Privacy Policy

This data privacy statement informs you about the kind, scope and purpose of collecting and processing personal data (henceforth ‘data’) within our online products and with the associated websites, features and content, as well as online presence, for example, in social media. We understand the terms as they are defined Article 4 of the General Data Protection Regulation (GDPR).

Date: 01.02.2023

Responsible Parties
microTOOL GmbH
Pettenkoferstraße 4b
10247 Berlin

Handelsregister/Nr.: HRB 21623 AG Berlin-Charlottenburg
Geschäftsführer: Enrico Fritz, René Rönisch

Telefon: +49 (30) 467086-0

Data Protection Officer
Hubert Siegemund
microTOOL GmbH
Pettenkoferstraße 4b
10247 Berlin


Types of Processed Data

Inventory data (e.g. names, addresses)
Contact details (e.g. e-mail, telephone number)
Content details (e.g. text entry, photographs, videos)
Contract data (e.g. contractual obligation, duration, customer category)
Payment information (e.g. bank account, payment history)
Usage data (e.g. websites visited, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)

Processing of Special Categories of Personal Data (Art. 9 Paragraph 1)

No particular category of data will be processed.

Category of People Affected by Processing

Customers/potential customers/suppliers
Visitors and users of online services
Newsletter subscription
We will henceforth refer to the above-mentioned people as “users”.

Purpose of Processing

Provision of online services, content and features.
Rendering of contractual obligations, services and customer care.
Answering contact requests and communication with users
Marketing, advertising and market research
Security measures.

1. Standard Legal Basis

According to the measures in Article 13 of the GDPR, we will notify you of the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for soliciting consent is Art. 6 Par 1 lit. a and Art. 7 of the GDPR, the legal basis for processing data to fulfil our legal obligations is Art. 6 Par. 1 lit c of the GDPR and the legal basis for processing data to safeguard our legitimate interests is Art. 6 Par. 1 lit. f of the GDPR. If the vital interests of the concerned person or another natural person make data processing necessary, Art. 6 Par. 1 lit d serves as the legal basis for this.

2. Changes and Updates to the Privacy Policy

We request that you stay informed as to the content of our privacy policy. We will change it when changes are required by the data processing we carry out. We will inform you when there are changes that require action on your part, or where an individual notification is necessary.

3. Security Measures


In line with Art. 32 of the GDPR, allowing for the status of technology, the implementation costs and the type, scope, circumstances and purposes of processing as well as the occurrence likelihoods and weight of risks for the rights and freedoms of natural persons, we meet the recommended technical and organizational measures to guarantee an appropriate level of protection from risks. In particular this includes confidentiality, integrity and availability of data through controlling physical access to data as well as the relevant access, entries, forwarding, security of availability and its separation. Additionally we have arranged procedures that guarantee awareness of rights, deleting data and reactions to data endangerment. Furthermore, we consider the protection of personal data at the point of development, i.e. the selection of hardware, software, as well as procedures, namely the principle of data protection through technology development and through data-protection-friendly preconfigurations.


Security measures include, in particular, the encrypted transmission of data between your browser and our server.

4. Cooperation with Processors and Third Parties


If we disclose data with other people and businesses (data processing companies or third parties) in the course of processing, transmit it to them or grant them access to the data in another way, this only occurs on the basis of legal permission (for instance, where it is necessary to transfer data to a third party like a payment provider according to Art. 6 Par. 1 lit b of the GDPR), or where you have given permission, or when a legal obligation requires us to do so, or on the basis of our legitimate interests (for instance, when using agents, web hosts, etc).


If we commission third parties with data processing on the basis of a processor contract, this will occur on the basis of Art. 28 of the GDPR.

5. Tranfers to Third Countries

If we process data in a third country (this refers to countries outside of the European Union (EU) or the European Economic Area (EEA) or if this occurs within the use of services from third parties or the disclosure or transmission of data to a third party occurs, then this will only happen if it is to fulfil our (pre)contractual obligations, on the basis of your consent, because of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or store the data in third countries when there is a particular requirement of Article 44 ff. GDPR. This means that processing will happen only, for example, on the basis of particular guarantees like the officially recognized statement of an EU-appropriate data protection level (for example, for the USA with the Privacy Shield) or compliance with officially recognized contractual obligations (standard contractual clauses).

6. Data Subject Rights


You have the right to request a confirmation of whether data has been processed and information about this data as well as further information and a copy of the data corresponding to Art. 15 of the GDPR.


You have the right to request a complete record of data held about you or to correct incorrect data held about you according to Art. 16 of the GDPR.


According to the measure of Art. 17 of the GDPR, you have the right to request the data held on you is deleted immediately, or alternatively, according to the measure of Art. 18 GDPR, the right to request a restriction of processing of your data.


You have the right to request the data you have given us about you and request this data be given to another controller.


You have the right to file a complaint with the relevant authority in accordance with Art. 77 of the GDPR.

7. Right of Revocation

You have the right to withdraw your consent with future effect in accordance with Art. 7 Par. 3 of the GDPR.

8. Right of Objection

You can withdraw permission to process your data in the future according to Art. 21 at any time. In particular, this withdrawal can be used against processing data for the purposes of direct marketing.

9. Cookies and Right of Rejection with Direct Advertising

We use temporary and permanent cookies, which are small files that are saved on the user’s devices (for an explanation of the term and its function, see the last paragraph of this privacy policy). These cookies,to some extent, provide security or are necessary to operate our online content (e.g. to present the website) or to save the user’s decision regarding confirmation of the cookies banner. Additionally, we and our technology partners use cookies to measure our reach and for other marketing purposes, about which users will be informed over the course of the privacy policy.

A general opposition to the use of cookies for online marketing purposes for a range of services, above all in the case of tracking, is explained on the American site or the EU site Furthermore, saving cookies can be turned off in your browser settings. Please note that this might mean not all features of our online service can be used.

10. Deleting Data


The data processed by us according to the measures of Art. 17 and 18 of the GDPR will be deleted or processed at a limited scope. Unless specified in the course of this privacy policy, the data saved by us will be deleted when it is no longer required for its intended purposes and its deletion does not conflict with any legal retention requirements. Where the data is not deleted because it is necessary for other and legal purposes, its processing will be limited. This means that the data will be blocked and not used for other purposes. This applies, for example, to data that has to be stored in accordance with commercial or taxation laws.


In line with legal requirements, data will be stored for six years according to § 257 Abs. 1 HGB (account books, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounts documentation, etc.) and for ten years according to § 147 Abs. 1 AO (books, records, management reports, commercial correspondence, documents relevant to taxation, etc.).

11. Rendering of Contractual Obligations


We process inventory data (e.g. names and addresses as well as user contact data), control data (e.g. obligatory tasks, names of contact people, payment information) for the purpose of fulfilling our contractual obligations and services according to Art. 6 Par. 1 lit b. of the GDPR. The mandatory fields in the online forms are required to close a contract.


In the framework of registering and logging in again as well as using our online services, we save the IP address and the time of each user action. This is for our own legitimate interests as well as to protect the user from misuse and other unauthorized usage. This data is not forwarded to third parties, unless it is necessary for pursuing our claims or if a legal obligation to do so arises according to Art. 6 Par. 1 lit c of the GDPR.


We will process usage data (e.g. which of our sites a user visits, interest in our products) and content data (e.g entries in form data or user profile) into a user profile for advertising purposes in order to show the user, for example, product suggestions based on previously used services.


Data is deleted after the expiry of warranty and comparable obligations; the necessity of keeping the information will be checked every three years, in the case of legal archiving obligations, the data will be deleted after these expire: six years for commercial law and ten years for taxation law. Data in a customer profile remain until they are deleted.

12. Making Contact


When contacting us via the contact form or via email, user data will be processed to deal with the contact query and its settlement according to Art. 6 Par. 1 lit b of the GDPR.


User data may be saved in our internal customer relationship management system (CRM system) or a comparable inquiry organization.


We delete these queries when that they are no longer necessary. We check the necessity every two years, inquiries from customers with a customer account are saved long-term and refer to the deletion of customer account data. In the case of a legal storage obligation, the data will be deleted when the obligation expires, six years for commercial law and ten for taxation law.

13. Comments and Contributions


If a user wants to leave comments or other contributions, the IP address will be saved for seven days on the basis of our legitimate interests as per Art. 6 Par. 1 lit. f of the GDPR.


This happens for our security, in case of wrongful conduct (insults, forbidden political propaganda, etc.). In these cases, we could be prosecuted for the comments or contributions and so we are have an interest in the identity of the writer.

14. Collection of Access Aata and Log Files


On the basis of our legitimate interests as per Art. 6 Par. 1 lit. f. of the GDPR, we gather data of all access to the server where this service is located (these are called server log files). This data includes the name of the website visited, file, date and time of the visit, the amount of data transferred, notification of successful data retrieval, browser type and version, operating system used, referrer URL (the site visited previously), IP address and the provider making the request.


Log file information is saved for a maximum of seven days for security reasons (e.g. to explain misuse or defraudation) and then deleted. Data that must be stored for longer for evidentiary purposes is excepted from deletion until the particular incident has been resolved.

15. Online Presence in Social Media


We maintain an online presence on social networks and platforms to communicate with customers who are active there, as well as interested parties and users about our services. On each of these networks and platforms, the terms and conditions and data processing rules of each provider apply.


Unless otherwise specified in our privacy policy, data shared with us on social media and platforms will be processed if it is shared with us via communication on the social network or platform, for example, written contributions to our online presence or messages sent to us.

16. Cookies and Reach Measurements


Cookies are information that is transferred from one web server or a third party web server to the web browser of the user and saved there to be retrieved later. Cookies are small files or other methods of saving information.


Through this privacy policy, users will be informed about cookies in the framework of pseudonymous reach measurement.


If the user does not want cookies to be saved on their computer, then they can deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the system settings of the browsers. Not allowing cookies can lead to limited features of this online content.


You can object to the use of cookies that are used to for reach measurement and advertising purposes on the deactivation page of the network advertising initiative ( and with the American website ( or the European website (

17. Google Analytics


We use Google Analytics and Google Analytics 4 (GA4) to pursue our legitimate interests (that is, the interests in the analysis, optimization and economic operation of our online content as per Art. 6 Par. 1 lit f. of the GDPR). Google Analytics and GA4 are web analysis services operated by Google LLC (“Google”). As a general rule, the information generated by cookies about how you are using the website is sent to a Google server in the US and stored there.


Google is certified under the Privacy Shield Agreement and therefore guarantees that it will comply with the European data protection laws (


Google will use this information on our account to evaluate the user’s usage of our online content, to compile reports about activities within our online content and to render more services linked to the us of this online content and internet use. This means that a pseudonymous user profile of the user may be created.


We implement Google Analytics to display ads within the web services of Google and its partners only to users who have shown interest in our online content or have particular characteristics (e.g. interest in particular themes or products that can be determined from the websites they have visited) which we share with Google (“remarketing” or “Google Analytics audiences”). With remarketing audiences, we want to make sure that our ads are in line with the potential interests of the user and do not irritate the user.


We only use Google Analytics with active IP anonymization. This means that the IP address of the user will be shortened by Google within the member states of the European Union or other signatories to the agreement through the European Economic Area. The IP address will only be transferred to the USA and shortened there in exceptional cases.


The IP address transferred by the browser will not be merged with other data from Google. The user can stop cookies from being saved in the browser settings, the user can also stop the collection of data that is generated from cookies and related to online behavior and stop it being transferred to Google as well as stop Google from processing this information by downloading the following browser plugin and installing it:


Further information about Google’s data use, and options for settings and objections can be read on Google’s website: (How Google uses information from sites or apps that use our services),, (Control the information Google uses to show you ads)

18. Google Re/Marketing Services


On the basis of our legitimate interests (interests in analytics, optimization and economic operation of our online content as per Art. 6 Par. 1 lit f. of the GDPR), we use the marketing and remarketing services of Google LLC, 1600 Amphitheatre Parkway, Mountain View CA 94043 USA (Google marketing services)


Google is certified by the Privacy Shield agreement and therefore guarantees compliance with the European Data protection laws. (


Google marketing services allows us to use targeted ads for our website, to display ads to users who might be interested in our products. If a user, for example, is shown ads for products that they have been interested in on other websites, this is known as re-marketing. For these purposes, on websites where Google Marketing services are active, a Google code will be executed immediately by Google and remarketing tags (invisible graphics or code, also known as web beacons) will be connected with this website. With these, an individual cookie will be saved on the user’s device (another similar technology might be used instead of cookies). Cookies can be set from different domains like,,,, or This file will contain information on the websites the user has searched for, the content the user was interested in and what they clicked, as well as technological information such as the browser and operating system, referring websites, time of visit as well as other data about website use. The user’s IP address is also shared with Google, but as stated in Google Analytics, the IP address is shortened within a member state of the European Union or a signatory state of the European data privacy laws belonging to the European Economic Area, and only in exceptional cases will the IP address be transferred to the US and shortened there. The aforementioned information can also be connected with information from other sources by Google. If a user then visits other websites, targeted ads may be shown there that correspond to their interests.


The user data in Google Marketing services is processed with a pseudonym. This means that Google doesn’t save users’ names and email addresses, but processes the relevant data with cookie files within a pseudonymous user profile. This means that from Google’s point of view, the ads are not managed and shown for a particular person, but rather for the cookie holder, whomever they may be. This does not apply if a user has explicitly allowed Google to process their information without the pseudonym. The data collected about users by Google Marketing Services are transferred to Google and saved on Google servers in the USA.


We also use the service “Google optimizer”. It allows us to track the effects of different changes to our websites with “A/B testing” (e.g. changing the design, entry fields, etc.). Cookies are saved on the user’s device for the purpose of these tests. Only pseudonymous user data will be processed.


We also use “Google Tag Manager” to connect and manage the Google Analytics and Marketing Services on our website.


Further information about Google’s data use for marketing purposes can be found on this site:, and Google’s privacy policy can be read here:


If you would like to opt out of targeted advertising by Google Marketing Services, you can use the Google settings and opt-out options here:

19. Social Plugins


On the basis of our legitimate interest (i.e. in analysis, optimization and economic operation of our online content as per Art. 6 Par. 1 lit f. of the GDPR), we use the social share plugin Monarch by the business Elegant Themes Inc., 1233 Howard Street, Apartment 3A, San Francisco, California 94114. The plugin enables users to share our blog articles to social media platforms like Facebook, Twitter, Google+, Pinterest or LinkedIn.


When a user uses a feature of the online content that contains a plugin, no data exchange with social media takes place yet. A connection to the social network is only executed when the user actively clicks on the share button for the selected network, which also enables a transfer of user data. We do not have any influence on the scope of this data and therefore inform the user according to our knowledge.

20. Newsletter


In the following we would like to inform you of the content of our newsletter as well as the registration process, sending process and static evaluation processes, and well as your right to withdraw from the newsletter. By subscribing to our newsletter, you agree to receive our newsletter and to the described processes.


Content of the newsletter: we only send newsletters, e-mails and other electronic notifications with promotional materials (henceforth newsletters) with the consent of the recipient or with legal permission. If a newsletter’s content changes specifically over the course of registration, this is relevant to the permission of the user.


Double opt-in and protocol: Registration for our newsletter is a double opt-in process. This means that you get an email after registering in which you are asked for a confirmation of your registration. This confirmation is necessary so no one can register a false e-mail address. The registrations for e-mail are logged to provide evidence of the legal requirements of the registration process. These include saving the login and confirmation times as well as the IP address. The changes will also be saved by the e-mail marketing service.


E-mail marketing service: The newsletter is sent via “MailChimp”, an e-mail marketing platform by the US provider Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The provider’s data protection measures can be seen here: The Rocket Science Group LLC d/b/a MailChimp is certified by the Privacy Shield agreement and therefore guarantees compliance with the European data protection laws.


E-mail marketing service: The newsletter is dispatched using “Brevo”, a newsletter dispatch platform of the German provider Sendinblue GmbH, Köpenickerstraße 126, 10179 Berlin, Germany. You can view the privacy policy of the dispatch service provider here: The data is stored at Google Cloud Platforms (GCP) in Germany as well as Belgium. Additionally, encrypted backups are stored at GCP in Belgium. GCP has an ISO 27001 certification.
The GDPR applies in all member states of the European Union (Art. 3 para.1 GDPR). Consequently, GCP in Belgium is bound by the requirements of the GDPR. There is a contractual relationship with GCP by means of a contract processing agreement pursuant to Art. 28 DSGVO.


Additionally, the provider can collect some information in pseudonymous form, this means without allocating the data to a user, for the means of optimizing or improving their own servers, e.g. technological optimization of distribution and presentation of the newsletter or for statistical purposes to determine which countries the recipients come from. The provider does not use the data of our newsletter recipients to contact them nor to transfer the information to third parties.


Registration data: To register for the newsletter, it is sufficient to just enter an e-mail address. Optionally, we ask for your name as well so we can address you personally in the newsletter.


Performance measurement: The newsletters contain a web beacon, which is a pixel sized file that is retrieved by the e-mail marketing service when the newsletter is opened. This retrieval allows the technical information like information about your browser and system as well as your IP address and the time of the retrieval to be recorded. This information will be used for technical improves to the services based on technical information or information about the target group, their reading behavior and where they read (based on the IP address) or the time of access. Statistic recording of data also includes whether the newsletter was opened, when it was opened and which links were clicked. This information can be allocated to individual newsletter recipients for technical reasons. However, it is neither our goal, nor that of the e-mail marketing service, to track individual users. The evaluation serves to recognize reading habits of our users and to adapt our content to them, or to provide different content according to their interests.


The newsletter is send and performance is measured on the basis of the recipient’s consent according to Art. 6 Par. 1 lit a, Art. 7 of the GDPR in connection with § 7 Abs. 2 Nr. 3 UWG or on the basis of legal permission according to § 7 Par. 3 UWG.


The registration process record keeping occurs on the basis of our legitimate interest according to Art. 6 Par. 1 lit f of the GDPR and serves as evidence of consent to receive the newsletter.


Cancellation – You can cancel our newsletter at any time, this means withdraw your consent. A link to cancel the newsletter can be found at the bottom of every newsletter. If the user has only registered for the newsletter and cancels this service, their personal data will be deleted.

21. Connection to Services and Contents of third Parties


We use third party services to operate our online services on the basis of our legitimate interests (this means interest in analysis, optimization and economical operation of our online content as per Art. 6 Par. 1 lit f. of the GDPR.) and these services allow, for example, videos or fonts to be displayed on our website – henceforth referred to as contents. This always requires that third party providers are able to access this content and the user’s IP address, because without the IP address they can’t send information to the browser. So the IP address is necessary to display the content. We make sure to only use content where the provider only needs the IP address to provide the content. Third party may use pixel tags or web beacons for statistical or marketing purposes. These pixel tags can collect information which can be used to evaluate website traffic. Pseudonymous information can also be saved on the device in the form of cookies and, inter alia, technical information about the browser and operating system, referring websites, visiting times, as well as other information on the use of our website might also be connected with information from other sources.


The following information offers an overview of the third parties as well as their contents, links to their privacy policies which reference data processing and opt-out options.


External fonts from Google LLC.,, (“Google Fonts”).The connection with Google Fonts occurs through a server call to Google (generally located in the USA.) Privacy policy:, Opt-Out:


Videos on the platform “YouTube”
The third party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy:, Opt-Out: Some videos are embedded with the YouTube Gallery plug-in from Elfsight. Information on Elfsight’s data protection can be found at:


Sharing with “Instagram”
There are features of our online service that are connected with the service Instagram. These features are provide through Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). If you are logged into your Instagram account, then you can link contents from our site with your Instagram profile. Then Instagram can allocate a visit to our page to your account.
The purpose and scope of data collection and the processing and use of data by Instagram as well as the rights and setting options concerning these regarding the protection of your privacy can be read in Instagram‘s privacy policy:


Sharing with “Facebook”
There are features of our online service that are connected with the service Facebook. These features are provide through Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). If you are logged into your Facebook account, then you can link contents from our site with your Facebook profile. Then Facebook can allocate a visit to our page to your account.

The purpose and scope of data collection and the processing and use of data by Facebook as well as the rights and setting options concerning these regarding the protection of your privacy can be read in Facebook’s privacy policy:


Sharing with “LinkedIn”
There are features of our online service that are connected with the service LinkedIn. These features are provide through LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA., USA. If you are logged into your LinkedIn account, then you can link content from our side to your LinkedIn profile by clicking the LinkedIn button. Then LinkedIn can allocate a visit to our page to your account.


Sharing with “Twitter”
There are features of our online service that are connection with the service Twitter (henceforth “Twitter”). These features are provided by the third party service Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. These features include displaying out posts on Twitter within our online content, connecting to our Twitter profile as well as the option of interacting with the posts and Twitter’s features, as well as measuring whether users visit our website from the ads that are displayed to them on Twitter (conversion measurement). Twitter is certified under the Privacy Shield agreement and therefore guarantees compliance with the European data protection laws. ( Privacy policy:, Opt-Out:


External code of the JavaScript framework “jQuery”, provided by the third party jQuery Foundation,


Content delivery network “Cloudfare”
This website uses a CDN service (content delivery service) from Cloudflare Inc. A CDN serves to increase performance of the website and provides content for a specific purpose to your browser from a nearby server. Cloudfare Inc. has many servers in Europe to be able to send content to you as quickly as possible. However, it is not technically impossible that your browser will access a server located outside of the EU and send your data to this country (for instance if you access a website that is not located in the EU or for some other reason). In such cases, you agree to send your data to the USA or the country where the server is located. Information on the security policy of Cloudfare, Inc. can be found here:



This website uses a service from swiperjs for sliders via the URLS and

When using the slider from swiperjs, no personal data from you will be collected, processed or used. Without explicit consent from you, swiperjs will also not identify or disclose your customer information unless required to do so by law or in the good faith belief that doing so will protect the rights, safety, or property of swiperjs, its users, and the public.



This website uses Divi Theme by Elegant Themes as WordPress theme.

Privacy policy: