1. data protection at a glance

General information

The following notes provide a simple overview of what happens to your personal data when you visit our website or use one of our software products. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Responsible party

Data processing on our website as well as within our software products (e.g. Apps, WebApps, COSYS Cloud) is carried out by:

Cosys Ident GmbH
Am Kronsberg 1
31188 Holle

Fon: +49 5062 900 0
Fax: +49 5062 900 30

Managing Director: Dirk Baule
Commercial Register: Amtsgericht Hildesheim HRB 1196

Sales tax ID: DE 115 970 788

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses or similar).

How do we collect your data?

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website or use our software products. This is mainly technical data (e.g. internet browser, operating system, device ID or time of use). The collection of this data takes place automatically during use.

What do we use your data for?

The data you provide for the use of our goods and/or services are processed by us for the purpose of contract execution and are necessary to this extent. Conclusion and execution of the contract are not possible without the provision of your basis for the processing is Art. 6 para. 1 lit. b) DSGVO.

Part of the data is collected to ensure error-free provision of the website or our software products. Other data may be used to analyze your user behavior and to send you information.

What rights do you have regarding your data?

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have a right to demand the correction, blocking or deletion of this data. You can contact our data protection officer at any time with regard to this and other questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

No obligation to provide & consequences of non-provision

The provision of personal data is not required by law or contract and you are not obliged to provide data. We will inform you during the input process if the provision of personal data is required for the respective service (e.g. by designating it as a "required field"). In the case of required data, failure to provide it will result in the relevant service not being provided. Otherwise, failure to provide it may result in our not being able to provide our services in the same form and quality.

Analysis tools and tools from third-party providers

When visiting our website or using apps for Windows, Android or iOS devices, your browsing and usage behavior may be statistically analyzed. This is done primarily with cookies and with so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You can find detailed information on this in the following privacy policy.

You can object to this analysis. We will inform you about the objection options in this data protection declaration.

Data protection officer

We have appointed a data protection officer for our company.

Cosys Ident GmbH
Data protection officer
Am Kronsberg 1
31188 Holle

Tel. +49 5062 / 900 0
Fax: +49 5062 / 900 30

2 General notes and obligatory information

Data protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use our website or our software products (such as Apps, WebApps, COSYS Cloud), various personal data are collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right of appeal to the competent supervisory authority

In the event of violations of data protection law, the data subject has a right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the state data protection commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.

SSL or TLS encryption

For security reasons, we use SSL or TLS encryption for our websites and for the communication of our software products and to protect the transmission of confidential content, such as orders or requests that you send to us. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Hosting with external service providers

Our data processing is carried out, among other things, using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers. We do not pass on personal data to our hosting service providers. However, such data may be stored in an encrypted database on the servers provided by our hosting service providers.

Contract processing

The data transmitted by you to make use of our range of goods and/or services is processed by us for the purpose of contract processing and is necessary to this extent. Conclusion and execution of the contract are not possible without the provision of your data.Legal basis for the processing is Art. 6 para. 1 lit. b) DSGVO.

Specifically, the following data in particular is processed for the purpose of providing contractual services, service and customer care, marketing, advertising and market research from our customers, prospective customers and business partners:

  • Identification data (e.g. name, address and contact details).
  • Data in connection with the performance of the business relationship (e.g. order data, bank details, contract data, payment data, logs on remote maintenance)
  • Tax-relevant data
  • Correspondence (e.g. correspondence)
  • Advertising and sales data
  • Data from publications (e.g. Internet presence)

Data from publications (e.g. Internet presence)In the context of contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.

Checking creditworthiness and scoring

Insofar as we offer you the basic option of payment by invoice as part of our range of goods or services and you make use of this option, we reserve the right to obtain credit information from a credit agency (such as Creditreform, Schufa) on the basis of mathematical-statistical methods. For this purpose, your data, insofar as they are relevant to the contract, such as your name and address, will be forwarded to the credit agency. We use the subsequent information about the statistical probability of non-payment for our decision whether to offer you payment by invoice.

The legal basis for this processing is our legitimate interest in the default security of the claim pursuant to Art. 6 para.1 lit. f) DSGVO.

3. data collection on our website


The internet pages partly use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted after the end of your visit. Other cookies remain stored on your terminal device until you delete them. These cookies allow us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies for analyzing your surfing behavior) are stored, these are treated separately in this data protection declaration.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type and browser version
  • Operating system used
  • referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The basis for data processing is Art. 6 (1) lit. f DSGVO, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Contact form

If you send us inquiries via contact or callback form, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of the data entered in the form is therefore based exclusively on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

The data you entered in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Registrations on our websites

You can log in/register in certain areas of our website in order to use additional functions on the site. We use the data entered for this purpose only for the purpose of using the particular offer or service for which you have registered - for example, registering for an event or downloading an information brochure. The mandatory information requested during registration must be provided in full. Otherwise, we may reject the registration.

In the event of important changes, for example in the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke any consent you have given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.

The data collected during registration will be stored by us as long as you are registered on our website and will then be deleted. Legal retention periods remain unaffected.

Links to other websites

As the provider of our website, we are responsible for our own content in accordance with general legislation. Links" to content provided by other providers are to be distinguished from our own content. COSYS assumes no responsibility or liability for third-party content provided via links and does not adopt their content as its own. There is no influence on whether and how these providers comply with data protection regulations.

4. Newsletter

Newsletter data

On our websites and within our software products you have the possibility to register for our newsletter.

You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that has been stored by us for other purposes (e.g. e-mail addresses for the member area) remains unaffected by this.

In accordance with Art. 7 (3) DSGVO, you can revoke your consent to the sending of the newsletter at any time with effect for the future. To do so, you simply need to inform us of your revocation or click on the unsubscribe link contained in each newsletter.

5. integration of third-party providers (Google, Facebook, Twitter, etc.)

Google Analytics

On our websites, we use Google Analytics, a web analytics service provided by Google Inc (hereinafter: Google). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these web pages, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link:Browser-Add-on zur Deaktivierung von Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link. This will install an opt-out cookie on your device. This will prevent the collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed in your browser.

Use of Google Maps

Our websites uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors' use of the map functions. You can find more information about data processing by Google in the Google privacy policy. There you can also change your personal privacy settings in the Privacy Center.

Google reCAPTCHA

On our websites, we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an input is made by a natural person or is abused by machine and automated processing. The service includes the sending of the IP address and possibly other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6.

Paragraph 1 lit. f DSGVO on the basis of our legitimate interest in determining individual ownership on the Internet and the prevention of abuse and spam. In the context of the use of Google reCAPTCHA, there may also be a transmission of personal data to the servers of Google LLC. in the U.S.A.Further information on Google reCAPTCHA as well as Google's privacy policy can be found at

Embedded YouTube videos

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand.

If a Youtube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the saving of cookies for the Google Ad program, you will not have to deal with such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.

For more information on data protection at "Youtube", please refer to the provider's privacy policy at:

Web analysis etracker

We use etracker on our websites. This is a web analysis service provided by etracker GmbH, Erste Brunnenstr. 1, 20459 Hamburg, Germany, hereinafter referred to as "etracker". etracker is used to analyze the usage behavior of our website. The legal basis is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the analysis, optimization and economic operation of our website.

To analyze usage behavior, etracker stores cookies on your end device via your internet browser and creates a pseudonymous usage profile. However, the data processed in this way will not be used to identify you personally without your separate consent. If you do not agree with this processing, you have the option to prevent the storage of the cookie by a setting in your Internet browser. You can find more information on this above under "Cookies".

In addition, you have the option of ending the analysis of your usage behavior by way of the so-called opt-out. By confirming the link via your Internet browser, a cookie is stored on your terminal device that prevents further analysis. Please note, however, that you must click the above link again if you delete the cookies stored on your end device.

6. data collection within our apps and software products.

Types of processed data

In the course of working with hardware and software solutions offered by COSYS, you are given the opportunity to collect information relevant to the handling of your own business processes within a software-based system. This includes the following personal information such as:

  • Inventory data (e.g. names, addresses)
  • Contact data (e.g. e-mail, telephone numbers)
  • Content data (e.g. text input)
  • Usage data (e.g. access times, logins)
  • Profile data (e.g. user names, passwords)
  • Meta/communication data (e.g. device information, IP addresses)

For the following groups of persons, information can be collected within the solutions offered by COSYS:

  • Employees
  • Customers

When using our apps & software products, there is no obligation for you to provide personal data. The provision of personal data is not required by law or contract and you are not obliged to provide data. We will inform you during the input process if the provision of personal data is required for the respective service (e.g. by designating it as a "required field"). In the case of required data, failure to provide it will result in the relevant service not being provided. Otherwise, failure to provide such data may mean that we are unable to provide our services in the same form and quality.

Collection of access data and log files

COSYS collects on the basis of legitimate interests within the meaning of Art. 6 para. 1 lit. f. DSGVO data about each access to servers on which COSYS software solutions are located (server log files). The access data includes the name of the software accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for the maintenance of the software and for security reasons (e.g. to clarify misuse) for a period of 30 days. Data whose further retention is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

Purpose of processing

Based on the following legal basis and for the purposes listed below, collected data may be processed by solutions and software packages offered by COSYS.

For the handling of business processes of the customer

Data is processed within the scope of the respective solution/product used to handle the customer's business processes.

For the fulfillment of contractual obligations (Art. 6 para. 1 letter b DSGVO).

Data is processed for the execution of orders and contracts with our customers.The purposes of data processing depend in detail on the specific product and the contract documents.

In the context of the balancing of interests (Art. 6 para. 1 letter f DSGVO).

Data may also be used on the basis of a balancing of interests to safeguard legitimate interests. This is done for the following purposes:

  • General business management
  • Further development of services, systems and products
  • Fulfillment of internal requirements and requirements for auditing or administrative purposes
  • Ensuring IT security and IT operations
  • Assertion of legal claims and defense in the event of legal disputes

Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient task fulfillment, sales, avoidance of legal risks).

Protection of the deposited data

To protect the security of information during transmission, Secure Sockets Layer software (SSL) is used. This software encrypts the transmitted information from forms and input masks. COSYS maintains physical, electronic, and procedural safeguards related to the collection, storage, and disclosure of our customers' personal information. Critical input such as passwords are stored in encrypted form.

7. supplementary notes

Changes to our privacy policy

We reserve the right to occasionally adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection statement will then apply to your next visit.

Objection to advertising e-mails

We hereby object to the use of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material that has not been expressly requested. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.