Contact

Contact

Data protection information

 

Information on the processing of your data in accordance with Art. 13 and Art. 14 of the European General Data Protection Regulation (GDPR).

1. General Information - Scope of application

This Privacy Policy is intended to inform you about the nature, scope and purpose of the processing of personal data on our website and the associated functions and content. It applies to the website operated by Firian GmbH. Websites of other providers that are referenced, for example through links, are governed by the privacy notices and policies provided on those websites.

References to statutory provisions in this Privacy Policy relate to the General Data Protection Regulation (GDPR) in the version applicable since 25 May 2018 and the German Federal Data Protection Act (BDSG) in the version applicable since 26 November 2019.

2. Responsible Party

The controller responsible for data processing on this website is:

Firian GmbH
Klausnerring 16
85551 Kirchheim near Munich
Germany
Telephone: +49 89 99119-01
Email: info@firian.com

Legal representatives:
Falk Ursinus, Jörn Appelkamp, Peter Baumgartner

3. Data Protection Officer

Firian GmbH
Klausnerring 16
85551 Kirchheim near Munich
Germany
privacy@firian.com

4. Data Processing When Visiting the Website

4.1. Web Hosting

The web server used to operate our website is technically operated and maintained by united-domains GmbH. Its contact details are:

united-domains GmbH
Gautinger Str. 10
82319 Starnberg
Germany

As part of the hosting services, personal data that is collected automatically when you visit our website is processed. This includes, in particular, the IP address, the date and time of the request, browser type and browser version, the operating system used, the referrer URL and the host name of the accessing computer.

The data is processed for the purpose of providing and securely operating our website.

The legal basis for this processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically error-free display, stability and security of our website.

We have concluded a data processing agreement with the provider pursuant to Art. 28(3) GDPR. Processing is carried out exclusively on the basis of our instructions and in compliance with the statutory data protection requirements.

4.2. SSL Encryption

For security reasons and to protect the transmission of confidential content that you send to us as the website operator, this website uses SSL or TLS encryption. You can identify an encrypted connection by the fact that the browser address bar changes from "http://" to "https://" and by the padlock symbol in your browser bar. When SSL or TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

4.3. Processing of Personal Data When Using the Website

When you visit our website, our IT systems automatically collect data that your browser transmits to our server. This consists primarily of technical information required to ensure the stable and secure operation of the website.

This includes, in particular:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP address

This data is collected to ensure the functionality of the website and to safeguard system security and stability.

This data is not combined with data from other sources.

The processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in ensuring IT security, preventing misuse and providing the website in a stable manner.

The processing is carried out on our behalf by our hosting service provider, united-domains GmbH.

The stored data is deleted or anonymised after no more than seven days. In the event of anonymisation, the IP address is shortened so that it can no longer be linked to an individual.

5. Contacting Us

When you contact us, for example through the contact form, by email or by telephone, we process the personal data that you provide in connection with your enquiry. When you use the contact form, we collect, in particular, your first and last name, your email address and the content of your message. Providing a telephone number is voluntary and is used solely to make it easier for us to contact you.

The data is processed for the purpose of handling your enquiry. Mandatory information is required so that we can process your request.

The processing is based on Art. 6(1)(b) GDPR where your enquiry relates to the initiation or performance of a contract. In all other cases, the processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in properly handling enquiries addressed to us.

We do not disclose your data unless this is necessary to handle your enquiry or we are legally required to do so.

The data you provide is stored only for as long as necessary to handle your enquiry. It is then deleted unless statutory retention obligations apply or further storage is required to establish, exercise or defend legal claims.

6. Data Processing in Connection With Contractual Relationships

In connection with the initiation, performance and administration of contractual relationships, we process personal data relating to prospective customers, customers, business partners and their employees or other contact persons. The data is processed, in particular, for communication, the preparation of quotations, the performance of contractual services and the maintenance of business relationships.

In particular, we process contact details, such as name, email address, telephone number and address, contract and communication data, such as enquiries, quotations and correspondence, and billing and payment data, such as invoice details and bank details, insofar as this is necessary for the relevant purpose.

The processing is based on Art. 6(1)(b) GDPR for the performance of contracts or pre-contractual measures. Processing may also be based on Art. 6(1)(c) GDPR in order to comply with legal obligations and on Art. 6(1)(f) GDPR in order to safeguard our legitimate interests, in particular our interest in organising our business processes efficiently. Where consent has been given, the processing is additionally based on Art. 6(1)(a) GDPR.

Personal data is disclosed only where this is necessary for the performance of a contract, where we are legally required to do so or where you have given your prior consent. Recipients may include internal departments and external service providers that process data on our behalf pursuant to Art. 28 GDPR. Any further disclosure takes place only where this is necessary to establish, exercise or defend legal claims.

Personal data is stored only for as long as necessary for the relevant purposes or for as long as statutory retention obligations apply. In particular, statutory retention periods of up to ten years apply under commercial and tax law. Once these periods have expired, the data is deleted unless there are further legal grounds for storage.

7. Satisfaction Surveys

As part of our quality assurance activities and in order to improve our services, we occasionally conduct customer satisfaction surveys.

Participation in these surveys is voluntary and may be anonymous. If you provide personal data in a survey, such as your name or email address, you do so voluntarily.

The data is processed in order to conduct the surveys, evaluate customer satisfaction and continuously improve our services.

The legal basis for the processing is Art. 6(1)(f) GDPR. Our legitimate interest lies in improving our services and assuring the quality of our offerings.

If you voluntarily provide personal data as part of the survey, the processing is additionally based on your consent pursuant to Art. 6(1)(a) GDPR.

We use Microsoft Forms, a tool provided by Microsoft Ireland Operations Limited, to conduct the surveys. The data is processed on our behalf pursuant to Art. 28 GDPR.

The data is not disclosed unless this is necessary for the technical implementation of the survey. In principle, the data is processed on servers within the European Union. However, when the service is used, Microsoft Corporation, based in the United States, may access the data.

Microsoft is certified under the EU-U.S. Data Privacy Framework. The transfer is based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR.

The data is stored only for as long as necessary for the evaluation. It is then deleted or anonymised unless statutory retention obligations apply.

8. Cookies and Consent Management

8.1. Use of Cookies

Our website uses cookies and similar technologies to enable the use of certain functions, ensure the security of the website and make our online services user-friendly.

Cookies are small text files that are stored on your device and contain certain information. They may be stored either temporarily for the duration of a session (session cookies) or permanently (persistent cookies).

We distinguish between the following types of cookies:

Technically necessary cookies

These cookies are required to ensure the operation of the website and its basic functions, such as page navigation, the storage of settings or security functions. The processing is based on Section 25(2) TDDDG and Art. 6(1)(f) GDPR. Our legitimate interest lies in providing our website in a technically error-free and secure manner.

Non-essential cookies (analytics and marketing cookies)

These cookies are used to analyse user behaviour, optimise our services and display personalised content or advertising. They are set only if you have given your express consent. The processing is based on Section 25(1) TDDDG and Art. 6(1)(a) GDPR.

You can withdraw or adjust your consent at any time with effect for the future through the consent management tool used on the website.

You can also prevent or restrict the storage of cookies or delete cookies that have already been stored by changing the relevant settings in your browser. Please note that disabling cookies may restrict the functionality of this website.

8.2. Consent Management Platform

To obtain and manage consent for the use of cookies and similar technologies, we use Cookiebot, a consent management service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

The Consent Management Platform (CMP) is used to obtain, document and manage consent as required by law.

When you access our website, a connection is established to Cookiebot's servers. In this context, personal data is processed in order to record and store your consent. The personal data processed includes, in particular, the IP address in truncated form, information about the browser and device used, the date and time of consent, the URL accessed and the consent status. A randomly generated unique identification number is also assigned so that the consent given can be traced.

Cookiebot stores your consent in a cookie named "CookieConsent" so that it can be taken into account on future visits to the website.

The data is processed exclusively for the purpose of managing your consent and complying with the legal requirements governing the use of cookies.

The specific retention period depends on the legal requirements and the settings of the consent management service used.

We have concluded a data processing agreement with the provider pursuant to Art. 28 GDPR.

Further information about data processing by Cookiebot is available at: www.cookiebot.com/de/privacy-policy/

8.3. Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a management tool used to integrate and control scripts and services on our website. Google Tag Manager itself generally does not process personal data, but for technical reasons it may trigger the transmission of the IP address.

Personal data is processed exclusively by the services integrated through Google Tag Manager. When you access our website, your IP address may be transmitted to Google servers for technical reasons.

The use of Google Tag Manager may, however, result in personal data, in particular the IP address, being transmitted to servers operated by Google LLC in the United States, especially where additional services are integrated through Tag Manager.

The actual data processing is carried out by the respective services integrated through Google Tag Manager. Further information is provided in the relevant sections of this Privacy Policy.

Google Tag Manager is used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time with effect for the future.

Further information about Google Tag Manager and data protection at Google is available at: marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/

8.4. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the behaviour of website visitors and is used to evaluate and optimise our online services.

For this purpose, various usage data is processed, such as the IP address in truncated form, page views, time spent on the website, click paths, browsers and operating systems used, and information about the approximate location. This data is generally assigned to a device.

We have concluded a data processing agreement with Google pursuant to Art. 28 GDPR, which ensures compliance with data protection requirements.

The use of Google Analytics may result in personal data being transmitted to servers operated by Google LLC in the United States.

Google Analytics is used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future.

An adequacy decision of the European Commission applies to data transfers to the United States under the EU-U.S. Data Privacy Framework. Google LLC is certified under this framework and is committed to complying with European data protection standards.

Further information about how Google Analytics handles user data is available at: support.google.com/analytics/answer/6004245

8.5. Google Ads, Conversion Tracking and Remarketing

We use Google Ads, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

As part of Google Ads, we use conversion tracking and remarketing technologies to analyse the effectiveness of our advertising activities and to display personalised advertising to you on other websites.

Cookies and similar technologies are used for this purpose, enabling users to be recognised. Among other information, data about pages visited, interactions, devices and browsers used, and approximate location data may be processed.

Google may also process the collected data across devices and combine it into usage profiles.

The processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time with effect for the future.

The use of Google Ads may result in personal data being transmitted to servers operated by Google LLC in the United States. Google is certified under the EU-U.S. Data Privacy Framework. The data transfer is based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR.

Further information about data processing by Google is available at: policies.google.com/privacy

8.6. Google Maps

We use Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

Your IP address must be processed in order to use the functions of Google Maps. This information is generally transmitted to and stored on servers operated by Google LLC in the United States.

Google Maps is integrated in order to provide you with an interactive map display and convenient access to our location functions.

Google Maps is loaded on our website only after you have given your express consent. Before consent is given, the map is blocked and no data is transmitted to Google.

Google Maps is used exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR and Section 25(1) TDDDG. You may withdraw your consent at any time with effect for the future.

The use of Google Maps may result in personal data being transmitted to servers operated by Google LLC in the United States. Google is certified under the EU-U.S. Data Privacy Framework. The data transfer is based on the adequacy decision of the European Commission pursuant to Art. 45 GDPR.

Further information about how user data is handled is available in Google's Privacy Policy: policies.google.com/privacy

9. Use of Social Media

We maintain publicly accessible profiles on social networks in order to communicate with prospective customers and customers and to provide information about our services.

We have profiles on the following platforms:

  • Facebook: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
  • Instagram: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
  • LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • XING: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany

9.1. Data Processing by Platform Operators

When you visit our social media profiles, personal data is processed not only by us but also by the respective platform operators. This applies, in particular, to data relating to the use of the platform, such as interactions, content accessed or communication activities, as well as other information actively provided by users.

The platform operators also process, in particular:

  • Usage data, such as interactions, likes, comments and shared content
  • Communication data, such as messages sent through the platform
  • Device and connection data
  • Location data, where applicable, in aggregated form
  • Demographic information in anonymised or statistical form

The platform operators use this data to generate usage statistics, known as "Insights" or "Page Analytics", which are made available to us in aggregated form.

9.2. Responsibility

The processing of personal data in connection with our social media profiles is generally carried out under the respective platform operator's own responsibility under data protection law. We do not have full control over this data processing.

However, in connection with the operation of our social media profiles, individual processing activities, in particular the provision of usage statistics such as "Insights" or "Page Analytics", may result in joint controllership with the respective platform operators pursuant to Art. 26 GDPR.

In these cases, corresponding agreements are in place with the platform providers, setting out the respective responsibilities under data protection law.

Such joint controllership applies, in particular, in relation to the following platforms:

  • Facebook and Instagram (Meta Platforms Ireland Ltd) in connection with Page Insights (see the joint controllership agreement, see here.
  • LinkedIn (LinkedIn Ireland Unlimited Company) in connection with page analytics ("Page Analytics"), see here.

For the XING platform (New Work SE), data processing is currently carried out predominantly under the provider's sole responsibility.

Further information about data processing and your rights is available in the privacy notices of the respective platform operators:

In the event of joint controllership, you may exercise your rights as a data subject both against us and against the respective platform operators.

9.3. Links to Social Media Profiles

Our website uses corresponding symbols or graphics to link to our profiles on social networks, such as Facebook, Instagram, LinkedIn and XING.

Merely accessing our website does not result in personal data being transmitted to the providers of these platforms. Data is transmitted only when you actively click on such a link and thereby access the relevant external website.

In this context, the respective platform operator may process personal data, such as your IP address or usage data. We have no control over this processing.

10. Transfers of Data to Third Countries Outside the EU

As part of our data processing activities, personal data may be transferred to or processed in countries outside the European Union (EU) or the European Economic Area (EEA).

This applies, in particular, to the use of certain digital services or IT systems, such as cloud-based applications or international platforms.

Where data is transferred to third countries, this takes place exclusively in compliance with the statutory requirements of Art. 44 et seq. GDPR. Appropriate safeguards are put in place to ensure an adequate level of data protection, in particular through the conclusion of EU Standard Contractual Clauses and, where applicable, through transfers to companies certified under the EU-U.S. Data Privacy Framework.

11. Storage Period and Deletion of Data

We store your data only for as long as necessary to achieve the respective processing purposes or for as long as statutory retention periods require storage beyond that point.

Once the purpose of the processing no longer applies or a statutory retention period expires, the personal data is deleted or its processing is restricted in accordance with the statutory requirements.

12. Your Rights

Within the scope of the statutory provisions, you have the following rights in relation to the processing of your personal data.

12.1. Right of Access (Art. 15 GDPR)

You have the right to request information as to whether we process personal data concerning you. If this is the case, you are entitled to access this data and to receive further information, in particular about the purposes of the processing, the categories of personal data, the recipients, the storage period and your other rights.

12.2. Right to Rectification (Art. 16 GDPR)

You have the right to request the immediate rectification of inaccurate personal data or the completion of incomplete personal data.

12.3. Right to Erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data where the statutory requirements are met. This applies, in particular, where the data is no longer required for the purposes pursued, where you withdraw your consent or where the processing is unlawful. The right to erasure does not apply where statutory retention obligations or other legitimate grounds prevent erasure.

12.4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your personal data where one of the statutory requirements is met, in particular where you contest the accuracy of the data or have objected to the processing.

12.5. Right to Data Portability (Art. 20 GDPR)

You have the right to receive personal data that we process by automated means on the basis of your consent or for the performance of a contract in a structured, commonly used and machine-readable format or, where technically feasible, to have it transmitted to a third party.

12.6. Right to Object (Art. 21 GDPR)

Where processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object to the processing at any time on grounds relating to your particular situation. Where your data is processed for direct marketing purposes, you have the right to object to this processing at any time.

12.7. Withdrawal of Your Consent (Art. 7 GDPR)

Where processing is based on your consent, you have the right to withdraw that consent at any time with effect for the future. The lawfulness of the processing carried out before the withdrawal remains unaffected.

12.8. Right to Lodge a Complaint With a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

To exercise your rights, you may contact the controller or our Data Protection Officer at any time.

13. Updates to the Privacy Policy

This Privacy Policy may be updated as necessary, for example where legal requirements change or our services are further developed.

Where individual amendments require consent or affect existing contractual relationships, such changes will be implemented only in compliance with the applicable statutory provisions.

We recommend reviewing this Privacy Policy at regular intervals to keep informed of its current status.

 

The English and Polish language versions are provided solely for ease of understanding. In the event of discrepancies, the German version shall prevail.

Last updated: June 2026
Version: 1.0