Privacy policy

Data Protection Information for Workz Group & entities

Your personal data will be handled in accordance with the EU Data Protection Regulation (“GPDR”) and other legal requirements as the basis for a trusting business relationship with our partners, customers and interested parties. We maintain the confidentiality of your personal data and guarantee the protection of your personal data through technical and organisational security measures that comply with current security standards.


1.1. The Controller responsible for the processing of the personal data according to Art 4 No 7 GDPR is the entity of Workz Group you have your business relationship with. Contact details please find here.

Insofar as this Data Protection Information refers to “we” or “Workz”, this refers to the respective entity you have your business relationship with.

1.2. Name and contact details of the Data Protection Officer for all Workz Group entities.

The data protection officer at Workz, Nevena Hofmann, can be reached by email.

Workz is responsible for the processing of your personal data.

We process certain personal data for the purposes specified in this Data Protection Information on the basis of the GPDR and our legal relationship.


2.1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

2.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

2.3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

2.4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;


Personal data is information relating to an identified or identifiable natural person. As part of our services, we process data about you to the extent permitted by law, always taking into account the principle of data minimisation. This applies in particular to the following information:

  1. Data that you make available to us: When you use our services, you provide us with various information about you, such as your name, contact details, e-mail address and telephone number(s), account information. The data categories that you provide to us depend on your specific contractual relationship with us.
  2. Data that we collect about you: While you are using our website, we automatically collect certain data about you, such as the date and time of your visit, your IP address, data about the device which you use (e.g. browser settings; browser type, operating system, device ID).

iii.           Data collected from third parties: In the course of the initiation and performance of a contact, we may also process your personal data provided to us by third parties. For example, data records of contractual partners, cooperation partners and suppliers, as well as other third parties.

  1. Special categories of personal data: In principle, we do not collect and process any special categories of personal data. Special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life, as well as genetic data, biometric data for the unambiguous identification of a natural person. Should it be necessary in individual cases to collect or otherwise process special categories of personal data, such as church membership for tax reasons, we will always process these in accordance with the GPDR and the relevant national regulations as well as the provisions of this Data Protection Information.

We process your personal data only if there is a legal basis, usually according to Art. 6, possibly Art. 9 of the GPDR and on the basis of your consent according to Art. 7 GPDR:

  1. Consent pursuant to Art. 6 para. 1 sentence 1 lit. a), Art. 7 GPDR, if applicable Art. 9 para. 2 lit. a), Art. 7 GPDR: We process certain personal data only on the basis of your previously given express and voluntary consent. You have the right to revoke your consent at any time with effect for the future.
  2. Performance of a contract or in order to take steps at the request of the data subject prior to entering into a contract pursuant to Art. 6 Para. 1 S. 1 lit. b) GPDR: For the initiation and execution of your contractual relationship with Workz.

iii.           Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR: Workz processes certain personal data to protect our legitimate interests, provided that there is no reason to believe that your interests or fundamental rights and freedoms in the non-disclosure of your personal data do not prevail.

  1. We will only pass on your personal data to third parties if:
  • you have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit. a) GPDR,
  • the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that your interests or fundamental rights and freedoms in the non-disclosure of your personal data do prevail,
  • in the event that there is a legal obligation to disclose your personal data pursuant to Art. 6 para. 1 sentence 1 lit. c) GPDR, and
  • this is legally permissible and required for the execution of contractual relationships with you pursuant to Art. 6 para. 1 sentence 1 lit. b) GPDR.

We will process your personal data exclusively for purposes permitted by data protection law. This applies in particular to the purposes listed below:

  1. purposes for which you have given us your prior consent;
  2. the processing for the fulfilment of our contract with you;

iii.           the fulfilment of legal obligations to which we are subject;

  1. safeguarding our legitimate interests or the legitimate interests of third parties, unless your interests or fundamental rights and freedoms in the non-disclosure of your personal data predominate;
  2. the assertion, exercise or defence of legal claims;
  3. Marketing and Advertising.

Your personal data may be processed, for example, for the following specific purposes:

5.1 Contract-related processing purpose

We process your personal data for the implementation of the contract concluded with you, in particular for the purposes of

  1. Contract initiation: To initiate a (further) contractual relationship, we send you product and service information.
  2. Contract execution: The contract management organizes the administration and processing of the contracts between you and us.

iii.            Customer care: In the context of customer care to advise you and provide support.

  1. Receivables management: We are entitled to receivables from the contracts concluded with you. In order to manage these receivables, we process your personal data (e.g. payments), especially in the case of outstanding receivables. In advance, we will contact you to clarify outstanding receivables.
  2. Termination of contract: When our contractual relationship is terminated, we process your personal data within the framework of the legal retention periods.
  3. Cooperation with partners and suppliers: Workz cooperates with partners and suppliers in the context of the performance of the contract. In order to guarantee an optimal customer service, Workz communicates the necessary personal data to the partners and suppliers in the context of the cooperation.

5.2. Consent based processing purpose

In individual cases, we process your personal data on the basis of your declared consent to the processing.

5.3 Purpose of processing on the basis of legitimate interest:

We process your personal data to protect our legitimate interests, unless your interests or fundamental rights and freedoms in the non-disclosure of your personal data predominate:

  1. Advertising and marketing: To inform you about our products and services that may be of interest to you.
  2. Services: Certain services are provided by partner companies. To enable the partner companies to perform these services in accordance with the contract, we transfer your personal data to the extent necessary for this purpose.

iii.           Receivables management: The contractual relationship concluded with you may result in outstanding receivables. We will give you sufficient opportunity within the framework of our dunning system to settle these. In the event of fruitlessness, we reserve the right in individual cases to involve external lawyers or debt collection companies for the purpose of debt collection. Only information which is absolutely necessary for the collection of the outstanding debt would be transmitted.

5.4         If we intend to process the personal data for a purpose other than that for which the personal data was obtained, we will provide you with information about that other purpose and any other relevant information in accordance with this Data Protection Information prior to such processing.


In accordance with Art. 17 GPDR, we only retain your personal data for as long as is necessary for the respective purposes for which we process your personal data. If we process personal data for more than one purpose, it will be automatically deleted or stored in a format that does not allow any direct conclusions to be drawn about you once the last specific purpose has been fulfilled. After the end of the term of a contract we usually delete your data after 5 years at the earliest due to banking storage obligations. If we are legally obliged to store some of your data for longer, for example due to tax obligations, we will normally delete this data 10 years after the end of the contract. A company deletion concept ensures that all your personal data is deleted in accordance with the principle of data minimization and Art. 17 GPDR.


We process your personal data in accordance with the security requirements of Art. 32 GPDR. For this purpose, we have implemented appropriate technical and organisational security measures which comply with recognised IT standards and are continuously monitored. In this way, we ensure that your data is adequately protected at all times against misuse or any other inadmissible data processing.


In certain cases, we will share your personal data with third parties for the purposes described in this Data Protection Information in order to implement the contract. When transmitting your personal data, we ensure that your data is processed, protected and transmitted lawfully.

8.1 Data Transfer to Cooperation Partners of Workz

If necessary, we send your personal data to our cooperation partners, who process your data completely on our behalf and according to our instructions.

8.2 Data transfer to suppliers

For the purpose of carrying out deliveries and services, we may transfer your personal data to our suppliers.

8.3 Data transfer to other third parties

We transfer your personal data to other third parties, e.g. external service or IT providers, external consultants or cooperation partners, transport and insurance companies, if not already mentioned above, for the purposes defined in section 5 above and within the scope of statutory information and reporting obligations. Workz will ensure that these third parties guarantee the confidentiality of your personal data. With all other third parties to whom Workz may transfer your data, Workz has concluded contracts for compliance with all data protection regulations.

8.4 Data transmission in non-EU member states

Where data is processed in countries outside the EU or the European Economic Area (“EEA”), Workz will ensure that your personal data is processed in accordance with European Data Protection Standards. If necessary, we will use data transfer agreements on the basis of the EU standard contractual clauses (“SCC”) or other data protection permission regulations pursuant to Art. 44 ff GPDR for the security of data transfers to recipients in third countries outside the EU or the EEA, which also ensure appropriate technical and organisational measures for the protection of the personal data transferred, unless this is a country that the EU has already officially recognised as a country that has an adequate and comparable level of data protection.



(a) categories of data: When you visit our website, data is automatically stored in the server statistics (so-called server log files), which your browser automatically transmits to us. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • the browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

For data protection reasons, the host name or IP address of the client accessing your website is anonymised in the log files. Only the entries for the client’s host or, if this cannot be determined, the client’s IP address are anonymised in the log files. The format of all other entries does not change.

  1. b) Purpose of processing: The above data will be processed by us for the following purposes:

– Ensure a well-functioning connection of the website,

– To ensure a comfortable use of our website,

– Evaluation of system safety and stability,

– for other administrative purposes.

  1. c) Legal basis for data processing: Art. 6 Para. 1 S. 1 lit. f) GPDR. Our legitimate interest follows from the purposes listed above for the collection of data.
  2. d) Deletion of your data: For security reasons (e.g. to clarify misuse), log file information is temporarily stored anonymously by the provider and then deleted.


On our website a contact form is available. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:

  • First name and surname
  • Position
  • Email address
  • Phone number

The following data will also be stored at the time the form is sent:

– The IP address of the user

– Date and time of registration

Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.

Alternatively, you can contact us via the e-mail addresses provided. In this case, the personal data transmitted with the e-mail will be stored.

The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.


The use of cookies serves to make the visit of our website more pleasant for you. Session cookies recognize that you have already visited individual pages on our website. If you visit our site again to make use of our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again. Some functions of our website cannot be offered without the use of cookies.

  1. a) The following data is stored and transmitted in the cookies:
  • Language settings
  • Log-in information
  • Session variables

The user data collected by technically necessary cookies are not used to create user profiles.

The data collected is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the user. The data are not stored together with other personal data of the user.

  1. b) Purpose of processing: The purpose of this use of technically necessary cookies is to simplify the use of websites for users.
  2. c) Legal basis for data processing: The data processed by cookies are necessary for the purposes mentioned to safeguard our legitimate interests pursuant to Art. 6 Para. 1 S. 1 lit. f) GPDR. The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a DSGVO if the user has given his consent. Before using cookies which are not technically required, we ask you for your consent to the use of cookies.
  3. d) Duration of storage, objection and removal options

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit, but no later than 30 days after your last visit. Other cookies remain stored on your terminal until you delete them. These cookies enable us to recognize your browser during your next visit.

Most browsers automatically accept cookies. By adjusting the settings of your Internet browser, you can generally prevent the storage of cookies on your device, or require that you are asked each time whether you are in agreement with cookies being enabled. Furthermore, you can also delete already stored cookies at any time.

Opt-out cookies prevent the future collection of your data when you visit this website. To prevent from collecting your information across multiple devices, you must opt-out on all systems you use.

If you have given your consent to the cookies, you can revoke this at any time in your browser settings.


Some contents or services of third parties are integrated within our online offerings. We currently use services from the following third parties:

9.3.1 Google Analytics

(a) categories of data: We use Google Analytics, a web analysis service provided by Google Ireland Limited, (hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

  • Technical information such as Browser type/version, Internet provider, terminal device, used operating system and screen resolution
  • Referrer URL
  • Time of the server request
  • Pages viewed
  • Your behaviour on the pages (e.g. clicks, scrolling behaviour and length of stay),
  • Your approximate location (country and city)
  • Source of your visit (i.e. via which website or advertising medium you came to us)
  1. b) For further information on how Google uses cookies, its terms of use and privacy policy please refer to

We have concluded a contract with Google for data processing.

  1. d) Objection to data collection:

However, if you do not want Google Analytics to be used to collect information about your usage patterns for analysis and statistical purposes, you can opt out of Google Analytics collecting this information by downloading and installing the browser plug-in available under the following link:

9.3.2 Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

(a) categories of data: Your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address.

The privacy policy of the library operator Google can be found here:

  1. b) Purpose of processing: We use Google Web Fonts in order to have a uniform and attractive web appearance.
  2. c) Legal basis for data processing: The use of Google services constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GPDR.

9.3.3 Embedded Vimeo videos

On our website the video player Vimeo of Vimeo, LLC (, is integrated. Each time you access a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there.

We use the so-called two-click solution to protect your data. Initially, no user data is transmitted to the operators of the social networks. Only when you click on the video does the data transfer begin. Further information on data protection at “Vimeo” can be found in the provider’s data protection declaration at:


As a person affected by the processing of your personal data, you can assert certain rights with us (“Data Subject Rights”) in accordance with the GPDR and other relevant data protection regulations, see the following section:

10.1 Rights of data subjects

  1. Right of access pursuant to Art. 15 GPDR: You can request information from us about your personal data that we have stored about you at any time. In particular, you can request information about the processing purposes, the data categories, the recipients to whom your data is transferred, the origin of the data if we have not collected it directly from you, the planned storage period, as well as about the existence of an automated decision-making process including profiling and, if applicable, meaningful information about its details;
  1. Right of rectification pursuant to Art. 16 GPDR: You may request us to rectify incorrect or incomplete personal data without delay. We will take reasonable steps to keep the information we hold about you and process about you accurate, complete, current and relevant based on the most current information available to us.
  • Right to deletion pursuant to Art. 17 GPDR: You may request us to delete your personal data, provided that the legal requirements are met. According to Art. 17 GPDR, this may be the case, for example, if

– the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

– you revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing;

– you object to the processing of your personal data and there are no overriding legitimate reasons for the processing, or you object to the processing for direct marketing purposes;

– the personal data have been unlawfully processed;

unless the processing is necessary:

– to ensure compliance with a legal obligation which requires us to process your personal data, in particular with regard to legal retention periods;

– to assert, exercise or defend legal claims.

  1. Right to limitation of processing pursuant to Art. 18 GPDR: You may request that we restrict the processing of your personal data if

–     You dispute the accuracy of the personal data for the period of time we need to verify the accuracy of the data;

–     the processing is unlawful and you refuse to delete your personal data and instead request that we restrict its use;

–     we no longer need your personal information, but you need it to enforce, exercise or defend your legal rights;

–     you have objected to the processing as long as it is not yet clear whether our legitimate reasons outweigh yours.

  1. Right to data transfer in accordance with Art. 20 GPDR: At your request, we will provide you with the personal data that you have provided to us in a structured, common and machine-readable format so that you can transfer it to another responsible person. However, you have this right only if the data processing is based on your consent or is necessary in order to carry out a contract.
  1. Right of revocation pursuant to Art. 7 para. 3 GPDR: You have the right to revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future.
  • Right to object pursuant to Art. 21 GPDR: If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f) GPDR, you have the right to object to the processing of your personal data pursuant to Art. 21 GPDR if there are reasons for doing so which result from your particular situation or which are directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without stating a particular situation. In the event of an objection, we will no longer process your personal data. The latter does not apply if we can prove compelling reasons for processing worthy of protection that outweigh your interests or if we need your personal data to assert, exercise or defend legal claims;

If you wish to exercise your right of revocation or objection, simply send us an e-mail.

  • to complain to a supervisory authority pursuant to Art. 77 GPDR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace (see par. 10.4 below).

10.2 Deadlines for compliance with data subjects’ rights

As a matter of principle, we endeavour to respond to all enquiries within 20 working days. However, this period may be extended due to the specific rights of the persons concerned or the complexity of your enquiry.

10.3 Limitation of information for the fulfilment of data subjects’ rights

In certain situations we may not be able to provide you with information about all of your personal information due to legal requirements. If we need to decline your request for information in such a case, we will also inform you of the reasons for the refusal.

10.4 Complaints to Regulatory Authorities

Workz will always protect your rights. However, if you believe that we have not adequately addressed your complaints or concerns, you have the right to file a complaint with an appropriate data protection authority.


You can download the text of the GPDR from the following homepage: