Data protection statement

Information concerning the processing of your data pursuant to Art. 13 and Art. 14 of European Data Protection Regulation (GDPR)

secunet Security Networks AG and IBM Deutschland GmbH take your privacy and the protection of your personal data very seriously.

For this reason, in this data protection statement we explain how we protect your privacy when you share your personal data with us via this website. Websites of other providers that are referred to for instance via links are subject to the data protection notices and statements applicable there.

References to statutory provisions relate to the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in the version applicable with effect from 25 May 2018.


The controller as defined by the General Data Protection Regulation (GDPR) and other data protection laws applicable in the member states of the European Union is:

secunet Security Networks AG
Kurfürstenstraße 58
45138 Essen, Germany
Tel.: +49 201 545 40

You can contact the data protection officer at secunet Security Networks AG using the following contact details:

Data protection officer


IBM Deutschland GmbH
IBM-Allee 1
71139 Ehningen, Germany
Tel. +49 800 225 5426

You can request information about your personal data and have it updated or rectified on the webpage:

You can contact the IBM data protection officer at

Personal data

The definitions used such as “personal data” or its “processing” correspond to the definitions stated in Article 4 of the General Data protection Regulation (GDPR).

Accordingly, the term personal data refers to all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or an identification number, a code number, location data, an online code or one or multiple special features.

Personal data of minors

Our website is not intended for minors. Accordingly, personal data of minors is not processed.

Collecting and processing personal data

We use any personal data concerning you and other voluntary information that you transmit to us in the course of a contact inquiry exclusively for the purpose of fulfilling our tasks in processing your inquiry and to make contact with you. To make it easy for you as a user of our website to send an email, we use a “mailto” link so that the recipient does not need to be input manually and you can compose and send your message quickly. A “mailto” link usually opens the email program installed on your computer. All personal data that you provide voluntarily may be stored in a database system of the controller and processed in accordance with the specific purpose.

The categories of data subjects affected by data processing include our prospects, customers and other visitors to our website.

We process your personal data in compliance with the relevant data protection provisions pursuant to Art. 6 (1)(a) GDPR, Art. 6 (1)(b) GDPR, Art. 6 (1)(c) GDPR or Art. 6 (1)(f) GDPR. 

Recipients or categories of recipients of personal data

Your personal data will not be disclosed to third parties unless you have provided consent to such disclosure or such disclosure is permissible according to the applicable law, for example if this is required for the fulfilment of a contract concluded with you.

Further, we may deploy service providers who work as processors (subcontractors) on our behalf. In as far as we use subcontractors for the provision of our services, we implement appropriate legal precautions as well as corresponding technical and organisational measures in order to ensure the protection of personal data pursuant to the relevant legal requirements.

To fulfil our duties and obligations, it may be necessary for us to divulge personal data concerning you to natural and legal persons, public authorities, institutions or other bodies (e.g. data protection supervisory bodies).

If a transfer to countries outside the EU or the EEA (known as third countries) is performed in certain cases, this shall only be done on the basis of an adequate data protection level, the data subject’s consent or a legal authorisation. The controller in question shall ensure that the recipient of the data in a third country has implemented an adequate data protection level in accordance with the stipulations of GDPR, for example by entering into the EU standard contractual clauses for a transfer to a third country, an adequacy decision of the EU Commission for a third country or another legal basis.

Automated decision-making or profiling

No automated decision-making or profiling takes place.

Source of personal data

Your personal data will be collected and processed by the respective controller and exchanged between controllers in the course of the cooperation and the collective fulfilment of duties.

Use of cookies

Cookies are small text files that are stored locally in the cache of the website visitor’s Internet browser.

This website uses technologies from etracker GmbH (, which has its registered office in Germany, to collect and store data for the purposes of marketing and optimisation. The data stored can be used to create usage profiles under a pseudonym. Cookies may be used for this purpose. The data is processed based on the legal provisions of Article 6(1)(f) (legitimate interest) of the EU General Data Protection Regulation. The purpose of processing personal data is to optimise our online offering and our web presence. Data such as your IP address, logon or device identifiers is pseudonymised as early as possible at etracker in order to protect your privacy, meaning that it is no longer possible to trace the data back to a specific person. This data is not used in any other way, merged with other data held by etracker or passed on to third parties.

You may object to the data processing described above at any time in as far as such processing is specific to an individual. 

No additional analytical tools are used.

Security measures, hosting

The technical operation of the web server for this website is performed by secunet Security Networks AG.

secunet Security Networks AG uses extensive technical and organisational safety measures (TOMs) to ensure that the personal data you make available to us is not compromised and does not become known to unauthorised third parties through accidental or intentional manipulation, loss or destruction. Our safety measures are improved and adapted on an ongoing basis in line with technological development.

In particular, the security measures include the encrypted transfer of data between your browser and our server.

Restriction of storage

We only store personal data for such time as is necessary to fulfil the intended purpose. Data that the controller in question still requires for the fulfilment of tasks that are still outstanding or to establish its rights and claims as well as data that needs to be stored by law is excluded from deletion.

Your rights as a data subject

You are also entitled to certain rights in the context of the processing of your personal data. Further details can be found in the respective provisions of the General Data Protection Regulation (GDPR), in particular in Art. 15 to 18 GDPR, Art. 21 GDPR. To assert your rights, please contact the abovementioned data protection officer with the reference “VS-Cloud”. Please also note that your rights may be subject to restrictions and exceptions under prevailing law.

Under prevailing data protection law, and if the statutory prerequisites are satisfied, you have the following rights:

•          Right to access to information
•          Right to rectification
•          Right to erasure
•          Right to restriction of processing
•          Right to object
•          Right to data portability
•          Right to revoke previously granted consent
•          Right to lodge a complaint with the competent data protection officer or with the supervisory authority

Amendments to the data protection statement

We reserve the right to make amendments to the data protection statement in order to adapt it to changed legal circumstances, or in the event of changes to services as well as data processing. We ask that users stay up to date with respect to the content of the data protection statement on an ongoing basis.

Date of coming into effect: 1 May 2022