Privacy Policy
Synatix GmbH
Deisterstraße 20
31785 Hameln
Phone
+49 5151 96299-0
Email
mail@synatix.com
Managing Director
Fabian Simon
Commercial Register
Local Court of Hanover
Registration Number
HRB 203142
VAT ID
DE260044147
You can reach our Data Protection Officer at
datenschutz@synatix.com
Last updated: 9/3/2025
Legal basis for our services and general information on the use and disclosure of data
The information in this privacy policy explains the purpose, scope and nature of the processing of your personal data within our entire online offering and all associated websites including their functions and content (hereinafter collectively referred to as the "website" or "online offering"). This policy applies to all platforms and devices (e.g. mobile devices or desktop PCs) on which our online offering is used or executed, regardless of the domains or systems used. This information is provided in accordance with Article 13 GDPR.
Terms used such as "personal data" or "processing" are defined in Article 4 of the General Data Protection Regulation (GDPR).
Personal user data processed within this online offering includes, for example, personal details (such as customer names and addresses), contract data (contract numbers, case handlers, services used, payment information) as well as data relating to the use of and entries by customers within our online offering (e.g. interest in certain products or content, or entries in the contact form).
Data subjects include all visitors to our online offering, including business partners, prospects, and customers, hereinafter referred to as "users."
The terms used, such as "user," "customer," or "service provider," are to be understood as gender-neutral.
All personal user data is processed in compliance with the applicable data protection regulations. The basis for this is the existence of a statutory permission and the user's consent. If data processing is necessary for the performance of our contractual services (e.g. order processing) or the online service (e.g. to ensure and comply with legal requirements) or due to our legitimate interests (e.g. for the security of our online offering within the meaning of Article 6(1)(f) GDPR, analysis to optimize the security and economic efficiency of our operations, including profiling for advertising and marketing purposes, collection of reach and access data, and third-party services), we will use the data within the scope of the legal permission.
Disclosure of data to third parties and third-party providers
Data is only disclosed to third parties within the framework of legal requirements. It is only disclosed when necessary for contractual purposes/fulfillment (pursuant to Article 6(1)(b) GDPR) or on the basis of legitimate interests in our efficient and economical business operations (pursuant to Article 6(1)(f) GDPR).
To comply with statutory provisions and to protect personal data, we implement appropriate legal, technical, and organizational measures even when using subcontractors.
If third-party services, tools, or other means are used and the provider named is based in a third country, data is transferred to that country if the user has previously consented. The GDPR is an EU regulation and applies to all member states. Transfers to countries outside the EU or the European Economic Area only occur with legal permission, the users' consent, or where an adequate level of data protection exists in the respective third country. We identify such third-party providers in the following sections.
Our websites and our email service are hosted by our sister company Synatix GmbH (Deisterstraße 20, 31785 Hameln, Germany) and the co-location provider Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany) (the "host"). Personal data collected on our websites is stored on our host's servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access logs, and other data generated via a website.
The use of the host is for the purpose of fulfilling contracts with our prospective and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR).
Our host will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data. To ensure processing in compliance with data protection, we have concluded a data processing agreement with our hosting service provider.
We use Google Tag Manager Server, which enables us to unify external data communications. This service is operated on European servers, primarily located in Germany, of the Google Cloud.
Using this cloud server provider serves to fulfill contracts with our prospective and existing customers (Article 6(1)(b) GDPR) and is in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR).
Our host will process your data only as necessary to fulfill its performance obligations and will follow our instructions regarding this data. Further information on data processing can be found at: https://cloud.google.com/terms/data-processing-terms?hl=de
Our websites are also hosted by Amazon Web Services EMEA SARL, German branch (Marcel-Breuer-Str. 12, 80807 Munich, hereinafter "AWS"). Personal data collected on our websites is stored on our host's servers. This may include, in particular, IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access logs, and other data generated via a website. Information on AWS privacy can be found at: https://d1.awsstatic.com/legal/privacypolicy/13677832_1_DEMATTERS(AWS_Privacy_Notice_Update-GERMAN).pdf
The use of the host is for the purpose of fulfilling contracts with our prospective and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR).
Our host will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data. To ensure processing in compliance with data protection, we have concluded a data processing agreement with our hosting service provider.
We use rented servers from Hetzner Online GmbH, which enable us to provide our services reliably and securely. These servers are located in data centers within the European Union, primarily in Germany.
The use of Hetzner as a cloud hosting provider serves to fulfill our contractual obligations to prospective and existing customers (Article 6(1)(b) GDPR) and is in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR).
Our hosting provider will process your data only to the extent necessary to fulfill its performance obligations and will follow our instructions regarding this data. Further information on data processing by Hetzner can be found at: https://www.hetzner.com/de/rechtliches/datenschutz
To handle user inquiries (via email or contact form), the user's information is processed pursuant to Article 6(1)(b) GDPR.
Online presences on social media
Pursuant to Article 6(1)(a) GDPR, we maintain online presences on social networks and platforms. There we aim to communicate with customers, prospects, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of the respective operators apply.
Unless this privacy policy specifies otherwise, we process the data of users who communicate with us or interact with our content.
Collection of access data and records (log files)
With each access to our servers, we collect corresponding data (so-called server log files) in our legitimate interest within the meaning of Article 6(1)(f) GDPR, including date and time, data volume, name of the page accessed, success message regarding retrieval, operating system including browser type and version, the previously visited page, IP address, and provider.
For the investigation of fraud or abuse, log file information is stored for a maximum of seven days for security reasons and then deleted. If certain data is required for evidentiary purposes, deletion is postponed until the incident is finally clarified.
Measurement of reach and use of cookies
Cookies are small files stored on users' storage devices.
We mainly use cookies (session cookies) that are deleted from the respective storage medium when the browser session ends. Session cookies are needed, for example, to enable shopping cart functions or to store entries across several pages. In addition, we also use cookies that remain on the user's hard drive. This enables automatic recognition of the user upon a return visit and automatic recognition of preferred entries and settings. These cookies are stored on the hard drive for a period of one month to 10 years and delete themselves automatically after the specified time. These cookies primarily serve to make the online offering more user-friendly, secure, and efficient.
We also inform users within this privacy policy about the use of cookies in the context of pseudonymous reach measurement.
If users wish to avoid the storage of cookies, this option can be disabled in the browser settings. Cookies already stored can also be deleted there; however, excluding cookies may lead to functional restrictions of our online offering.
You can object to the use of cookies for reach measurement and advertising purposes via the Network Advertising Initiative's opt-out page https://optout.networkadvertising.org/, the European website https://www.youronlinechoices.com/uk/your-ad-choices/, and additionally the US website https://www.aboutads.info/choices.
Third-party providers
To offer our services, continuously improve them, and display content and advertisements in a personalized manner on our website, social media, and partner sites, we use cookies, pixels, and similar technologies, which may also originate from third-party providers. We therefore provide the following information on the collection of personal data by us or by third-party providers when using our websites and services.
For the purpose of analyzing website usage, we store certain data, in particular pages visited, time and date, user agent, cookie data, and referrer. At the beginning of this privacy policy, you can adjust your consent options by opening the Consent Manager and making the appropriate settings. - Adjust to the introduction of the services
Google Analytics (limited use)
Description: Google Analytics is a web analytics service used here in a limited scope, collecting only anonymized visitor statistics that do not enable cross-device tracking or advertising measures.
| Category | Information |
|---|---|
| Purpose of data | Web analytics |
| Place of processing | Ireland |
| Processing company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data recipient | Google Ireland Limited |
| Legal basis | Article 6(1)(f) GDPR |
| Opt-out | https://tools.google.com/dlpage/gaoptout?hl=de |
| Further information | https://www.google.com/intl/de/policies/privacy/partners, https://www.google.com/policies/technologies/ads |
| Ad settings | https://adssettings.google.com/authenticated |
| Privacy policy | https://policies.google.com/privacy?hl=de |
synTRK
| Category | Information |
|---|---|
| Description | synTRK is a service that processes pseudonymized visitor statistics collected to a limited extent. |
| Purpose of data | Limited, pseudonymized visitor statistics that do not enable cross-device tracking or advertising measures |
| Place of processing | Germany |
| Processing company | Synatix GmbH |
| Data recipient | Synatix GmbH |
| Legal basis | Article 6(1)(f) GDPR |
Facebook Pixel
With the user's consent pursuant to Article 6(1)(a) GDPR, we use the "Facebook Pixel," operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").
We use the Facebook Pixel to display the ads we run only to those Meta users who have also shown an interest in our online offering, specific products, or topics. We also want to ensure, with the help of the Facebook Pixel, that our ads on Meta Platforms correspond to potential user interests and do not have a harassing effect. The Meta Pixel enables us to determine the effectiveness of our Meta ads and to compile statistics on how many users visit our online offering via an ad.
Basic information on Meta Platforms advertising can be found at: https://www.facebook.com/policy.php. Further information on the Facebook Pixel and how it works can be found in Meta Platforms' Help Center: https://www.facebook.com/business/help/651294705016616, https://www.facebook.com/policy.php.
You can object to data collection by the Facebook Pixel and to the use of your data for the display of Meta ads. To do this, visit the page set up by Meta Platforms and follow the instructions on settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. All settings are platform-independent and therefore apply to all devices (e.g. mobile or desktop devices).
| Category | Information |
|---|---|
| Description | Marketing measures via Facebook |
| Purpose of data | Ad placement, measurement, and security |
| Technologies used | Cookies, pixels |
| Data collected | User ID, browser and device information, timestamp, click ID, referrer data |
| Retention period | Up to 2 years |
| Place of processing | Ireland |
| Processing company | Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland |
| Data recipient | Meta Platforms Ireland Limited |
| Legal basis | Article 6(1)(a) GDPR |
| Privacy policy | https://www.facebook.com/privacy/policy/ |
Google Enhanced Conversions
Description: Enhanced Conversions is a feature that improves the accuracy of conversion measurement and enables more effective bidding. First-party data collected by us and provided by users is sent to Google as hashed values.
| Category | Information |
|---|---|
| Place of processing | Ireland |
| Processing company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data recipient | Google Ireland Limited |
| Legal basis | Article 6(1)(a) GDPR |
| Privacy policy | https://policies.google.com/privacy?hl=de |
Google Analytics
This refers to comprehensive collection of visitor statistics. Users can prevent the collection and processing of usage data by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de. The storage of cookies can also be prevented through settings in the respective browsers or by withdrawing consent in our Consent Manager. At the beginning of this privacy policy, you can adjust your consents by opening the Consent Manager and making the appropriate settings.
Further information on settings and opt-out options and on data collection by Google can be obtained directly from Google: https://www.google.com/intl/de/policies/privacy/partners, https://www.google.com/policies/technologies/ads. You can also view and edit your ad settings here: https://adssettings.google.com/authenticated.
Description: Google prepares reports on the use of our online offering on our behalf. For this and other services on our behalf, information about users' activities within our offering is collected. This information may also be used to create pseudonymous usage profiles.
| Category | Information |
|---|---|
| Purpose of data | Analytics |
| Technologies used | Cookies |
| Data collected | Client ID, user location, usage data |
| Retention period | 14 months |
| Place of processing | Ireland |
| Processing company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data recipient | Google Ireland Limited |
| Legal basis | Article 6(1)(a) GDPR |
| Privacy policy | https://policies.google.com/privacy?hl=de |
Google Signals
| Category | Information |
|---|---|
| Description | Cross-device marketing |
| Place of processing | Ireland |
| Processing company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data recipient | Google Ireland Limited |
| Legal basis | Article 6(1)(a) GDPR |
| Privacy policy | https://policies.google.com/privacy?hl=de |
Consent Manager
| Category | Information |
|---|---|
| Description | Storage of user consents |
| Place of processing | Germany |
| Processing company | Synatix GmbH, Deisterstraße 20, 31785 Hameln |
| Data recipient | Synatix GmbH |
| Legal basis | Article 6(1)(a) GDPR |
Google Tag Manager
| Category | Information |
|---|---|
| Description | Tool for integrating events, customizations, and tracking into the website |
| Place of processing | Ireland |
| Processing company | Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland |
| Data recipient | Google Ireland Limited |
| Legal basis | Article 6(1)(a) GDPR |
| Privacy policy | https://policies.google.com/privacy?hl=de |
Session cookies
| Category | Information |
|---|---|
| Description | This cookie marks a session and is deleted when the browser is closed |
| Purpose of data | Management of user sessions and linkage with the server |
| Technologies used | Cookies |
| Data collected | Session ID |
| Retention period | Session |
| Place of processing | Germany |
| Processing company | Synatix GmbH, Deisterstraße 20, 31785 Hameln |
| Data recipient | Synatix GmbH |
| Legal basis | Article 6(1)(a) GDPR |
Cloudflare
| Category | Information |
|---|---|
| Description | Protection against DDoS attacks |
| Purpose of data | Efficient distribution of traffic to servers to maintain optimal website performance |
| Technologies used | Cookies |
| Data collected | Server ID, session information |
| Retention period | Session |
| Place of processing | USA |
| Processing company | Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA |
| Data recipient | Cloudflare, Inc. |
| Legal basis | Article 6(1)(a) GDPR |
| Privacy policy | https://www.cloudflare.com/de-de/privacypolicy/ |
Measures for protection and security
To protect the data we process from accidental or intentional manipulation, destruction, loss, or access by unauthorized persons, and to comply with the provisions of data protection laws, we take technical, organizational, and contractual security precautions in accordance with the state of the art. Encrypted transmission of data between our server and your browser is among the security measures used.
Users' personal rights
Upon request, every user can obtain information about their personal data stored by us.
Users also have the right to have incorrect data corrected and to restrict the processing and deletion of their personal data. The right to data portability can also be asserted. A complaint can be lodged with the competent supervisory authority at any time.
Any consent given by the user can be revoked at any time with effect for the future only.
Datadeletion
Data that is not subject to a statutory retention period will be deleted as soon as it is no longer required for its purpose. If deletion is not possible due to its legally permissible purpose or other provisions, processing will be restricted. Blocking of the data thus prevents processing for other purposes.
Retention takes place in accordance with Section 257(1) of the German Commercial Code (HGB) (for commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting records, etc.) for six years and in accordance with Section 147(1) of the German Fiscal Code (AO) (for books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.) for ten years.
Data collected via Google Analytics is fully anonymized after 50 months.
Data collected via Meta Marketing Services and Adcell is stored indefinitely.
Data collected via Mouseflow is deleted after six months.
Right to object and other rights
If the user has given consent to the processing of personal data concerning them for one or more specific purposes, the user has the option to withdraw consent with effect for the future.
In particular, within the framework of legitimate interests, the user generally has the right to object to the processing of personal data at any time free of charge with effect for the future. An email to the above-mentioned postal address or email address is sufficient for this purpose.
Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of their residence, workplace, or the place of the alleged infringement, if the data subject considers that the processing of personal data concerning them infringes this regulation.
One competent authority, for example, is the State Commissioner for Data Protection of Lower Saxony, Prinzenstraße 5, 30159 Hanover. However, the user may choose another authority.
Obligation to provide data
The provision of the following data is strictly necessary (mandatory information):
Use of the contact form or other contact
The following data must be provided to process a request via the contact form (mandatory information):
Name and email address
All other details are not required to process a contact request and are therefore voluntary. If the mandatory information required to process a contact request is not provided, the contact request will not be processed. Failure to provide voluntary information has no impact on the processing of the contact request. There is no obligation to provide data for processing any other type of request.
Automated decision-making
Automated decision-making, including profiling, does not take place.
Updates to this privacy policy
We reserve the right to change this privacy policy in the event of a change in the legal situation as well as changes to our services or data processing. However, this applies exclusively with regard to statements on data processing. If user consents are required or parts of the privacy policy contain provisions of the contractual relationship with the users, changes are only possible with the users' consent.
We ask users to regularly inform themselves independently about the content of the privacy policy.
