Privacy statement

Person responsible for the processing

In the following, we, decareto GmbH, inform you about the processing of personal data on our website and our customer area

Responsible for data processing on the website and customer area is

decareto GmbH
Mittelweg 144
20148 Hamburg

Questions about data protection

If you have any questions regarding data protection, please contact us directly:

decareto GmbH
Eckhard Schneider
Mittelweg 144
20148 Hamburg


The servers of our website are located in Germany and are operated by the provider hostnet GmbH in Bremen. We have concluded a contract with hostnet according to Article 28 of the GDPR. Website:

The servers of our website are located in Germany and are operated by the provider CORPEX Internet GmbH in Hamburg. We have concluded an order processing contract with Corpex according to Article 28 of the GDPR. Website:


Each time you visit our website, the web server of our our system collects information from the end device used. The following data is collected by us:

  • Information about the browser type
  • Operating system of the user's terminal device
  • Date and time of access
  • The previous website from which the user accesses our websites (referrer).

We only collect IP addresses anonymously, so in our log files we do not store any personal data according to the GDPR.

Registration and login area

We offer interested parties and customers the opportunity to register for the use of the customer area by providing personal data. The data is either passed on to our employees in the course of personal communication and entered into the system by them, or you transmit the data by using a registration form. The data will not be passed on to third parties.  

The following data is collected during registration:

  • Email address
  • Password
  • Name and surname
  • Company
  • Address

The following data is collected during a login:

  • Email address
  • Password

The legal basis for data processing is Article 6(1) clause b) of the GDPR (fulfilment of a contract), since the registration and login are necessary for the contract or for the performance of pre-contractual procedures, such as a free trial period.

The registration and login serve the purpose of gaining access to the functions of the customer area and thus to be able to use the functional scope of decareto Compliance Monitoring. Furthermore, the data processing within the registration serves the purpose of concluding, executing or or the termination of a contract with us.

The above data will be deleted as soon as it is no longer necessary for the intended purpose. We delete the data at the end of a test phase if no continuation within the framework of a contract is desired, or after the termination of a contract.

Even after termination of the contract, it may be necessary to store personal data due to legal obligations, for instance due to tax retention periods.

A registered user has the right to cancel the registration at any time. The stored data can be changed at any time. To do so, please contact


On our website only technically essential cookies are used.

  • a so-called session cookie, which is deleted after the browser is closed. This is used to associate different browser requests to a common session.
  • a permanent cookie that is set as soon as the banner with the cookie information has been closed by the user.

Our customer area only uses technically essential cookies:

  • a so-called session cookie, which is deleted after the browser is closed. This is used to associate different browser requests to a common session.
  • a permanent cookie that is set as soon as the banner with the cookie information has been closed by the user.
Web analytics with etracker

On our website and we use services of etracker GmbH from Hamburg, Germany to analyze usage data. We do not use cookies for web analysis by default. Data processing is carried out on the basis of the legal basis of Art. 6 para. 1 lit. f (legitimate interest) of the General Data Protection Regulation (GDPR). Our concern within the meaning of the GDPR (legitimate interest) is the optimization of our online offer and our website. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or forwarding to third parties takes place.


As part of your registration for an e-mail newsletter, we require your e-mail address to which the newsletter is to be sent.

If you register for the newsletter on this website, we use the data you enter exclusively for this purpose or to inform you about the relevant circumstances regarding this service or its registration. We share this data with the service provider ActiveCampaign for the purpose of managing and executing the newsletter mailing. We have concluded a contract with ActiveCampaign on the procedure for order processing. This ensures that the service provider adheres to the strict requirements of German data protection law in all aspects of the administration and execution of the newsletter mailing.

By using ActiveCampaign, data is stored in a third country (USA). We are aware that the same level of security is not guaranteed in the USA as in the EU. However, since we only work with email addresses and do not even collect names, we consider the risk to be negligible.

A valid email address is required to receive the newsletter. The status of the delivery ("bounces") and the date on which you order the newsletter are also stored. In order to further ensure that an e-mail address is not improperly entered into our distribution list by third parties, we work according to the "double opt-in" procedure. With this procedure, you will receive a confirmation e-mail to your specified e-mail address after registration. Only when you have confirmed your registration by clicking on a link contained therein will you subsequently receive the desired e-mail newsletter. Within the scope of this procedure, the ordering of the newsletter, the sending of the confirmation e-mail and the receipt of the registration confirmation are logged.

You have the option at any time to revoke your consent to the storage of data, your e-mail address and its use for the newsletter dispatch with effect for the future. For the revocation, we provide you with a link in each newsletter. You also have the option of communicating your wish to revoke in writing to the above-mentioned contact options.

Online appointment arrangement Microsoft Bookings

Our website uses the Microsoft Bookings service (part of Microsoft Office 365) of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18 P521 (hereinafter: "Microsoft") for online appointment booking. The software makes it possible to book a telephone appointment with an employee of decareto GmbH. The connection to the service is only established when you call up the online booking function via the button on our demo page. To make an appointment, your entries in the appointment form are transferred to Microsoft. You can find further information on the handling of your data in Microsoft's privacy policy.

If you do not wish to use the service, please use one of the other contact options offered to make an appointment.

Data subjects' rights

If we process your personal data, you are a "data subject" within the meaning of the GDPR. You are therefore entitled to the following rights in relation to your personal data:

  • Right to information,
  • Right to rectification or erasure,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability.

If you have given us consent, you also have the right to withdraw your consent at any time. All data processing that we have carried out up until the time of your revocation will remain lawful.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.