Privacy policy

Information about the collection of personal data

(1) In the following, we inform you about the collection and processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) “Controller” according to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is handz.on GmbH, Theodor-Fischer-Strasse 77, 80999 Munich, Germany, (see our imprint). Hereinafter referred to as “handz.on” or “we”.

(3) You can reach our data protection officer as follows: handz.on GmbH The data protection officer Theodor-Fischer-Strasse 77 80999 Munich

(4) When you contact us by phone, e-mail or via a form on our website, the data you provide will be stored by us in order to answer your questions. The data thus transmitted will be processed for the purpose of handling the contact request with the responsible party on the basis of Art. 6 (1) lit. b GDPR in the case of contracts and pre-contractual measures such as offers, and Art. 6 (1) lit. f GDPR in the case of other requests. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are legal retention obligations. Your data may be stored in our CRM system in the process.

(5) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below and, if necessary, obtain your consent. In doing so, we will also state the defined criteria for the storage period.

Your rights

(1) You have the following rights against us with regard to the personal data concerning you:

  • Right of access
  • Right to rectification an completion
  • Right to erasure
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability

(2) If you are of the opinion that the processing of your personal data is not carried out in compliance with data protection laws, we kindly ask you to contact our data protection officer.

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

Personal data that you provide to us in the course of exercising data subject rights will be stored by us in accordance with Art. 6 (1) lit. f GDPR in the legitimate interest and deleted after 3 years. The legitimate interest is the verifiability of the proper processing of your request.

Collection of personal data when visiting our website

(1) During the informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure the stability of the connection and security of your data (legal basis is Art. 6 para. 1 lit. f GDPR). The collected data is stored and automatically deleted after 2 months at the latest.

  • IP address (immediately anonymized in the log files)
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

(2) In addition to the previously mentioned data, we process cookie data on the basis of consent. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie (in this case by us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They are used to make the Internet offer as a whole more user-friendly and effective.

(3) Use of cookies

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies (for this purpose b)
  • Persistent cookies (c)

b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are deleted automatically after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) When you first visit our website, we display a cookie banner. In the cookie banner, you can accept all cookies, allow only the essential cookies, or allow only cookies from the categories used. By clicking on the “Individual privacy settings” button, you can also selectively choose individual cookies within each category. If you do not accept cookies in the “Statistics” category, your usage behavior on our website cannot be evaluated. This does not imply any functional restrictions for you in the use of our website. In case of your consent, the legal basis for the processing of your data is Art. 6 para. 1 lit. a GDPR. The cookie consent management procedure we use manages the cookies on our website as well as the consent and revocation by you as a website visitor.

e) We use the following cookies:

Cookie nameValidityDescription
borlabs-cookie182 daysSaves your cookie settings. Therefore, it must always be set.
_pk_id.2.806c380 daysUsed to distinguish website visitors.
_pk_ses.2.806c40 minutesDefines the time to end your session in case of inactivity.
wp-wpml_current_languageUntil session endsStores the language setting (“de” for German or “en” for English) for the duration of your session. This cookie is always set, regardless of your cookie settings in Consent Management.

f) If you do not wish to accept cookies at all, you can configure your browser setting according to your preferences and, for example, refuse to accept third-party cookies or all cookies, or refuse all cookies in our cookie banner.

Where your data is processed

Your data will be processed within the EU and the EEA. To the extent permitted by law, data processing also takes place outside Europe.

Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. These are, for example, registration to download certain content, registration to participate in webinars and other events or the presentation of open positions in the team on handz.on. To register for events, you usually have to provide additional personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, conclusion of contracts or similar services together with partners. You will receive more information on this when you provide your personal data or below in the description of the offer.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

Objection or revocation against the processing of your data

(1) If you have given your consent to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

(2) Insofar as we base the processing of your personal data on the balance of interests, you may object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is shown by us in each case in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

(3) Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the following contact details.

Use of third-party tools and services


(1) This website uses Matomo, an open source web analytics service. Matomo uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The cookie is initially deactivated and is only set if you expressly consent to the use of Matomo in Cookie Consent Management. The information generated by the cookie about your use of this website is then transmitted to one of our servers and stored there.

(2) The IP address transmitted by your browser is shortened and not merged with other data.

(3) You can prevent the storage of cookies by selecting the appropriate settings on your browser software; this does not imply any functional restriction of our website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your shortened IP address) and the processing of this data by us by rejecting the setting of the Matomo cookie in Cookie Consent Management.

(4) We use Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is Art. 6 para. 1 lit. a GDPR.

(5) Information from the third-party provider: Overview of data protection: Data protection information:


We integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. These videos are stored on and can be played directly from our website. The responsible party for the data processing of persons living outside the United States is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, telephone: +353 1 543 1000. We would like to point out that you use the Google service offered here and its functions under your own responsibility. YouTube uses cookies for data collection and statistical data analysis. The videos are embedded on our website in the extended data protection mode. This means that data is only forwarded to YouTube or Google when you play the embedded video. This means that YouTube does not store cookies for a user who views one of our websites with an embedded YouTube video player, but does not click on the video to start playback. If the YouTube video player is clicked, YouTube may store cookies on the user’s computer. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by YouTube. The information generated by the cookie about your use of this website is transmitted to the servers of YouTube and stored. Your IP address cannot be assigned unless you are logged into YouTube or another Google service before playing the videos. If you do not wish to do so, you must log out of your YouTube and Google account. Privacy policy: Opt-Out:


We use the cookie consent management of Borlabs (Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany). The cookie plugin enables the GDPR-compliant setting of cookies according to the opt-in procedure (user must actively agree). For this purpose, cookies can be managed in groups and the user can decide which ones he agrees to. The cookie consent form can be configured for multiple languages. Consent data means the following data: Date and time of the visit or consent / refusal. The processing of the data takes place for the purpose of compliance with legal obligations (obligation to provide evidence according to Art. 7 (1) GDPR) and the associated documentation of consent and thus on the basis of Art. 6 (1) lit. c GDPR. Local storage is used to store the data. The consent data is stored for 3 years. The data is stored in the European Union. For more information about the collected data and contact options, please visit


In order to be able to offer you job vacancies on our website, we use the provider JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany, The transmitted data to JOIN that are associated with the call of the website and the job offers serve the purpose of carrying out pre-contractual measures according to Art. 6 para. 1 lit. b GDPR. Furthermore, all data transmitted by the applicant will be processed by JOIN and forwarded to handz.on for processing the application. You can view further notes and information on the data protection of JOIN Solutions GmbH here:

Video conferencing, online meetings and screen sharing

We use platforms and applications of other providers (hereinafter referred to as “third-party providers”) for the purpose of conducting video and audio conferences.

In this context, data of the communication participants is processed and stored on the servers of the third-party providers, insofar as it is a component of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents.

If users are referred to third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Notes on legal bases: If we ask users for their consent to use the third-party providers or certain functions (e.g., consent to a recording of conversations), the legal basis for the processing is consent pursuant to Art. 6 (1) lit. a GDPR. Furthermore, their use may be a component of our (pre)contractual services according to Art. 6 (1) lit. b GDPR, provided that the use of the third-party providers was agreed upon in this context. Otherwise, user data is processed on the basis of Art. 6 (1) lit. f GDPR of our legitimate interests in efficient and secure communication with our communication partners.

Microsoft Teams:

  • Types of data processed: inventory data (e.g., names, addresses), contact data (e.g., email, phone numbers), content data (e.g., input in online forms), usage data (e.g., web pages visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
  • Data subjects: Communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: provision of contractual services and customer service, contact requests and communication, office and organizational procedures.

Services used:

Privacy policy for applicants

We are pleased that you are interested in us as an employer. Below you will find information on how personal data is processed in connection with your application. The data protection information for applicants applies in addition to the information on the website already mentioned.

Which of your data is processed by handz.on and for what purposes?

We process the data that you have provided to us in connection with your application in order to check your suitability for a suitable position in our company and to carry out the application process.

On what legal basis is the processing based?

The primary legal basis for the processing of your personal data in the application process is Section 26 (1) sentence 1 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employee relationship is permissible. Should the data be required for legal prosecution after the conclusion of the application process, if applicable, data processing may be carried out on the basis of the requirements of Art. 6 (1) lit. f GDPR for the protection of legitimate interests. Our interest then consists in the assertion or defense of claims.

How long is application data stored?

Applicant data is deleted after 6 months in the event of a rejection.

In the event that you have agreed to further storage of your personal data, your data will be transferred to our applicant pool. There, the data will be deleted after 2 years without further notification if no suitable position for the applicant could be found in our company during this period.

If you are accepted for a position in our company during the application process, your data will be transferred from the applicant pool to our personnel information system.

To which recipients is the data passed on?

Your applicant data will be viewed by the management after receipt of your application. Suitable applications are forwarded internally to the department managers for the respective open position. At handz.on, only those persons have access to your data who need this for the proper course of our application procedure. If you have applied to us via our partner JOIN, please refer to the section “JOIN” above in the data protection information.

Amendment of the data protection notice

handz.on GmbH reserves the right to change this data protection notice at any time in compliance with the applicable data protection regulations and other legal provisions.

Status: 18.08.2022

Scroll to Top
Scroll to Top