Privacy Policy
- 1 Information on the processing of personal data
Data protection is not only a legal obligation for us, but also a matter of course. With the following information, we would like to inform you in accordance with the legal provisions about what happens to your personal data during your visit to our website. Personal data is any information that can be associated with you as an identified or identifiable individual. This Privacy Policy applies to the websites and services through which it is made available. Different privacy statements may apply to our other websites and services.
The controller within the meaning of data protection law is the
Comosoft GmbHOtto-Wels-Str. 4922297 Hamburg
Tel. +49 40 853318-0Fax. +49 40 853318-99
You can reach our company data protection officer at the above address with the letter “The Data Protection Officer” or by email at:
You can find further contact options for us in our provider identification (“Imprint“).
- 2 Your rights
(1) You have the following rights vis-à-vis us, in each case to the extent permitted by law and subject to the legal requirements, with regard to personal data concerning you:
- Right to information,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to revoke consent given with effect for the future,
- Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about violations of data protection regulations.
(3) If you have given your consent to the processing of your data, you can revoke it at any time. Such a withdrawal will affect the permissibility of the processing of your personal data after you have given it to us.
If we base the processing of your personal data on a balancing of interests, you can object to the processing. This is particularly the case if the processing is not necessary for the performance of a contract with you, which we describe in the following functional description. If you exercise such an objection, we ask you to explain to us the reasons why we should not process your personal data in the manner we have undertaken. In the event of a justified objection, we will examine the facts of the case and either stop or adjust the data processing or explain to you our compelling legitimate reasons for continuing the processing. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact details mentioned above.
- 3 Collection of personal data when you visit our website
(1) If you use the website for informational purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you want to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (concrete page)
- Access Status/HTTP Status Code
- amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
(2) Use of cookies:
Our websites use cookies and similar technologies. Cookies are small text files that are stored by the internet browser on the user’s end device. A cookie usually contains a characteristic string of characters that allows the browser to be uniquely identified when the website is called up again.
Cookies are used to make the website more user-friendly, to optimise the functions and services of the website and to provide you with content tailored to you.
The use of technically necessary cookies serves to enable and facilitate the use of the website and the functions offered. Some functions of this website cannot be offered without the use of cookies.
The user data collected by technically necessary cookies is not used to create user profiles.
In addition, with your separate consent, cookies may be used for the provision of external media, such as films and maps, as well as for the analysis of the use of the website and other functions.
By changing the settings of your internet browser, you can disable or limit the use of cookies. Cookies that have already been set can be deleted at any time. This can also be done automatically. If cookies are disabled for the website, it may not be possible to take full advantage of all the features of the website.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) (f) GDPR, whereby the legitimate interest of the controller is the secure, stable and efficient provision of the functions of the website and the information that can be accessed via it. Insofar as we fulfil a contractual obligation towards you with the respective function, the legal basis is Art. 6 para. 1 lit. b GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes and for other non-technically necessary processing purposes is Art. 6 (1) (a) GDPR in conjunction with § 25 TDDDG if the user has given his or her consent.
- 4 Communication
If you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable. Your name and telephone number as well as the content of your message) will be stored by us for the purpose of processing your enquiry, for further communication with you or in your affairs, for the processing of the contracts concluded with you, for the assertion and enforcement of our claims as well as for the maintenance and further development of the business relationship with you or the company for which you work, and for the other business purposes listed below. We delete the data generated in this context as soon as storage is no longer necessary or restrict the processing if statutory retention obligations exist. The legal basis for the processing of your data in the context of communication with you is Art. 6 (1) (a) GDPR if consent has been given. If the communication serves the performance of a contract with you or the implementation of pre-contractual measures, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR, in all other cases our legitimate interest in an efficient, customer-friendly and targeted processing of your request, in documentation and evidence, in the improvement of our customer service or in the clarification and elimination of technical problems in connection with Art. 6 para. 1 lit. f GDPR as well as any legal obligation incumbent on us that requires the storage and processing of your data in conjunction with Art. 6 para. 1 lit. c GDPR.
Customer Area / Helpdesk (Art. 6 para. 1 lit. a, b EU GDPR)
On our website, we offer customers to register for our customer area and our helpdesk by providing personal data. The principle of data economy and data avoidance is observed, as only personal data necessary for registration, i.e. in the case of our customer area your e-mail address and in the case of our helpdesk, name, e-mail address and company are recorded.
If you do not provide us with the required mandatory information, you will unfortunately not be able to log in to our customer area. An alternative way to contact the helpdesk is our support telephone number +49 40 85331840.
Once the registration process has been completed, your data will be stored with us for the use of the protected areas. Your assigned passwords are encrypted and not accessible to us. If you have forgotten your password, please use the “Forgot password” function.
Advertising purposes for existing customers (Art. 6 para. 1 lit. f EU GDPR)
Comosoft GmbH is interested in maintaining the customer relationship with you and in providing you with information and offers about our products / services (newsletters, product data sheets). Therefore, we process your data in order to send you relevant information and offers by e-mail.
If you do not wish this, you can object at any time to the use of your personal data for the purpose of direct marketing; this also applies to profiling, insofar as it is related to direct advertising. If you object, we will no longer process your data for this purpose.
The objection can be made free of charge and without giving reasons and should be sent to datenschutz@comosoft.de by e-mail if possible . Alternatively, you can use the telephone contact option at +49 40 8533180.
AI-powered processing of email communications
As part of our e-mail communication, we also use automated systems based on artificial intelligence (AI). They support us in particular with
- the analysis and classification of incoming messages for categorization and prioritization,
- the detection and filtering of spam, malware, phishing and other security-related content,
- automated quality assurance and compliance checking, and
- support in the preparation of answers through AI-supported suggestion systems.
Communication metadata (sender, recipient, timestamp, subject), the message content and, to the extent necessary for the security check, attachments and technical identifiers (e.g. IP address, message ID) are processed.
Depending on the individual case, the legal basis is:
- 6 (1) (b) GDPR – Performance of a contract and pre-contractual measures: Insofar as the processing serves the initiation, implementation or settlement of a contractual relationship with you.
- 6 (1) (c) GDPR – Legal obligation: Insofar as the processing is necessary for the fulfilment of legal obligations, in particular in the area of IT security and the storage and documentation of business communication.
- 6 (1) (f) GDPR – Legitimate interests: Insofar as the processing is necessary to protect information security, to avert cyber threats, to maintain orderly business operations and for efficient message processing, and your interests worthy of protection do not prevail.
The processing is carried out exclusively by servers within the EU/EEA; a transfer to third countries does not take place in this respect. If we use processors for this purpose, this is done on the basis of a contract in accordance with Art. 28 GDPR.
Security-relevant log data is stored for a period of 3 months and then automatically deleted, unless it is required for current purposes such as to check and clarify irregularities in data processing. E-mail content and attachments with business relevance are subject to the general retention periods under commercial and tax law (§ 147 AO, § 257 HGB) of up to ten years. AI-generated analysis results without personal reference can be used anonymously to improve the system.
If, in exceptional cases, automated decisions with legal or comparably significant effects are made in the context of AI processing (Art. 22 GDPR), we will inform you separately; In this case, you have the right to human review, to express your point of view and to contest the decision.
- 5 Web Tracking and Tools
- Google Analytics
This website uses Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), to enable an analysis of your use of the website.
By default, when you visit the website, Google Analytics 4 sets cookies, which are stored on your computer as small text files and collect certain information. This information also includes your IP address, which, however, is shortened by Google by the last digits in order to exclude direct personal reference.
The information is transmitted to and processed by Google servers. This may also result in transfers to Google LLC, based in the USA, as a technical service provider.
On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity for us and to provide other services related to website activity and internet usage. The IP address transmitted and shortened by your browser as part of Google Analytics will not be merged with other Google data. The data collected in the context of the use of Google Analytics 4 will be stored for a period of two months and then deleted.
All of the aforementioned processing, in particular the setting of cookies on the device used, will only take place if you have given us your express consent in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 TDDSG. Without your consent, Google Analytics 4 will not be used during your visit to the site. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please disable this service via the cookie manager provided on the website.
We have concluded a data processing agreement with Google that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision of the European Commission. For more information, please visit the following link: https://www.dataprivacyframework.gov/list
For more legal information on Google Analytics 4, see https://business.safety.google/intl/de/privacy/,https://policies.google.com/privacy?hl=de&gl=de, and https://policies.google.com/technologies/partner-sites.
Demographics
Google Analytics 4 uses the special “demographic characteristics” function and can use it to compile statistics that make statements about the age, gender and interests of site visitors. It does this by analyzing third-party advertising and information. This allows target groups for marketing activities to be identified. However, the data collected cannot be assigned to a specific person and will be deleted after a storage period of two months.
Google Signals
As an extension to Google Analytics 4, Google Signals can be used on this website to generate cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google may, subject to your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) GDPR, analyze your usage behavior across devices and create data patterns on cross-device conversions, among other things. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analytics, you can turn off Ads Personalized in your Google Account settings. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=de For more information about Google Signals, please visit the following link: https://support.google.com/analytics/answer/7532985?hl=de
User IDs
As an extension to Google Analytics 4, the “UserIDs” function can be used on this website. If you have consented to the use of Google Analytics 4 in accordance with Art. 6 (1) (a) GDPR, have set up an account on this website and log in with this account on different devices, your activities, including conversions, can be analysed across devices.
Google Tag Manager
This website uses Google’s Tag Manager. This service allows us to manage website tags through an interface. This Google tool only sets tags. This means that no cookies are used and no personal data is regularly collected. However, this may trigger other tags, which in turn may collect data. The Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags if they are implemented with Google Tag Manager.
- YouTube
This website contains videos from YouTube. The operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about the visitors of the website before they watch the video. However, the extended privacy mode does not necessarily preclude the sharing of data with YouTube partners. Here’s how YouTube, whether you’re watching a video or not, connects to the Google DoubleClick network.
As soon as you start a YouTube video on this website, it connects to YouTube’s servers. The YouTube server is informed which of our pages you have visited. If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this from happening by logging out of your YouTube account.
In addition, YouTube may store various cookies on your device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to compile video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. YouTube is used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.
For more information on data protection at YouTube, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
When using YouTube, personal data may be transferred to the United States of America. We would like to point out that the level of protection for personal data in the United States of America may be lower than in the European Union. When using YouTube, the protection of personal data is guaranteed when transferred to the United States of America in accordance with the European Standard Contractual Clauses: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc
Google also has certification under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when processing data in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. For more information, please visit the following link: https://www.dataprivacyframework.gov/list
- 6 Social networks
We maintain an online presence on LinkedIn to showcase our company and services and communicate with customers/prospects. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.
If you visit or follow our LinkedIn company profile, LinkedIn processes personal data that gives us insight into the number of visitors via anonymous statistics. These statistics enable us to evaluate the interactions of visitors in anonymized form (so-called page insights). To compile these statistics, LinkedIn uses data that you, as a user, have provided through information in your LinkedIn profile, such as data about your role, country, industry, seniority, company size and employee status. When viewing the visitor statistics, LinkedIn does not provide us with any personal data, but only aggregated and therefore anonymous data. We cannot draw any conclusions about individual members from this data.
In this respect, we would like to point out that there is a possibility that users’ data may be processed outside the European Union, in particular in the USA. The basis for third-country transfers is the Data Privacy Framework (DPF – https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en).
LinkedIn’s privacy policy can be found at https://www.linkedin.com/legal/privacy-policy
The legal basis for the processing is our legitimate interest in increasing the reach of our awareness and content, the establishment and maintenance of our network of contacts and the recruitment of skilled workers in conjunction with Art. 6 para. 1 lit. f) GDPR or, if your consent has been obtained, § 6 para. 1 lit. a) GDPR.
This section applies to our processing of personal data via our Facebook presence: Meta Platforms Ireland Limited Facebook Ireland Limited (“Facebook”) is generally responsible for the collection and further processing of personal user data on Facebook’s websites. Please note that Facebook collects and processes certain information about your visit to our Facebook page even if you do not have a Facebook user account or are not logged in to Facebook. For information on the processing of personal data by Facebook, please refer to Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/.
For us as the operator of this Facebook page, only your public profile on Facebook can be viewed. The information that can be viewed here depends on your settings in your profile. In addition, we process your personal data (such as your name and the content of your messages, inquiries or other communications to us) when you contact us via our Facebook page or when you post content via our Facebook presence, e.g. in the form of a comment. We then process this data for the purpose of processing your contributions accordingly and, if necessary, responding to them. These purposes also constitute our legitimate interests within the meaning of the legal basis of Art. 6 para. 1 f) of the European General Data Protection Regulation (GDPR).
We store your personal data on our systems, i.e. outside of Facebook, if and for as long as it is necessary for the purposes of collection or for as long as there are legal retention obligations.
This privacy policy applies to our Instagram presence:
Instagram is part of the Facebook group of companies and shares with Facebook and other Facebook companies https://www.facebook.com/help/111814505650678?ref=dp) the infrastructure, systems and technology.
We expressly point out that Facebook stores the data of users of its services (e.g. personal information, IP address, etc.) and may also use it for business purposes. You can find more information about Facebook’s data processing at Instagram in Instagram’s privacy policy under https://help.instagram.com/519522125107875?helpref=page_content.
We have no influence on the data collection and further processing by Facebook/Instagram. Furthermore, it is not clear to us to what extent, where and for what duration the data is stored, to what extent Facebook/Instagram complies with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. Insofar as personal data is processed in connection with our Instagram page and Facebook alone decides on the purposes and means of processing,
Meta Platforms Ireland Limited Facebook Ireland Limited (also: “Facebook/Instagram”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, sole controller of the processing.
You can contact the company data protection officer for Instagram at the following address: https://www.facebook.com/help/contact/540977946302970 contact form provided. The Instagram Privacy Policy (http://instagram.com/legal/privacy/) lists the categories of personal data that are processed when using Facebook products (https://www.facebook.com/help/1561485474074139?ref=dp), describes in general terms the purposes for which this data is used and names the categories of recipients to whom this data may be made accessible. In the Data Policy, you will also find information about the legal basis for processing this data and information on how you can withdraw consent to the processing of personal data. Further information on the respective legal basis can be found under https://www.facebook.com/about/privacy/legal_bases.
In the Data Policy, you will also find information on how you can exercise your rights of access, rectification, portability and deletion vis-à-vis Facebook. Under this point, you will also find information about your right to object to certain processing of personal data. You can find more information about your control options here: https://www.facebook.com/help/2069235856423257. In the Data Policy, you will also find information about the duration for which personal data will be stored and information about the criteria for determining this duration and the possibility of blocking or deleting Instagram accounts. The data policy refers to Facebook/Instagram’s intention to transfer data to third countries if necessary. Please note that if personal data is processed in the United States of America, the level of protection for your data may be lower than if it is processed within the EU.
When you visit our Instagram page and your browser allows cookies to be stored, Facebook/Instagram stores information in the form of small text files in the memory of your browser (hereinafter “cookies”) and can access this information when you visit the Instagram platform or a website that integrates Instagram technologies. You can find more information about the purpose of the cookies used, the integration of these cookies by other websites and your control options in this regard here: https://help.instagram.com/155833707900388.
Cookies enable Instagram/Facebook to track your user behaviour (in the case of registered users across devices) on other websites beyond the Instagram platform and also to create profiles of your behaviour. This applies to both those registered on the Instagram platform and those who are not registered there. If you want to avoid such traceability of your behavior, you should log out of Facebook or Instagram or deactivate the “stay logged in” function, delete the cookies present on your device and close and restart your browser.
In addition to the content you submit, we may be able to see information about your profile, likes, and posts, depending on your privacy settings. You can find out how to change your privacy settings here: https://de-de.facebook.com/help/instagram/196883487377501.
The processing of your personal data when you contact us or interact with us via our Instagram presence is carried out by us on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest in the sense of the legal basis consists in answering your request and in appropriate and appropriate communication with you. If your contact is aimed at concluding a contract (for example, in the context of participation in competitions), the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.
We have a profile on XING. The provider is New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy:
https://privacy.xing.com/de/datenschutzerklaerung.
We collect the data that you transmit to us via XING, e.g. by contacting us, as well as the information in accordance with XING’s terms of use to the extent permitted in each case in order to communicate with you, initiate or execute contractual relationships, establish employment relationships or provide you with information about our company, our products or job offers. The aforementioned purposes also represent our legitimate interests within the meaning of the legal basis of Art. 6 (1) (f) GDPR. Insofar as we process the data transmitted via Xing for the establishment, implementation or termination of a contractual relationship, the legal basis is Art. 6 para. 1 b) GDPR, Art. 6 para. 1 lit. a) GDPR if you have given your consent.
- 7 Linked Content / Sharing Functions
Our website contains links to third-party websites. The respective data protection declarations and data protection notices of the respective operators of the linked websites apply. We would like to point out that we are not responsible for the data processing practices on third-party platforms outside our own sphere of influence.
- 8 Data protection for applications and in the application process
We process personal data of applicants for the purpose of conducting the application process.
If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted four months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests of the controller. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG). The legal basis for the processing of the applicants’ personal data is Art. 6 para. 1 lit. b, 88 GDPR in conjunction with § 26 BDSG and, insofar as the processing is carried out to fulfil legal obligations, Art. 6 para. 1 lit. c GDPR and, insofar as the processing is based on the consent of the data subject, Art. 6 para. 1 lit. a GDPR in conjunction with § 26 BDSG.
On our career page (https://www.comosoft.eu/de/karriere/), applicants have the opportunity to communicate with us in encryptedform via the address set up for this purpose career@comosoft.com.
The decryption of this data is only possible for us. There is also the possibility of using alternative communication channels (e.g. by post).
- 9 Email messages and newsletters
On our website, we offer you the opportunity to register for our newsletter via a registration form. In order to receive the newsletter, we need your e-mail address. The data you provide for this purpose will be processed exclusively for the purpose of sending our newsletter.
To subscribe to our newsletter, we use the double opt-in procedure. This means that after using the registration form, you must once again expressly consent to receive the newsletter. After registration, you will receive an e-mail with a separate activation link. This confirmation is required to avoid abuse. If the activation link is not confirmed within 30 days, all data and information previously collected for the newsletter will be deleted.
The sending of the newsletter and the processing of your data required for this purpose is based on your voluntarily given consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. We store the data collected for the newsletter for the duration of the registration.
You can unsubscribe from the newsletter at any time with effect for the future free of charge and revoke your consent. A revocation will lead to the deletion of the data collected by us for the purpose of sending the newsletter, unless it is required for other purposes.
Use of the email address to send direct marketing
We may use Your e-mail address, which we have received in the course of the sale of a good or service, for the electronic sending of advertising for our own product offers that are similar to those you have already purchased from us, unless you have objected to this use.
The legal basis for the use of your e-mail address for the advertising of your own similar products is § 7 (3) UWG in conjunction with Art. 6 (1) lit. f GDPR based on the legitimate interest in direct advertising. You may object to the use of your email address at any time by contacting us at our contact details above or by using the unsubscribe function provided by us in each promotional email. This will not incur any costs other than the transmission costs according to the basic rates of the means of communication you use in each case.
- 10 Recipients
Your data will only be passed on to third parties if and to the extent that this is necessary for the fulfilment of our contractual obligations towards you (Art. 6 para. 1 sentence 1 lit. b GDPR), e.g. forwarding your address as a delivery address to a logistics partner or to a shipping company for the delivery of postal/parcel shipments.
In some cases, we use external service providers (processors) to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are appropriately controlled.
Insofar as our service providers or partners are based in a country outside the European Economic Area (EEA), we point out the consequences of this circumstance in the description in this privacy policy.
- 11 Deletion
Unless otherwise stated in the respective individual information, the Controller processes personal data in accordance with the statutory provisions for the purposes described here and only for as long as personal identification of the data subject is required for the respective purpose. This is followed by deletion or neutralization/anonymization in accordance with data protection regulations.
As of 03.07.2026. We reserve the right to adapt this privacy policy to changed legal situations or processing processes.