Privacy Policy

Privacy Policy

Thank you for your interest in our company. Data protection is of particular importance to the management of cometis AG. The cometis AG website can be used without providing any personal data. However, if a data subject wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to cometis AG. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects will be informed of their rights by means of this data protection declaration.
As data controller, cometis AG has implemented numerous technical and organisational measures to ensure the most complete possible protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us by alternative means, for example by telephone or any other clear affirmative act by which the data subject indicates his or her consent to the processing of personal data concerning him or her.

2. Name and Address of the Controller

Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
cometis AG
Unter den Eichen 7
65195 Wiesbaden
Phone: +49 611 20 58 55 0

3. Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

StraSev UG
Jana-Alice Stratmann-Severin
Datenschutzbeauftragter der Cometis AG
Grünteweg 35
26127 Oldenburg
Mobil: 0151 17516300

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.

4. Cookies

The Websites use so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Cookies do not cause any damage to your computer and do not contain any viruses.

5. Collection of General Data and Information

We automatically collect and store information that your browser transmits to us in your server log files. These are:

  • browser type/ version
  • operating system used
  • Referrer URL (the previously visited page)
  • IP address of the accessing computer
  • Time of the server request
    These data cannot be assigned to specific persons. These data are not combined with other data sources and are deleted after a statistical evaluation.

6. Contact Form and Report Request Handling

We collect your data for the purpose of carrying out your contact enquiry. Data processing is based on Art.6 Par.1 lit.f DSGVO. Our legitimate interest is to answer your inquiry. Data will not be passed on to third parties. The data will be deleted as soon as they are no longer required for the purpose of processing. You have the right to object to the use of your data for the purpose of sending information material at any time. The legal basis of this data agreement is based on Art. 6 para. 1 lit. f DSGVO. For processing contact requests and downloads of our report, we might use third-party services such as Mailchimp. Also, we might share your data with the institutes involved conducting the GEM. The e-mail accounts of those companies can be viewed by all their respective employees.

7. SSL Encryption (HTTPS protocol)

In order to protect your transmitted data in the best possible way, we use SSL encryption. You can recognize encrypted connections by the prefix https:// in the page link in the address line of your browser. All data that you transmit to this website – e.g. for inquiries or logins – cannot be read by third parties thanks to SSL encryption.

8. Subscription to our Newsletter

If you would like to receive the newsletter offered on the website, we need a valid e-mail address from you and information that allows us to verify that you are the owner of the e-mail address provided or that the owner agrees to receive the newsletter. Further data will not be collected. You can revoke your consent to the storage of the data, the e-mail address as well as their use for sending the newsletter at any time. The data processing is based on your consent in accordance with Article 6 Para.1a DSGVO.

9. Newsletter-Tracking

The cometis AG newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. With the embedded pixel-code, cometis AG can determine whether and when an e-mail was opened by an affected person and which links in the e-mail were called up by the affected person.
Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by the data controller in order to optimise the dispatch of the newsletter and to adapt the content of future newsletters even better to the interests of the person concerned. This personal data will not be passed on to third parties. Persons concerned are entitled at any time to revoke the respective separate declaration of consent given via the double opt-in procedure. After revocation, this personal data will be deleted by the data controller. A cancellation of the newsletter automatically interprets cometis AG as a revocation.

10. Possibility to contact us via the Website

Due to legal regulations, the cometis AG website contains information that enables us to contact our company electronically quickly and to communicate directly with us, which also includes a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller via e-mail or a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data voluntarily provided by a data subject to the controller will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.

11.Comment Function in the Blog on the Website

cometis AG offers users the opportunity to leave individual comments on individual blog posts on a blog located on the website of the data controller. A blog is a portal on a website, usually open to the public, in which one or more people who are called bloggers or web bloggers can post articles or write down thoughts in so-called blog posts. The blog posts can usually be commented by third parties.
If a person leaves a comment in the blog published on this website, not only the comments left by the person concerned but also details of the time of entering the comment and the user name (pseudonym) chosen by the person concerned are stored and published. Furthermore, the IP address assigned to the person concerned by the Internet service provider (ISP) is logged. This IP address is stored for security reasons and in the event that the person concerned violates the rights of third parties or posts illegal content by submitting a comment. The storage of this personal data is therefore in the personal interest of the data controller, so that he or she can exculpate himself or herself in the event of a violation of the law. The personal data collected will not be disclosed to third parties, unless such disclosure is required by law or serves the legal defence of the data controller.

12. Routine Deletion and Blocking of personal Data

The controller shall process and store the personal data of the data subject only for the time necessary to achieve the data retention purpose or to the extent provided for by the European regulator or other legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, the personal data is routinely blocked or deleted in accordance with the statutory provisions.

13. Your Rights

They have the right of access under Article 15 DSGVO, the right of rectification under Article 16 DSGVO, the right of cancellation under Article 17 DSGVO, the right of restriction on processing under Article 18 DSGVO, the right of data transfer under Article 20 DSGVO and the right of opposition under Article 21 DSGVO.
To exercise your rights, please use one of the contact details listed in sections 2 and 3.
If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can also complain to a supervisory authority.

The contact details of the responsible supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Michael Ronellenfitsch
Gustav-Stresemann-Ring 1
65189 Wiesbaden

Phone +49 (0611) 1408 0
Fax +49 (0611) 1408 611

14. Automated Decisions in individual Cases including Profiling

Any person data subject to the processing of personal data shall have the right granted by the European legislator of directives and regulations not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against him or significantly affects him in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is admissible under Union or Member State law to which the data controller is subject and that such law contains appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject, or (3) with the express consent of the data subject.
If the decision (1) is necessary for the conclusion or fulfilment of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, cometis AG takes appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a data controller, to state his own position and to challenge the decision.
If the data subject wishes to assert rights relating to automated decisions, he or she may contact the controller at any time.

15. Data Protection for Applications and in the Application Procedure

The controller collects and processes the personal data of applicants for the purpose of processing the application procedure. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the controller by electronic means, for example by e-mail or via a web form on the website. If the controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted two months after notification of the decision of refusal, provided that no other legitimate interests of the controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

16. Privacy Policy for the Use and Application of AddThis

This website contains “Addthis” plugins that allow you to bookmark or share interesting website content. When “Addthis” is used, cookies are used. The data generated (such as time of use or browser language) is transferred to Add This LLC in the USA and processed there. For more information about Add This LLC’s data processing and the data protection practices maintained by Add This LLC, please visit In particular, this website contains information on the type of data processed and the purpose for which it is used. We do not process the data concerned. By using the “Addthis” field, you agree to the processing of data by Add This LLC to the extent shown on the website. You can object to the use of your data at any time by using an “Opt Out Cookies”. Further details can also be found on the aforementioned Add This LLC website.

17. Facebook Use and Usage Privacy Policy

This website uses plugins of the social network, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). If you call such a plugin on a website of our website, a connection to the Facebook servers is established and the plugin is displayed on the website by notifying your browser. This transfers to the Facebook server which of our Internet pages you have visited. If you are logged in as a Facebook member, Facebook assigns this information to your personal Facebook account. When using the plugin functions (e.g. clicking the “I like” button, posting a comment), this information is also assigned to your Facebook account, which you can only prevent by logging out before using the plugin. For more information about Facebook’s collection and use of the data and your rights in this regard, please refer to Facebook’s privacy policy.

18. Privacy Policy regarding the Use of Google Analytics (with anonymisation Function)

This website uses Google Analytics, a web analysis service of Google Inc. “(“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website (including your IP address, which is anonymised using the _anonymizeIp() method before it is saved so that it can no longer be assigned to a connection) is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
You can object to the collection of data by Google Analytics with effect for the future by installing a deactivation add-on ( for your browser.

19. Privacy policy regarding the Use of Google+

Our pages use functions of Google +. The provider is Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Collection and disclosure of information: The Google + button allows you to publish information worldwide. The Google + button provides you and other users with personalized content from Google and our partners. Google stores both the information that you have given + for a content and information about the page that you viewed when you clicked on +. Your + can appear in Google services, such as search results or your Google profile, or elsewhere on websites and ads, along with your profile name and photo. Google records information about your + activities to improve Google services for you and others. To use the Google + button, you need a public Google profile that is visible worldwide and must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name may also replace another name you used when sharing content through your Google Account. The identity of your Google profile may be displayed to users who know your email address or have other identifying information about you.
Use of Information Collected: In addition to the uses described above, the information you provide will be used in accordance with the applicable Google Privacy Policy. Google may publish aggregated statistics about the + activities of users or pass them on to users and partners, such as publishers, advertisers or related websites.

20. Privacy Policy for the Use of Google AdWords

The data controller has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads in both Google’s search engine results and the Google Advertising Network. Google AdWords allows an advertiser to pre-define certain keywords to display an ad in Google’s search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. On the Google Network, ads are distributed to thematically relevant websites using an automatic algorithm and using the previously defined keywords.
The operator of Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If a person concerned reaches our website via a Google ad, a so-called conversion cookie is stored on the information technology system of the person concerned by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been called up on our website. The conversion cookie enables both us and Google to track whether a person who has accessed our website via an AdWords ad has generated revenue, i.e. has completed or cancelled a purchase of goods.
The data and information collected through the use of the conversion cookie is used by Google to generate visit statistics for our website. We use these visit statistics to determine the total number of users who have been referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the person concerned.
The conversion cookie is used to store personal information, such as the websites visited by the person concerned. Personal data, including the IP address of the Internet connection used by the person concerned, is therefore transferred to Google in the United States of America each time he or she visits our Internet pages. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.
The person concerned can prevent the setting of cookies by our website at any time, as already described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.
Furthermore, the person concerned has the possibility to object to interest-based advertising by Google. To do this, the person concerned must access the link from each of the Internet browsers they use and make the required settings there.
Further information and Google’s current privacy policy can be found at

21. Data Protection Regulations on the Use and Application of LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the “Recommend button” of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We point out that we as provider of the pages have no knowledge of the content of the transmitted data and their use by LinkedIn. For more information, please see LinkedIn’s privacy policy at:

22. Data Protection Regulations on the Use and Application of Twitter

Our website contains functions of Twitter Inc. 795 Folsom Street, Suite 600, San Francisco, CA 94107, USA. If you use Twitter and especially the “Re-Tweet” function, Twitter links your Twitter account to the websites you visit. This will be announced to other users on Twitter, especially to your followers. This is also the way to transfer data to Twitter.
We, as the provider of our website, are not informed by Twitter about the content of the transmitted data or the use of the data. You can find further information under the following link:
Please note, however, that you can change your privacy settings on Twitter in your account settings there at

23. Data Protection Regulations on the Use and Application of Xing

Our website uses functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains functions of Xing, a connection to Xing servers is established. To our knowledge, personal data will not be stored. In particular, no IP addresses are stored or the usage behavior is evaluated. Further information on data protection and the Xing Share button can be found in Xing’s data protection declaration at

24. Data Protection Regulations on the Use and Application of YouTube

Our website uses plugins from Google’s YouTube site. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The Youtube server will be informed which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
For more information on how user data is handled, please see YouTube’s privacy policy at

Google Maps
This website uses Google Maps to display maps and to create route maps. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using this website, you consent to the collection, processing and use of the data collected automatically and the data you have entered by Google, one of its representatives or third-party providers. The terms of use for Google Maps can be found at You can find detailed details in the data protection center of Transparency and options as well as data protection regulations (

25. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

26. Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f DS-GMO, it is in our legitimate interest to conduct our business for the well-being of all our employees and our shareholders.

27. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective legal retention period. After the expiry of this period, the corresponding data will be routinely deleted, provided that it is no longer necessary for the fulfilment or initiation of the contract.

28. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of the failure to provide them

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In some cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data which must subsequently be processed by us. For example, the person concerned is obliged to provide us with personal data if our company enters into a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

29. Existence of automated Decision Making

As a responsible company, we do without automatic decision-making or profiling.