Privacy Policy

Your personal data is collected and processed in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR).

1. Controller
Responsible for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 DSGVO is:

AssetMetrix GmbH
Emmeram von Braun, Barbara Münch
Theresienhöhe 13
D-80339 Munich

The Controller alone or together with others decides on the purposes and means of processing personal data (e.g. names, contact data, etc.).

2. Granting consent / Revocation of your consent to data processing
Consent pursuant to Art. 6 para. 1 lit. a) GDPR is usually obtained by us in writing. In the case of electronic consent, this is done by placing a tick in the corresponding field to document the granting of consent; the content of the declaration of consent is logged electronically. Some data processing operations are only possible with your express consent. You can revoke your consent at any time. For the revocation, an informal communication by e-mail to the contact address stated in the imprint is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Please note that once you have given your consent – regardless of whether this is based on Article 6 para. 1 lit (a) or Article 9 para. 2 lit (a) GDPR – it can be revoked at any time with effect for the future – in full or in part; the lawfulness of the processing carried out on the basis of the consent up to the revocation remains unaffected by this.

3. Right to complain to the competent supervisory authority As a data subject, you have the right to complain to the competent supervisory authority in the event of a breach of data protection law. The competent supervisory authority for our company with regard to data protection issues is the Bavarian State Office for Data Protection Supervision (Bavarian DPA).

4. Right to data portability (Art. 20 GDPR)
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to third parties. The data will be provided in a machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

5. Right of access, to rectification, erasure (Art. 15 – 17 GDPR)
You have the right to free information about your stored personal data, the origin of the data, its recipients and the purpose of data processing and, if necessary, a right to rectification or erasure of this data at any time within the scope of the applicable legal provisions. In this regard and also for further questions on the subject of personal data, you can contact us at any time via the contact options listed in the imprint.

6. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 para. 1 lit. (e) GDPR (data processing in the public interest) and/or Article 6 para. 1 lit. (f) GDPR (data processing in the context of legitimate interests); this also applies to profiling based on this provision within the meaning of Article 4 para. 4 GDPR and to direct marketing as defined in Article 21 para. 2 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate statutory legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In principle, the objection can be made without any formalities. To exercise the right to object, you can contact the Controller as stipulated in section 1. above.

7. Data protection officer
You can contact our data protection officer at the following address:

Thorsten Ewald
Carl-Zeiss-Ring 21
D-85737 Ismaning
Phone: +49 89 991 52 21 7

8. Communication via email
8.1. Processing of personal data and general principles
The processing of data is carried out to provide our services within the framework of the implementation of our service agreements with our customers or in order to carry out pre-contractual measures which take place upon request. The purposes of the data processing primarily depend on the specific services. We also use your personal data for administrative purposes, such as sending invoices and making payments. We also use your personal data to provide and administer our services. The legal basis for processing data in these cases is article 6 para.1 lit. (b) GDPR.

If processing is carried out to fulfil a legal obligation, Article 6 para. 1 lit. (c) GDPR is the legal basis.

Beyond the fulfilment of a contract, we also process your data to protect legitimate interests of us or third parties (Article 6 para. 1 lit. (f) GDPR). This comprises the following cases:

  • Advertising or marketing;
  • Sending non-sales promotional information and press releases;
  • Business management measures and the further development of our services;
  • The execution of business processes and internal management;
  • We carry out audits and investigations as well as corporate controls and maintain and use customer, supplier and business partner directories. We also process your personal data for financial, accounting, record keeping and insurance purposes.
  • Enforcing legal claims and defending legal disputes;
  • Ensuring our IT security and operations;
  • Prevention and investigation of criminal offences;
  • Building and facility security measures (e.g. access controls).

Insofar as the processing of personal data is not based on one of the aforementioned legal bases, the processing is permissible on the basis of consent granted by the data subject in accordance with Article 6 para. 1 lit. (a) GDPR.

If personal data is processed for purposes other than originally planned, the legal basis is Article 6 para. 4 GDPR.

8.2. Categories of Personal Data
We process the data that we have received from you in the course of initiating or processing a service relationship and on the basis of your consent. These are e.g.

Your master/contact data, this includes e.g.

  • First name and surname, address, contact data (e-mail address, telephone number, fax), position, dates of birth, place of birth, nationality, bank details, ID numbers.
  • For visitors to our company, this includes: Name, address and signature.

In addition, we also process the following other personal data:

  • information on the nature and content of contract data, order data, turnover and receipt data, customer and supplier history and consultation records,
  • advertising and sales data;
  • information from your electronic interactions with us (e.g. IP address, log-in data);
  • other data that we have received from you in the course of our business relationship (e.g. in customer meetings);
  • data that we generate ourselves from master/contact data and other data;
  • the documentation of your declaration of consent for the receipt of e.g. newsletters / advertising as well as
  • photographs taken in the frame of events.

8.3. Processing of Supplier Data / Service Provider Data
We process data of suppliers and/or service providers (hereinafter uniformly referred to as "Suppliers"), who are or employ natural persons and whose services we request and/or use on a contractual basis, exclusively for the purpose of fulfilling or executing the contract. This may involve the data mentioned above. The legal basis for such data processing is Article 6 para. 1 lit. (b) GDPR (contract performance / implementation of pre-contractual measures). Section 8.1. (data processing for the enforcement of claims / compliance with legal provisions) above applies accordingly.

8.4. Persons Authorised to Access / Possible Recipients of Data
At AssetMetrix, only those persons and bodies have access to personal data who need this access to fulfil the purposes described in this data privacy policy (so-called "need-to-know" principle).

Within the aforementioned limits, we reserve the right to involve third party service providers (e.g. data processing centres, IT service providers, printing service providers, waste disposal companies, legal advisors and auditors) in the contractual relationship with our customers, who act on our behalf and according to instructions within the framework of the provision of services (“Processors”). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR. In such a case, we ensure that our service providers provide sufficient guarantees that appropriate technical and organisational measures are in place and that processing operations are carried out in such a way that they comply with the requirements of the GDPR and ensure the protection of the rights of the data subject (Article 28 GDPR). Insofar as personal data is transferred to third parties and/or recipients outside of commissioned processing, we ensure that this is done exclusively in accordance with the legal requirements (GDPR, BDSG) and only if there is a corresponding legal basis or if consent is required for this purpose.

Your personal data is generally processed within the Federal Republic of Germany. If personal data is processed outside the Federal Republic of Germany in other EU member states or in states of the European Economic Area ("EEA") – e.g. by service providers – this is done in compliance with the relevant provisions of the GDPR and the BDSG.

A data transfer to third countries (countries outside the EEA) only takes place if this is necessary for the execution of a service relationship with a customer, if you have given us your consent to do so or if this is otherwise legally permissible. In this case, we take measures to ensure the protection of your data, for example through contractual regulations. We only transfer data to recipients who ensure the protection of your data in accordance with the provisions of the GDPR for transfers to third countries (Articles 44 to 49 GDPR).

8.5. Data Erasure Principles and Storage Period
Personal data will be erased if the data is no longer required for the purposes of implementing a service agreement with a customer.

Instead of erasure, the data may be stored under restriction of processing if this is provided for by the European or national legislator in EU regulations, laws or other provisions, in particular, for example, to comply with statutory retention obligations e.g. the German Fiscal Code (AO) or the German Commercial Code (HGB), currently between 2 to 10 years), and/or if there are legitimate interests in storing the data (e.g. during the course of limitation periods for the purpose of a possible legal defence (Sections 195 ff BGB), currently between 3 to 30 years).

The data will be deleted at the latest when a storage period prescribed by the aforementioned provisions expires, unless there is a need for further storage of the data for the conclusion of a contract or for other purposes or you have consented to longer storage (Article 6 para. 1 lit (a) GDPR).

9. Server log files
In server log files, the web server on which this Internet offer is provided collects and stores information that your browser automatically transmits to us. These are:

  • Visited page on our domain
  • Date and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • IP address
  • This data is not merged with other data sources. Data processing is based on Article 6 para. 1 lit. (b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We will store the data for up to one year.

10. Contact form
Data transmitted via the contact form, including your contact data, will be stored in order to be able to process your inquiry or to be available for follow-up questions. This data will not be passed on without your consent. The data entered in the contact form will be processed exclusively on the basis of your consent (Article 6 para. 1 lit. (a) GDPR). A revocation of your already given consent is possible at any time. An informal notification by e-mail is sufficient for the revocation. The lawfulness of the personal data processing operations carried out up to the revocation remains unaffected by the revocation. Data transmitted via the contact form will remain with us until you request deletion, revoke your consent to storage or until there is no longer any need for data storage. Mandatory statutory provisions – in particular retention periods – remain unaffected.

11. Processing by third parties
In some cases, personal data may also be processed by third parties. Please refer to the following information for details.

12. YouTube
For integration and display of video content our website uses plugins from YouTube. The video portal is provided by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When a page with an integrated YouTube plugin is opened, a connection to YouTube’s servers is established. This will tell YouTube which of our pages you have visited. YouTube can associate your surfing behavior directly with your personal profile if you are logged into your YouTube account. You can prevent this by logging out beforehand. The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 para. 1 lit. (f) GDPR. Details on the handling of user data can be found in YouTube’s privacy policy at:

13. Cookies
Our website uses cookies. These are small text files that your web browser stores on your device. Cookies help us to make our website more user-friendly, effective and secure. Some cookies are "session cookies." Such cookies are deleted automatically at the end of your browser session. However, other cookies will remain on your device until you delete them yourself. Such cookies help us to recognize you when you return to our website. You can use a modern web browser to monitor, restrict or prevent the setting of cookies. Many web browsers can be configured so that cookies are automatically deleted when the program is closed. Deactivation of cookies may result in limited functionality of our website. The setting of cookies, which are necessary for the exercise of electronic communication processes or the provision of certain functions desired by you, takes place on the basis of Art. 6 Para. 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the storage of cookies for the technically error-free and smooth provision of our services. If other cookies are set (e.g. for analysis functions), these are treated separately in this data protection declaration.

Manage cookie settings

Set Cookies:

Name cookies Purpose Storage period Type of cookie
User_consent Consent site visitors 3 months AssetMetrix
_lfa Marketing 2 years Leadfeeder
Visitor_id* Marketing 10 years Pardot (Salesforce)

14. Leadfeeder
Liidio Oy ( technologies are used to collect, process and store data for marketing purposes and to identify web visitors for statistical analysis of visitor access. The Leadfeeder technology uses this data to determine addresses, but only in those cases in which it can ensure that it is a company and not a single person as a visitor. So-called cookies may be used for this purpose. Cookies are small text files that are stored on your computer and enable an analysis of your use of the website. The company data collected by Leadfeeder may also contain personal data. Leadfeeder may use information provided by visits to the websites to create anonymous user profiles. If IP addresses are collected, they will be made anonymous immediately after collection by deleting the last number block. Further information and Leadfeeder’s privacy policy can be found here.

The processing is based on our legitimate interest pursuant to Article 6 para. 1 lit. (f) GDPR.

15. Matomo
This website uses the web analysis service software Matomo (, a service provided by InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand ("Mataomo"), to collect and store data based on our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes in accordance with Art. 6 para. 1 lit. f GDPR. From this data, pseudonymised user profiles can be created and evaluated for the same purpose. Cookies can be used for this purpose. Cookies are small text files that are stored locally in the cache of the Internet browser of the page visitor. The cookies enable, among other things, the recognition of the Internet browser. The data collected using Matomo technology (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. If you do not agree with the storage and evaluation of this data from your visit, you may object to its storage and use at any time by clicking on here. In this case, a so-called Opt-Out-Cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you.

16. Google Ads und Google Conversion Tracking
Our website uses Google Ads. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States. Ads is an online advertising program. As part of the online advertising program, we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your end device. Google Ads cookies expire after 30 days and are not used to personally identify users. The cookie enables Google and us to recognize that you clicked on an ad and were redirected to our website. Each Google Ads customer receives a different cookie. Cookies are not trackable through Ads customer websites. Conversion cookies are used to generate conversion statistics for Ads customers who use conversion tracking. Ads customers can see how many users clicked on their ad and were redirected to pages with a conversion tracking tag. However, Ads customers do not receive any information that enables personal identification of users. If you do not wish to participate in tracking, you can object to its use. Here, the conversion cookie must be deactivated in the user settings of the browser. Thus no inclusion in the conversion tracking statistics takes place. Conversion cookies" are stored on the basis of Article 6 para. 1 lit. (f) GDPR. We as website operators have a legitimate interest in analyzing user behaviour in order to optimize our website and our advertising. Details on Google Ads and Google Conversion Tracking can be found in Google’s privacy policy: You can use a modern web browser to monitor, restrict or prevent the setting of cookies. Deactivation of cookies may result in limited functionality of our website.

17. Google Web Fonts
Our website uses web fonts from Google. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By using these web fonts it is possible to present you the desired presentation of our website, regardless of which fonts are available to you locally. This is done by retrieving the Google Web Fonts from a Google server in the USA and forwarding your data to Google. This is your IP address and which of our pages you have visited. The use of Google Web Fonts is based on Article 6 para. 1 lit. (f) GDPR. As the operator of this website, we have a legitimate interest in the optimal presentation and transmission of our website. Details about Google Web Fonts can be found at: and further information in Google’s privacy policy:

18. Links to other websites
Our website contains links to other websites. We have no influence on whether their operators comply with the data protection regulations.

19. Protection of the privacy of persons under 16 on the internet
Personal data of minors (under 16 years of age) is not knowingly collected or used by us in any form. As a rule, we do not learn the age of visitors to our website. However, we have not taken any specific measures to protect such data to any particular extent. No personal data may be transmitted to persons under the age of 16 without the express consent of their parents or guardians.

20. The security of your data
The data you provide to AssetMetrix GmbH is protected by appropriate technical and organisational measures with the aim of securing your data against – whether accidental or intentional – unlawful processing, loss, destruction, access by unauthorised persons or unauthorised disclosure to third parties. Our security measures are continuously monitored and improved in accordance with technological developments and organisational possibilities.