Privacy Policy

• 01. An overview of data protection

  a) Overview of Data Processing
  The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data includes all data that can personally identify you. For detailed information on data protection, please refer to the full Privacy Policy below.

   

  b) Data Collection on This Website
  
  Who is responsible for data collection on this website?
  The data is processed by the website operator. Their contact details can be found in the section „Information about the responsible party (controller)“ in this Privacy Policy.

  How do we collect your data?
  Your data is collected in part by you providing it to us, e.g. via a contact form. Other data is automatically collected by our IT systems when visiting the website. This primarily includes technical data (e.g. browser, operating system, time of page access).

   

  c) Purpose of Data Processing
  Part of the data is collected to ensure the website functions without errors. Other data may be used to analyze user behavior. If contracts are concluded or initiated via the website, the transmitted data will also be processed for offers, orders, or inquiries.

   

  d) Your Rights
  You have the right to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Under certain conditions, you may also request the restriction of processing. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

   

  e) Analysis and Third-Party Tools
  When visiting this website, your browsing behavior may be statistically evaluated using analysis tools. Detailed information on these tools can be found in the full Privacy Policy below.

• 02.Hosting

  a) Web Hosting

   

  Hosting Provider: Hetzner
  We are hosting the content of our website at the following provider:

  Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (“Hetzner”).

   

  For details, please view Hetzner’s privacy policy:
  https://www.hetzner.com/de/legal/privacy-policy/

   

  We use Hetzner on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable depiction of our website possible.

   

  If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

   

  b) Data Processing
  We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

• 03: General information and mandatory information

  • a) Overview of Data Processing

    The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data includes all data that can personally identify you. For detailed information on data protection, please refer to the full Privacy Policy below.

     

  • b) Data Collection on This Website

    Who is responsible for data collection on this website?
    The data is processed by the website operator. Their contact details can be found in the section „Information about the responsible party (controller)“ in this Privacy Policy.

    How do we collect your data?
    Your data is collected in part by you providing it to us, e.g. via a contact form. Other data is automatically collected by our IT systems when visiting the website. This primarily includes technical data (e.g. browser, operating system, time of page access).

     

  • c) Purpose of Data Processing

    Part of the data is collected to ensure the website functions without errors. Other data may be used to analyze user behavior. If contracts are concluded or initiated via the website, the transmitted data will also be processed for offers, orders, or inquiries.

     

  • d) Your Rights

    You have the right to obtain information free of charge about the origin, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time for the future. Under certain conditions, you may also request the restriction of processing. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

     

  • e) Analysis and Third-Party Tools

    When visiting this website, your browsing behavior may be statistically evaluated using analysis tools. Detailed information on these tools can be found in the full Privacy Policy below.

     

  • f) Web Hosting

    Hosting by Hetzner
    We are hosting the content of our website at the following provider:
    Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany („Hetzner“).
    For more details, see Hetzner’s privacy policy: https://www.hetzner.com/de/legal/privacy-policy/

    We use Hetzner pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in the most reliable presentation of our website. If appropriate consent has been obtained, processing is carried out solely based on Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined by the TDDDG. Consent can be revoked at any time.

    Data Processing Agreement
    We have concluded a data processing agreement (DPA) with Hetzner. This is a legally required contract ensuring that personal data is processed only according to our instructions and in compliance with the GDPR.

     

  • g) Data Protection and General Information

    We treat your personal data with the highest confidentiality and in accordance with the statutory data protection regulations and this Data Protection Declaration. Whenever you use this website, personal data may be collected. This section explains what data we collect and why. Please note that data transmission via the Internet (e.g., email) may be subject to security vulnerabilities. Complete protection from third-party access is not possible.

     

  • h) Controller Information

    Navigate the Future GmbH
    Grünewaldstraße 38
    68163 Mannheim
    Phone: +49 621 44592355
    Email: info@navigatethefuture.de
    The controller is the natural or legal person that decides, alone or jointly with others, on the purposes and means of the processing of personal data.

     

  • i) Storage Duration

    Your personal data will be stored only as long as necessary to fulfill the purpose for which it was collected. Once the purpose no longer applies, your data will be deleted unless other legal obligations require storage.

     

  • j) Legal Basis for Processing

    Data is processed based on your consent (Art. 6(1)(a), 9(2)(a), 49(1)(a) GDPR), contract performance (Art. 6(1)(b)), legal obligations (Art. 6(1)(c)), or legitimate interests (Art. 6(1)(f)). Details are explained in this policy.

     

  • k) Data Protection Officer

    Dr. Ralf Schadowski
    Schadowski Consulting GmbH
    Bahnhofstrasse 9
    52159 Roetgen, Germany
    Phone: +49 2471 705-9605
    Email: datenschutz@schadowski.com

     

  • l) Recipients of Personal Data

    We work with external parties and disclose personal data only when legally permitted. Data is shared under contracts or joint responsibility agreements as required.

     

  • m) Consent Withdrawal

    You may revoke your consent at any time. This does not affect the legality of data processing conducted before the withdrawal.

     

  • n) Right to Object (Art. 21 GDPR)

    You have the right to object at any time to processing based on Art. 6(1)(e) or (f) GDPR. If your data is used for direct marketing, you may object at any time.

     

  • o) Complaints to Supervisory Authorities

    You may file a complaint with the competent supervisory authority if you believe your rights have been violated.

     

  • p) Data Portability

    You have the right to receive your data in a machine-readable format or have it transferred to another controller, where technically feasible.

     

  • q) Right to Information, Rectification, and Erasure

    You may request information about your stored data, its origin and recipients, and the purpose of storage. You may also request correction or deletion of your data.

     

  • r) Right to Restrict Processing

    You may request restricted processing under certain circumstances, such as when data accuracy is contested or processing is unlawful.

     

  • s) SSL and TLS Encryption

    This website uses SSL or TLS encryption to protect data transmissions. An encrypted connection can be recognized by „https://“ and the lock icon in your browser. When encryption is active, transmitted data cannot be read by third parties.

• 04. Recording of data on this website

  • a) Cookies

    Our website uses cookies, which are small text files stored on your device. These may be session cookies (deleted after your visit) or persistent cookies (remain until deleted manually or automatically). Cookies can be set by us (first-party) or third-party providers.

    Some cookies are technically necessary (e.g., for the shopping cart), others serve analytics or marketing purposes. Technically required cookies are stored based on Art. 6(1)(f) GDPR. If consent is required (e.g., for tracking), Art. 6(1)(a) GDPR and § 25 (1) TDDDG apply. You can revoke consent at any time.

    You can configure your browser to notify you when cookies are set, accept cookies only in certain cases, reject all cookies, or delete cookies when closing the browser. Disabling cookies may limit website functionality.

     

  • b) Consent with Usercentrics

    We use Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany) to manage cookie consent. When visiting the website, Usercentrics receives your consent status, IP address, browser/device info, date/time of visit, and geolocation. A cookie is set to store this data.

    This data is stored until you request deletion, delete the Usercentrics cookie, or the purpose no longer applies. Legal retention requirements remain unaffected. The Usercentrics banner includes the eRecht24 logo, which triggers a connection to eRecht24’s image server (hosted in Germany, logs anonymized IPs).

    Legal basis: Art. 6(1)(c) GDPR.

     

  • c) Consent with Complianz

    We use Complianz (Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands) for cookie consent management. Complianz is hosted on our servers, so no external connection is made.

    A cookie is stored to track your consent status. The data is kept until you request deletion, delete the cookie, or the purpose no longer applies. Legal retention periods remain unaffected. Legal basis: Art. 6(1)(c) GDPR.

     

  • d) Server Log Files

    The website provider automatically collects server log file information transmitted by your browser: browser type/version, OS, referrer URL, hostname, time of request, and IP address. These data are not combined with other data sources.

    Basis: Art. 6(1)(f) GDPR – legitimate interest in secure and optimized website delivery.

     

  • e) Contact Form

    Data entered in our contact form is stored to process your request and for follow-up. Without your consent, we do not share this data.

    Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract), or Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (if consent is given). Data is deleted when no longer needed or on request.

     

  • f) Contact via Email, Phone or Fax

    If you contact us via email, phone, or fax, your inquiry and related personal data will be stored to process it. We do not share this data without your consent.

    Legal basis: Art. 6(1)(b) GDPR (contractual), Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (consent). Data is deleted when no longer needed or on request.

     

  • g) Microsoft Bookings

    To schedule appointments, we use Microsoft Bookings (Microsoft Ireland Operations Ltd., One Microsoft Place, Dublin 18, Ireland). Data entered is used for scheduling, conducting, and following up appointments and is stored on Microsoft servers.

    Legal basis: Art. 6(1)(f) GDPR (legitimate interest), Art. 6(1)(a) GDPR and § 25 (1) TDDDG (consent). Data transfer to the US is based on EU standard contractual clauses and the EU-US Data Privacy Framework. Microsoft is certified under the DPF.

    More: Microsoft Privacy Policy | DPF Certification

• 05. Social Media

  • a) Social Media Elements with Shariff

    We use elements of social media networks (e.g., Facebook, X, Instagram, Pinterest, XING, LinkedIn, Tumblr). These are only activated with the so-called „Shariff“ solution. This means that data is only transferred to the provider when the user clicks the corresponding button.

    Activation constitutes consent in accordance with Art. 6(1)(a) GDPR and § 25 (1) TDDDG. This consent can be revoked at any time. Legal basis for the use of Shariff is Art. 6(1)(c) GDPR.

     

  • b) Facebook

    This website integrates Facebook elements (Meta Platforms Ireland Ltd., Dublin). Upon activation, data is transferred to Facebook, including your IP address. If logged in, visits may be linked to your user account.

    Legal basis: Art. 6(1)(a) GDPR and § 25 (1) TDDDG. Joint responsibility exists for data collection and transfer to Facebook (Art. 26 GDPR). Details: controller_addendum. More: Facebook Privacy Policy.

    Data transfer is based on EU SCCs and DPF: Addendum, DPF Certification.

     

  • c) X (formerly Twitter)

    We use X (formerly Twitter) functions. Provider: X Corp., USA. When activated, a direct connection is established. Interactions (e.g., Reposts) are linked to your X account.

    Legal basis: Art. 6(1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time. Privacy: X Privacy Policy. Data transfer under SCCs and DPF: DPF Participant.

     

  • d) Instagram

    Instagram functions are integrated (Meta Platforms Ireland Ltd.). Upon activation, data is transferred to Instagram. If logged in, visits may be linked to your user account.

    Legal basis: Art. 6(1)(a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time. Shared responsibility under Art. 26 GDPR with Meta. Privacy: Instagram Privacy. DPF: DPF Certification.

     

  • e) LinkedIn

    LinkedIn elements are used (LinkedIn Ireland Unlimited Company). When visiting a page with LinkedIn content, a connection to LinkedIn’s server is established. If logged in, activity may be linked to your account.

    Legal basis: Art. 6(1)(a) GDPR and § 25 (1) TDDDG. Privacy: LinkedIn Privacy Policy. Data transfer under SCCs and DPF: DPF Certification.

     

  • f) XING

    This site uses XING elements (New Work SE, Hamburg). When accessing such pages, a connection to XING’s servers is established. According to the provider, no personal data (e.g., IP addresses) are stored or analyzed.

    Legal basis: Art. 6(1)(a) GDPR and § 25 (1) TDDDG. Privacy: XING Privacy Policy.

• 06. Analysis tools and advertising

  • a) Google Analytics

    This website uses Google Analytics (Google Ireland Ltd.). It collects data like pages visited, time spent, OS, and origin, assigned to a user-ID. Google may record mouse movement, clicks, and use modeling and machine learning to analyze patterns.

    Google Analytics uses cookies or device fingerprinting. Data is usually transferred to the US and stored there. Consent basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked at any time.

    Data transfer under SCCs: Google SCCs and DPF: DPF Certification.

     

  • b) IP Anonymization with Google Analytics

    IP anonymization is active. IPs are truncated within the EU/EEA before transfer to the US. In rare cases, the full IP is sent and shortened in the US. Google uses this data on behalf of the website operator. IPs are not merged with other Google data.

     

  • c) Google Analytics Browser Plug-in

    You can prevent tracking via browser plug-in: Opt-out Plugin. More info: Google Privacy.

     

  • d) Matomo

    This site uses Matomo (open source). It analyzes usage, page views, referrers, devices, and user actions like clicks or purchases.

    Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR and § 25(1) TDDDG with consent. Consent can be revoked at any time.

     

  • e) IP Anonymization with Matomo

    We use IP anonymization with Matomo. IPs are shortened before processing.

     

  • f) Matomo without Cookies

    Matomo is configured to work without storing cookies.

     

  • g) Matomo Hosting

    Matomo is hosted exclusively on our own servers, so no data is shared externally.

     

  • h) Google Ads

    We use Google Ads (Google Ireland Ltd.). It enables display ads in search or on third-party sites based on keywords or user interests. We can evaluate which ads were clicked and why.

    Legal basis: Art. 6(1)(a) GDPR and § 25(1) TDDDG. Consent can be revoked. Data transfer under SCCs: Controller Terms and DPF: DPF Certification.

• 07. Newsletter

  • a) Newsletter Data
    If you would like to subscribe to the newsletter offered on this website, we will need from you an e-mail address as well as information that allow us to verify that you are the owner of the e-mail address provided and consent to the receipt of the newsletter. No further data shall be collected or shall be collected only on a voluntary basis. We shall use such data only for the sending of the requested information and shall not share such data with any third parties.

     

    The processing of the information entered into the newsletter subscription form shall occur exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You may revoke the consent you have given to the archiving of data, the e-mail address, and the use of this information for the sending of the newsletter at any time, for instance by clicking on the “Unsubscribe” link in the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place to date.

     

    The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose has ceased to apply. We reserve the right to delete or block e-mail addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest in accordance with Art. 6(1)(f) GDPR.

    Data stored for other purposes with us remain unaffected.

     

    After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

• 08. Plug-ins and Tools

  • a) YouTube with Expanded Data Protection Integration

    This website integrates YouTube videos (Google Ireland Ltd.). When a page with embedded YouTube content is accessed, a connection to YouTube servers is established. If you’re logged into your YouTube account, your behavior may be linked to your personal profile. You can prevent this by logging out.

    We use YouTube in extended data protection mode. According to YouTube, videos played in this mode are not used for personalization, and no cookies are set—only local storage items. More info: YouTube Help.

    Legal basis: Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR and § 25 (1) TDDDG if consented. Consent can be revoked at any time. Privacy: YouTube Privacy Policy. DPF: DPF Certification.

     

  • b) Google Fonts (Local Embedding)

    This site uses locally embedded Google Fonts to ensure consistent typography. No connection to Google’s servers is established.

    More info: Google Fonts FAQ | Google Privacy Policy.

     

  • c) Google Maps

    Google Maps (Google Ireland Ltd.) is used to display interactive maps. Usage requires your IP address and may trigger use of Google Fonts.

    Legal basis: Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR and § 25 (1) TDDDG if consented. Consent can be revoked. Data may be transferred to the US. Details: Google SCCs. Privacy: Google Privacy Policy. DPF: DPF Certification.

     

  • d) Google reCAPTCHA

    We use reCAPTCHA (Google Ireland Ltd.) to check if user input is human. The system analyzes behavior (IP address, time on site, cursor movements, etc.) automatically upon entry.

    Legal basis: Art. 6(1)(f) GDPR (legitimate interest in spam protection), or Art. 6(1)(a) GDPR and § 25 (1) TDDDG with consent. Consent can be revoked. Privacy: Google Privacy | Terms of Use. DPF: DPF Certification.

  • e)  jsDelivr

    Content delivery network

  • f) Real Cookie Banner
    
     

    “This website uses Real Cookie Banner, a service by devowl.io, to manage user consent for cookies. Real Cookie Banner processes the following data to obtain and record consent: 

     
    • User Agent: To identify the browser and operating system used by the visitor.
    • IP Address (Hashed): To help prevent manipulation of consent by identifying the visitor’s device.
    • Cookie Settings: Information about which cookie categories the user has accepted or rejected.
    • Consent ID: A unique identifier for each consent given by a user.
    This information is used to ensure that we only set cookies for which you have given your consent and to comply with legal obligations regarding data privacy. The data collected is stored securely and only for the time necessary to fulfill these purposes.” 

• 09. Online-based Audio and Video Conferences (Conference tools)

  a) Data Processing via Online Conference Tools

   

  Data processing

  We use online conference tools, among other things, for communication with our customers. The tools we use are listed in detail below. If you communicate with us by video or audio conference using the Internet, your personal data will be collected and processed by the provider of the respective conference tool and by us. The conferencing tools collect all information that you provide/access to use the tools (email address and/or your phone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).
  Furthermore, the provider of the tool processes all the technical data required for the processing of the online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker and the type of connection.
  Should content be exchanged, uploaded, or otherwise made available within the tool, it is also stored on the servers of the tool provider. Such content includes, but is not limited to, cloud recordings, chat/ instant messages, voicemail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
  Please note that we do not have complete influence on the data processing procedures of the tools used. Our possibilities are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, and which we have listed below this text.

   

  Purpose and legal bases
  The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6(1)(b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the meaning of Art. 6(1)(f) GDPR). Insofar as consent has been requested, the tools in question will be used on the basis of this consent; the consent may be revoked at any time with effect from that date.

   

  Duration of storage
  Data collected directly by us via the video and conference tools will be deleted from our systems immediately after you request us to delete it, revoke your consent to storage, or the reason for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.
  We have no influence on the duration of storage of your data that is stored by the operators of the conference tools for their own purposes. For details, please directly contact the operators of the conference tools.

   

  Conference tools used
  We employ the following conference tools:

   

  Zoom
  We use Zoom. The provider of this service is Zoom Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA. For details on data processing, please refer to Zoom’s privacy policy: https://explore.zoom.us/en/privacy/.
  Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://explore.zoom.us/en/privacy/.
  The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5728.

   

  Microsoft Teams
  We use Microsoft Teams. The provider is the Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement.
  The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6474.

   

  Data processing
  We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.