Privacy State­ment

Valid: 30 August 2019

This Privacy State­ment will inform you about the type, the scope of and the purposes for the collec­tion and use of personal data on this website.

The controller is the COMATCH GmbH, Strom­straße 15, 10551 Berlin, Germany, regi­stered at the Char­lot­ten­burg Local Court under HRB 162116 B, repre­sented by the mana­ging direc­tors Dr. Chri­stoph Hardt and Dr. Jan Schäch­tele (“we/us/our”) as the operator of an online plat­form at and its related services (“COMATCH” or “website”).

Should you have any questions about privacy protec­tion, feel free to contact us at any time by tele­phone at +49-(0) 30-40365690 (during regular busi­ness hours, Monday to Friday from 9am to 6pm) and by email at

In addi­tion, we have appointed Prof. Thomas Jäschke of the DATATREE AG, Heube­straße 10, 40597 Düssel­dorf, Germany, as our external data protec­tion officer who can be contacted by tele­phone at +49-(0)211-93190798 (during regular busi­ness hours, Monday to Friday from 9 AM to 6 PM) and by email at

A. What are personal data?
B. What personal data are collected when using COMATCH’s services?
C. How is the collected data used, disc­losed and, if appli­cable, trans­ferred to third parties?
D. What cookies, services, offers and third-party web tools are used?
E. Is data trans­ferred to coun­tries outside of the EU?
F. Your rights: Access, with­drawal, changes, rectifi­ca­tion and updates, erasure, restric­tion of proces­sing, data porta­bi­lity and the right to object
G. Data protec­tion and appli­ca­bi­lity
H. Privacy state­ment appli­ca­bi­lity and changes

A. What are personal data?

Personal data is defined as infor­ma­tion through which a person may be iden­ti­fied, i.e., that can be traced to a specific person. This includes one’s name, email address and tele­phone number, but also data on one’s prefe­rences, hobbies, memberships or viewed websites.

We only collect, use or transfer personal data provided to us if permitted by law or if users consent to the data collec­tion.

B. What personal data are collected when using COMATCH’s services?

Data collected when visi­ting our website

We (respec­tively the web space provider) collect data on every visit to our website (so-called server log files) (“access data“). Access data includes:

Name of the visited website, the file, the time and date of the visit, the amount of data trans­mitted, a report of successful access, your browser type and version, your opera­ting system, the referrer URL (last visited page), IP address and the requesting provider and when using a mobile device, addi­tio­nally:
Country code, language, device name, opera­ting system name and version

We will use these access data for statis­tical evalua­tions for the opera­tion, safety and opti­mi­za­tion of COMATCH offers. However, we reserve the right to subse­quently review access data if specific indi­ca­tions create justi­fied suspi­cions of unlawful use. We process data on the basis of Art. 6(1) Letter c of the General Data Protec­tion Regu­la­tion (GDPR) and Art. 6(1) Letter f of the GDPR and pursue our (and our commis­sioned third parties’) legi­ti­mate inte­rests in quality assurance.

Data collected when contac­ting us

When contac­ting us (e.g., by email), your data will be saved to process your inquiry and for any subse­quent questions. Further­more, we will process your personal data to estab­lish and main­tain busi­ness contacts, and to acquire new clients. This will be done on the basis of your consent based on Art. 6(1) Letter a of the GDPR, to execute your request based on Art. 6(1) Letter b of the GDPR or based on our legi­ti­mate inte­rest in client acqui­si­tion.

Data collected during regi­stra­tion

When regi­ste­ring on our website, the email address and pass­word you enter will be saved. In the follo­wing regi­stra­tion steps, any personal data you disc­lose as part of the regi­stra­tion process will be collected and saved, e.g., “user infor­ma­tion”, such as your name, address, tele­phone number, email address or gender

In addi­tion, when regi­ste­ring as a consul­tant, “profile data” will be collected:

Date of birth and other non-public personal data on your trai­ning and profes­sional expe­ri­ence

Further­more, when crea­ting a consul­tant user profile, addi­tional optional data, such as willing­ness to travel and work prefe­rences, may be collected and saved which the user may review, change or delete at any time in the user profile.

During each regi­stra­tion step, you will be asked if you would like to save the data you have entered. If you agree, your data will be saved. You may cancel this process without this data being deleted, allo­wing you to continue your regi­stra­tion at a later time without having to re-enter that data. If you do not agree, the data you entered will not be saved. If you do not complete the regi­stra­tion process, your data will be erased after 6 months. If you complete the process, your data will be saved until you with­draw your consent or in compli­ance with legal storage obli­ga­tions (see also F. Your rights).

User data collected as part of the regi­stra­tion and other profile data will be used in the opera­tion of COMATCH and the provi­sion of its services and those of the website Any user infor­ma­tion and profile data collected by us will only be used by us insofar as doing so is speci­fied by us in our consul­tant terms and/or this Privacy State­ment. This is done on the legal basis of Art. 6(1) Letter b of the GDPR or, if data is provided volun­ta­rily, the user’s consent (Art. 6(1) Letter a of the GDPR).

The services provided by us after successful regi­stra­tion are not offered to persons under 18 years of age. There­fore, no personal infor­ma­tion on visi­tors younger than 18 years of age is inten­tio­nally collected during regi­stra­tion.

Consul­tant payment data

After regi­stra­tion and for the purpose of payment proces­sing to consul­tants, we will collect the follo­wing “payment data”: Bank account number/Bank sort code or IBAN, BIC, account holder’s name, tax number

This payment data will only be collected, saved and used by us for billing and payment tran­sac­tions of fees to which consul­tant users are entitled in accordance with the regu­la­tions of the contract between COMATCH and the consul­tant. The user may review, change or delete this data on his user profile at any time. This is done on the legal basis of Art. 6(1) Letter b of the General Data Protec­tion Regu­la­tion.

C. How is the collected data used, disc­losed and, if appli­cable, trans­ferred to third parties?

Use of your data

Gene­rally, data that you provide to us will either be used to allow us to perform our services, to answer your questions or to help us provide a better service for you. We use your data and infor­ma­tion, among other things, for the follo­wing purposes:

  • easier crea­tion and secu­rity of your account;
  • reco­gni­tion as a user by our system;
  • impro­ve­ment of our website and services;
  • internal rese­arch and deve­lop­ment purposes as part of existing contrac­tual rela­ti­onships with COMATCH;
  • client-specific design to meet your prefe­rences;
  • preven­tion of re-regi­stra­tion by blocked users;
  • perfor­mance of the services requested by you;
  • sending your profile to a client after recei­ving your permis­sion;
  • sending a welcome email to ascer­tain that the email address used to regi­ster the account is yours;
  • sending admi­ni­stra­tive email noti­fi­ca­tions and secu­rity, support or main­ten­ance emails;
  • answe­ring your requests and questions;
  • occa­sional tele­phone conver­sa­tions with you for secon­dary fraud protec­tion or to obtain feed­back from you
  • sending emails to regi­stered users with contents related to our services, insofar as the user does not object.

This is done on the legal basis of Art. 6(1) Letter b of the GDPR or on the basis of our legi­ti­mate inte­rests in quality assurance and marke­ting under Art. 6(1) Letter f of the GDPR.

Disclo­sure and trans­mis­sion of your data to third parties

We will only disc­lose your data and user infor­ma­tion on the website or to third parties as described here­after or subse­quently in this Privacy State­ment.

Links to social networks

If you (i) log in to our service using the log-in data of a social network (such as LinkedIn or XING) and/or (ii) link your account to your social network account, we may obtain infor­ma­tion about you from the website of the social network in accordance with the usage terms and the privacy policy (“SNS terms”) of the social network. This infor­ma­tion consists of the data that can be viewed on your user profile on the respec­tive social network (i.e., your name, profes­sional expe­ri­ence and exper­tise, etc.) that is trans­mitted to us after you provide your approval.

We may add this infor­ma­tion to the data that we have already collected about you. This infor­ma­tion will be saved and used by us to provide our offers and services. This data proces­sing is performed on the basis of your consent (Art. 6(1) Letter b of the GDPR) or on the basis of a contract with us (Art. 6(1) Letter b of the GDPR).

LinkedIn’s Privacy Policy can be found at:
XING’s Privacy Policy can be found at:

Other proces­sing, disclo­sure and profiling

The legal basis for data proces­sing when using our offer is gene­rally Art. 6(1) Letter b of the GDPR, i.e., data is processed because it is required for the perfor­mance of a contract between us or to imple­ment pre-contrac­tual measures follo­wing your inquiry.

Further­more, Art. 6(1) Letter a of the GDPR provides the legal basis for the proces­sing of data for certain purposes to which the data subject grants his or her prior consent.

Your data may be processed on the basis of Art. 6(1) Letter c of the GDPR if proces­sing is required for the fulfill­ment of legal obli­ga­tions to which we or other controller are subject or on the basis of Art. 6(1) Letter e of the GDPR if proces­sing is required for the perfor­mance of a task in the public inte­rest, the respon­si­bi­lity of which has been trans­ferred to us or respec­tively to the controller.

In addi­tion, if data is collected when visi­ting our website or if data is trans­mitted to our share­hol­ders or external service provi­ders, the legal basis for proces­sing is Art. 6(1) Letter f of the GDPR if proces­sing is necessary to safe­guard our or a third party’s legi­ti­mate inte­rests and if these legi­ti­mate inte­rests are not outweighed by your inte­rests or basic rights that require the protec­tion of your personal data. Legi­ti­mate inte­rests are present, e.g., if there is a rele­vant and appro­priate rela­ti­onship between you (or the data subject) and us (or the controller), such as when you are our client or consul­tant.

Your data may be trans­ferred to service provi­ders who have been contracted for data proces­sing, e.g., to print shops for sending print mailings, the news­letter service provider Mail­chimp to distri­bute our news­letter or IT service provi­ders to provide our website, server services and the data­base. Data proces­sing agree­ments are concluded with service provi­ders who are not subject to the US-EU Privacy Shield agree­ment.

Further­more, please note the respec­tive proces­sing descrip­tions laid out in this Privacy State­ment.

No “profiling”, i.e., auto­mated deci­sion-making, will be performed when using our offer. However, third-party provi­ders featured by us may perform such profiling in indi­vi­dual cases. Profiling is performed on the legal basis of Art. 22 of the GDPR and is permitted for the conclu­sion or perfor­mance of a contract or on the basis of legal regu­la­tions.
Please espe­ci­ally note that use of Google, XING and LinkedIn through respec­tive accounts may lead to auto­mated deci­sion-making (“profiling”). On XING and LinkedIn, these settings may be managed on your account network. When using Google, you may object to profiling by activating the follo­wing link:

Personal reviews will only be performed in special cases, e.g., if you take on projects for bank/financial service clients subject to special legal regu­la­tions. In such cases, you will be informed in advance and you will be asked for your consent before performing such a review.

Our clients may also review the consul­ting services of indi­vi­dual consul­tants. You can view these reviews on your consul­tant profile. These reviews are performed on the basis of our legi­ti­mate inte­rest (quality assurance control, i.e., recruit­ment of reli­able and quali­fied consul­tants). Please inform yourself about your rights to access, with­drawal, changes, rectifi­ca­tion, erasure and restric­tion of proces­sing under F.

D. What cookies, services, offers and third-party web tools are used?


Cookies are small files that allow infor­ma­tion related to the access device of the user (PC, smart­phone, etc.) to be saved on the device. They ensure user-friend­li­ness of websites for you (e.g., by saving log-in data). They also allow statis­tical data on website usage to be collected so that it can be analyzed by COMATCH to offer impro­ve­ment.


You can control the use of cookies. Most brow­sers have an option to restrict or prevent cookies from being saved. However, please note that usage, espe­ci­ally comfort of use, will be limited without cookies.

When you visit COMATCH, so-called session cookies will be created that will be auto­ma­ti­cally deleted from the user’s computer’s memory after you close your browser window. Session cookies are needed to assign succes­sive access to the site to users acces­sing COMATCH at the same time.

Addi­tio­nally, COMATCH uses the follo­wing cookies:

Name Life time Prupose
Sessi­on­Re­sume­Token 1 year Iden­ti­fies users when re-sending veri­fi­ca­tion e-mail while not logged in
lastUserAgentInfo_ unli­mited Detects when user accesses the appli­ca­tion with diffe­rent browser than last time
pricing­Tool­Dis­abled 1 year Disables the Pricing Tool, which allows users to get insights into daily rates of inde­pen­dent consul­tants, after usage limit is reached. Tool is then blocked and a login is required.
lang unli­mited Stores the preferred user inter­face language of the use
crc 1 year Iden­ti­fies if you have accessed the COMATCH website in response to a marke­ting campaign. The campaign´s iden­ti­fier (the end of the URL you used to access COMATCH) is saved in this cookie.
UTM-info 100 days
useOf­Coo­kiesAgreed unli­mited This cookie saves the infor­ma­tion that you have been informed about the usage of cookies on our website / plat­form through the cookie banner.

You may manage online company ad cookies through the US website
or the EU website

General third-party websites

By clicking on a link to another website or loca­tion, you will leave our website and navi­gate to another website; in this case, your personal infor­ma­tion or anony­mous data may be collected by another provider. We do not monitor or review these external websites or their contents and shall not be liable for them or their contents. Please note that the regu­la­tions of these privacy protec­tion guide­lines do not apply to these external websites, their contents or to any data collected after you click on links to such external websites.

Google (Universal) Analy­tics

COMATCH uses “Google Analy­tics,” a web analysis service provided by Google Ireland Limited (“Google”), a company regi­stered and operated under Irish law (Regi­ster Number: 368047) and based at Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Analy­tics uses so-called “cookies,” text files saved onto your device and that allow us to analyze how COMATCH is used. The infor­ma­tion on your use of COMATCH, e.g., your browser type/version, opera­ting system, referrer URL (the last visited website), host­name of the acces­sing computer (IP address), time of the server request when using the website gene­rated by the cookie is gene­rally trans­mitted to a Google server in the US where it is saved. However, due to the activa­tion of IP anony­mi­za­tion on COMATCH, IP addresses will be shor­tened by Google within member states of the European Union or in other states party to the European Economic Area Agree­ment. Only in excep­tional cases will the full IP address be trans­ferred to a Google server in the US and shor­tened there.
IP anony­mi­za­tion is activated on COMATCH. On behalf of COMATCH, Google will leverage this infor­ma­tion to assess the use of COMATCH by its users, compile reports about website activity and to provide addi­tional services related to COMATCH offers. If IP anony­mi­za­tion is not activated, data will be processed on the legal basis of Art. 6(1) Letter f of the GDPR whereby we will pursue our legi­ti­mate inte­rests (or those of third parties commis­sioned by us) in quality assurance or statis­tical analyses of user beha­vior.

Your browser’s IP address that is trans­mitted through Google Analy­tics will not be merged with other Google data. You can prevent cookie storage through their browser settings. However, please note that this may prevent you from using all COMATCH func­tions.

For regi­stered users, Universal Analy­tics of Google is used addi­tio­nally. Universal Analy­tics enables infor­ma­tion about the use of the COMATCH plat­form on various devices (“cross device”) to be obtained. Using cookies (small text files, see also “Google Analy­tics”), a pseud­ony­mized user ID will be created and applied. This does not include addi­tional personal data, e.g., your name or email address, and is not trans­ferred to Google as such. This data proces­sing is performed on the basis of our legi­ti­mate inte­rests in opti­mi­zing the use of our website on various devices, assu­ring quality and asses­sing user beha­vior statis­ti­cally.

Objec­tion to Google Analy­tics: Further­more, you can prevent the collec­tion of cookie-gene­rated data (inclu­ding your IP address) on your use of the website and the proces­sing of this data by Google by down­loa­ding and instal­ling the browser plugin provided under the follo­wing link:

Objec­tion to Universal Analy­tics: You may object to the collec­tion of your data by Universal Analy­tics at any time for the future by disab­ling cross-device user analysis on your user account. For more infor­ma­tion about Universal Analy­tics, please see:

For more infor­ma­tion, please see Google’s Privacy Policy:

Google Tag Manager

Our website uses the Google Tag Manager of Google Ireland Limited (“Google”). Google Tag Manager provides a surface for mana­ging website tags. Tags are small code elements on your website for measu­ring user beha­vior, deter­mi­ning the effects of online adver­ti­se­ments and social chan­nels, using remar­ke­ting and focu­sing on and testing, and opti­mi­zing our website for our target groups. The Tag Manager tool (imple­mented in the tags) is a cookie-free domain. This tool activates other tags that may collect data. Google Tag Manager does not access this data. In case of deac­tiva­tion on the domain or cookie level, the deac­tiva­tion will remain in place for all tracking tags imple­mented through Google Tag Manager. Data will not be provided to other Google products without your consent.

Whenever personal data is processed, proces­sing will be performed on the legal basis of Art. 6(1) Letter f of the GDPR, whereby we will pursue our legi­ti­mate inte­rests (or those of third parties commis­sioned by us) in quality assurance or statis­tical analyses of user beha­vior.
For more infor­ma­tion, please see Google Site Stats:


To adver­tise for our website on publisher pages, we use tech­no­logy from the UK-based provider Outbrain. When using this service, cookies from Outbrain will be installed to draw atten­tion to addi­tional contents on our website or on third-party websites on the basis of anony­mized data. This selec­tion of recom­men­da­tions displayed to the user in the widget is based on contents viewed recently by the user. The displayed contents are provided tech­ni­cally by Outbrain. For this, Outbrain collects the follo­wing data: Device source, browser type and the user’s pseud­ony­mized IP address. To anony­mize the IP address, the last octet of the IP address is removed to prevent infe­rences to indi­vi­dual users. COMATCH does not process personal data when using Outbrain.

For more infor­ma­tion, please see Outbrain’s Privacy Policy: You may object to this tracking for displaying inte­rest-based recom­men­da­tions at any time. For more infor­ma­tion, please see the section “Outbrain User Types” (inclu­ding deac­tiva­tion and opt out options) in Outbrain’s Privacy Policy:


Our website uses Hotjar. Hotjar is a web analysis service of Hotjar Limited (Level 2, St. Julian’s Busi­ness Centre 3, Elia Zammit Street, St. Julian’s STJ 1000, Malta).

Hotjar enables us to protocol and assess user beha­vior, espe­ci­ally your mouse beha­vior (move­ments, clicks), on our website. Your visit to our website will be anony­mized. Further­more, only infor­ma­tion on your opera­ting system Internet browser, inco­ming or outgoing refe­rences (so-called links), your geogra­phic loca­tion and your device will be assessed and used for statis­tical purposes.

You may stop the analysis of your user beha­vior at any time using the so-called opt-out. By confir­ming the link,

A cookie that imme­dia­tely prevents further analysis will be saved in your browser. Please note that you must confirm the above link again if you delete cookies saved on your device.

The use of Hotjar is performed on the legal basis of Art. 6(1) Letter f GDPR. This service allows us to analyze user beha­vior on our website, to enable us to assess and opti­mize our opera­tions, and to adjust our web presence to our users’ inte­rests.

LinkedIn Insight Tag

Our website uses the LinkedIn Insight Tag of the LinkedIn Corpo­ra­tion (LinkedIn Corpo­ra­tion, 2029 Stierlin Court, Moun­tain View, Cali­fornia 94043, USA or LinkedIn Ireland, Wilton Place, Dublin 2, Ireland) and the related conver­sion tracking tech­no­logy and retar­ge­ting func­tion. The LinkedIn Insight Tag is a Java­Script code snippet. Visi­tors’ URLs, referrer URLs, IP addresses, devices and browser charac­te­ri­stics, time­stamps and page views are saved by this code. This data is anony­mized in encrypted form within 7 days. The anony­mized data will be erased within 90 days. We do not receive personal data from LinkedIn and can only view report summa­ries on our website’s target groups and adver­ti­se­ment perfor­mance. If you are logged into your LinkedIn account during an online session, LinkedIn will assign your visit to our website to your user account. In addi­tion, the use of this tag allows visi­tors to our website to be retar­geted. Retar­ge­ting enables us to display adver­ti­se­ments to our website’s visi­tors outside of our website.

The legal basis for our use of the LinkedIn Insight Tag is our legi­ti­mate inte­rest (Art. 6(1) Letter f GDPR) in measu­ring, analy­zing and opti­mi­zing our website’s success based on the results.

For LinkedIn’s Privacy Policy, please see:

For more in-depth infor­ma­tion about the LinkedIn Insight Tag, please see espe­ci­ally:

LinkedIn is certi­fied under the Privacy Shield agree­ment and there­fore guaran­tees compli­ance with EU data protec­tion laws.

You may disable the collec­tion of your data by the LinkedIn Insight Tag using the follo­wing opt-out link:

If you have a LinkedIn account, click on “Reject on LinkedIn.” Other users, please click on “Reject.”

Links to social media

COMATCH is connected to various social networks, i.e., Face­book, Twitter, XING and LinkedIn, through links. Activating such buttons will forward you to the COMATCH page on the respec­tive social network where data will only be processed by the servers of the respec­tive social network.

COMATCH pages on social networks LinkedIn, Xing, Twitter and Face­book

COMATCH uses the social media plat­forms and services of the LinkedIn Corpo­ra­tion (Ireland, Wilton Place, Dublin 2, Ireland, XING AG, Damm­tor­straße 29-32, 20354 Hamburg, Germany, Face­book Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland and Twitter Inc., 1355 Market Street, Suite 900, San Fran­cisco, CA 94103, USA). Social media presence helps COMATCH commu­ni­cate with users and prospec­tive clients and provide infor­ma­tion about COMATCH’s offers and services.

When visi­ting our company presence on a social network, your IP address, as well as cookies, pixels and web beacons will provide the social network provider with personal infor­ma­tion about you, your surf, user beha­vior, your inter­ac­tions and your respec­tive loca­tion. The social network provider will use this infor­ma­tion to create a user profile. We cannot exclude the possi­bi­lity that data saved in user profiles may be saved across devices and/or that your user profile may be linked to your data saved by the network.

The social network uses personal infor­ma­tion collected about you in this way to compile statis­tics about its use and user struc­ture to place inte­rest-based adver­ti­se­ments inside and outside of the network. Further­more, social network marke­ting models require social networks to transfer data on your user beha­vior to and to receive data on your surf/usage beha­vior from third parties (adver­ti­sing part­ners) outside of the network.

These social networks provide anony­mized statis­tical data to adver­ti­sers through their offers “Face­book Insights,” “LinkedIn Website Demo­gra­phics” and “Twitter Analy­tics,” e.g., infor­ma­tion about page views, activi­ties, male/female ratios, profes­sional posi­tions, corpo­rate divi­sions, etc. (see, or We have no influ­ence on and cannot prevent the data proces­sing performed for this purpose and are not granted access to under­lying data.

We use these offers to better under­stand the struc­ture and inte­rests of users and to adjust our website accord­ingly. It also allows us and the social network provi­ders to offer better adver­ti­se­ments, e.g., through infor­ma­tion about the demo­gra­phic or geogra­phic distri­bu­tion or gender of users. These statis­tics enable us to reco­gnize user tenden­cies and display more rele­vant content.

When using Face­book, Twitter or LinkedIn, data will be trans­ferred to the US. These provi­ders are certi­fied under the Privacy Shield agree­ment and are required to comply with EU data protec­tion stan­dards (

Please note that, as the controller of a Face­book fan page, we are jointly respon­sible with Face­book for the proces­sing of personal data of visi­tors to our page (see European Court of Justice Judgment on C-210/16, 5 June 2018). Face­book reco­gnizes joint respon­si­bi­lity with control­lers for Face­book Insights data and assumes primary respon­si­bi­lity, see:

Rights to access or user rights may be exer­cised most effec­tively against Face­book.

For more infor­ma­tion about the collec­tion and use of data and about your rights and privacy options, please see:

For LinkedIn’s Privacy Policy, please see:

For Xing’s Privacy Policy, please see:

For Twitter’s Privacy Policy, please see:

Please do not hesi­tate to contact us if you have any questions or need addi­tional assi­stance.

E. Is data trans­ferred to coun­tries outside of the EU?

When using our offer, your data may be trans­ferred to third coun­tries, i.e., states outside of the EU, due to the featured third-party service provi­ders.

Services on websites that process data outside of the EU

When using our website, data may be trans­ferred outside of the EU through our website when visi­ting or using COMATCH. This applies to services of Google and the social media provi­ders Face­book, Twitter and LinkedIn. The US compa­nies that offer Google services are certi­fied under the EU-US Privacy Shield agree­ment and there­fore guarantee adhe­rence to data protec­tion in accordance with EU stan­dards.

Other external provi­ders who process data outside of the EU

If you regi­stered on our website as a consul­tant or client, data will be trans­ferred outside of the EU, e.g., to process client inqui­ries or internal commu­ni­ca­tion, through the use of cloud and hosting services, CRM services or external service part­ners acting on our behalf and who support us with the perfor­mance of our busi­ness activi­ties and with the provi­ding of our website (legal basis: Art. 6(1) Letters b and f of the GDPR).

We use the news­letter tool Mail­chimp to send you infor­ma­tion by email. Mail­chimp is certi­fied under the EU-US Privacy Shield agree­ment. In addi­tion, we concluded a data proces­sing addendum to ensure adhe­rence to EU data protec­tion regu­la­tions.

We use Klenty as a CRM tool. EU stan­dard contrac­tual clauses have been concluded with Klenty to ensure adhe­rence to EU data protec­tion regu­la­tions.

F. Your rights: Access, with­drawal, changes, rectifi­ca­tion and updates, erasure, restric­tion of proces­sing, data porta­bi­lity and the right to object


You have the right to with­draw your consent for the future use, proces­sing and transfer of your data at any time which you may exer­cise by contac­ting us at if proces­sing is performed on the basis on your consent.

In case of with­drawal, we will no longer process data saved on you (or the data subject) and will erase this data without undue delay. However, this does not apply if we can demon­strate reasons for the proces­sing that override your inte­rests, rights and free­doms or if proces­sing is necessary for the estab­lish­ment, exer­cise or defense of legal claims.

We will there­fore continue to use this data, e.g., if it is needed for the perfor­mance of a contrac­tual rela­ti­onship.

Right to access

You have a legal right to infor­ma­tion about the personal data saved on you at any time. To exer­cise this right to access, please contact us at

However, this right to access espe­ci­ally does not apply to data saved only because it may not be erased due to legal or statu­tory storage requi­re­ments or to data that is only used for data protec­tion or data protec­tion control purposes and where provi­ding this infor­ma­tion would require dispro­por­tio­nate effort or to proces­sing for other purposes excluded by suitable tech­nical and orga­ni­za­tional measures.

Rectifi­ca­tion and comple­tion of data

You have the right to obtain rectifi­ca­tion of inac­cu­rate personal data saved on you. In consi­de­ra­tion of the proces­sing purposes, you also have the right to obtain comple­tion of incom­plete personal data—including through an addi­tional state­ment. To exer­cise these rights, please contact us at

Erasure (“right to be forgotten”)

You have the right to erasure without undue delay of any personal data saved by us. To exer­cise this right, please contact us at

Please also see the follo­wing sections “Restric­tion of proces­sing” and “Storage dura­tion of personal data; storage period limi­ta­tion” below.

Restric­tion of proces­sing

You or the data subject have the right to restric­tion of proces­sing of the personal data saved by us. To exer­cise this right, please contact us at

However, you may only exer­cise your right to proces­sing restric­tion if the follo­wing requi­re­ments are met:

  • The accu­racy of the personal data is conte­sted by the data subject for a dura­tion that allows the controller to review the accu­racy of the personal data;
  • Proces­sing is unlawful and the data subject rejects the dele­tion of the personal data and instead demands its restric­tion;
  • The controller no longer needs the personal data for proces­sing purposes, but for the estab­lish­ment, exer­cise or defense of legal claims; or
  • The data subject objects to the proces­sing before it has been deter­mined whether the controller’s legi­ti­mate inte­rests outweigh those of the data subject.

If you exer­cise this right to restric­tion of proces­sing, we will notify you accord­ingly before lifting the restric­tion.

In certain cases, proces­sing may be restricted instead of erasing the data. See espe­ci­ally “Erasure (‘Right to Be Forgotten’)” above

Right to data porta­bi­lity

You have the right to receive the data you provided to us in a struc­tured, commonly used and machine-read­able format. To exer­cise this right to infor­ma­tion, please contact us at

Further­more, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, if the proces­sing is based on consent or on a contract to which the data subject is party and if the proces­sing is performed through auto­mated means. When exer­ci­sing your right to data porta­bi­lity, you have the right to have personal data trans­mitted directly from one controller to another if tech­ni­cally feasible.

However, this right does not apply if the rights and free­doms of another person will be impaired or to proces­sing required for the perfor­mance of a task in the public inte­rest or in the exer­cise of offi­cial autho­rity vested in the controller.

Right to object

You have the right to submit a comp­laint to a compe­tent super­vi­sory autho­rity of your choice. In Germany, the compe­tent super­vi­sory autho­ri­ties are the data protec­tion autho­ri­ties speci­fied by the laws of the respec­tive federal states.
For a list of data protec­tion autho­ri­ties, please see: (German) or

Our compe­tent super­vi­sory autho­rity is:
Berliner Beauf­tragte für Daten­schutz und Infor­ma­ti­ons­frei­heit [Berlin Data Protec­tion and Freedom of Infor­ma­tion Officer]
Fried­rich­straße 219 | 10969 Berlin | Germany
Tel.: +49-(0)30-138-89-0 | Email:

Storage dura­tion of personal data; storage period limi­ta­tion

We will gene­rally only save your personal data for as long as required for the perfor­mance of the contract or respec­tive purposes and limit the storage dura­tion to the abso­lutely necessary minimum.

In case of longer contrac­tual rela­ti­onships, such as when using our offer, these storage periods may vary, but are gene­rally limited to the dura­tion of the contrac­tual rela­ti­onship or to the legally required storage periods (e.g., under the German Commer­cial Code [Handels­ge­setz­buch (HGB)] or the German Fiscal Code [Abga­ben­ord­nung (AO)] for inven­tory data. Storage dura­tion criteria include whether the data is up to date, whether there is a contrac­tual rela­ti­onship with us or if an inquiry was already processed or if a process has already been completed and whether legal storage periods apply to the respec­tive personal data.

G. Data protec­tion and appli­ca­bi­lity

Data protec­tion

COMATCH is very concerned about the secu­rity of your personal data. We (and our external service provi­ders) use a number of stan­dard indu­stry secu­rity tech­no­lo­gies and proce­dures to protect your personal infor­ma­tion from unaut­ho­rized access, use or disclo­sure. Princi­pally when offe­ring our services and espe­ci­ally if you enter sensi­tive infor­ma­tion (e.g., account infor­ma­tion) onto your profile, we (or our external service provi­ders) will encrypt this infor­ma­tion using the Secure Sockets Layer (SSL) tech­no­logy.

Data of our COMATCH services will be exclu­si­vely saved and processed on servers in the European Union (EU), unless other infor­ma­tion is provided to the user.

H. Privacy state­ment appli­ca­bi­lity and changes

Our Privacy State­ment may be viewed on and printed from our website at any time at

We may change this Privacy State­ment under adhe­rence to appli­cable regu­la­tions.