Data protection policy

pektogram GmbH

Thank you for visiting our website. Compliance with data protection legislation is particularly important for us. The aim of this data protection policy is to inform you as a user of the website about the type, extent and purpose of processing your personal data and about your rights as a data subject within the meaning of Art. 4(1) General Data Protection Regulation. The following data protection policy reflects the changes made by the General Data Protection Regulation (GDPR) in effect as of 25.5.2018. At the same time this policy also meets the requirements of Section 13 German Telemedia Act (TMG) which applied until this date.

1. Controller

This website and the services offered are operated by
pektogram GmbH
Beckergrube 38-52
23552 Lübeck

Phone: +49 (0) 162 1397801

Managing director: Jan Weber

2. General remarks

We have designed the website to collect as little data from you as possible. Generally speaking, the website can be used without providing any personal data. Only when you decide to make use of certain services (e.g. to use the contact form) is it necessary to process personal data. When doing so, we always ensure that your personal data are only processed on an appropriate legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation in effect as of 25.5.2018 and applicable national legislation, such as the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and other specific data protection legislation.

3. Definitions

The terms used in this data protection policy have the following meanings, as defined in the GDPR.

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;

‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Consent

When you visit our website there are some cases in which we require your consent to collect personal data. 

Declaration of consent By using the form we provide, you consent to our collection of the personal data you provide and their processing as described in this data protection policy. You can withdraw this consent at any time with future effect by sending us a corresponding statement. However, you are advised that it will no longer be possible to use our service without your consent. Please use the contact channels mentioned above to withdraw your consent (in this case please provide us with your name, email and postal address).

5. Purpose and legal basis for the processing of personal data

Purpose of data processingLegal basis for data processing (“Why is the data processing necessary?”)
To make contact and for related correspondenceOn the basis of your consent
To process your request and provide any further advice you may wantOn the basis of your consent
To arrange pre-contractual matters for the preparation of an offerOn the basis of your consent
To process your application for a job vacancy advertised by usOn the basis of your consent
To ensure that our website is presented to you in as effective and interesting a way as possible (e.g. by means of anonymised analysis)On the basis of our legitimate interests
For the technical implementation of our servicesOn the basis of our legitimate interests

6. Personal data collected and processed

We only collect and process your personal data when you have provided it knowingly and freely. This is the case if you make contact with us and request information about our services and products. This contact is generally made by means of email. When you make contact by email you freely send us personal data and make them available for processing. We will only process your data for the purposes mentioned above. If a contract or business relationship does not come about we will erase your data when the purpose of their collection no longer applies.

The personal data and the contents you provide will remain solely with us and our affiliates. We will only store and process the data for the purposes mentioned in Point 5. Any further use requires your explicit consent. The same applies to the transfer and transmission of your data to third parties.

7. General logfiles

The webserver temporarily stores in logfiles the access request, the connection data of the requesting device (IP address), the pages that you visit, the date and duration of your visit, the type of browser and operating system being used and the website from which you visit us. The technical administration of the website and the anonymous statistical analytics make it possible to analyse the visits to the pektogram website with the aim of increasing data protection and data security in our company, ultimately in order to ensure optimal security for the personal data we process.

The data in the server logfiles are stored separately from all the personal data you provide. Subject to any record-keeping obligations, we delete your IP address seven days after you leave our website.

8. Embedded services and third-party contents

Our website uses contents and services from other providers. That includes road maps provided by Google Maps, for example. The transmission of the IP address is absolutely necessary for these data to be retrieved and displayed in the user’s browser. The providers (hereafter known as ‘third-party providers’) therefore know the IP address of the respective user.
Even if we strive only to use third-party providers which only need the IP address to deliver content, we have no control over whether the IP address is stored. In this case the procedure also serves statistical purposes. To the extent that we become aware that the IP address is stored, we will notify you.

8.1. Google fonts

Type and purpose of the processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our website. To obtain these fonts you make a connection to the servers of Google Ireland Limited and transmit your IP address.

Purpose and legal basis
The use of Google Fonts is based on our legitimate interests, i.e. interest in a uniform provision as well as the optimization of our online offer pursuant to Art. 6 para. 1 lit. f. DSGVO.

Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Fonts:

8.2. Use of Google reCaptcha

Type and scope of processing
We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a program. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s browsing time and mouse movements in order to distinguish automated requests from human ones. This data is processed solely for the above purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis
The service is used on the basis of our legitimate interests, i.e. for protection when submitting forms in accordance with Art. 6 para. 1 lit. f. DSGVO.

Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA:

8.3 Use of Google AdWords

Type and scope of processing
We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behavior and recognize users.

Google Ads collects information about visitor behavior on various websites. This information is used to optimize the relevance of advertising. Furthermore, Google Ads delivers targeted advertising based on behavioral profiles and geographic location. Your IP address and other identifiers such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can associate the visit with your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and store your IP address and other identification features.

In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and legal basis
We process your data with the help of Google Ads for the purpose of optimizing our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. DSGVO.

Storage period
The concrete storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads:

8.4 Use of Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited („Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called cookies. Cookies are text files, which are stored on your computer and that enable an analysis of the use of the website by users. The information generated by cookies on your use of this website is usually transferred to a Google server in the United States, where it is stored.

The storage of Google Analytics cookies and the utilization of this analysis tool are based on Art. 6 Sect. 1 lit. f GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities.

8.4.1 IP anonymization

On this website, we have activated the IP anonymization function. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases. On behalf of the operator of this website, Google shall use this information to analyse your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

8.4.2 Browser plug-in

You do have the option to prevent the archiving of cookies by making pertinent changes to the settings of your browser software. However, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent. Moreover, you have the option prevent the recording of the data generated by the cookie and affiliated with your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

8.4.3 Objection to the recording of data

You have the option to prevent the recording of your data by Google Analytics by clicking on the following link. This will result in the placement of an opt out cookie, which prevents the recording of your data during future visits to this website: Google Analytics deactivation.

For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at:

8.4.4 Contract data processing

We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.

8.4.5 Demographic parameters provided by Google Analytics

This website uses the function „demographic parameters“ provided by Google Analytics. It makes it possible to generate reports providing information on the age, gender and interests of website visitors. The sources of this information are interest-related advertising by Google as well as visitor data obtained from third party providers. This data cannot be allocated to a specific individual. You have the option to deactivate this function at any time by making pertinent settings changes for advertising in your Google account or you can generally prohibit the recording of your data by Google Analytics as explained in section „Objection to the recording of data.“

8.4.6 Archiving period

Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 month. For details please click the following link:

8.5 Use of LinkedIn plugin 

Social plugins (“plugins”) of the social network LinkedIn is used on our website, operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. For improved protection of your data when visiting our website, these buttons are not integrated as plugins without restrictions, but in the form of HTML links. This type of integration ensures that when you call up a page of our website on which such buttons are available, a connection is not yet established with the servers of LinkedIn. When you click on such a button, the LinkedIn page opens in a new browser window. There you can interact with the plugins there (if necessary after prior login). The purpose and scope of the data collection, the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy can be found in the privacy notices of LinkedIn:  

8.6 General remarks on social media platforms

In order to present our company in the best possible way and communicate with you as a user, customer or potential customer and inform you about our services, we make use of our presence in social media networks.

You will find us on the following platforms and social networks:

  • LinkedIn

When social networks are used your data is processed outside the European Union (EU) and the European Economic Area (EEA). Not all countries outside the EU can guarantee the same level of data protection as exists in the EU.

Risks may result for you as a user in this context, if the data transferred to third countries is processed with an inadequate level of data protection.

This makes it more difficult for you assert your user rights. It may also be that your data are processed by the provider in the third country in a way that is not in your interest.

The processing purposes of the social networks generally differ from ours. It is mostly the case that the data you post on social networks is processed for market research, advertising and user profiling for personalised advertising (e.g. Facebook, Google, Instagram, etc.). To do this, cookies are used which track user behaviour and enable user profiling. Facebook also creates user profiles of people who have no registered account with Facebook. A concrete list of the purposes of processing user data can be found in the data protection policies of the respective providers. By adjusting the settings of your user account accordingly it is at least possible to restrict profiling to a certain extent. Please read the data protection policies of the respective providers for details of how to do this.

Below you will find a detailed description of data processing by the respective providers and the opt-out opportunities they offer via the links to the providers’ websites:

8.7 Use of Matomo

Type and scope of processing

We use the open source software tool Matomo (formerly PIWIK) on our website. The software sets a cookie in your browser (for cookies, see already above). If individual pages of our website are called up, the following data is stored:

– Two bytes of the IP address of the user’s calling system (anonymized IP address).

– The website called up

– The website from which the user accessed the accessed website (referrer)

– The subpages that are accessed from the accessed website

– The time spent on the website

– The frequency with which the website is accessed

– The software runs exclusively on the servers of our website. 

Your personal data is only stored there. The data is not passed on to third parties.

 Purpose and legal basis

We process your data with the help of the analysis software Matomo for the purpose of evaluating the use of individual components and contents of our website on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO. You give your consent by setting the use of cookies (cookie banner / Consent Manager), with which you can also declare your revocation at any time with effect for the future pursuant to Art. 7 para. 3 DSGVO. There is no legal or contractual obligation to provide your data. If you do not give us your consent, a visit to our website is possible without restriction, but not all functions may be fully available.

 Storage period

The specific storage period of the cookies set is 1 day.

8.8 Use of Hotjar

This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website:

Hotjar is a tool used to analyse your user patterns on our website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heatmaps, that make possible to determine which parts of the website the website visitor reviews with preference.

We are also able to determine how long you have stayed on a page of our website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

Hotjar uses cookies. Cookies are small text files that are placed on your computer and stored by your browser. Their purpose is to make our website presentation more user friendly, more effective and more secure. These cookies allow us to in particular determine if our website was used with a certain device or if the functions of Hotjar have been deactivated for the respective browser. Hotjar cookies will remain on your device until you delete them.

You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.

The use of Hotjar and the storage of the Hotjar cookies are based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator’s web offerings and advertising.

8.8.1 Deactivation of Hotjar

If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link:

Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.

For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link:

9. cookies

Cookies are small text files that are sent by us to the browser of your end device during your visit to our website and stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. 

 This site uses only technically necessary cookies.

Edit cookie settings


10. Data security

Unfortunately the transmission of information via the internet is never 100% secure, which is why we cannot guarantee the security of data sent to our website via the internet.
However, we do take technical and organisational measures to secure our website against the loss, destruction, access, modification or dissemination of your data by unauthorised parties.
In particular, your personal data are transmitted to us in encrypted form. To do so we use the coding system SSL/TLS (Secure Sockets Layer/ Transport Layer Security). Our security measures are improved continuously in line with technological developments.

11. Rights of data subjects

To the extent that you are a data subject within the meaning of Art. 4(1) GDPR, you have the following rights under the GDPR in connection with the processing of your personal data.

Right of access
Subject to the conditions of Art. 15 GDPR, you have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data free of charge at any time and a copy of the personal data.

Right to rectification
Subject to the conditions of Art. 16 GDPR, you have the right to obtain the rectification without undue delay of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure
Subject to the conditions of Art. 17 GDPR, you have the right to obtain from the controller the erasure of personal data concerning you without undue delay where one of the grounds mentioned in Art. 17 GDPR applies and the processing is not necessary.

Right to restriction of processing
Subject to the conditions of Art. 18 GDPR, you have the right to restriction of processing when one of the conditions mentioned in Art. 18 GDPR applies.

Right to data portability
Subject to the conditions of Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the further conditions of Art. 20 GDPR apply.

Right to withdraw consent
You have the right to withdraw your consent to our processing of your personal data with future effect at any time. Please send your withdrawal notice to the contact details mentioned above.

Right to object
Subject to the conditions of Art. 21 GDPR, you have the right to object at any time to the processing of personal data concerning you. If the conditions for an effective objection apply, we may no longer process the data.

Right to lodge a compaint with a supervisory authority
Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

12. Transfer of your personal data

The website is hosted by an external service provider in Germany. We ensure that data processing only takes place in Germany. This is necessary for operating the website and for establishing, performing and implementing the existing licence and is possible without your consent.

Data is also transferred when we are entitled or obliged to do so by statutory provisions and/or an order of a public authority or law court. In particular this may constitute the provision of information for the purposes of law enforcement, or to avert a public danger or to assert intellectual property rights.

To the extent that your data are transferred to a service provider as necessary, they only have access to your personal data to the extent necessary to perform their responsibilities. These service providers are obliged to handle your personal data in accordance with applicable data protection legislation, in particular the GDPR.

Beyond the circumstances mentioned above, we do not transfer your data to third parties without your consent. In particular we do not transfer any personal data to a body in a third country or an international organisation.

13. Retention of personal data

We delete your personal data as soon as its storage is no longer required for its original purpose and no statutory record-keeping obligations apply. Statutory record-keeping obligations are ultimately the criterion for defining the retention period for personal data. Once the deadline expires, the data concerned are routinely erased. If record-keeping obligations exist, the processing is restricted by blocking the data.

14. References and links

When websites are retrieved to which links have been set on our website, information such as name, address, email address, browser characteristics etc. may be requested again. This data protection policy does not govern the collection, transfer or handling of personal data by third parties.

Third-party providers may have their own different rules for the collection, processing and use of personal data. Before providing any personal data to third-party websites, users are therefore advised to inform themselves about their handling of personal data.

15. Amendments to the data protection policy

We develop our website continuously in order to provide you with an ever better service. We will keep this data protection policy up to date at all times and amend it as necessary.

Of course we will notify you in good time of any changes to this data protection policy. We will do this e.g. by sending you an email to the address you have given us. To the extent that any further consent from you to our handling of your data should be required, we will of course obtain it before the relevant amendments take effect.
You can obtain the current version of our data protection policy at any time online from

 16. Data protection officer

Philipp Herold 
Hafenstr. 1a 
23568 Lübeck

 Tel.: +49 451 – 16 08 52 -21 (ggf. -13) 



pektogram GmbH