Data protection

Data protection



Privacy policy according to the DSGVO

1. the name and address of the person responsible

The responsible person in terms of the basic data protection regulation and other national data protection laws of the member states and other data protection regulations is the:

Mercurius AG
An der Hauptwache 7
60313 Frankfurt
Phone.: +49 (0)69-50951-7100
Fax: +49 (0)69-50951-7199


In the following we inform you about the processing of your personal data in the context of the use of our website.

Should you have any further questions regarding data protection in connection with our website or the services offered, please contact us at the following e-mail address:


2. scope, purpose and legal basis of the processing of personal data

As a matter of principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is regularly only carried out with the consent of the user. An exception is made in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.

2.1 Creation of log files

Whenever you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data ("technical information") is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The IP address of the user
  • date and time of access
  • quantity of the transmitted data in bytes
  • websites from which the user's system has reached our website
  • websites that are accessed by the user's system via our website

The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.

We process this technical information for purposes of network security, e.g. to combat attacks, for marketing purposes, to better understand the requirements of our users and to improve our website offer.

These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f DSGVO.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.

2.2 Use of cookies

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser.

Cookies which are required for the electronic communication process are stored on the basis of Art. 6 Paragraph 1 lit. f DSGVO. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services. Cookies for analysing your surfing behaviour are dealt with separately in this data protection declaration under 2.3 Tracking Tools.

2.3 Tracking Tools

On our website we use the following tracking and website analysis tools:

Matomo (formerly Piwik)

This website uses the open source web analysis service Matomo. Matomo uses cookies. These are text files which are stored on your computer and which enable an analysis of your use of the website. For this purpose the information generated by the cookie about the use of this website is stored on our server. The IP address is made anonymous before storage. It is therefore no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.

Matomo cookies remain on your end device until you delete them.

Matomo cookies are stored on the basis of Art. 6 Paragraph 1 lit. f DSGVO. The website operator has a legitimate interest in the anonymous analysis of user behaviour in order to improve the quality of our website and its contents. The analysis cookies enable us to find out how the website is being used and thus to constantly optimise our offer.

The information generated by the cookie about the use of this website is not passed on to third parties. You can prevent the storage of cookies by adjusting your browser software accordingly.

If you do not agree with the storage and use of your data, you can deactivate the storage and use here. In this case, an opt-out cookie is stored in your browser, which prevents Matomo from storing usage data. If you delete your cookies, the Matomo opt-out cookie will be deleted as well. The Opt-Out must be reactivated when you visit our site again.


2.4 Contact form

For the processing of the data, your consent will be obtained during the sending process and reference will be made to this privacy policy.

It is possible to contact us via the provided e-mail address. In this case the personal data of the user transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

The processing of the personal data from the input mask serves us solely to process the contact. In the case of contacting us by e-mail, this is also the necessary legitimate interest in processing the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data is Art. 6 Para. 1 lit. a DSGVO if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b DSGVO.

The data is deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified.

The user has the possibility at any time to revoke his or her consent to the processing of personal data with effect for the future. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.

All personal data stored in the course of the contact will be deleted in this case.

2.5 Google Web Fonts

This page uses so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display text and fonts correctly.

To do this, the browser you are using must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.

If your browser does not support Web Fonts, a standard font will be used by your computer.

More information about Google Web Fonts can be found at and in Google's privacy policy:

2.6 Google Maps

This site uses the map service Google Maps via an API. Provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of an attractive presentation of our online offers and an easy findability of the places we indicate on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO.

You can find more information on the handling of user data in the Google privacy policy:

3. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (DSGVO) serves as the legal basis for the processing of personal data.

When processing personal data which is necessary for the performance of a contract to which the data subject is a party, Article 6 (1) lit. b of the DPA serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis.
In the event that vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Article 6 (1) lit. f DSGVO serves as the legal basis for the processing. In this case, our legitimate interests are in addition to the purposes listed above:

  • protection of the company against material or immaterial damage
  • The professionalization of our products and services
  • cost optimization.

Furthermore, we process personal data in order to comply with commercial or tax retention obligations.

For statutory or contractual requirements, we have marked the respective input fields in the input masks on our website, which must be completed by you in order for us to provide the service you request.

4. data erasure and storage duration

The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies or is no longer necessary. It may happen that personal data is stored for the time during which claims can be made against our company (statutory limitation periods may be from three to thirty years).

In addition, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject.
Corresponding proof and storage obligations result from the German Commercial Code, the German Tax Code and the Money Laundering Act, among others. The storage periods thereafter are up to ten years.

The data is also blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

5. transfer of personal data to third parties

In order to be able to offer you our products and services on the basis of our contractual obligations or our legitimate interests, we may pass on your personal data to other companies within the Mercurius group of companies.

Furthermore, we may be legally obliged to make personal data available to German and international authorities. The legal basis for this is Art. 6 para. 1 lit. c DSGVO in conjunction with local and international regulations and agreements.

6. right of objection according to Art. 21 DSGVO

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 paragraph 1 letter e or f of the DPA; this also applies to profiling based on these provisions.

The controller no longer processes the personal data concerning you, unless he can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Where personal data relating to you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purpose of such marketing, including profiling, insofar as it relates to such direct marketing.

If you object to processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for those purposes.

You have the possibility to exercise your right of objection in relation to the use of information society services, without prejudice to Directive 2002/58/EC, by means of automated procedures using technical specifications.

7. rights of the data subject

It is an important concern for our company to make our processes for processing personal data transparent. We therefore point out that, in addition to the right of objection, you can exercise further rights if the respective legal requirements are met:

  • Right to information according to Art. 15 DSGVO
  • Right to correction according to Art. 16 DSGVO
  • Right of deletion ("right to be forgotten") according to Art. 17 DSGVO
  • Right to restrict processing under Art. 18 DSGVO
  • Right to be informed according to Art. 19 DSGVO
  • Right to data transferability according to Art. 20 DSGVO
  • (no) automated decision in individual cases including profiling according to Art. 21 DSGVO

In order to exercise your rights, you can contact us by e-mail at

In order to be able to process your application and for identification purposes, we would like to point out that we process your personal data in accordance with Art. 6 Para. 1 lit. c DSGVO.

8. consent

You have the right to revoke your data protection declaration of consent at any time with effect for the future. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation. In some cases we are entitled, despite the revocation, to process your personal data on another legal basis (to fulfil a contract).

9. right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are domiciled, your place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you is in breach of the DPA.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 DSGVO.

The Hessian Data Protection Commissioner, P.O. Box 3163, 65021 Wiesbaden