Privacy Policy

This Privacy Policy defines the type, scope, and purpose of the processing of personal data (hereinafter “data”) within our company, our online service, and the associated websites, functions, and content, as well as external online presences such as our social media profiles (hereinafter jointly “online service”). Please refer to Art. 4 of the General Data Protection Regulation (GDPR) for the definitions of the terms used, such as “personal data” or their “processing”.




Name/company name:

Technologiepark Heidelberg GmbH

Street address:

Im Neuenheimer Feld 582

Postcode, city, country:

69120 Heidelberg, Germany

Commercial registry and registration number:  

Mannheim District Court, HRB 332701

Managing Director:

Dr. André H.R. Domin

Telephone number:

+49 6221 5025700

Email address:

Types of data processed:


  • User data (such as name and address)
  • Contact data (such as email and telephone number)
  • Content data (such as text submitted, photographs, and videos)
  • Contractual data (such as object of the contract, duration, and customer category)
  • Payment data (such as bank account and payment history)
  • Usage data (such as websites visited, interest in content, and access times)
  • Metadata and communication data (such as device information and IP address)

Processing of special categories of data (Art. 9 [1] of the GDPR):

No special categories of data shall be processed.


Categories of data subjects whose data is processed:

  • Customers, prospective customers, suppliers, and users of our services
  • Visitors and users of the online service
  • Tenants and members

Hereinafter, data subjects shall be collectively referred to as “user”.


Purpose of processing:

  • Provision of the online service, its content, and functions
  • Provision of contractual services, customer service, and customer care
  • Response to contact requests and communication with users
  • Marketing, advertising, and market research
  • Security measures
  • Accounting

Version: 24 May 2018


1.            Applicable legal grounds


We shall inform you of the legal grounds for our data processing in accordance with the provisions of Art. 13 of the GDPR. Should the legal grounds not be stated in the Privacy Policy, the following shall apply: The legal grounds for obtaining consent shall be Art. 6 (1) lit. a and Art. 7 of the GDPR; the legal grounds for processing for the performance of our services, implementation of contractual measures, and response to requests shall be Art. 6 (1) lit. b of the GDPR; the legal grounds for processing for the performance of our legal obligations shall be Art. 6 (1) lit. c of the GDPR; and the legal grounds for processing in order to safeguard our legitimate interests shall be Art. 6 (1) lit. f of the GDPR. The legal grounds in the event that the processing of personal data is necessary to protect the vital interests of the data subject or another natural person shall be Art. 6 (1) lit. d of the GDPR.


2.            Changes and updates to the Privacy Policy


Please keep yourself regularly informed about the content of our Privacy Policy. We shall modify the Privacy Policy as soon as changes in the data processing we conduct make this necessary. We shall inform you as soon as the changes require action on your part (such as consent) or any other personal notification.


3.            Security measures


3.1.        In accordance with the provisions of Art. 32 of the GDPR, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, we shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These shall include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data as well as access, input, transfer, storage, availability, and separation of data concerning you. Moreover, we have established procedures that ensure that data subjects may exercise their rights, that data are erased, and that we react to threats to data. Furthermore, in accordance with the principle of data protection by design and by default (Art. 25 of the GDPR), we shall take the protection of personal data into account as early as the development or selection of hardware and software, as well as procedures.


4.            Collaboration with commissioned data processors and third parties


4.1.        Should we disclose, transfer, or otherwise grant access to the data to other persons and companies (commissioned data processors or third parties) in the course of our processing, this shall take place only on legal grounds (for example, if it is necessary to transfer the data to a third party such as a payment service provider in accordance with Art. 6 [1] lit. b of the GDPR), because you have consented to it, because a legal obligation provides for this, or on the grounds of our legitimate interests (such as when appointing agents, web hosts, and so forth).


4.2.        Should we appoint a third party to process data on the grounds of a “commissioned data processing contract”, this shall take place on the grounds of Art. 28 of the GDPR.


5.            Transfers to third countries


Should we process data in a third country (that is, outside the European Union [EU] or European Economic Area [EEA]) or should this take place in the context of the utilization of third-party services or the disclosure or transfer of data to third parties, this shall take place only if it is done for the performance of our (pre)contractual obligations, on the grounds of your consent, due to a legal obligation, or on the grounds of our legitimate interests. Subject to legal or contractual permissions, we shall process or have the data processed in a third country only if the special requirements of Art. 44 ff. of the GDPR are met. This means that the processing shall take place on the grounds of special guarantees, such as official recognition that the third country ensures an adequate level of data protection (for example, the “Privacy Shield” in the USA) or compliance with officially recognized special contractual obligations (“standard contractual clauses”).


6.            Rights of the data subject


6.1.        You shall have the right to obtain confirmation as to whether or not personal data concerning you are being processed as well as access to these data, and further information and copies of the data in accordance with Art. 15 of the GDPR.


6.2.        In accordance with Art. 16 of the GDPR, you shall have the right to have incomplete personal data concerning you completed and inaccurate personal data concerning you rectified.


6.3.        In accordance with the provisions of Art. 17 of the GDPR, you shall have the right to erasure of personal data concerning you without undue delay or alternatively, in accordance with the provisions of Art. 18 of the GDPR, to restriction of processing of the data.


6.4.        You shall have the right to receive the personal data concerning you, which you have provided to us, and transmit them to another controller in accordance with the provisions of Art. 20 of the GDPR.


6.5.        Furthermore, in accordance with Art. 77 of the GDPR, you shall have the right to lodge a complaint with the competent supervisory authority.


7.            Right to withdraw

You shall have the right to withdraw any given consent with future effect in accordance with Art. 7 (3) of the GDPR.


8.            Right to object

You shall have the right to object to future processing of personal data concerning you at any time, in accordance with Art. 21 of the GDPR. You shall have the right to object to processing of personal data concerning you for direct marketing purposes in particular.


9.            Cookies and the right to object to direct marketing

We set temporary and permanent cookies, that is, small files that are stored on users’ devices (please refer to Section 15 of this Privacy Policy for an explanation of the term and function). Cookies are partly required for security purposes, for the operation of our online service (such as for the display of the website), or to record the user’s decision with regard to the cookie notification banner. In addition, we or our technology partners shall set cookies both to measure reach and for marketing purposes, which shall be explained to users in the course of the Privacy Policy.


In the case of a large number of services, tracking services in particular, you may generally object to the use of cookies for online marketing purposes on the US website or the EU website Moreover, you may prevent the storage of cookies by adjusting your browser settings accordingly. Please note that you may consequently be unable to use all functions of this online service.


10.          Erasure of data

10.1.      In accordance with the provisions of Art. 17 and 18 of the GDPR, the data that we process shall be erased or their processing restricted. Unless expressly stated in this Privacy Policy, the data that we store shall be erased as soon as they are no longer required for their intended purpose and there are no legal obligations for their retention. Should the data not be erased because they are required for other legally permissible purposes, their processing shall be restricted. This means that the data shall be blocked and shall not be processed for other purposes. This shall apply to data that must be stored for commercial or fiscal purposes, for example.


10.2.      In accordance with legal requirements, storage shall be for a period of six or 10 years pursuant specifically to Section 257 (1) of the German Commercial Code (HGB; trading books, inventories, opening balance sheets, financial statements, commercial letters, accounting records, and so forth) and for 10 years pursuant to Section 147 (1) of the German Fiscal Code (AO; books, records, management reports, accounting records, commercial and business letters, documents relevant for fiscal purposes, and so forth).


11.          Provision of contractual services

11.1.      We shall process user data (such as the name and address, as well as user contact data) and contractual data (such as the services availed of, contact names, and payment information) for the purpose of the performance of our contractual obligations and services in accordance with Art. 6 (1) lit. b of the GDPR.


11.2.      Users may create an optional user account where they can view their specific orders. During the registration process, users shall be informed of the required mandatory information. The user accounts are not public and cannot be indexed by search engines. Should users have terminated their user account, their data concerning the user account shall be erased, provided that their retention is not required for commercial or fiscal purposes in accordance with Art. 6 (1) lit. c of the GDPR. In the event of termination, it shall be incumbent upon users to secure their data before the expiration of the contract. We shall be entitled to irretrievably erase all user data stored during the term of the contract.


11.3.      In the course of registering and repeated logins, as well as the utilization of our online services, we shall store the IP address and time of the respective user action. This storage shall be on the grounds of our legitimate interests, as well as of protecting the user from misuse and other unauthorized use. In principle, these data shall not be transferred to third parties unless they are required to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 (1) lit. c of the GDPR.


11.4.      Erasure shall take place after the expiration of legal warranty and comparable obligations. The necessity for data retention shall be reviewed every three years. In the event of legal archiving obligations, erasure shall take place after their expiration (the commercial retention obligation is six years and the fiscal retention obligation is 10 years). Information included in the customer account shall be retained until the account has been erased.


12.          Contact

12.1.      When contacting us (through the contact form or by email), the user’s information shall be used to process the contact request in accordance with Art. 6 (1) lit. b of the GDPR.


12.2.      User information may be stored in our Customer Relationship Management system (hereinafter “CRM system”) or a comparable request management system.


12.3.      We shall erase the requests should they no longer be necessary. We shall review their necessity every two years. Requests from customers holding a customer account shall be stored permanently. Please refer to the information included in the customer account for erasure. In the event of legal archiving obligations, erasure shall take place after their expiration (the commercial retention obligation is six years and the fiscal retention obligation is 10 years).


13.          Collection of access data and log files

13.1.      We shall collect data about each access to the server on which this service is located (server log files) on the grounds of our legitimate interests pursuant to Art. 6 (1) lit. f of the GDPR. The access data shall include the name of the retrieved website, file name, date and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, user’s operating system, referrer URL (the previously visited page), IP address, and requesting provider.


13.2.      Log-file information shall be stored for security purposes (such as to clarify incidents of abuse or fraud) for a maximum period of seven days and then erased. Data that must be further stored due to their necessity for the purpose of evidence shall be excluded from erasure until the respective incident has been definitively clarified.


14.          Online social media presences

14.1.      On the grounds of our legitimate interests pursuant to Art. 6 (1) lit. f of the GDPR, we shall maintain online presences on social networks and platforms for the purpose of communicating with customers, prospective customers, and users that are active on such networks and platforms, and of informing them about our services. The terms and conditions and data processing guidelines of the respective operators of the accessed networks and platforms shall apply.


14.2.      Unless otherwise stated in our Privacy Policy, we shall process the data of users that communicate with us on social networks and platforms by submitting posts on our online presences or sending us messages, for example.


15.          Cookies and measuring reach

15.1.      Cookies are pieces of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other forms of information storage.


15.2.      We use “session cookies”, which are only stored for the duration of the current visit to our online presence (for example, to enable the storage of your login status or the shopping cart function, and consequently the use of our online service at all). A randomly generated, unique identification number called a session ID is stored in a session cookie. A cookie also contains information about its origin and retention period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online service and logged out or closed your browser, for example.


15.3.      Users shall be informed about the use of cookies to measure reach pseudonymously in this Privacy Policy.


15.4.      In the event that users do not wish cookies to be stored on their computer, they should deactivate the corresponding option in their browser’s system settings. Stored cookies may be deleted through an option in the browser’s system settings. Disabling cookies may lead to restrictions in the functionality of this online service.


15.5.      You may opt out of the use of cookies used for measuring reach and for advertising purposes by visiting the Network Advertising Initiative’s opt-out page ( and additionally the US website or the European website


16.          Google Analytics

16.1.      We use Google Analytics, a web analytics service of Google LLC (hereinafter “Google”), on the grounds of our legitimate interests (that is, interests in the analysis, optimization, and commercial operation of our online service pursuant to Art. 6 [1] lit. f of the GDPR). Google uses cookies. The information generated by the cookie about use of the online service by the user is generally transferred to and stored by Google on servers in the USA.


16.2.      Google is certified by the Privacy Shield Framework, which guarantees compliance with European data protection law (


16.3.      On our behalf, Google shall use this information to analyze the use of our online service by users, to compile reports on the activities of this online service, and to provide us with other services related to the use of this online service and the Internet. Pseudonymous user profiles can be created from the processed data.


16.4.      We shall only use Google Analytics with IP anonymization enabled. This means that Google shall truncate the user’s IP address if the user is located in a member state of the EU or EEA. Only in exceptional cases shall the full IP address be transferred to a Google server in the USA and truncated there.


16.5.      The IP address transferred by the user’s browser shall not be merged with other Google data. Users may prevent the storage of cookies by selecting the appropriate settings in their browser. In addition, users may prevent Google from collecting and processing data obtained from the cookie related to their use of the online service by downloading and installing the browser add-on available at


16.6.      Further information about Google’s use of data and the various settings and opt-out options is available on Google’s website at (“How Google uses information from sites or apps that use our services”), (“How Google uses cookies in advertising”), and (“Ad personalization”).


16.7.      Otherwise, personal data shall be anonymized or erased after a period of 14 months.


17.          Newsletter

17.1.      In the following, we shall inform you about the content of our newsletter as well as the registration, delivery, and statistical evaluation procedures, and your right to object. By subscribing to our newsletter, you shall consent to receipt of the newsletter and the procedures described.


17.2.      Newsletter content: We shall send newsletters, emails and other electronic notifications containing advertising information (hereinafter “newsletters”) only with the consent of the recipient or if it is legally permissible. Provided that the content of the newsletter is specifically described in the course of registration, this shall apply to the consent of the user. Otherwise, our newsletters shall contain information about our products, services, promotions, and company.


17.3.      Double opt in and logging: Registration for our newsletter shall involve a double opt-in process; that is, after registration, you shall receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one subscribes to the newsletter using someone else’s email address. Registrations for the newsletter shall be logged as evidence of the registration process in accordance with legal requirements. This shall include storing the log-in and confirmation times, as well as the IP address. Changes to your data stored by the mailing service provider shall likewise be logged.


17.4.      Mailing service provider: The newsletter shall be sent by SAS Sarbacane Software, 3 avenue Antoine Pinay, Parc d’activités des 4 vents, 59510 HEM, France (hereinafter “mailing service provider”). The provisions of the privacy policy of the mailing service provider are available at


17.5.      Moreover, according to their own available information, the mailing service provider may use these data in pseudonymous form—that is, without allocating them to a user—to optimize or improve their own services in order to technically optimize the delivery and layout of the newsletter, or for statistical purposes, in order to determine the recipients’ countries, among others. However, the mailing service provider shall not use our newsletter recipients’ data to contact them directly or transfer the data to third parties.


17.6.      Registration data: Your email address shall be sufficient to subscribe to the newsletter. We shall ask you to optionally include your name to address you personally in the newsletter.


17.7.      Measuring performance: The newsletters contain a “web beacon”, which is an image file no larger than one pixel that is retrieved from the mailing service provider’s server when the newsletter is opened. Initially, technical information such as information about your browser and system, as well as your IP address and the time of retrieval shall be collected in the course of this retrieval. This information shall be used to technically improve the services based on the technical data or the target groups, and their reading behavior based on where the retrieval occurs (which can be determined from the IP address) or the time of access. The collection of statistical information shall include a record of whether the newsletters have been opened, when they were opened, and the links within them that have been clicked. For technical reasons, this information can be allocated to the individual newsletter recipients. However, it shall be neither our nor the mailing service provider’s intention to monitor individual users. Any evaluation shall better serve the purpose of identifying the reading habits of our users and adapting our content to them, or sending different content according to our users’ interests.


17.8.      Sending the newsletter and measuring performance shall take place on the grounds of the recipients’ consent in accordance with Art. 6 (1) lit. a and Art. 7 of the GDPR in conjunction with Section 7 (2) (3) of the German Act Against Unfair Competition (UWG), or on the grounds of legal permissibility in accordance with Section 7 (3) of the UWG.


17.9.      Logging of the registration shall be on the grounds of our legitimate interests in accordance with Art. 6 (1) lit. f of the GDPR and shall serve as evidence of the consent to receive the newsletter.


17.10.    Cancellation or withdrawal: Newsletter recipients may cancel receipt of our newsletter at any time. That is, you may withdraw your consent. A link to cancel the newsletter shall be available at the bottom of each newsletter. This shall simultaneously cause your consent to the use of your data to measure performance to lapse. Regretfully, it shall not be possible to withdraw only from the use of your data to measure performance: The entire newsletter subscription must be cancelled. Cancellation of the newsletter shall result in erasure of your personal data, unless their retention shall be legally required or justified, whereby, in this case, their processing shall be restricted to only these exceptional purposes. In particular, we may store the canceled email addresses for up to three years on the grounds of our legitimate interests, as evidence of previously given consent, before erasing them from the newsletter mailing list. The processing of these data shall be restricted to the purpose of possible defense against a claim. You may submit an individual request for erasure at any time, provided that you simultaneously confirm that you had previously given your consent.


18.          Integration of third-party services and content

18.1.      We shall include third-party providers’ content and services within our online service in order to integrate their content and services, such as videos or fonts (hereinafter collectively “content”), on the grounds of our legitimate interests (that is, interests in the analysis, optimization, and commercial operation of our online service pursuant to Art. 6 [1] lit. f of the GDPR). This shall always presume that the third-party providers of this content determine users’ IP addresses since they could otherwise not deliver the content to their browsers. Therefore, the IP address is required to display this content. We shall endeavor to use only such content for which the respective provider uses the IP address solely for the distribution of the content. Furthermore, third-party providers may use “pixel tags” (invisible graphics also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to evaluate information such as visitor traffic on the pages of this website. Furthermore, the pseudonymous information may be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, time of the visit, as well as other data on the use of our online service, and may also be linked to such information from other sources.


18.2.      The following is an overview of third-party providers and their content, as well as links to their privacy policies, which include further information on the processing of data and opt-out options already mentioned here in some cases:


  • External fonts from Google, LLC, (“Google Fonts”). Google Fonts shall be integrated through a request to a Google server (generally in the USA). Privacy policy:; opt out:
  • Maps from the “Google Maps” service of third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:; opt out:
  • Videos from the “YouTube” platform of third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:; opt out:
  • Functions of the Twitter service and platform (hereinafter “Twitter”) may be integrated into our online service. Twitter is a service of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions shall include integrating our tweets on Twitter into our online service, linking to our Twitter profile, and the opportunity to interact with the tweets and functions of Twitter, as well as to determine whether users visit our online service as a result of the advertisements we place on Twitter (“conversion rate”). Twitter is certified by the Privacy Shield Framework, thus guaranteeing compliance with European data protection law ( Privacy policy:; opt out:
  • External code of the “jQuery” JavaScript framework provided by third-party provider jQuery Foundation,
  • We use by the company i-magazine AG (Gewerbestrasse 3, 9444 Diepoldsau, CH) on our website. Yumpu provides a digital platform for publishing magazines, brochures, or catalogs.


This Website uses Cookies

We store technically necessary cookies, without which the operation of the site is not possible. In order to provide you with a better user experience on our website, we would also like to evaluate anonymous analysis data. Which tools we use for this purpose and further information can be found in our Privacy Policy and in our Legal Notice.

Accept technically required cookies only

On our website you will find interesting videos and maps hosted on YouTube/Google Maps. The videos and maps are used without a cookie, but data is still loaded from google servers, which means that your surfing behaviour can be recorded by Google.

Name Google Analytics
Anbieter Google LLC
Zweck Cookie von Goolge für Website-Analysen, mit dem statistische und anonymisierte Daten darüber erfasst werden, wie der Besucher die Website nutzt.
Cookie Name _ga,_gat,_gid
Cookie Laufzeit 14 Monate