Skip to content

Don't miss us at Cost & Value Engineerung Convention 2025 in Munich, 23.10.2025

Data Protection

Privacy Policy for PartSpace

1. Preamble

Protecting your personal data is important to us. This Privacy Policy explains how your data is processed when you visit our website.

The PartSpace website is operated under the “PartSpace” brand, which is part of Easy2Parts GmbH. The entity legally responsible for processing your personal data within the meaning of the General Data Protection Regulation (GDPR) is therefore Easy2Parts GmbH (the controller).

Use of our website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company via the website, it may become necessary to process personal data. Where the processing of personal data is necessary, it is carried out on the basis of Article 6(1)(b) and (c) GDPR.

The processing of personal data—such as a data subject’s name, address, email address, or telephone number—is always performed in accordance with the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). With this Privacy Policy, our company seeks to inform the public about the nature, scope, and purposes of the personal data we collect, use, and process. It also explains the rights to which data subjects are entitled.

Whenever this Policy refers to “we,” “us,” or “PartSpace,” it refers to Easy2Parts GmbH in its capacity as the controller under data protection law.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions may generally have security vulnerabilities; absolute protection cannot therefore be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

The German version of this Privacy Policy is legally binding. This English translation is provided for convenience; in the event of any discrepancies or ambiguities, the German version prevails.

2. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other provisions of data protection law is:

Easy2Parts GmbH

Ulrichsbergerstr. 17

94469 Deggendorf

Germany

Managing Directors: Robert Hilmer, Sebastian Freund, Michael Neuhauser

Email: info@partspace.io

Website: https://www.partspace.io/

The controller is hereinafter also referred to as “PartSpace,” “we,” or “us.”

3. Contact details of the company Data Protection Officer

We have appointed a company Data Protection Officer (DPO). You can reach our DPO at:

Email: datenschutz@easy2parts.com

4. Definitions

a) Personal data

Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject

“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing“Processing” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means—such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymisation“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or Member State law, the controller—or the specific criteria for its designation—may be provided for by Union or Member State law.

h) Processor“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

i) Recipient“Recipient” means a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third party“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, the controller, the processor, and persons who, under the direct authority of the controller or the processor, are authorized to process personal data.

k) Consent“Consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

5. Legal bases for processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific purpose. Where a particular processing activity requires such consent, we will ask you to provide it explicitly.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party — such as processing required for the delivery of goods or the provision of another service or consideration — the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary to take steps prior to entering into a contract, for example in the case of inquiries about our products or services.

Where our company is subject to a legal obligation that requires the processing of personal data, for example to comply with tax obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, processing of personal data may be necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health-insurance details, or other vital information had to be disclosed to a doctor, a hospital, or other third parties. In such cases, the processing is based on Article 6(1)(d) GDPR.

Finally, processing operations may be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned bases where processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing is expressly contemplated by the European legislator; in particular, a legitimate interest may be assumed where the data subject is a customer of the controller (Recital 47, second sentence, GDPR).

6. Purposes of processing

Pursuant to Article 6(1)(b) GDPR, we process your data for the purposes of fulfilling our contractual, business, and other legal obligations. This includes, for example, providing the website functions you request and our technical support. Processing also covers the transmission or disclosure of data to third parties where this serves the fulfillment of our contractual or legal obligations (e.g., when a user places an order).

Each time a data subject or an automated system accesses the PartSpace website, a series of general data and information is collected and stored in server log files or in a server-side database. The data collected may include: (1) the browser types and versions used; (2) the operating system used by the accessing system; (3) the website from which an accessing system reaches our site (the so-called referrer); (4) the subpages that are accessed on our website by an accessing system; (5) the date and time of access to the website; (6) an Internet Protocol address (IP address); (7) the Internet service provider of the accessing system; and (8) other similar data and information that serve to avert danger in the event of attacks on our IT systems.

PartSpace does not draw any conclusions about the data subject from this general data and information. Rather, this information is needed to (1) deliver the content of our website correctly; (2) optimize the content of our website and advertising for it; (3) ensure the long-term functionality of our IT systems and the technology of our website; and (4) provide law-enforcement authorities with the information necessary for prosecution in the event of a cyberattack. These data and information, collected anonymously, are evaluated statistically and also with the aim of increasing data protection and data security, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from all personal data provided by a data subject.

Where services or deliverables of other providers are used under this Privacy Policy and their stated seat is abroad, a transfer of data to a third country is to be expected. Such transfers take place either on the basis of a legal permission, appropriate safeguards (e.g., current Standard Contractual Clauses or the EU-U.S. Data Privacy Framework), the user’s consent, or specific contractual clauses that ensure the level of data security required by law.

7. Business analytics and market research

To operate our business efficiently and to identify market trends as well as customer and user needs, we analyze data available to us concerning business transactions, contracts, inquiries, and similar matters. We process account data, communications data, contract data, payment data, usage data, and metadata on the basis of Article 6(1)(f) GDPR (legitimate interests). The data subjects include customers, prospective customers, business partners, visitors, and users of our online offering.

The analyses are carried out for the purposes of business evaluations, marketing, and market research. Where applicable, we may take into account profiles of registered users, including information such as their purchase transactions. The analyses help us enhance user-friendliness, optimize our offering, and improve economic efficiency. The analyses are for our internal use only and are not disclosed externally, unless they are anonymous analyses with aggregated values.

Where these analyses or profiles relate to personal data, they are deleted or anonymized upon termination by the user (e.g., account cancellation); otherwise after two years from the conclusion of the contract. In all other respects, overall business analyses and general trend determinations are prepared anonymously wherever possible.

8. Security measures

In accordance with Article 32 GDPR—and taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons—PartSpace implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical access to data, as well as logical access, input, transmission/disclosure, availability, and segregation. We have also established procedures to enable the exercise of data subject rights, the erasure of data, and responses to threats or incidents affecting data. Furthermore, we take data protection into account when developing or selecting hardware, software, and processes, in line with the principles of data protection by design and by default (Article 25 GDPR).

Employees are bound to confidentiality with respect to personal data and are informed about potential consequences in case of violations.

9. TLS encryption

We use Transport Layer Security (TLS) for secure data transmission. This encrypts all information you submit to our website before it is sent over the internet and prevents unauthorised parties from viewing or altering the data. To achieve this, your browser and our server first negotiate a shared session key; all subsequent communication is then protected with that key. You can recognise an encrypted connection by the address bar in your browser starting with “https://” and by the padlock icon.

10. Routine deletion and blocking of personal data

The controller processes and stores a data subject’s personal data only for the period necessary to achieve the purpose of storage, or insofar as this is provided for by the European legislator or another competent legislator in laws or regulations to which the controller is subject.If the storage purpose no longer applies, or if a statutory storage/retention period prescribed by the European or another competent legislator expires, the personal data are routinely blocked or deleted in accordance with the statutory provisions.

11. Period for which the personal data are stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After the period expires, the corresponding data are routinely deleted, unless they are still required for the performance of a contract or for taking steps prior to entering into a contract.

12. Cooperation with processors and third parties

Where, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transmit data to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g., where transmission to third parties such as payment service providers is necessary for contract performance pursuant to Article 6(1)(b) GDPR), your consent, a legal obligation, or our legitimate interests (e.g., when engaging commissioned service providers, web hosts, etc.). Where we engage third parties to process data on the basis of a data processing agreement, this is done pursuant to Article 28 GDPR.

13. Transfers to third countries

If we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or this occurs in the context of using services of third parties, or disclosure/transmission of data to third parties, this takes place only where necessary for the fulfillment of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests. Subject to statutory or contractual permissions, we process — or have processed — data in a third country only where the special requirements of Articles 44 et seq. GDPR are met. In other words, processing is carried out, for example, on the basis of appropriate safeguards such as an officially recognized adequacy decision confirming an EU-equivalent level of data protection (e.g., for the U.S. under the EU-U.S. Data Privacy Framework) or by using officially recognized contractual instruments (e.g., the Standard Contractual Clauses).

14. Contact and customer service

Our website contains, as required by law, information that enables rapid electronic contact with our company and direct communication with us, including a general address for electronic mail (email). If a data subject contacts PartSpace by email, the personal data transmitted by the data subject are stored automatically. Such personal data transmitted to us on a voluntary basis are stored for the purpose of processing the inquiry or contacting the data subject. These personal data are not disclosed to third parties.

When contacting us (e.g., via contact form, email, telephone, or social media), the user’s details are processed to handle and respond to the contact request in accordance with Article 6(1)(b) GDPR. User details may be stored in a customer relationship management (“CRM”) system or a comparable system for managing inquiries. We delete inquiries when they are no longer required. We review the necessity every two years; statutory retention/archiving obligations apply.

15. Hosting and email delivery

We provide the hosting services required to operate this online offering ourselves. These include, in particular, infrastructure and platform services, computing capacity, storage and database services, email delivery, security services, and technical maintenance.

In operating this online offering, we process account data, contact data, content data, contract data, usage data, and metadata/communications data relating to customers, prospective customers, and visitors. Processing is based on our legitimate interests in the efficient and secure provision of this online offering pursuant to Article 6(1)(f) GDPR and, where necessary ,Article 6(1)(b) GDPR for the performance of contracts and pre-contractual measures.

16. Online presences on social media

We maintain online presences on social networks and platforms in order to communicate with customers, prospective customers, and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data-processing policies of the respective providers apply.

Unless otherwise stated in this Privacy Policy, we process users’ data when they interact with us within the social networks and platforms, e.g., by posting on our pages or sending us messages.

17. Newsletter subscription

Users can subscribe to our company newsletter via our website. The personal data transmitted to the controller when ordering the newsletter are determined by the input form used for this purpose.

To send our newsletter, we require your email address. Verification of the email address provided is necessary, and you must consent to receiving the newsletter. No additional data are collected, or they are optional. The data are used exclusively for sending the newsletter. Subscribers may also be informed by email if this is necessary for the operation of the newsletter service or the related registration (e.g., changes to the newsletter offering or technical adjustments).

The data provided during newsletter registration are processed solely on the basis of your consent (Article 6(1)(a) GDPR). You can withdraw your consent at any time. An informal notice by email is sufficient, or you can unsubscribe via the “unsubscribe” link in the newsletter. The lawfulness of processing carried out prior to the withdrawal remains unaffected. If these data have been transmitted to us for other purposes and elsewhere, they remain with us for those purposes.

We inform our customers and business partners at regular intervals by means of a newsletter about our company’s offers. Our newsletter can generally be received only if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter. For legal reasons, a confirmation email is sent to the email address first registered for newsletter delivery using the double opt-in procedure. This confirmation email serves to verify that the owner of the email address, as the data subject, has authorised receipt of the newsletter.

When registering for the newsletter, we also store the IP address assigned by the internet service provider (ISP) to the computer system used by the data subject at the time of registration, as well as the date and time of registration. Changes to the user data stored with the mailing service provider are likewise logged.

Collecting these data is necessary to be able to trace any (potential) misuse of a data subject’s email address at a later point in time and to document the registration process in accordance with statutory requirements; it therefore serves our legal compliance.

We use HubSpot for newsletter delivery and appointment scheduling. HubSpot is a company located at 25 First Street, Cambridge, MA 02141, USA. You can view the provider’s privacy policy here: https://legal.hubspot.com/de/privacy-policy HubSpot is certified under the EU-U.S. Data Privacy Framework, thereby providing a guarantee of compliance with the European level of data protection. Further information can be found here: https://www.privacyshield.gov/ps/participant?id=a2zt0000000TN8pAAG.

The mailing service provider may use recipient data—without assigning them to any specific user—to optimise or improve its own services (e.g., to optimise the technical dispatch and presentation of newsletters) or for statistical purposes. However, the provider does not use our newsletter recipients’ data to contact them itself, nor does it pass the data on to third parties.

18. Newsletter tracking

Our newsletters contain so-called tracking pixels (web beacons). A tracking pixel is a tiny graphic embedded in emails sent in HTML format to enable log-file recording and analysis. This allows statistical evaluation of the success or failure of online marketing campaigns. Using the embedded tracking pixel, we can see whether and when an email was opened by a data subject and which links in the email were clicked.

The personal data collected via the tracking pixels are stored and analysed by us to optimise newsletter delivery and to tailor the content of future newsletters more closely to the interests of the data subject. These personal data are not disclosed to third parties. Data subjects may withdraw the consent given under the double-opt-in procedure at any time. A separate withdrawal limited to performance measurement is unfortunately not possible; in such cases, the entire newsletter subscription must be cancelled.

Following a withdrawal, we generally delete the personal data. Data will be retained only insofar as we have a legitimate interest — e.g., to document the withdrawal and defend potential legal claims. In these cases, the data are restricted (blocked) and processed exclusively for these purposes.

19. Privacy information for the application process

We process applicant data solely for the purpose and within the scope of the recruitment process in accordance with the statutory provisions (in particular pursuant to Article 6 GDPR and Section 26 BDSG). Processing of applicant data is carried out for the performance of our (pre-)contractual obligations within the recruitment process pursuant to Article 6(1)(b) GDPR. Additional information that is not directly relevant to the application but is voluntarily provided to us during the process is processed pursuant to Article 6(1)(a) GDPR, as we regard the provision of such information as an unambiguous indication of consent to its processing.

The required information results from the fields of the online form and the job description. In general, this includes contact details and information about the applicant as well as documents such as a cover letter, CV, references, and certificates.

By submitting an application to us, applicants agree to the processing of their data for the purposes of the recruitment process as set out in this Privacy Policy.

Where special categories of personal data within the meaning of Article 9 GDPR are voluntarily communicated in the course of the recruitment process — or requested by us due to legal obligations (e.g., health data where required for the exercise of the profession) — their processing additionally takes place under Article 9(2) GDPR.

As a rule, applicants can submit their documents and information to us via an online form on our website. Data are transmitted to us in encrypted form in accordance with the state of the art. For this purpose, we use the software solution Personio provided by Personio SE & Co. KG, Seidlstr. 3, 80335 Munich, Germany. Further information on data protection at Personio is available here: https://www.personio.de/datenschutz/ We have concluded a data processing agreement with Personio pursuant to Article 28 GDPR; neither Personio nor its processors transfer data to a third country.

Applicants may also submit their documents to us by email. Please note that emails are generally not encrypted by default and applicants themselves are responsible for encryption. We therefore cannot assume responsibility for the transmission path of the application between the sender and receipt on our server, and we recommend using the online form or postal mail.

If an application is successful, the data provided by applicants will be further processed for the purposes of the employment relationship. Otherwise — if the application for a position is not successful — the applicant data will be deleted. Applicant data are also deleted if an application is withdrawn, which applicants may do at any time.

Deletion takes place — subject to any legitimate objection by the applicant — after a period of six months, so that we can answer any follow-up questions regarding the application and comply with our burden-of-proof obligations under the German General Equal Treatment Act (AGG). Retention until the time of deletion is based on Article 6(1)(f) GDPR (e.g., protection against or defence of legal claims, cf. Recital 47 GDPR). Invoices for any travel-expense reimbursements are archived in accordance with tax-law requirements.

If we wish to retain an applicant’s documents beyond six months — e.g., because the application may be relevant at a later date or to include it in an applicant pool — we will request the applicant’s explicit consent for further storage. If consent is not granted (i.e., we receive a negative response or no response), deletion will take place as described above after six months from receipt of the application.

20. Automated decision-making

As a responsible company, we do not engage in automated decision-making within the meaning of Article 22 GDPR, nor do we carry out profiling.

21. Cookies

Our website uses cookies. Cookies are text files that are placed and stored on a computer system via a web browser.

Many cookies contain a so-called cookie ID — a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other web browsers that contain different cookies. A particular web browser can be recognised and identified by the unique cookie ID.

By using cookies, we can provide users of this website with more user-friendly services that would not be possible without cookies.

Cookies allow us to optimise the information and offerings on our website in the interest of users. As noted, cookies enable us to recognise users of our website. The purpose of this recognition is to make it easier for users to utilise our website.

Data subjects can prevent the setting of cookies by our website at any time by means of an appropriate setting of the web browser used and can thus permanently object to the setting of cookies. Cookies that have already been set can also be deleted at any time via a web browser or other software programs. This is possible in all common web browsers. A general objection to the use of cookies for online-marketing purposes can be declared for many services—especially in the case of tracking—via the U.S. page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com. If the data subject deactivates the setting of cookies in the web browser used, not all functions of our website may be fully available.

22. Use of Cookiebot (consent management)

We use the Cookiebot consent management tool provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Cookiebot is used to obtain your consent to the storage of certain cookies or the use of specific technologies and to document such consent in a GDPR-compliant manner. For this purpose, Cookiebot typically stores a cookie in your browser in order to assign consents granted — or any withdrawal of consent — to you.

The data processed in this context are:

  • your IP address (anonymized)

  • date and time of your consent

  • browser information

  • URL of the visited page

  • a randomly generated, encrypted key

  • the user’s consent status

These data are stored on servers within the EU. We have concluded a data processing agreement pursuant to Article 28 GDPR with the provider. Further information can be found in Cookiebot’s Privacy Policy: https://www.cookiebot.com/de/privacy-policy/. Using a consent management tool is necessary to comply with statutory information and record-keeping obligations (including Article 7(1) and Article 6(1)(c) GDPR).

23. Use of Google AdWords and Google Conversion Tracking

We use the online advertising program “Google AdWords” and, in this context, conversion tracking. Google Conversion Tracking is an analytics service of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”). If you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies expire after 30 days, do not contain personal data, and therefore are not used to personally identify you. If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked the ad and were redirected to that page. Each Google AdWords customer receives a different cookie. This means cookies cannot be tracked across the websites of AdWords customers.

The information obtained using the conversion cookie is used to compile conversion statistics for AdWords customers who have chosen to use conversion tracking. In this way, customers learn the total number of users who clicked their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.

If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies through the appropriate setting in your browser software (opt-out). You will then not be included in the conversion tracking statistics. Further information and Google’s privacy policy can be found at:https://www.google.com/policies/technologies/ads/ and https://www.google.de/policies/privacy/.

24. Use of Google Analytics

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called “cookies,” text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to a Google server in Ireland and stored there. More information on how Google Analytics handles user data can be found in Google’s privacy notice: https://support.google.com/analytics/answer/6004245?hl=de

You can prevent the storage of cookies by selecting the appropriate settings in your browser software; however, please note that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de.

As an additional security measure, we use the IP anonymization function on this website. This means your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in Ireland and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the scope of Google Analytics is not merged with other Google data.

25. Use of Google Fonts

These web pages use external fonts (“Google Fonts”). Google Fonts is a service of Google Ireland Limited (“Google”). The web fonts are implemented via local hosting on our own web server (“offline” mode). No IP address or other personal data are transmitted to Google because no connection to Google’s servers is established.

26. Google Tag Manager

Google Tag Manager is a solution that allows us to manage website tags via an interface (and thereby integrate additional Google marketing services into our online offering). The Tag Manager itself (which deploys the tags) does not process users’ personal data. With regard to the processing of personal data, please see the information provided for the respective Google services. The usage policies can be found here: https://www.google.com/intl/de/tagmanager/use-policy.html

27. Use of the YouTube plugin

This website includes at least one plugin from YouTube, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use the so-called privacy-enhanced mode. This means that no data are transmitted to YouTube merely by loading a page with an embedded video. Data are transmitted to YouTube only when you play a video. In that event, information such as your IP address, the URL of the page visited, and device-specific information may be transmitted to YouTube/Google. If you are logged into your YouTube or Google account at the same time, this information may be associated with your profile. Further information on the collection and use of your data by YouTube can be found in YouTube’s privacy notices at www.youtube.com

Processing in connection with the embedding of YouTube videos takes place — depending on the circumstances — on the basis of your consent (Article 6(1)(a) GDPR) or on the basis of our legitimate interests in presenting our online content in an attractive manner (Article 6(1)(f) GDPR).

28. Use of the Vimeo plugin

This website embeds videos from the Vimeo platform. The provider is Vimeo.com, Inc., 330 West 34th Street, 10th Floor, New York, NY 10001, USA.

When you open a page with an embedded Vimeo video, a connection to Vimeo’s servers is established. In doing so, Vimeo is informed which of our pages you have visited. Vimeo may also store cookies on your device or use comparable technologies to obtain information about visitors to the website. In this way, Vimeo may process data about your usage behavior — for example, to compile video statistics, improve user-friendliness, or prevent fraudulent activity.

If you are logged into your Vimeo account, Vimeo can associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your Vimeo account.

Vimeo is certified under the EU-U.S. Data Privacy Framework (DPF). For participating U.S. companies, this constitutes an adequate level of data protection within the meaning of the GDPR. In addition, where necessary, Vimeo uses the Standard Contractual Clauses adopted by the European Commission to safeguard international data transfers.

Further information on Vimeo’s data processing can be found in Vimeo’s Privacy Policy: https://vimeo.com/legal/privacy/policy.

Processing in connection with the embedding of Vimeo videos takes place—depending on the circumstances—on the basis of your consent (Article 6(1)(a) GDPR) or on the basis of our legitimate interests in presenting our online content in an attractive manner (Article 6(1)(f) GDPR).

29. Use of Storyblok

We use the Storyblok content management system for our website, as well as related services (e.g., Bridge, Image Service). The provider is Storyblok GmbH, Peter-Behrens-Platz 2, A-4020 Linz, Austria.

When our website is accessed, content is loaded dynamically from Storyblok’s servers. In this process, technical information such as your IP address, time of access, and further browser data may be transmitted to Storyblok, as this is necessary to deliver the content. When the Image Service is used, image files may also be routed via Storyblok’s servers.

Storyblok processes these data exclusively on our behalf and in accordance with our instructions (processing under Article 28 GDPR). We have concluded a corresponding data processing agreement with Storyblok.

Further information on data protection at Storyblok can be found here: https://www.storyblok.com/legal/privacy-policy

30. Use of Lead Forensics

Lead Forensics processes business-related data to identify and analyse company visits to our website. The data collected through the tracking script includes the visitor’s IP address, date and time of visit, pages viewed, referrer URL, and technical browser information. Using this data, Lead Forensics identifies the visiting company and links the visit to publicly available business information such as company name, address, phone number, industry, and, where available, professional contact details of key employees (e.g., name, role, email).

The purpose of this processing is to provide lead identification, website analytics, and sales enablement by allowing us to recognize potential business customers who have shown interest in our website. The legal basis for this processing is our legitimate interest in B2B marketing and sales development in accordance with Art. 6(1)(f) GDPR. Lead Forensics acts as a data processor under a Data Processing Agreement and is ISO 27001 certified.

31. Static links to social media

This website uses static links to our social media channels. With this type of link, no connection is established to the servers of the respective providers. As a result, your personal data are not transmitted.

32. Rights of the data subject

a) Right to confirmation

As granted by the EU legislator, every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. If a data subject wishes to exercise this right to confirmation, they may contact our Data Protection Officer at any time.

b) Right of access

As granted by the EU legislator, every data subject affected by the processing of personal data has the right to obtain from the controller, at any time and free of charge, access to the personal data stored about them and to receive a copy of this information. In addition, the data subject has the right to obtain access to the following information:

  • the purposes of the processing;

  • the categories of personal data that are processed;

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  • the existence of the right to request rectification or erasure of personal data concerning the data subject, or restriction of processing by the controller, or to object to such processing;

  • the existence of a right to lodge a complaint with a supervisory authority;

  • where the personal data are not collected from the data subject, any available information as to their source;

  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

The data subject also has the right to be informed whether personal data have been transferred to a third country or to an international organisation. Where this is the case, the data subject furthermore has the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, they may contact our Data Protection Officer at any time.

c) Right to rectification

As granted by the EU legislator, every data subject has the right to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the data subject also has the right to have incomplete personal data completed, including by means of a supplementary statement. If a data subject wishes to exercise this right to rectification, they may contact our Data Protection Officer at any time.

d) Right to erasure (right to be forgotten)

As granted by the EU legislator, every data subject has the right to obtain from the controller the erasure of personal data concerning them without undue delay where one of the following grounds applies and insofar as processing is not required:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

  • the data subject withdraws consent on which the processing is based pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal ground for the processing;

  • the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;

  • the personal data have been unlawfully processed;

  • the erasure of the personal data is required for compliance with a legal obligation under Union or Member State law to which the controller is subject;

  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

If one of the above grounds applies and a data subject wishes to request the erasure of personal data stored by PartSpace, they may contact our Data Protection Officer at any time.

e) Right to restriction of processing

As granted by the EU legislator, every data subject has the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defence of legal claims;

  • the data subject has objected to processing pursuant to Article 21(1) GDPR and it has not yet been determined whether the controller’s legitimate grounds override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by PartSpace, they may contact our Data Protection Officer at any time.

f) Right to data portability

As granted by the EU legislator, every data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format. They also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

When exercising their right to data portability pursuant to Article 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, the data subject may contact our Data Protection Officer at any time.

g) Right to object

As granted by the EU legislator, every data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them that is based on Article 6(1)(e) or (f) GDPR. This right also covers profiling based on those provisions. If an objection is made, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defence of legal claims. To exercise the right to object, the data subject may contact our Data Protection Officer at any time.

h) Automated individual decision-making, including profiling

As granted by the EU legislator, every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them, unless (1) the decision is necessary for entering into or performing a contract between the data subject and the controller, or (2) the decision is authorised by Union or Member State law to which the controller is subject and that law also lays down suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject, or (3) the decision is based on the data subject’s explicit consent. Where the decision is necessary for a contract or is based on explicit consent, we implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express their point of view, and to contest the decision. To exercise rights related to automated decision-making, the data subject may contact our Data Protection Officer at any time.

i) Right to withdraw consent

As granted by the EU legislator, every data subject has the right to withdraw consent to the processing of personal data at any time. To exercise this right, the data subject may contact our Data Protection Officer at any time.

j) Right to lodge a complaint with a supervisory authority

As granted by the EU legislator, every data subject has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data concerning them infringes the GDPR. The competent supervisory authority for PartSpace is the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht, BayLDA). Information is available at: https://www.datenschutz-bayern.de/

33. Updates and validity

Protecting your personal data is our highest priority. We regularly review this Privacy Policy and update it whenever our processing activities or legal requirements change. The current version is always available on this page, and the Privacy Policy in force at the time of your next visit will apply. If you have any questions or concerns about data protection, you may contact our Data Protection Officer at any time.

Last updated: October 2025