Privacy Policy

Sertalink takes the protection of your data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific laws applicable to us. With the help of this privacy policy, we will inform you how Sertalink processes your personal data and the rights you have.

Personal data means information that can lead to the identification of an individual and includes name, date of birth, address, phone number, e-mail address and also IP address. Anonymous data exists when no connection can be made to a user.

Your rights as a data subject.

We would first like to inform you of your rights as a data subject as defined in Art. 15 – 22 EU GDPR These include:

  • The right of access (Art. 15 EU GDPR)
  • The right to erasure (Art. 17 EU GDPR)
  • The right to rectification (Art. 16 EU GDPR)
  • The right to data portability (Art. 20 EU GDPR)
  • The right to restriction of processing (Art. 18 EU GDPR)
  • The right to object (Art. 21 EU GDPR)


To exercise these rights, please contact: The same applies if you have questions about data processing in our company. You also have the right to appeal to the data protection supervisory authority.


Right to object

Please note the following in connection with the right to object:

 If we process your personal data for the purpose of direct marketing, you have the right to object at any time without giving reasons. This right also applies to profiling as long as it is connected with direct advertising.

If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes.


In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons relating to your particular situation; this also applies to profiling based on these provisions.

We shall no longer process the personal data unless the we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.


Purposes and legal bases for data processing.

Processing of your personal data complies with the provisions of the EU GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 EU GDPR.

We use your data for business initiation, fulfilment of contractual and legal obligations, execution of a contractual relationship, offering products and services and for strengthening the customer relationship, which may also include analyses for marketing purposes, customer satisfaction surveys and direct marketing.

Your consent also constitutes a legal provision under data protection law. The following is information regarding the purposes of data processing and about your right to object. If consent also refers to the processing of special categories of personal data, we will expressly point this out to you in the consent.

Processing of special categories of personal data pursuant to Art. 9 Para. 1 EU GDPR only takes place if this is required by legal regulations and there is no reason to assume that your legitimate interest in the exclusion of the processing prevails.

Transfer of data to third parties.

We will only pass on your data to third parties within the framework of legal regulations or with appropriate consent. Otherwise, data will not be passed on to third parties unless we are obliged to do so by mandatory legal provisions (transfer to external bodies such as supervisory authorities or law enforcement authorities).

Within our company, we ensure that only those persons receive your data who need them to fulfil their contractual and legal obligations.

Transfers of personal data to third countries / intention to transfer data to a third country

Data is only transmitted to third countries (countries outside the European Union or the European Economic Area) if required to do so by law and if you have given us your consent or if this is necessary for the performance of an obligation.

Data retention.

We will store your data only for as long as it is needed for the purposes it was collected. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations. If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use it as evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.

Secure data transfer.

In order to protect data from accidental or deliberate manipulation, loss, damage or access by an unauthorised person, we have taken appropriate technical and organisational security measures. To this end, the level of security is continually tested and adjusted to reflect new standards in security, in collaboration with security experts.

Data transferred to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols.

In addition, we offer our users content encryption for contact forms and applications. Only we are able to decrypt this data. It is also possible to use alternative communication channels (e.g. by post).

Obligation to provide data.

Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.

We have summarised the details for you in the above point. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.

Data categories, sources and origins.

The data we process depends on the context: This depends on e.g., send an enquiry using our contact form or make a complaint.

Please note that we may also make information available separately at a suitable location for special processing situations, e.g. when making a contact request.


When you visit our website, we collect and process the following data:

When you visit our site, your internet browser transmits the following types of data, which we then save:

  • the browser type and language
  • the IP address of the computer used to access the site
  • the server requests (e.g. accessed pages) including time stamps and
  • the referral URL (i.e. the address of the previous website that you visited, if you came to our site by following a hyperlink from there).

These first three data types are technically required to be able to properly display the webpage you accessed. Moreover, this data may be used, if necessary, to maintain secure operation of this website (e.g. to protect against hacking). The IP address and browser language are also used to suggest appropriate language settings for our website. The referral URL is anonymised and used to compile statistics. For reasons of technical security and in particular to prevent attempts to attack our web server, this type of data are also stored for a certain period of time in accordance with Art. 6 Paragraph 1, Sentence 1(f) EU GDPR.

Contact forms / contact via e-mail, chat or phone.

Contact forms are available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the information you provide to contact you and answer your questions and requests. (Art. 6 Para. 1 S. 1(a, b) EU GDPR).

If you contact us by e-mail, we will process the personal data provided solely for the purpose of processing your enquiry.

If you request a call back, we collect your name and telephone number. When requesting a call back, you can attach a message if you wish.

You can also contact us via live chat. When using the chat feature, we collect and process your first and last names as well as your e-mail address. The chat history is saved on a server of our cloud service provider, based in Amsterdam for 30 days for reasons of follow-up and is then deleted.

All data required to complete the form is subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely necessary for processing inquiries and making contact.

 For reasons of technical security and in particular to prevent attempts to attack our web server, we will also process your IP address.

Customer and supplier data.

When you conclude a contractual relationship outside of the website, we process the following personal data:

  • Contact details (e.g. first/last name of current and any former partners in addition to additional names, the customer’s company name and address (employer), mobile and landline number with extension, e-mail address, fax number)
  • Professional data (e.g. position in company, department)
  • Any bank account details required (in the case of a SEPA direct debit mandate also the first/last name of the account holder)
  • Preferred payment system, credit history and behaviour if applicable

We receive your personal data primarily from you as part of contract fulfilment or during the current contractual relationship.

Purposes and legal bases for data processing

Processing of your personal data complies with the provisions of the EU GDPR and all other applicable data protection regulations.

Your personal data is processed exclusively to conduct pre-contractual measures (e.g. creating quotes for products or services) and to comply with contractual obligations (e.g. implementation of our services or for processing your order/payment), (Art. 6 Para. 1 S. 1(b) EU GDPR) or if there is a legal obligation for processing (e.g. for tax law purposes) (Art. 6 Para. 1 S. 1(c) EU GDPR). These are the purposes for which your personal data was originally gathered.

Your consent can also constitute a legal provision under data protection law (Art. 6 Para. 1 S. 1(a) EU GDPR). Before you grant permission, we clarify the purpose of data processing and your right of revocation in accordance with Art. 7, Para. 3 EU GDPR. 

For the detection of criminal offences, personal data will only be processed under the conditions of Article 10 EU GDPR.

Event registration.

A registration form can be found on our website.

If you register for an event via this form, we will process your data for the purposes of registration and communication.

All data required to complete the form is subject to the principles of data reduction and data economy, meaning you only have to provide the data that is absolutely necessary to register and for us to contact you, meaning your name and email address

All other information is voluntary.

In the case of joint events with vendors, we shall share your data with the joint organiser.

Personal data will not be passed on to third parties except from in the cases mentioned above, and will only be used for the above-mentioned purpose.

Documentation and marketing relating to the respective events form the basis for Sertalink’s legitimate interest in the taking and publishing of recordings.