Note: This is an unofficial English translation provided for convenience only. In case of any discrepancy or doubt, the German version shall prevail. This privacy policy is governed by German law (GDPR / DSGVO).

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 General Information

We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is dataforest GmbH, Taunusstraße 52, 65830 Kriftel, Germany, Tel.: 06192 9392233, Fax: 06192 9392244, E-Mail: hi@dataforest.net. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 Server Log Files

When you visit our website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (where applicable: in anonymized form)

The processing is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used for any other purpose. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2.2 SSL / TLS Encryption

For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or requests to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use cookies – small text files that are stored on your device. Some of these cookies are automatically deleted when you close your browser (so-called "session cookies"), while others remain on your device for longer and allow website settings to be saved (so-called "persistent cookies"). In the latter case, you can find the storage period in the cookie settings overview of your web browser.

If personal data is also processed by individual cookies we use, the processing is carried out pursuant to Art. 6 (1) lit. b GDPR either for the performance of the contract, pursuant to Art. 6 (1) lit. a GDPR in the case of consent given, or pursuant to Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them, or you can exclude the acceptance of cookies for certain cases or in general.

Please note that if cookies are not accepted, the functionality of our website may be restricted.

4) Contact

When you contact us (e.g. via contact form or email), personal data is processed exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter in question has been conclusively resolved and provided there are no statutory retention obligations.

5) Use of Customer Data for Direct Marketing

When you sign up for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. Additional data may be provided voluntarily and will be used to address you personally. For newsletter distribution, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter after you have expressly confirmed your consent to receive it by clicking on a verification link sent to the provided email address.

By activating the confirmation link, you grant us your consent for the use of your personal data pursuant to Art. 6 (1) lit. a GDPR. We store the IP address registered by your internet service provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your email address at a later date. The data we collect when you register for the newsletter is used strictly for the stated purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by notifying the controller mentioned at the beginning. After your unsubscription, your email address will immediately be removed from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to use your data in a way that goes beyond this and is permitted by law and about which we inform you in this statement.

If you have provided us with your email address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range by email. You do not need to give a separate consent for this pursuant to § 7 (3) UWG. The data processing is based solely on our legitimate interest in personalized direct marketing pursuant to Art. 6 (1) lit. f GDPR. If you have initially objected to the use of your email address for this purpose, we will not send any emails.

You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the controller mentioned at the beginning. You will only incur transmission costs according to basic rates. After receiving your objection, the use of your email address for advertising purposes will immediately cease.

6) Data Processing for Contract Performance

6.1 Credit Assessment

Should we provide advance services (e.g. delivery on account), we reserve the right to carry out a credit assessment on the basis of mathematical-statistical procedures in order to safeguard our legitimate interest in establishing the creditworthiness of our customers. We transmit the personal data necessary for a credit assessment to the following service provider pursuant to Art. 6 (1) lit. f GDPR:

mediaFinanz GmbH, Weiße Breite 5, 49084 Osnabrück

The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data flows into the calculation of the score values. We use the result of the credit assessment with regard to the statistical probability of payment default for the purpose of deciding on the establishment, performance or termination of a contractual relationship.

You can object to this processing of your data at any time by notifying the controller or the aforementioned credit agency. However, we may still be entitled to process your personal data insofar as this is necessary for the proper settlement of the payment.

6.2 Transfer to Debt Collection Service Provider

We reserve the right to pass on your data to the debt collection service provider EuroTreuhand Inkasso GmbH, Amsterdamer Str. 133 b, 50735 Köln, insofar as our payment claim has not been settled despite prior reminder. In this case, the claim will be collected directly by the debt collection service provider.

The transfer of your data serves the performance of the contract pursuant to Art. 6 (1) sentence 1 lit. b GDPR and the safeguarding of our overriding legitimate interests in the effective assertion and enforcement of our payment claim pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

7) Web Analytics

Matomo

This website uses a web analytics service from the following provider: InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo").

To protect website visitors, Matomo uses a so-called "config_id" to enable various analyses of page usage within a short time window of up to 24 hours. The "config_id" is a randomly set, time-limited hash of a limited set of settings and attributes of the visitor. The config_id or config hash is a string calculated for a visitor based on their operating system, browser, browser plugins, IP address and browser language. Matomo does not use device fingerprinting and uses an anonymized IP address of the visitor to create the "config_id".

Insofar as the information processed in this way includes personal user data, processing is carried out pursuant to Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes. To object to the processing of your visitor data for the future, you will find an opt-out option at the bottom of this page.

Data is only transmitted to the provider if the service is not hosted on our own servers. In the case of self-hosting, data collected via the service is not transmitted to the provider.

If the service is not hosted on our own servers, we have concluded an order processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to New Zealand, an adequacy decision of the EU Commission applies in this case, which certifies compliance with European data protection standards in international data transfers.

8) Website Features

8.1 Google reCAPTCHA

We use the CAPTCHA service of the following provider on this website: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Data may also be transmitted to: Google LLC, USA.

For the visual design of the CAPTCHA window, the provider uses "Google Fonts", i.e. fonts loaded from Google on the internet. No further information is processed beyond the above, which is already transmitted to Google via the reCAPTCHA functionality.

The service checks whether an input is made by a natural person or abusively by automated processing, and blocks spam, DDoS attacks and similar automated malicious access. To ensure that an action is performed by a human and not by an automated bot, the provider collects the IP address of the device used, identification data of the browser and operating system type used, as well as the date and duration of the visit, and transmits these to the provider's servers for evaluation. Cookies may be used in this process, i.e. small text files stored in the browser of the device.

If the processing described above is based on cookies, these are only set if you have given us your express consent pursuant to Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website.

If the processing described above is carried out without the use of cookies, the legal basis is our legitimate interest in establishing individual personal responsibility on the internet and avoiding misuse and spam pursuant to Art. 6 (1) lit. f GDPR.

We have concluded an order processing agreement with the provider that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, on the basis of an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/

You can disable the use of Google reCAPTCHA at any time using the button at the bottom of this page.

8.2 Job Applications by Email

On our website, we advertise currently vacant positions in a separate section, for which interested parties can apply by email to the provided contact address.

Applicants must provide all personal data necessary for a well-founded assessment, including general information such as name, address and contact options, as well as performance-related evidence and, where applicable, health-related information. Details of the application can be found in the job advertisement.

After receiving the application by email, the data is stored and evaluated exclusively for the purpose of processing the application. For follow-up questions, we use either the applicant's email address or phone number. The processing is based on Art. 6 (1) lit. b GDPR (or § 26 (1) BDSG), in the sense of which going through the application process is considered initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severe disability) are requested from applicants in the context of the application process, processing is carried out pursuant to Art. 9 (2) lit. b GDPR so that we can exercise the rights arising from labor law and the law on social security and social protection and fulfill our related obligations.

Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 (1) lit. h GDPR if it is carried out for the purposes of preventive health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnosis, care or treatment in the health or social sector or for the management of systems and services in the health or social sector.

If an applicant is not selected or withdraws their application prematurely, their transmitted data and all electronic correspondence including the application email will be deleted after a corresponding notification at the latest after 6 months. This period is based on our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to fulfill our burden of proof obligations under the provisions on equal treatment of applicants.

In the event of a successful application, the data provided will be processed on the basis of Art. 6 (1) lit. b GDPR (in Germany in conjunction with § 26 (1) BDSG) for the purpose of carrying out the employment relationship.

8.3 Online Applications via a Form

On our website, we advertise currently vacant positions in a separate section, for which interested parties can apply via a corresponding form.

In the course of submitting the form, the applicant's data is transmitted to us in encrypted form in accordance with the state of the art, stored by us and evaluated exclusively for the purpose of processing the application. The processing is based on Art. 6 (1) lit. b GDPR (or § 26 (1) BDSG), in the sense of which going through the application process is considered initiation of an employment contract.

Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are requested from applicants in the context of the application process, processing is carried out pursuant to Art. 9 (2) lit. b GDPR so that we can exercise the rights arising from labor law and the law on social security and social protection and fulfill our related obligations.

If an applicant is not selected or withdraws their application prematurely, their form-transmitted data and all electronic correspondence including the application email will be deleted after a corresponding notification at the latest after 6 months. This period is based on our legitimate interest in being able to answer any follow-up questions about the application and, if necessary, to fulfill our burden of proof obligations under the provisions on equal treatment of applicants.

9) Tools and Other Services

DATEV

For bookkeeping purposes, we use the cloud-based accounting software service of the following provider: DATEV eG, Paumgartnerstr. 6-14, 90429 Nürnberg, Germany.

The provider processes incoming and outgoing invoices as well as, where applicable, the bank movements of our company, in order to automatically capture invoices, match them to transactions and create financial accounting from this in a partially automated process.

Insofar as personal data is also processed in this context, the processing is carried out on the basis of our legitimate interest in the efficient organization and documentation of our business processes pursuant to Art. 6 (1) lit. f GDPR.

10) Rights of the Data Subject

10.1 General Rights of Data Subjects

Applicable data protection law grants you the following data subject rights (information and intervention rights) with respect to the processing of your personal data by the controller, where reference is made to the cited legal basis for the respective conditions of exercise:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to notification pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent pursuant to Art. 7 (3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

10.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, CONTINUED PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU MAY EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Retention Period of Personal Data

The retention period of personal data is determined by the respective legal basis, the processing purpose and, where applicable, additionally by the respective statutory retention period (e.g. commercial and tax law retention periods).

When processing personal data on the basis of express consent pursuant to Art. 6 (1) lit. a GDPR, the data concerned is stored until you withdraw your consent.

If statutory retention periods exist for data processed in the context of contractual or quasi-contractual obligations on the basis of Art. 6 (1) lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided it is no longer necessary for the performance or initiation of the contract and/or we have no legitimate interest in continued storage.

When processing personal data on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

When processing personal data for direct marketing purposes on the basis of Art. 6 (1) lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 (2) GDPR.

Unless otherwise stated in the other information in this statement regarding specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Version: 16.12.2025, 15:56:39

Opt-Out Options

Matomo

You can object to the statistical analysis of your visit behavior by Matomo here:

Google reCAPTCHA

You can disable the use of Google reCAPTCHA here at any time:

Privacy Policy

Privacy Policy

Opt-Out Options

Matomo

Google reCAPTCHA

Optimize your IT with us!