Privacy Policy


We as paretos GmbH want to let you know about our commitment to the highest level of integrity in dealing with any kind of personal data that we may need to do our work with excellence.

The privacy of our customers, investors, employees, collaborators, and any other business partner, is valuable to us and, in order to guarantee a secure processing of the personal data collected, we implemented appropriate technical and organisational measures to integrate the necessary safeguards into the processing in regards to meet the requirements of data protection regulations.

Whenever paretos GmbH process your personal data, it will do it based on this Privacy Policy, where you will find the information you need about the data collection, use, storage, disclosure and delection. You will also find general information about your rights as a data subject, on data processing legal basis and our direct contact in case of doubt or any other matter related to your data security.

This policy may be amended or updated when necessary, reflecting any change in our general practices with respect to personal data processing, also to keep our system compliant with the law.

We as paretos GmbH encorage you to read this policy and want to let you know that the most important to us is to have a safe and transparent relationship with all our partners. You are welcome to contact us in any case.
The data controller responsible in accordance with the purposes of the European General Data Protection Regulation (GDPR) and other national data protection law of the Member States, as well as other data protection regulations is:
  • paretos GmbH
  • Adress: Kurfürsten-Anlage 52, 69115 Heidelberg
  • Contact: 06221 4050989
  • E-mail:
  • Website:
  • paretos GmbH
  • Adress: Kurfürsten-Anlage 52, 69115 Heidelberg
  • Contact: 06221 4050989
  • E-mail:
  • Website:
1. Processing of personal data
Taking into account the purposes of the data processing and as well the risk for the rights and freedoms of natural persons, we have implemented measures to ensure the best level of security appropriate to the risk, taking all the precautions mention in law.

In general, we collect and process personal data that are necessary in order to provide, maintain and improve our services, to connect to our customers, partners, and communicate them about anything they may know, to respond inquiries they have made, to have a functioning website, and further situations related to our business.

Additionally, we only process adequate, relevant data, always limited to what is necessary in relation to the purpose for which they are processed.

The processing of personal data only takes place with the consent of the user, except in cases where a prior consent is technically impracticable, or the direct processing of the data is permitted by law.

You also have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After your withdrawal we will stop to process your personal data, including storage. This is only relevant for processing that is entirely voluntary – it does not apply for processing that is necessary or obligatory in any way.

2. Lawful basis for processing personal data
The legal basis for the lawful processing of personal data is provided in art.6, para. 1 of the General Data Protection Regulation (GDPR) of the European Union, and must involve at least one of the following situations:
  • a) explicit, clear and voluntary consent from the data subject allowing the data processing for one or more specific purposes;
  • b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering a contract;
  • c) processing is necessary for compliance with a legal obligation to which the controller is subject;
  • d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • f) processing of data is necessary to safeguard the legitimate interests of paretos or that of a third party, for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms;

3. Data storage duration and removal
The personal data of the data subject will be storage for no longer than necessary for the purposes for which the personal data are processed. After that, the personal data will be erased or restricted. This situation can also occur when the storage period stipulated expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.

Additional storage may be necessary if it was provided by the European or national legislator within the EU regulations, law, or other relevant regulations to which the data controller is subject.
Whether your personal data is processed by paretos GmbH you are subsequently a data subject according to the General Data Protection Regulation (GDPR). The regulation guarantees you minimum rights pursuant to Chapter 3 and its articles of the GDPR.

You can request from the data controller any information related to the fallowing rights:
  • a) the purpose and categories of the data processing;
  • b) the data disclosure of your data;
  • c) the duration of the data storage;
  • d) the right to rectification or erasure of your personal data, to restriction of processing by the data controller or the right to object to such processing;
  • e) the right to appeal the supervisory authority;
  • f) the right to know about all possible information about the source of the data if the data is not collected from you directly;
  • g) the right to data portability;
  • h) the right not to be subject to a decision based solely on automated processing;
  • i) the right to be informed about the transfer of your personal data to a third country or an international organization, as well the appropriate safeguards provided by the processor and controller of your personal data;
If you only use our website for information purposes, i.e. if you do not register or otherwise transfer any information to us, we only collect the personal data transmitted to our server by your browser. If you wish to view our website, we collect the following data which we require for technical reasons to display our website to you and guarantee its stability and safety:
  • a) IP-address
  • b) date and time of the query
  • c) time zone difference to Greenwich Mean Time (GMT)
  • d) content of the query (specific page)
  • e) access status/http status code
  • f) respectively transmitted data volume
  • g) website sending the query
  • h) name and version of the browser
  • i) operating system and its interface
  • j) language and version of the browser software
  • k) basic information on whether access had been successful
  • l) in the event of access via a search engine, the search term(s) used
An analysis of the data for marketing purposes does not take place.

For these purposes, our legitimate interest lies in the processing of data in compliance with art. 6 para. 1 s. 1 lit. f GDPR.
In addition to the above data, cookies are stored on your computer when you are using our website. Cookies are small text files which are stored on your hard drive associated with the browser used by you and which provide the body (in this case us) storing the cookie with certain information. Cookies cannot perform any programs or transmit a virus to your computer. Their purpose is making the website more user-friendly and effective overall.

Our website uses the following types of cookies:
  • a) Transient cookies: transient cookies are deleted automatically when you close your browser. This include but is not limited to session cookies. They store a session ID which allows several queries of your browser to be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted if you log out or close your browser.
  • b) Persistent cookies: persistent cookies are deleted automatically after a set period which may vary depending on the cookie. You may delete the cookies at any time in your browser’s security settings.
You can configure your browser settings according to your preferences and e.g. refuse accepting third-party cookies or all cookies. Please note that you may not be able to use all functions of this website in this case.

Our legitimate interests in the processing of personal data in accordance with art. 6 para. 1 s. 1 lit. f GDPR is to provide a simple and efficient user experience.

You as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
You can contact us using our email address provided on our website ( ). In this case the personal data used for this transaction will be stored by us and used exclusively for this matter.

The legal basis for the data processing in this case can involve the data subject consent (art.6 para. 1 lit. a GDPR), legitim interest of the data controller (art.6 para. 1 lit. f GDPR) or the performance of a contract (art.6 para. 1 lit. b GDPR).
You can contact us via our website by our input system. All the personal data used for that purpose will be stored by us, including:
  • a) name of contact person
  • b) email address
  • c) IP address of the calling device
  • d) date and time of contact
  • e) comment
The legal basis for the data processing in this case can involve the data subject consent (art.6 para. 1 lit. a GDPR), legitim interest of the data controller (art.6 para. 1 lit. f GDPR) or the performance of a contract (art.6 para. 1 lit. b GDPR).

In all the cases above the data will be deleted as soon as they are no longer necessary to achieve the purposes for which they were processed, including the ones shared by our website or by email.

Also, the user has the possibility to revoke the consent to the processing of their personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case, the conversation will not be continued.

In this case, please feel free to contact us:
We do corporate presence on:

1. LinkedIn
Our LinkedIn page is:

For further information about LinkedIn and its privacy policy: LinkedIn, Unlimited Company Wilton Place, Dublin 2, Ireland;

2. YouTube
paretos Media

We have integrated YouTube videos in our website which are stored on and can be played directly on our website. They are all integrated in the “extended privacy mode”, i.e. there will be no data transferred about you as the user to YouTube if you do not play the videos. If you play the data related to this action will be stored, but we have no influence on the data transfer.

By visiting our website, YouTube receives the information that you have accessed the corresponding sub-page of our website, and the data involved in this transaction will be stored. This is independent of whether YouTube provides a user account in which you are logged in or whether there is no user account. If you are logged in with Google, your data will be linked directly to your account.

If you do not wish to have them linked to your profile in YouTube, you must log out before activating the button. YouTube will store your data as usage profiles and uses them for the purpose of promotion, market research and/or needs-based design of its website. The purpose of such analysis (even for users that are not logged in) includes but is not limited to the provision of needs-based promotion and the information of other users of the social network about your activities on our website. You are entitled to objection against the creation of these user profiles; to assert such right, you need to address your objection to YouTube.

You can find more information on the purpose and scope of data collection and their processing by YouTube in its privacy policy. It also provides more information about your rights and setting options to protect your privacy:

Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield:
The website is hosted on servers of a service provider commissioned by us:

1&1 IONOS Inc., Ernst-Frey-Straße 9, 76135 Karlsruh, Germany. Email:

The server automatically collects and stores the information processed and transmitted by your browser when you visit our website, such as:
  • a) IP address and user device;
  • b) referrer URL;
  • c) operating system;
  • d) hostname;
  • e) time and data of the server request;
  • f) browser type and version;
For further information about 1&1 IONOS Inc. privacy policy:

The data is collected based on art. 6 para. 1 lit. f GDPR, considering that the website operator has the legitimate interest in providing a technically secure system.
We use Microsoft Teams for web conferences when its necessary. The Microsoft EU Data Protection Officer can be reached by: One Microsoft Place, South County Business Park Leopardstown, Dublin 18, D18 P521, Ireland, Telephone: +353 (0) 1 295-3826.

The tool is a unified communication and collaboration platform that combines persistent workplace chat, video meetings, file storage (including collaboration on files), and application integration. The service integrates with the Office 365 subscription office productivity suite and features extensions that can integrate with non-Microsoft products.

By using Microsoft Teams, the platform processes the personal data and guarantees a high protection system, offering a variety privacy and security controls, protecting the identity and the account information and defending the personal data processed against cybersecurity threats.

For further information about Microsoft Teams privacy policy and how to contact:

Microsoft´s data protection officer:
Slack is a channel-based communication platform. With Slack, people can collaborate more effectively, connect all their software tools and services. We use Slack to enhance our communication with our partners, and personal data may be collected specific for that purpose. The personal data collected is processed according to our Privacy Policy and based on the General Data Protection Regulation (GDPR).

For further information, please be free to access Slack Privacy Policy
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
© 2021, Paretos GmbH.