Thank you for visiting our website and for your interest in our company. For us data protection is an integral of our customer-oriented quality approach. We care about the protection of your personal data and the protection of your personal rights.

This privacy policy is designed to inform all visitors to our website transparently about the types, scope and purpose of the personal data collected, used and processed by us and inform you about your rights.
Our website can normally be used without entering personal data. However, if you use our company’s services via our website, it may be necessary for us to process your personal data.

The data automatically collected when you visit our website or personal data that you enter when using services are processed in accordance with the current legal provisions for the protection of personal data.

If it is necessary to process your personal data and there is no legal basis for such processing, we will normally obtain consent from you for the required processing purpose.

As the company responsible for processing, we have defined technical and organisational measures to ensure the highest possible level of protection for your personal data.

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this site uses an SSL or. TLS encryption. You can recognise that a connection is encrypted because the address line of the browser changes from “http: //” to “https: //” and a padlock icon appears in your browser line.

If the SSL or TLS encryption is activated, data transmitted by you to us cannot be read by third parties.
However, we would like to remind you that security gaps can always occur in data transmission via the World Wide Web.

If you would like to make use of our company’s services and do not want to transmit data via the World Wide Web, you can also contact us by telephone.


1. Contact details of the data controller

The data controller in the meaning of the General Data Protection Regulation is:
Am Sand 2
91781 Weißenburg, Germany
Tel.: +49 9141 9975-0

The following has been designated as data protection officer:

Stephan Hartinger
Coseco GmbH
Tel.: 08232 80988-70

2. Hosting

We are hosting the content of our website at the following provider:


The provider is the Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (hereinafter referred to as Hetzner).

For details, please view the data privacy policy of Hetzner:

We use Hetzner on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in the most reliable depiction of our website possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.


3. Collection of general access information

Every time you visit our website, server log file data transmitted by your browser to us is automatically recorded. This data consists of:

• IP address (internet protocol address) of the accessing computer
• The website from which you are visiting us (referrer)
• Which of our websites you visited
• The date and duration of the visit
• Browser type and browser settings
• Operating system

We would like to point out that such data cannot be assigned to a specific person. We use this technical access information exclusively for the following purposes to:

• improve the attractiveness and usability of our website,
• identify technical problems on our website at an early stage.
• deliver the content of our website correctly,
• and provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack.
As a technical precaution, this data is stored for a maximum of 7 days to protect the data processing systems against unauthorised access.


4. Collection and disclosure of personal data

We use your personal data only for the purposes stated on this information page for data protection.
The following online forms are available on our website for entering personal data:

4.1. Mailing of our newsletter

If you would like to receive the newsletter offered on the website, we need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter.
We use the so-called double opt-in procedure to ensure that the newsletter is sent in a consensual manner. In the course of this, the potential recipient can be included in a mailing list. The user receives a confirmation e-mail with the opportunity to confirm the registration in a legally secure manner. The address will only be actively included in the mailing list if the confirmation is received.

We use this data exclusively for sending the requested information.


We use Sendinblue as a newsletter tool for sending. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service that can be used, among other things, to organize and analyze the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter will be stored on the Sendinblue servers in Germany. Sendinblue is a German, certified provider, which was selected according to the requirements of the General Data Protection Regulation and the Federal Data Protection Act.

You can find more information here:

If you do not want an analysis by Sendinblue, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

If you register for our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. Providing further data is voluntary and is used to be able to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed to us that you consent to receiving newsletters. We will then send you a confirmation email asking you to click on a link to confirm that you wish to receive the newsletter in the future.

Storage period

The data deposited with us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored for other purposes with us remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6(1)(f) GDPR). The storage in the blacklist is indefinite. You may object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the Data Protection Regulations of Sendinblue at:

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

4.2. Contacting us by email or contact form

On our website, we offer you the possibility of contacting us by email and/or via a contact form.
If you contact us by email or using a contact form, the personal data transmitted by you will be saved automatically.

Such personal data transmitted to us by you on a voluntary basis will be stored for the purpose of processing your request or contacting the person concerned. This personal data is not passed on to third parties.

The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.

4.3. Submission of application documents

In connection with your e-mail job application, we collect and process various personal application-related data. This includes your complete application documents (cover letter, CV, references or other certificates and documents).

After submitting the application you will receive an e-mail confirming receipt of the application documents.

Your personal application data is collected and processed exclusively for the purpose of filling open vacancies within our company. Your data will normally only be forwarded to the internal units and departments of our company responsible for the specific application process. Your personal application data will not be passed on to other companies without your express prior consent.
Your personal application data will not be used for any other purpose or passed on to other companies without your express prior consent.

Your personal application data is normally deleted automatically six months after the application process has been completed. This does not apply if statutory provisions prevent deletion, if further storage is necessary for the purposes of documentation or if you have expressly consented to extended retention of the data, for example, for future job postings.
If an employment contract is entered into with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

Revocation of your consent to the processing of data

A wide range of data processing transactions are possible only subject to your express consent. You can also revoke at any time any consent you have already given us. This shall be without prejudice to the lawfulness of any data collection that occurred prior to your revocation.


5. What are cookies used for?

Our internet pages make use of “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies are saved on your terminal device until you delete them yourself or your web browser automatically deletes them.

In some cases, cookies from third-party companies can also be saved on your device when you enter our website (third-party cookies). These enable us or you to use certain third-party services (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically required because certain website functions do not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to analyse user behaviour or to display advertising.
Cookies that are required to carry out the electronic communication process (essential cookies) or to provide certain functions desired by you (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are saved on the basis of Art. 6 (1)(f) GDPR, unless another legal basis is given. The website operator has a legitimate interest in saving cookies on your device for the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, the relevant cookies are saved exclusively on the basis of this consent (Art. 6 (1)(a) GDPR); this consent can be revoked at any time.

You can adjust your browser settings so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you of this separately in the context of this privacy policy and, if necessary, request your consent.


5.1. Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your end device or your consent to the use of certain technologies, and for the documentation of this in accordance with data protection law. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: (hereinafter referred to as “Usercentrics”).

The following personal data is transferred to Usercentrics when you access our website:

Your instance(s) of consent or the revocation of your instance(s) of consent

Your IP address

Information about your browser

Information about your end device

Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser, in order to allocate all instances of consent granted or the revocation thereof to you. The data collected in this way is stored until you ask us to delete it, or you delete the Usercentrics cookie yourself, or the purpose for storing the data no longer exists. Statutory storage obligations remain unaffected. Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 (1) page 1 (c) GDPR.


6. Plugins und Tools

6.1 YouTube

This website includes videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.
Furthermore, YouTube can store various cookies on your device or use comparable technologies for recognition (e.g. device fingerprinting).

In this way, YouTube can receive information about visitors to this website. This information is used, among other things, to collect video statistics, improve usability and prevent fraud attempts.
If you are logged into your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to present our online offers.

This represents a legitimate interest in the meaning of Art. 6 (1)(f) GDPR. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.

Further information on the handling of user data can be obtained from YouTube’s privacy policy at:


6.2. Vimeo Without Tracking (Do-Not-Track)

This website uses plugins of the Vimeo video portal. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

Whenever you visit one of our pages featuring Vimeo videos, a connection with the servers of Vimeo is established. In conjunction with this, the Vimeo server receives information about which of our sites you have visited.

Vimeo also receives your IP address. However, we have set up Vimeo in such a way that Vimeo cannot track your user activities and does not place any cookies.
We use Vimeo to make our online presentation attractive for you. This is a legitimate interest on our part pursuant to Art. 6(1)(f) GDPR. If a respective declaration of consent was requested (e.g. concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here:

For more information on the handling of user data, please consult Vimeo’s data privacy policy at:

6.4. Wordfence

We have integrated Wordfence in this website. The provider is Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as Wordfence). Wordfence serves to protect our website from unwanted access or malicious cyber attacks. For this purpose, our website establishes a permanent connection with Wordfence's servers so that Wordfence can check its databases against the accesses made to our website and block these if necessary. The use of Wordfence is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting their website as effectively as possible against cyber attacks. If a corresponding consent has been requested, processing takes place exclusively on the basis of Art. 6 (1)(a) GDPR; this consent can be revoked at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here:

Conclusion of a data processing agreement

We have concluded a data processing agreement with Wordfence. This is a contract required by data protection law, which ensures that Wordfence only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


7. Deletion, blocking and duration of storage of personal data

We process and store your personal data only for the period that is necessary to achieve the respective storage purpose or as stipulated by the various statutory retention periods.

After a original storage purpose has ceased to exist or the statutory retention period has expired, the personal data is automatically blocked or deleted for further processing in accordance with the statutory provisions.


8. Data protection rights of the data subject

If you have any questions about your personal data, you can write to us in this regard at any time. Under the GDPR, you have the following rights:

• The right to information (Art. 15 GDPR)
• The right to rectification (Art. 16 GDPR)
• The right to deletion (Art. 17 GDPR)
• The right to restriction (Art. 18 GDPR)
• The right to data portability (Art. 20 GDPR)
• The right to objection (Art. 21 GDPR)
• Right of appeal to the data protection regulatory authority (Art. 77 GDPR in conjunction with § 19 BDSG)
• Right to withdraw consent under data protection law (Art. 7 (3) GDPR)


9. Legal basis for processing

When processing personal data for which we obtain the consent of the data subject, Article 6 (1)(1 a) of the General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required to fulfil a contract to which the data subject is a party, Article 6 (1)(1 b) (GDPR) serves as the legal basis. This provision also covers processing operations that are necessary in advance of signing of an actual contract.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1)(1 c) (GDPR) serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 (1)(1 f) (GDPR) serves as the legal basis for the processing.

The legitimate interest of our company lies in the conduct of our business activities as well as in the analysis, optimisation and maintenance of the security of our online offer.


10. Transmission of data to third parties

We generally do not sell or lease user data. Transfer to third parties beyond the scope described in this privacy policy will only take place if this is necessary to process the respective requested service.
We only transmit data if there is a legal obligation to do so. This is the case when government institutions (e.g. law enforcement authorities) request information in writing or a court order exists.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.


11. Legal or contractual provisions for the provision of personal data and possible consequences of not providing them

We hereby point out that the disclosure of personal data is required by law in certain cases (e.g. tax regulations) or can follow from contractual provisions (e.g. information on the contractual partner). For example, it may be necessary for the conclusion of a contract that the person concerned/the contractual partner must provide their personal data so that it is possible for us to process their request (e.g. order) in the first place. There is an obligation to provide personal data especially when entering into contracts. If no personal data is provided in this case, it will not be possible to enter into a contract with the data subject. Before the person concerned provides personal data, the latter can contact our data protection officer or the person responsible for processing. The data protection officer or the data controller will then inform the data subject whether the provision of the required personal data is required by law or contract or is necessary for the conclusion of a contract and whether the requests of the data subject result in an obligation to provide the personal data and what consequences a failure to provide the requested data has for the data subject.


12. Use of automated decision-making system

As a responsible company, we do not use automatic decision-making or profiling systems in our business relationships.


13. Additional information

In addition to this web-specific data protection information, you can also refer to our “transparent information policy”.