Unless otherwise specified in other legal relationships, the controller is:

RIVACY GmbH Mexikoring 33 22297 Hamburg


The RIVACY GmbH, as the controller defined by Art. 4 No. 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data, on the free movement of such data and on the repeal of Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”), takes the protection of your personal data very seriously and adheres strictly to the rules of the data protection regulations.

Personal data is processed on the websites of the controller and within the scope of our entire business activity only to the extent that is technically necessary. Under no circumstances will your data be made available to third parties without your consent or without a legal or contractual basis.

Below we give you an overview of how we ensure the protection of your personal data and what kind of data is collected for what purpose.

In a nutshell:

We make use of suitable technical and organisational security measures – also via our service providers, which we contractually commit to comply with data protection – to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

We therefore reserve the right to change these security and data protection measures if this becomes necessary due to technical changes. The personal data concerning you will be deleted as soon as they are no longer necessary for the purpose for which they were collected. Legal obligations, in particular legal storage and documentation obligations, which we of course also observe, may partly conflict with the deletion. Here too - as in general - we limit the processing of personal data to the minimum within legal requirements and obligations and somít the applicable principle of data economy.


The RIVACY GmbH automatically processes information transmitted to us by the browser and other applications of your terminal device on the directly accessible Internet presences and services via the service providers commissioned by us.

These are:

  • Browser type/ version / plug-ins

  • Operating system used

  • General system information (such as end device, end device ID, screen resolution, etc.)

  • Referrer URL (e.g. the page you visited previously)

  • Host name of the accessing terminal device (e.g. IP address

  • Time of the server request

  • Geo- and location data

  • First name and surname

  • E-mail address

  • Device identification data of your end device

  • Usage data

The data mentioned will be processed by us for the following purposes:

  • to ensure a smooth connection for our services,

  • to ensure a comfortable use of our services,

  • to ensure basic functionality of our services

  • to evaluate the system safety and stability, as well as

  • for other administrative purposes.

The legal basis for data processing for the use of our services is Art. 6 para. 1 sentence 1 a), b), c), e) and f) GDPR. We use the corresponding data because you have given us your consent, we fulfil a contract or similar legal transactions with you, we are obliged to process data for various reasons or we have a justified interest in the processing of your personal data while your interests, fundamental freedoms and fundamental rights do not prevail. Our justified interest is due to, for example, the purposes listed above for the collection of data. In no case do we use the collected data for the purpose of drawing conclusions about your person; this is also for the most part factually impossible for us. This data cannot be assigned by us to specific persons. We do not merge this data with other data sources and the data is deleted after statistical evaluation; this does not apply if the data is used exclusively for the purpose of supporting and maintaining the services requested by the user in accordance with the terms of use and this Privacy Policy.

When visiting our website and when using our services, we always use the SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the status bar of your browser (software-dependent).


If you have any questions or concerns, we offer you the opportunity to contact us via the contact details provided on the respective websites. The information of (at least) a valid e-mail address, as well as the first and last name is necessary, so that we know from whom the inquiry originates and to enable us to answer it. You can provide further data voluntarily, which we will then use according to your contact request.

The data processing for the purpose of establishing contact with us takes place in accordance with Art. 6 para. 1 sentence 1 a) GDPR on the basis of your voluntarily given consent as well as your related interest in the response, which legitimises us for data processing, Art. 6 para. 1 GDPR.

The personal data processed by us for the use of the contact form will be completely deleted automatically after completion of the request made by you at the end of reasonable retention periods.


Your data will generally only be transmitted if you have given us your consent, if it is necessary for the establishment, execution or termination of a contractual or quasi-contractual obligation or if it is necessary to safeguard the legitimate interests of the controller and there is no reason to assume that your interests worthy of protection in the exclusion of the processing or use outweigh or there are statutory transmission obligations.

If we transfer data to companies commissioned by us or cooperating with us, or to other third parties, we have entered into agreements with them in accordance with applicable law, in particular in accordance with Art. 26 and 28 GDPR. Under this provision, the other data-processing bodies undertake to guarantee an adequate level of data protection. Please contact us for details regarding this; we will be pleased to meet your justified claims for information (cf. section 12).

A transfer of your data to non-EU/non-EEA countries (so-called “third countries”), in particular to receiving agencies that cannot guarantee an adequate level of data protection, generally does not take place.

Where there is a derogation from this principle, this derogation is necessary for a number of reasons. The following information provides an overview of these exceptions:

4. Server-Logs (Logfiles)

We use server logs on our websites. These are small (text) files that are automatically created by your browser and processed by us when you visit our site and/or use our services. Server logs are not processed on your end device and generally do not cause any damage and do not contain any viruses, trojans or other malicious software to our knowledge and will.

Server logs are used to store information that is related to the specific end device and web browser used. This does not mean, however, that we obtain immediate knowledge of your identity.

The use of server logs serves on the one hand to make the use of our offer more pleasant for you. This is how we use them to recognize that you have already visited individual pages of our website. These will be automatically deleted after leaving our site or after the termination of the service.

The data processed by server logs is required for the purposes mentioned above to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. b and f DSGVO, in particular for the functionality and accessibility of our website. In addition, the processing of log files to the extent used by us is legitimized by § 15 TMG (Telemediengesetz), a separate consent for processing this data is therefore not required.


Our websites and services use so-called web fonts. These are digital fonts that we provide ourselves.

Neither we nor third parties will pass on or otherwise transfer your data or process your data for the use of these web fonts in the first place.


Please contact us if you have any questions or requests for information, if you wish to assert your rights (section 6) or if you wish to revoke any consent you may have given to the use of your data:

RIVACY GmbH Mexikoring 33 22297 Hamburg


You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or to object to processing, the existence of a right to object, the origin of your data if it has not been collected from us, as well as the existence of an automated decision making process including profiling and, if applicable, meaningful information on their details;

  • in accordance with Art. 16 GDPR to basely request the rectification of incorrect or incomplete personal data stored by us;

  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims;

  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its erasure and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

  • in accordance with Art. 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;

  • in accordance with Art. 7 para. 3 GDPR to withdraw your consent once given to us at any time. The consequence of this is that we may not continue the data processing based on this consent for the future, and

  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or of our place of business.

The supervisory authority responsible for the controller is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit Ludwig-Erhard-Straße 22 20459 Hamburg

Telefon: 040/428544040


Further information on the respective responsibilities, activities and data processing by the supervisory authority can be found in the relevant information, e.g. at


This Privacy Policy is currently valid in the version of September 2019.

Due to the further development of our website and offers about it or due to changed legal or official requirements, it may be necessary to change this data protection notice. The current data protection information can be retrieved and printed any time via the website at

If you wish, we can also make this Privacy Policy available to you digitally as a pdf document.



You have the right to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 e) or f) GDPR for reasons arising from your particular situation; this also applies to profiling based on these provisions.

If we use personal data for direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising.

If you object to the processing for the purpose of direct marketing, the personal data will no longer be processed for these purposes.

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.


The objection can be made informally stating your name, your address and your date of birth and should be addressed to:

RIVACY GmbH Mexikoring 33 22297 Hamburg

In the event of withdrawal of your declaration of consent, we also ask you to contact us using the contact details just mentioned.