Updated Juli 2025
The protection of your personal data is very important to us. In the following Data Protection Terms, we'll explain what kind of personal data we collect when you use our website, how we process it, and for what purpose.
This notice is provided in accordance with Article 13 of the General Data Protection Regulation (GDPR) to inform you transparently about how we handle your data.
(1) This data protection information applies to data processing by:
(2) Nicolas Gehring has been appointed as the firm's corporate data protection officer. This can be reached under privacy@certhub.de.
(1) When you access our website www.CertHub.de, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
(2) We process the data for the following purposes:
(3) The legal basis for data processing is Art. 6 (1) sentence 1 lit. f GDPR. Our legitimate interest follows from the purposes of data collection listed above. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person. In addition, we use cookies and analysis services when you visit our website. You can find more detailed explanations under No. 4 and 5 of this Privacy Policy.
(4) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable, your name, telephone number, etc.) will be saved. Your name and phone number will be stored by us to answer your questions. We delete the data generated in this context after storage is no longer required or restrict processing if there are statutory retention obligations.
(5) If we want to use commissioned service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below. We also mention the defined criteria for the storage period.
(1) We take the protection of your data seriously and have put technical and organizational measures in place to guard it against unauthorized access. Our website uses encryption to keep your data safe during transmission.
(2) Specifically, your data is encrypted using TLS (Transport Layer Security) before it travels between your device and our server. You can recognize a secure connection by the closed padlock icon in your browser's address bar and the URL starting with "https://".
Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only share your personal information with third parties if:
(1) We use cookies on our site. These are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not cause any damage to your device. The cookie stores information that arises in connection with the specific end device used. However, this does not mean that we will immediately become aware of your identity.
(2) On the one hand, the use of cookies serves to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted after leaving our site.
(3) In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your device for a certain fixed period of time. If you visit our site again to use our services, it will automatically recognize that you have already been with us and which entries and settings you have made so that you do not have to enter them again. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you (see section 5). These cookies allow us to automatically recognise that you have already been to us when you visit our site again. These cookies are automatically deleted after a defined period of time.
(4) The data processed by cookies is necessary for the purposes mentioned to protect our legitimate interests as well as those of third parties in accordance with Art. 6 (1) sentence 1 (f) GDPR.
(5) Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or that a notice always appears before a new cookie is created. However, disabling cookies completely may mean that you will not be able to use all the features of our website.
(1) To tailor our website to better meet our user needs, we use web analytics tools. These tools help us create pseudonymous usage profiles by placing persistent cookies on your device. This enables us to identify and count returning visitors.
(2) If you've given your consent via our cookie banner, data processing is carried out based on that consent (Section 25 (1) TTDSG, Article 6 (1)(a) GDPR). You can withdraw your consent at any time. To do so, click the "cookie settings" link in our website footer, adjust your preferences in the cookie statement window that appears, and confirm your new selection by saving the updated settings.
(3) The third-party providers we use for analytics purposes are listed below. These providers act as data processors on our behalf under Article 28 GDPR. If data is transferred outside the EU or EEA, please note that authorities in those regions may access your data for monitoring or security purposes without notifying you or offering legal recourse. If you have consented to the use of such a provider in a non-secure third country, the data transfer is based on Article 49 (1)(a) GDPR.
| Provider | Service/function | Adequate Data Protection Level |
|---|---|---|
| Vercel (USA) | Website-Analytics | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. The data transmission is also based on Article 49 (1 lit. A) GDPR. |
| Hubspot (USA) | Appointment-Booking, Feedback | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. The data transmission is also based on Article 49 (1 lit. A) GDPR. |
(1) You can request a demo of our software directly via our website. To do this, we ask you to fill out the mandatory fields in the form - your name, email address, phone number, and company name. We use this information to respond to your request, based on Article 6 (1)(b) and (f) GDPR. Any additional information you choose to provide is completely optional. If you share further details voluntarily, we'll process that data based on your consent.
(2) You can object to the processing of your data at any time if it's being processed under Article 6 (1)(f) GDPR. Likewise, you can withdraw your consent to the use of any optional information at any point. To do so, simply email us using the contact details provided in our site's imprint.
(3) To make it easier for you to schedule appointments with us, we use the services Microsoft Bookings (by Microsoft Ireland Operations Limited) and Demodesk (by Demodesk GmbH). We've signed data processing agreements with both providers to ensure your data is handled securely.
(4) These tools help us coordinate appointments efficiently and respond quickly to your inquiries. The legal basis for this data processing is Article 6 (1) (f) GDPR, reflecting our legitimate interest in optimizing our scheduling processes. We use your information exclusively to organize and conduct the product demonstration. Once your data is no longer needed for this purpose - and unless legal retention obligations apply - we'll delete it.
(1) If you apply for a job with us through our website, we use Notion to display open positions and manage applications. When you submit your application, the data you provide - such as your name, email address, LinkedIn profile, personal description, and CV - is transmitted to us through Notion (Notion Labs, Inc. USA) Data Protection Site.
(2) We use this information solely for the purpose of reviewing your application and carrying out the recruitment process. Your data will only be accessible to the relevant people involved in hiring and will be handled in accordance with Article 6 (1) (f) GDPR.
(3) You have the right to access, rectify, or erase your personal data, as well as the right to restrict or object to its processing. To exercise these rights, please contact us using the contact information provided in our imprint.
(1) In accordance with Article 28 GDPR, we may share your data with external service providers who support the operation of our website and related processes—this includes, for example, hosting services. These providers act as data processors on our behalf, are contractually obligated to follow our instructions, and must comply with applicable data protection regulations.
(2) If these processors have not already been mentioned in the preceding data protection information, they are listed below. Where data is transferred to third countries outside the EU or EEA as part of this processing, we will ensure that an adequate level of data protection is in place and will inform you accordingly.
| Contract Data Processor | Purpose | Adequate Data Protection Level |
|---|---|---|
| Vercel (USA) | Web hosting | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. |
| Strapi (USA) | CMS & Image delivery | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. |
| Hubspot (USA) | Support, Appointment Booking, Form handling | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. |
| Google LLC (USA) | YouTube Video embed | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. |
| Cloudflare (USA) | DDOS Protection, CDN | Standard data protection clauses pursuant to Article 46 (2 lit. C) GDPR. |
(1) Some of our web pages include embedded videos that are hosted by third-party providers - not on our own servers. These videos will only be shown to you if you've previously given your consent via our cookie banner. So, when you visit a page with embedded videos, no content from third parties will load automatically.
(2) Only after you've granted consent will the third-party content load. At that point, the provider will receive the information that you accessed our page, along with technical data required for delivery. They may also use tracking technologies. Please note that any further processing of your data is then carried out by the third-party provider and is beyond our control. Data Protection Site Google LLC
(3) If you've given consent through our banner, the legal basis for this data processing is your consent under Section 25 (1) TTDSG and Article 6 (1)(a) GDPR. You can revoke this consent at any time by clicking the "cookie settings" link in the footer of our website. In the cookie preferences window that opens, you can change your selection and save your updated settings.
(4) Please also be aware that many of the embedded videos involve data transfers to countries outside the EU or EEA. In some cases, authorities in those countries may access your data for security or surveillance purposes without informing you or offering legal remedies. If you've consented to using a provider based in such a third country, the data transfer is carried out based on Article 49 (1)(a) GDPR.
In cases where the specific duration of storage has not been stated above, we will delete personal data once they are no longer needed and their deletion is not opposed to a statutory retention obligation.
You have the right to know whether we are processing your personal data. If we are, you can request access to this data along with further details as outlined in Article 15 GDPR - such as the purposes of processing, the categories of data, and any recipients.
If your personal data is inaccurate or incomplete, you can ask us to correct or complete it without delay.
Under certain circumstances - such as when your data is no longer needed or you withdraw your consent — you have the right to have your personal data deleted in line with Article 17 GDPR.
You may request that we restrict the processing of your data, for example if you dispute its accuracy or have objected to its use. During the review period, your data will be blocked from further processing.
When applicable, you can ask to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer it directly to another provider, where technically feasible.
If we process your data based on your consent, you may withdraw that consent at any time with future effect. Just keep in mind that this doesn't affect the lawfulness of any processing that took place before your withdrawal.
If we process your data based on legitimate interests (Article 6(1)(f) GDPR) or in the public interest (Article 6(1)(e) GDPR), you may object to this processing on grounds relating to your situation. We will then stop processing your data unless we can demonstrate compelling legitimate grounds, or the processing is required for legal claims.
If you believe your data is being processed in violation of data protection laws, you have the right to file a complaint with a supervisory authority. You can do this in the EU member state where you live, work, or where the suspected violation took place.
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 (I) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which we will implement without specifying a special situation.
If you would like to exercise your right of revocation or objection e-mail to privacy@certhub.de.
CertHub offers software for digital QMS and Technical Documentation to enable medical device manufacturers to launch their products years faster.
© CertHub 2024
