Privacy Policy

1. Name and contact details of the controller responsible for processing and the company data protection officer 

This data protection information applies to data processing by:

  • Controller: Virtimo AG (hereinafter: Virtimo), Behrenstr. 18, D-10117 Berlin, Germany. Email: info@virtimo.de Telephone: +49 30 – 555 744 00
  • DataCo GmbH, Sandstraße 33, 80335 Munich, represented by Thomas Regier, has been appointed as the data protection officer for Virtimo.
  • Preferred method of contact via email: .

2. Collection and storage of personal data, as well as the nature and purpose of its use 

All personal data processing operations (collection, processing, and use) by Virtimo are carried out in strict compliance with statutory data protection regulations. We collect, process, and use personal data to offer services, to execute and further improve the content and functionalities of our products, online offerings, and services, and, only insofar as you have consented to this, for advertising and market research purposes. With this privacy policy, we would like to inform you about how we handle your personal data. It applies to the collection, processing, and use of personal data. In addition, it also applies to Virtimo’s online products accessible via our websites – where applicable, following registration and login for the respective product. The term online products also includes products operated as Software as a Service (“SaaS”) and cloud applications.

a) When visiting the website

When you visit our website www.virtimo.de (including subdomains and secondary domains such as support.virtimo.de, docs.virtimo.net, or virtimo.cloud), the browser used on your device automatically sends information to the server of the website or the SaaS service. This information is temporarily stored in a log file. The following information is recorded without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access,
  • Name and URL of the retrieved file,
  • Website from which access is made (referrer URL),
  • The browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the website,
  • Ensuring comfortable use of our website,
  • Evaluating system security and stability, and
  • For further administrative purposes.

The legal basis for data processing is Art. 6(1) sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. Furthermore, we use cookies and analysis services when you visit our website. More detailed explanations can be found in sections 4 and 5 of this privacy policy.

b) When using a form or contacting us via email

On our website, we occasionally provide contact forms and registration forms that can be used for electronic contact or event registration. If a user takes advantage of this option, the data entered in the input mask (first name, surname, email address, request, and, if applicable, address, telephone, and other fields created in the form) are transmitted to us and stored. Your consent is obtained for the processing of the data as part of the submission process, and reference is made to this privacy policy. Alternatively, it is possible to contact us via the provided email addresses. In this case, the user’s personal data transmitted with the email are stored. In this context, the data is not passed on to third parties. The data is used exclusively for processing for the purpose stated in the form and for contacting and communicating directly with you. The form data is transmitted encrypted according to current standards (see section 9 on data security) and stored for further processing by our staff. We would like to point out that data transmission via email can have security vulnerabilities. Complete protection of data against access by third parties is not possible.

Legal basis for data processing

The legal basis for processing the data, if the user has given consent, is Art. 6(1) lit. a GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1) lit. e, paragraphs 2 and 3 GDPR. If the email contact aims to conclude a contract, the additional legal basis for processing is Art. 6(1) lit. b GDPR.

Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact in order to fulfil the purpose described in the form. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the submission process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent via email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Right to object and possibility of removal

The user has the possibility to revoke their consent to the processing of personal data at any time. If the user contacts us via email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. The revocation must be addressed to the responsible body. All personal data stored in the course of contacting us will be deleted in this case.

3. Disclosure of data 

Your personal data is not transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • you have given your express consent pursuant to Art. 6(1) sentence 1 lit. a GDPR,
  • the disclosure is necessary pursuant to Art. 6(1) sentence 1 lit. f GDPR for the establishment, exercise, or defence of legal claims, and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6(1) sentence 1 lit. c GDPR, and
  • this is legally permissible and necessary for the processing of contractual relationships with you pursuant to Art. 6(1) sentence 1 lit. b GDPR.

4. Cookies 

We use cookies on our site. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie, which arises in each case in connection with the specific device used. However, this does not mean that we immediately gain knowledge of your identity. The use of cookies serves, on the one hand, to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after leaving our site. Furthermore, we also use temporary cookies to optimise user-friendliness, which are stored on your device for a specific defined period. If you visit our site again to use our services, it is automatically recognised that you have already been with us and what inputs and settings you have made so that you do not have to enter them again (e.g., your language selection). The data processed by cookies is required for the aforementioned purposes to protect our legitimate interests and those of third parties pursuant to Art. 6(1) sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. The complete deactivation of cookies may, however, mean that you cannot use all the functions of our website.

5. Google Maps 

For better illustration, we embed a map on our website provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA via the Google Maps API. If you view the map, a connection is established to the Google server, during which, among other things, the IP address is transmitted to Google. Google can evaluate the use of the Google Maps function by the website visitor. The legal basis for the integration of Google Maps is our aforementioned legitimate interest pursuant to Art. 6(1) lit. GDPR. Further information on Google Maps can be found in Google’s privacy policy and terms of use: https://policies.google.com/privacy?hl=de

6. Social Networks 

We use links to social networks (e.g., LinkedIn, Vimeo, Xing) on our website on the basis of Art. 6(1) sentence 1 lit. f GDPR in order to make our company better known through them. The underlying promotional purpose is to be regarded as a legitimate interest within the meaning of the GDPR. These social networks are operated exclusively by third parties, some of whose places of business are located outside the EU or the EEA – an adequate level of data protection in accordance with §§ 4b, 4c BDSG may therefore not exist under certain circumstances. The links or embeddings are marked accordingly in our online offerings. When visiting these websites via the link, a connection is automatically established between your device (browser) and the servers of the respective social network. This forwards the information that you have visited our website to the social network. If you are logged into the social network via your personal user account, or if you log in during your visit to our website, your visit to our website will then be assigned to your account. By interacting with browser plug-ins or links, e.g., by clicking a “Like” button or leaving a comment, this information is transmitted to the respective social network and stored there. The assignment of the data to your account can therefore be prevented, on the one hand, by logging out of your account (of the respective social network) before visiting our websites. Responsibility for data protection-compliant operation is to be guaranteed by their respective providers. Please refer to the respective privacy policies of the operators for the purpose and scope of data collection by social networks as well as the further processing and use of your data there, along with your rights in this regard and setting options for protecting your privacy:

a) LinkedIn

Our web presence on the career network LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, can be accessed viahttps://www.linkedin.com/company/virtimo-ag/. When you access a page of this website, a direct connection is established between your browser and the LinkedIn server. This gives LinkedIn the information that you have visited our site with your IP address. If you are logged into your LinkedIn account, LinkedIn can assign your visit to our pages to your user account. If you interact with the functions there, for example by clicking the “Follow” button or leaving a comment, the corresponding information is also transmitted to a LinkedIn server and stored there. The information can also be used to evaluate advertisements and for market research. If you do not wish for LinkedIn to be able to assign the visit to our pages, please log out of your LinkedIn user account before visiting our website. Further information on this can be found in LinkedIn’s privacy policy:https://www.linkedin.com/legal/privacy-policy.

b) Vimeo

We use the Vimeo service of Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA to integrate and display video content on our website. When you visit one of our webpages with Vimeo videos, a connection to the Vimeo servers is established. This gives Vimeo the information that you have visited our site with your IP address. In addition, your IP address and technical information (such as browser type and version, operating system, time zone setting) are transmitted to Vimeo via your browser. Even if you are not logged into Vimeo or do not have an account there, Vimeo can process this information. Vimeo also uses cookies, among other things. Please refer to Vimeo’s privacy policy for the purpose and scope of data collection and the further processing and use of the data by Vimeo, as well as your rights in this regard and setting options for protecting your privacy:https://vimeo.com/privacy.

c) Xing

Our web presence on the professional network XING SE, Dammtorstraße 30, 20354 Hamburg, Germany, can be accessed viahttps://www.xing.com/companies/virtimoag. When you access a page of this website, a direct connection is established between your browser and the Xing server. This gives Xing the information that you have visited our site with your IP address. If you are logged into your Xing account, Xing can assign your visit to our pages to your user account. By using the interaction options offered on our Xing page, this information is transmitted to Xing and stored there. If you do not wish for Xing to be able to assign the visit to our pages, please log out of your Xing user account before visiting our website. We point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Xing. Further information on this can be found in Xing’s privacy policy:https://privacy.xing.com/de/datenschutzerklaerung.

7. Rights of the data subject 

You have the right:

  • pursuant to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • pursuant to Art. 16 GDPR, to immediately request the rectification of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR, to request the erasure of your personal data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;
  • pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful but you oppose its erasure and we no longer need the data, but you need it for the establishment, exercise, or defence of legal claims, or you have objected to processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller;
  • pursuant to Art. 7(3) GDPR, to withdraw your previously given consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future, and
  • pursuant to Art. 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

8. Right to object 

Provided that your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1) sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you specifying a particular situation. If you would like to exercise your right of revocation or objection, an email to datenschutz@virtimo.de is sufficient.

9. Data security 

We use the widely used SSL (Secure Socket Layer) method during your website visit, in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. You can tell whether a single page of our website is transmitted encrypted by looking at the status bar of your browser. Furthermore, we employ suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

10. Hyperlinks 

to other websites Some of our online offerings contain hyperlinks to other websites that are not operated by Virtimo AG. We do not monitor these websites and are responsible neither for their content nor their handling of personal data.

11. Validity and amendment of this privacy policy 

This privacy policy is currently valid and is as of March 2026. Due to the further development of our website and offers presented on it, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. You can access the currently valid privacy policy at any time on the website at https://www.virtimo.de/datenschutz.