Privacy policy


Below Humanitec GmbH (“Humanitec” or “we”) provides you with an overview of what personal data we process for what purpose and how we ensure the protection of that data. In section I. you can find information applicable in general. In section II. we explain the processing of personal data in the context of you visiting our websites ( (“Website”). Please read the following information regarding the privacy policy carefully. In case you have further questions, please do not hesitate to contact us at any time at

I. General Information

1. Who is responsible for processing of personal data and whom you can approach

Controller of the processing of personal data is:

Humanitec GmbH, Wöhlertstraße 12-13, 10115 Berlin/Germany; email:;
telephone: +49 30 25779605

2. How to reach our data protection officer

You can reach our data protection officer under the following contact information:

Humanitec GmbH, Datenschutzbeauftragter, Wöhlertstraße 12-13, 10115 Berlin/Germany;
telephone: +49 30 25779605

3. What we process

We process personal data provided by you or generated by us. For further information, see section II.

4. For what purpose and on what legal basis do we process personal data

Generally, we process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for various purposes. In principle, the following can be considered as the purposes of the processing: the processing for the initiation of contractual relationships and the performance of contracts (Art. 6 (1) lit. b GDPR), for the protection of legitimate interests (Article 6 (1) lit. f DSGVO), based on your consent (Article 6 (1) lit. a GDPR) and/ or statutory provisions (Art. 6 (1) lit. c GDPR).

For further information, see section II.

5. Are you obligated to provide personal data

There is no legal or contractual obligation to provide us with personal data. We only ask you to provide us with the data necessary for our services. Without this personal data, we may not be able to offer you our services.

7. For how long do we process personal data

We process data only as long as it is necessary in relation to the initial specified, explicit and legitimate purpose.

Additionally, we are subject to various filing and documentation obligations, including those arising from the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for storage and documentation specified there are up to ten years.

In light of possible legal claims, the processing period is also determined by statutory time limitations, which can be up to thirty years according to §§ 195 ff. of the German Civil Code (BGB), whereby the regular time limitation is three years.

8. Your Rights

Every data subject has the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR). To exercise those rights, you can contact us under the contact information given in section I. 1. or 2.

As far as the personal data is processed for the purpose of our legitimate interest according to Art. 6 (1) lit. f GDPR, you have the right to object according to Art. 21 GDPR. You can find further information regarding your right to object at the end of this Privacy Policy.

In addition, if you are of the opinion that the processing of your personal data is unlawful, you have the right to lodge a complaint with the competent supervisory authority (Art. 77 GDPR). This right to complain is without any prejudice to any other administrative or judicial remedy. The competent supervisory authority for Humanitec is: Berliner Beauftragte für Datenschutz und Informationsfreiheit

9. External Links

On our Website we may link to other websites by third parties.

Such websites by third parties are governed by the provisions and privacy policies of the respective third party offering the content behind those links. We do not actively check such links and external content unless required by applicable laws. If you discover wrong and/or inappropriate content please inform us, for example via email to and we will delete and change such links immediately.

Kindly notice that when you click these links, you may be connected to such external service and your data may be processed outside the European Economic Area (EEA).

10. Data Security

In order to ensure the best possible protection of your data, the Website is offered via a secure SSL connection.

II. Processing of personal data regarding our Website

1. Cookies 

In order to offer you a convenient online service featuring numerous functions, our Website uses text files (“Cookies”). A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of our website.

Processing of personal data through the use of cookies is based on Article 6 (1) lit. f GDPR. Purpose and our legitimate interest are improved functionality of our websites.

2. Access Data/ Server logfiles

We collect data about each visit of our Website (so-called server logfiles) (“Access Data”). Access Data includes the following: Name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, User's operating system, referrer URL (the previously visited page), IP address and the requesting provider

When using a mobile device Access Data also contains: Country code, language, device name, operating system and version name

We use this Access Data for statistical analysis for the purpose of operation, security and optimization of our Website. We anonymize Access Data before processing it for statistical analysis. However, we reserve the right to check these Access Data retrospectively if there is a justified suspicion of illegal use based on concrete indications. This data is stored because this is the only way to prevent the misuse of our Website and Software and, if necessary, allow us to investigate any potential crimes committed. As a matter of principle, this data will not be passed on to third parties unless there is a legal obligation to pass it on or the transfer of data serves criminal prosecution purposes.

This data processing is based on Art. 6 (1) f. GDPR and we wish to achieve the legitimate interests of stabilizing and improving our Website, quality insurance and fraud prevention.

3. Google Analytics 

Our websites use Google Analytics, a web tracking tool by Google Inc. (hereafter: “Google”). Google Analytics uses cookies to analyze your use of our websites. The data created by the cookie is usually transferred to a server of Google in the USA and stored there.

In case the anonymization of IP-addresses is active on a website, the user’s IP-address will be truncated inside the European Union or the European Economic Area. Only in exceptional cases the user’s full IP-address will be transmitted to a server of Google in the US and truncated there. IP-anonymization is active on our websites.

On behalf of us, Google will process this data in order to analyze your use of our websites, to generate reports on website activity and to render further services regarding the use of our websites. The IP-address transmitted by your browser will not be associated with other data in possession of Google.

You can prevent the storage of cookies by modifying your browser setting to decline cookies. Furthermore, you can prevent the collection and following procession of data by Google through this cookie by downloading a browser-plugin through the following link:

Preventing storage of cookies may prevent you from taking full advantage of our websites.

You can find further information about terms and conditions as well as data protection on

The processing of personal data through Google Analytics is based on Article 6 (1) lit. f GDPR. Purpose and our legitimate interest are analysis of the use of our websites as well as improved functionality.

6. Contacting us

When contacting us (e.g. by email or through the website), we process your name, email address and any personal data disclosed in the message itself.

The processing is based on Art. 6 (1) f. GDPR. Purpose and our legitimate interest is answering your enquiry and, if applicable, follow-up questions 

7. Data Subject rights management

We process your requests for information, correction, deletion, restriction of processing of personal data and data portability pursuant to the GDPR. In doing so we process the following personal data:

  • Master data
  • Privacy statements (consent to the processing of personal data, withdrawal of your consent, objections to the processing of personal data, statements asserting your rights of access, to rectification, erasure, restriction of processing, and data portability, including the information you provide us by asserting your rights)
  • All data or categories of data that are the subject of the request.

The processing of personal data is based on Article 6 (1) lit. c GDPR. Purpose is an effective affected rights management.

8. Automated decision-making and profiling

We do not use automated decision-making. Regarding profiling, we use the tracking tool Google Analytics. For further information about our use of Google Analytics see section II. 3. – “Google Analytics”.

9. Who receives your personal data 

In some cases we share your personal data with third party controllers (see Article 4 No. 7 GDPR). These are the following controllers:

We use processors (see Article 4 No. 8 GDPR) that process personal data on our behalf. These include the following processors:

Google Ireland Ltd., Gordon House, Barrow Street, Dublin, 4, Ireland

Data Processing Purpose: We use Google Analytics to analyze traffic on our Website.

Data Processing outside the EU / Compliance with EU Data Protection Standard: Personal data is anonymized before being transferred outside of the EU/ EEA.

Further Information: You can find further information here:

Personio GmbH Buttermelcherstraße 16 80469 München Deutschland

Data Processing Purpose: For processing applications to open positions, we use Person, HR and applicant management software. Personio GmbH comply with all applicable data protection and privacy laws & regulations in the performance of its obligations under the General Data Protection Regulation. Before submitting application via Personio Application form integration you will be asked to consent with the Privacy Notice.

Further Information: You can find further information here:

Webflow, Inc., 398 11th Street, San Francisco, CA 94103, UNITED STATES

Data Processing Purpose: We use Webflow to build our website.

Further Information: You can find further information here:

Information about your right to object in accordance with Art. 21 General Data Protection Regulation (GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you on the basis of Art. 6 (1) lit. f GDPR (processing of personal Data based on a balancing of interests); this includes profiling based on those provisions (Art. 4 No. 4 GDPR).

Should you decide to object the processing, we will stop to process personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the purpose of establishment, exercise or defence of legal claims.

You also have the right to object at any time to processing of personal data concerning you for the purpose of advertising; this also applies to profiling insofar as it is associated with advertising.

Should you decide to object to the processing for advertising purposes, we will stop to process personal data concerning you for these purposes.

The objection is not subject to any form. Ideally, it should be lodged at the bodies mentioned in section I. 1. and 2.