Data protection

Data Privacy Notice

vdpExpertise GmbH accords high priority to handling personal data responsibly. We would like you to know what data we collect, when we collect it and how we use it.

We have taken technical and organisational steps in line with Art. 32 of the General Data Protection Regulation (GDPR) to ensure that both we and our external service providers observe data privacy requirements. Changes to this Data Privacy Notice may become necessary as we develop our websites and implement new technologies. For this reason, we recommend that you occasionally re-read this Data Privacy Notice.

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other legal data protection provisions is:

Stefanie Wachter

vdpExpertise GmbH
Georgenstr. 22
10117 Berlin

Phone: +49 30 206229-22

Availability of the website and creation of log files

a) Description and scope of data processing

With each visit to our website, our system automatically collects data and information from the computer system of the computer making contact.

The following data is collected:

  • Enquiry details and target address
  • The user's IP address
  • Date and time of access
  • Data quantity transferred

b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6, para. 1 f) GDPR.

c) Purpose of data processing

It is necessary for the system to store the IP address temporarily to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

Log files are used for storage in order to ensure that the website functions properly. In addition, the data is used to optimise our website and to ensure the security of our information technology systems. Data is not evaluated for marketing purposes in connection with this. Our legitimate interest in data processing under Art. 6, para. 1 f) GDPR is also part of the purpose.

d) Duration of storage

Data is erased as soon as it is no longer required for the purposes for which it was obtained. In relation to data collection in order to make the website available, this is the case when the relevant session has ended.

Data is stored in log files for seven days at most. A longer storage period is possible. In this case, the user’s IP address will be erased or distorted in order to ensure that it can no longer be attributed to the contacting client.

e) Option to object and to delete data

The collection of data in order to make the website available and storage of the data in log files is essential for the operation of the website. As a consequence the user has no right to object to this.

General provisions about data processing

a) Scope of the processing of personal data

We process our users’ personal data strictly only insofar as this is necessary to make a functioning website available and for our content and services. Personal data from our users is generally only processed with the user’s consent. An exception will apply in cases where it has not been possible to obtain prior consent for practical reasons and the data processing is permitted by legal provisions.

b) Legal basis for processing personal data

Where we obtain consent from a data subject for the purposes of processing personal data, Art. 6, para. 1 a) of the EU General Data Protection Regulation (GDPR) is the legal basis.

Where processing of personal data is necessary for the performance of a contract to which the data subject is party, Art. 6, para. 1 b) GDPR is the legal basis. This also applies to processing methods which are necessary for the implementation of pre-contractual measures.

Where processing of personal data is necessary to comply with a legal requirement to which our business is subject, Art 6, para. 1 c) GDPR is the legal basis.

Where processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, Art 6, para. 1 d) GDPR is the legal basis.

Where processing is necessary to protect a legitimate interest of our business or of a third party and the interests or fundamental rights and freedoms of the data subject do not override this interest, Art 6, para. 1 f) GDPR is the legal basis.

c) Data erasure and duration of storage

The personal data of a data subject will be erased or blocked as soon as the purpose of storage no longer applies. Storage beyond this may occur when this is provided for by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Blocking or erasure of the data may also occur where a prescribed retention period under the above-named rules expires, unless a requirement to retain the data for an additional period arises from the conclusion of a contract or performance of a contract.

Information provided to third parties

Where the controller has made your personal data public and is obliged to erase it pursuant to Art. 17, para. 1 GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, this personal data.


We use session IDs to optimize our internet presence. This is a technical possibility for summarising and tracking several accesses to the website from one IP address within the framework of a usage process. The session ID is automatically deleted either when you leave the website or when you do not use the website for a longer period of time. Only necessary cookies are used, which help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights in relation to the controller:

  • You may request confirmation from the controller as to whether personal data relating to you is processed by us. If such processing occurs, you may request the following information from the controller: purposes, categories of personal data, planned duration of storage of your personal data, available information about the origin of the data.
  • You have the right vis-à-vis the controller to rectification and/or completion of processed personal data about you that is inaccurate or incomplete. The controller must rectify the data promptly.
  • You may request the restriction of processing of your personal data.
  • You may request that the controller erases your personal data without delay and the controller is required to erase this data without delay
  • You have the right to receive your personal data, which you provided to a controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data was provided.
  • You have the right, on grounds relating to your particular situation, to object to processing of your personal data which is based on Art. 6, para. 1 e) or f) GDPR; this also applies to profiling based on these provisions.
  • You have the right to withdraw your written consent given under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.