AuditVantage GmbH (auditvantage.de) processes personal data in accordance with the GDPR, the German Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG). This policy explains what we collect, why, and your rights. For security or privacy questions, contact security@auditvantage.de.
AuditVantage GmbH, Breite Str. 27, 40213 Düsseldorf, Germany. Registered at Amtsgericht Düsseldorf, HRB 110613. Email: security@auditvantage.de.
No Data Protection Officer is appointed (BDSG § 38: fewer than 20 persons regularly engaged in automated processing). All data protection enquiries to security@auditvantage.de.
| Purpose | Data | Legal basis | Retention |
|---|---|---|---|
| Website operation and security | IP address, browser, OS, referrer, timestamps, pages requested | Art. 6(1)(f) GDPR | 14 days |
| Contact enquiries and pre-contractual communication | Name, email, company, phone (optional), message, interaction history | Art. 6(1)(b) GDPR | Relationship + 3 years; 12 months if no relationship established |
| Newsletter | Email, name (optional) | Art. 6(1)(a) GDPR, double opt-in per UWG § 7(2) No. 3 | Until withdrawal + 3 years |
| Business email | Email content, sender / recipient, timestamps, metadata | Art. 6(1)(b) or (f) GDPR | Per retention policy and statutory obligations |
| Commercial and tax records | Contracts, invoices, correspondence of legal relevance | HGB § 257 and AO § 147 (legal obligation) | 6 or 10 years |
| Social media presences | Data processed by LinkedIn, X, and YouTube per their own policies. For LinkedIn page insights, AuditVantage and LinkedIn Ireland are joint controllers under Art. 26 GDPR (joint controller addendum). | Art. 6(1)(f) GDPR | Platform-defined |
Storing information on or accessing information from your device requires consent unless strictly necessary (TDDDG § 25). You can manage consent at any time via the cookie settings link in the site footer.
| Category | Purpose | Legal basis |
|---|---|---|
| Strictly necessary | Cloudflare security (bot detection, DDoS), Usercentrics consent record | TDDDG § 25(2) |
| Analytics (cookieless) | Cloudflare Web Analytics: aggregate visitor metrics only, no cookies, no cross-site tracking | Art. 6(1)(f) GDPR |
| CRM and intent data (consent) | HubSpot: visitor behaviour, time on site, referrer, company identification inferred from IP | Art. 6(1)(a) GDPR |
| Advertising and conversion (consent) | LinkedIn Insight Tag: page URL, referrer, device and browser, truncated IP | Art. 6(1)(a) GDPR |
| Embedded media (consent) | YouTube (privacy-enhanced mode) when videos are played; Google Maps when map is loaded | Art. 6(1)(a) GDPR |
Google Tag Manager orchestrates loading of tracking scripts based on consent status. GTM itself does not set cookies or collect personal data.
Data Processing Agreements under Art. 28 GDPR are in place with all processors listed below. Transfers to third countries rely on EU-US Data Privacy Framework (DPF) certifications and Standard Contractual Clauses under Art. 46(2)(c) GDPR. Copies of DPAs and SCCs are available on request.
| Processor | Purpose | Location | Safeguards |
|---|---|---|---|
| Amazon Web Services EMEA SARL | Hosting | Frankfurt, Germany | EU data residency, DPA |
| Cloudflare, Inc. | CDN, security, cookieless analytics | USA | DPF, SCCs, DPA |
| HubSpot, Inc. | CRM, marketing, intent data | USA (EU data in AWS Frankfurt) | DPF, SCCs, DPA |
| LinkedIn Corporation | Insight Tag | USA (via LinkedIn Ireland) | DPF, SCCs |
| Google LLC | Tag Manager, Maps, YouTube | USA (via Google Ireland) | DPF, SCCs |
| Google Ireland Limited | Business email (Google Workspace) | Ireland (EU) | DPA, SCCs |
| Usercentrics GmbH | Consent management | Munich, Germany | EU-based |
Under the GDPR you have the right to:
Requests to security@auditvantage.de. Response within one month (Art. 12(3) GDPR).
Landesbeauftragte für Datenschutz und Informationsfreiheit NRW (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf. www.ldi.nrw.de
Provision of personal data via contact forms is neither a statutory nor contractual requirement. However, without it we cannot respond to your enquiry.
No automated decision-making, including profiling, is used.
The current version is always available at auditvantage.de/privacy.