations or which we are legally obligated to collect. Without this data, we will generally not be in the position to conclude, execute, or terminate a contract with you.

The same applies when visiting our online offer and the collection of user data. Without the collection of usage data, neither we nor our service providers are in the position to provide you with our online offer. For the use of demo functionalities it is not necessary to provide your personal data. You may use instead demo data.

12.      Profiling

We do not process your personal data in an automated manner that has any legal impact on you or similarly affect you in another significant way.

13.      Effectiveness and amendments to thisData Privacy Policy

This Data Privacy Policyis current and was last updated in July 2022.

Neosfer GmbH
part of Commerzbank Group

Eschersheimer Landstraße 6,
60322 Frankfurt am Main,

With made in Germany
Tel: +49 (0)69 71913870