Data Protection Statement

Staufen AG is happy about your visit to this website and your interest in our products and services. We would like to inform you here that we take protection of your personal data and their confidentiality very seriously. Therefore, we would like to inform you about which data we save when and what purpose we use them for, of course under observation of the applicable data protection provisions, in the following data protection notice. If you have any questions on how your personal data are handled beyond this, please feel free to contact our data protection officer; the contact details can be found below.

Validity of the data protection statement

The continuous technological further development, changes to the legal situation and our services, as well as other reasons, may require adjustments of our data protection notice. We therefore reserve the right to change this data protection statement at any time and ask you to check the current status periodically. Staufen AG will not inform you proactively. This data protection declaration shall apply to all Staufen AG websites and their sub-sites. These may contain cross-references (links) to third-party companies that this data protection declaration does not cover.

General information on data protection at Staufen AG

Unless presented differently in the following paragraphs, personal data shall generally not be collected, processed or used during use of our websites. When you access our websites, our web servers will automatically record general information. This includes the type of web browser, the operating system used, the domain name of the internet service provider, the IP address of the computer used, the website from which you visit us, the pages that you visit on our site and the data and duration of your visit. We cannot use these data to identify the individual user. We will only statistically evaluate the information and use it only to improve appeal, contents and functions of our websites and to permanently ensure these.

The term of personal data

The term of personal data is defined in the Federal Data Protection Act. According to this, these are individual data about personal or factual situations of a determined or determinable natural person. This includes your actual name, address, phone number or birthdate. The EU General Data Protection Regulation (GDPR), which will enter into effect as of May 25th, 2018, defines personal data as follows: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Collection and processing of personal data

Staufen AG will only collect personal data when you disclose it on your own, e.g. to perform an order, for registration with the academy or an event. You will be informed about the intended purpose of processing and, if necessary, asked to consent to storage. Staufen AG and its service providers (e.g. Lettershops) will use the information collected during your registration for performance of our services and to send you offers for further education, also from our partner companies, by mail. We also inform our customers about our interesting further education offers that are similar to the ones they use by phone and email. You may, of course, object to use of your data for advertising purposes towards Staufen AG, address, under, or revoke your granted consent at any time. Without your consent, the personal data collected in the scope of our websites will be used only for processing of the order or to reply to requests. Only with your consent will your data be used beyond this in a centrally managed customer and potential customer database managed under the responsibility of Staufen AG (Customer Relationship Management Software Microsoft Dynamics). You can revoke your respective consent at any time, effective for the future. Your data will not be sold, rented out or provided to third parties in any other manner than described here. Personal data shall only be submitted to state institutions and authorities in the scope of mandatory national legal provisions. Our employees, cooperation partners and agencies are obligated to strictest secrecy by us.


You can apply to Staufen AG via our Application Management Portal. Your online application will be forwarded directly to the HR department via an encrypted connection and will, of course, be treated confidentially. We will, of course, only use your details to process your application and will not pass them on to third parties outside Staufen AG. You can revoke your consent to the storage of your personal data for the future at any time by sending a short message via

In the context of an application, we process the following personal data from you:

  • All data that you have provided to us in the course of the application process (e.g. in your application documents or interviews)
  • If applicable, supplementary data that we have permissibly collected in the course of the application process (e.g., from public sources such as professional networks)
  • This may also include special categories of personal data (e.g. disability status, racial and ethnic origin, religious or ideological beliefs, or trade union membership), provided that these have been transmitted to us in one of the two aforementioned ways.

The legal basis is the decision on the establishment of an employment relationship or after the establishment of the employment relationship for its implementation according to §26 para.1 BDSG-new and Art. 6 para. 1 lit. b EU-GDPR. After the end of the selection process, we retain all data for a further six months in order to respond legally to any such allegations in the event of potential disputes regarding the application process. Temporary storage is carried out according to Art. 6 para. 1 lit. f EU-GDPR.

Application management portal (Hubdrive)

Please use the encrypted upload function there to apply for jobs with us. Alternatively, you can also send us your application by e-mail, but please note that in this case we cannot guarantee the confidentiality of your data. Although we offer transport encryption (TLS) through our e-mail server, confidentiality may depend on various e-mail relay servers over which we have no control. Whether they also use TLS and whether they evaluate the e-mails is beyond our knowledge and influence. If you have any concerns in this regard, please use the postal service for your application.

We process data submitted to us in applications in Hubdrive. The service is provided by Hubdrive GmbH, Beethovenstrasse 5c, 97080 Würzburg, Germany.

Hubdrive services as a processor for us and uses the legal basis of the data controller. The transmission and processing of personal data takes place exclusively on servers in the European Union. Further information on data protection at Hubdrive can be found here

Participants in training measures

We provide training, education, training, and other education-oriented services (hereinafter generally referred to as “Training”). In order to provide these services, we process personal data of the participants. This data is used to organize and conduct training. Selected data may also be viewable by other participants and trainers.

In the context of a training course, at least the following personal data of you will be processed by us:

  • All data that you have provided to us in preparation for and in the course of a training,
  • Data we need to process contractual matters,
  • Insofar as public funding is used, data necessary for the organization and receipt of funding.

To conduct training, we may also use services mentioned in the section “Participants in online meetings, conference calls with and without images, online support and webinars.”

The legal basis for processing is the fulfillment of the contractual relationship by participating in the training (Art. 6 para. 1 lit. b EU-GDPR). Occasionally, processing may also be based on our legitimate interests (Art. 6(1)(f) EU GDPR) to provide engaging and effective training.

FKC Learning Platform/Learning Management System

We use the service of the FKC learning platform, provided by Fischer, Knoblauch & Co. Medienproduktionsgesellschaft mbH, Lilienthalallee 7, 80807 Munich, Germany.

Fischer, Knoblauch & Co. serves as a processor for us (see section “Cooperation with processors”) and thus uses the legal basis of the data controller.

The learning platform stores additional technical data (comparable to the information in the section “Processed personal data on the website/log data”) as well as transferred data volume, the access status (file transferred, file not found), some technically necessary cookies), as well as learning progress, test results, and survey results.

Further information on how Fischer, Knoblauch & Co. Medienproduktionsgesellschaft handles your personal data can be found in the relevant privacy policy.


You have the option of contacting us via our email address or the contact form. Of course, we will use the personal data submitted to us in this manner only for the purpose for which you submitted them to us when you contact us. As far as we request any input via our contact form that is not necessary for contacting us, we have always marked this as optional. This information serves to specify your request and improve processing of your request. Disclosure of this information shall expressly be on a voluntary basis and with your consent. As far as this is information on communication channels (e.g. email address, phone number), you also agree that we may contact you through this communication channel as well in order to answer your request. Of course, you may revoke this consent at any time, effective for the future. Please contact or our data protection officer for this, whose contact details you can find below.

Data transfer

Your data will generally not be transferred to any third parties outside Staufen AG, except if we are legally required to do so or if forwarding of the data is required to perform the contract, or if you have expressly consented to passing on of your data. External service providers and partner companies will only receive your data as far as this is required to process your request. In this case, handling of the submitted data shall, however, be limited to the required minimum. As far as our service providers and partners come into contact with your personal data, we will ensure that they comply with the provisions of the data protection laws in the same manner. Please also note the respective data protection notices of the providers. The respective service providers shall be responsible for the contents of third-party services. We shall review the services for compliance with the statutory requirements at the reasonable scope.

Cookies, IP address, anonymized use evaluation

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files that are stored on your computer and that permit analysis of your use of the website. The information generated by the cookie regarding your use of this website (including your IP address) will be transferred to a server of Google in the USA and stored there. Google will use this information in order to evaluate your use of the website, in order to compile reports on the website activities for the website operators and in order to render further services connected to use of the website. Google may also pass this information on to third parties as far as required by law or as far as third parties process these data on the order of Google. Google shall in no case combine your IP address with any other data of Google. You may prevent installation of the cookies by setting your browser software accordingly; however, please note that you may be unable to use all functions of this website in full then. By using this website, you agree to processing of the data collected about you by Google in the manner and for the purpose described above.

By using this internet offer, you agree to processing of the data collected about you by Google in the manner and for the purpose described above.

You may prevent the installation of Google cookies by setting your browser software accordingly and thus prevent collection and processing of your user data. However, please note that you may be unable to use all functions of this internet offer in full.

Google Analytics

This website uses Google Analytics. On the order of the operator of this website, Google shall evaluate your use of the website, in order to compile reports on the website activities and in order to render further services connected to use of the website.

Since the coordination of the Hamburg officer for data protection and freedom of information with Google based on the resolution of the Düsseldorfer Kreis on the data-protection-compliant design of analysis methods for determination of the reach of internet offers, it has been possible to use Google Analytics in compliance with data protection and without complaints under certain conditions. Of course, we comply with these requirements. Google Analytics also uses “cookies”. The information generated by the cookie regarding your use of this website is usually transferred to a server of Google in the USA and stored there. You may prevent storage of the cookies by setting your browser software accordingly; however, please note that you may be unable to use all functions of this website in full then. You may also prevent transmission of the data generated by the cookie regarding your use of the website (incl. your IP address) to Google and processing of such data by Google by downloading and installing the browser add-on. Clicking here will set an opt-out cookie that will prevent future recording of your data when you visit this website:

LinkedIn Analytics and LinkedIn Ads

We use the conversion tracking technology and the retargeting function of LinkedIn Ireland Unlimited Company, 70 Sir John Rogerson’s Quay, Dublin 2, Dublin, D02r296, Ireland on our website.

With the help of this technology, visitors to this website can be served personalized advertisements on LinkedIn. Furthermore, the possibility arises to create anonymous reports on the performance of the advertisements as well as information on website interaction. For this purpose, the LinkedIn Insight tag is embedded on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

In the privacy policy of LinkedIn you will find more information on data collection and data use, as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate the data collection at any time at the following link:

We use the LinkedIn Insight Tag to design our website according to demand and to advertise it (legitimate interest according to Art. 6 (1) lit f. DSGVO).

Google Tag Manager

For reasons of transparency, we inform you that we use the Google Tag Manager. The Google Tag Manager does not record any personal data directly. The Tag Manager makes it easier for us to integrate and manage our tags. Tags are small code elements that are used, among others, to measure traffic and visitor behavior and to record the effects of online advertisement and social channels. We use the tag manager for the Google services Google Analytics and GA Audience. If you have deactivated it, this deactivation will be considered by the Google Tag Manager. For more information on the Google Tag Manager, see:

Friendly Captcha

We use the service Friendly Captcha on our websites, operated by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. This service checks whether the entries on a contact form, for example, are actually made by a human user or by machine or automated programs (“bots”). For this purpose, program code from Friendly Captcha was integrated so that the user’s device can establish a connection to Friendly Captcha’s servers in order to receive a calculation task from Friendly Captcha. The visitor’s device solves the calculation task, which takes up certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives as a response whether the puzzle was solved correctly by the device. Depending on the result, we can apply security rules to requests via our website and thus, for example, process them further or reject them.

The data is used exclusively for the protection against bots described above. Friendly Captcha does not set or read cookies on the visitor’s device. IP addresses are only stored in hashed (one-way encrypted) form and do not allow us and Friendly Captcha to identify individuals. The legal basis for the processing is the legitimate interest according to Art. 6 para. 1 lit. f EU-GDPR in protecting websites against abusive access by bots, spam protection, and protection against attacks (e.g., mass requests) and in general to detect and prevent abusive or technically damaging use of our website.

For more information about Friendly Captcha’s privacy practices, please visit here

BCdiploma / Provider of Open Badges/ Digital Training Certificates 

We use the services of BCdiploma, provided by Blockchain Certified SAS, 104 Avenue Albert 1er, 92500 Rueil Malmaison, France. 

BCdiploma is a service for administering, preparing and backing up digital training certificates in Open Badge format. BCdiploma facilitates the issuance of digital and authenticated certificates based on Ethereum blockchain technology.  

We offer this service for our own training programs. The use of certificates prepared using BCdiploma by training attendees is voluntary. The type and scope of data depends on the training. If the training attendee uses training certificates created via BCdiploma, their personal data will be processed for the following purposes: Preparation and issuance of training certificates for the training attendee in digital form , making the certificates available to the training attendee by means of a special online link, and the ability for third parties to verify the authenticity of training certificates, insofar as a verification link has been delivered to the third party by the training attendee. 

All data that is readily accessible to third parties is encrypted and only such encrypted data will be stored in a public blockchain. Consequently, any other subscriber to the blockchain will only have access to encrypted data. Certificate data is stored in the blockchain so that it remains available for the entire life of this blockchain. 

The legal basis for processing is the fulfillment of the contractual relationship by attending the training (Art. 6 (1.b) EU GDPR). Moreover, processing is also based on our legitimate interests (Art. 6(1.f) EU GDPR), specifically to automate and reduce the cost of issuing and storing certificates, to ensure the authenticity of the certificates we issue (and prevent forgery) and to be able to trace how our certificates are used.  

If a training attendee decides to use digital training certificates, this may also involve the processing of personal data (‘last name’, ‘first name’ and ’email address’, if applicable, records of connections and actions, and possibly email correspondence with the support and sales departments) by the BCdiploma provider. The purpose of the processing is to provide the training attendee access to the full range of service features, including user support, maintenance, and troubleshooting of the BCdiploma service, and to improve the quality of the business relationship with the client. The legal basis for this processing of personal data is the legitimate interests pursued by Blockchain Certified SAS pursuant to Art. 6 (1.f) EU DSGVO, i.e. the proper use of the BCiploma Service in accordance with the General Terms of Use and the User Agreements. 

For more information on how Blockchain Certified SAS handles personal data, refer to the relevant privacy policy.

Data security

Staufen AG uses technical and organizational safety measures in order to protect your data managed by us from accidental or willful manipulation, loss, destruction or access by unauthorized persons. Our safety measures will be continually improved according to the technological development. We have aligned our company in accordance with ISO 27001 (information protection management).

Information requirements for whistleblowers


We provide communication channels for whistleblowers to report suspected violations of laws that are relevant to us. Personal data of the person providing the information may also be processed. The categories of personal information vary depending on the person providing the information.

The information provided will be processed, among other things, for the purposes of verifying and documenting reports, conducting internal investigations (including disclosure to external lawyers, auditors or other professionals bound to secrecy by professional law, as well as to persons responsible in other parts of the group of companies), and reporting to government authorities (e.g., police, prosecutors, or courts) as appropriate.

The retention period depends on legal requirements, typically three years after the conclusion of a case.

We assure all people who provide information that it will be kept confidential. This is based on the legal requirements of Sections 8 and 9 of the German Whistleblower Protection Act (HinSchG). We accept anonymous tips, but cannot guarantee the anonymity of the individual submitting the tip during the course of the investigation.

The legal basis of the processing is the fulfillment of legal obligations (Art. 6 para. 1 point c EU GDPR).

Service: yourIT Whistleblowing System

We use the service yourIT Whistleblowing System, provided by yourIT GmbH, Häselstr. 10, 72336 Balingen, Germany.

The whistleblowing system is operated as part of the activities of the data protection officer and provides the legally required reporting channels, i.e., textual reports are received via an email address set up specifically for the receipt and processing of whistleblower reports under the German Whistleblower Protection Act (HinSchG); verbal reports are received via a whistleblower hotline at the switchboard and – optionally at the whistleblower’s request – in a personal meeting (both on-site and via video conference). Part of the system is a digital exchange platform that provides confidentiality to whistleblowers. The service is part of the internal whistleblower reporting system and is subject to legal requirements. The transfer and processing is based on the legal basis of the fulfillment of legal obligations (Art. 6 para. 1 point c EU GDPR) and in particular Section 10 of the German Whistleblower Protection Act (HinSchG).

Rights of data subjects

If your personal data are processed, you are a data subject within the meaning of the GDPR and you have the following rights towards the controller:

  • Right to information according to section 15 GDPR
    You may demand confirmation from us on whether personal data referring to you are processed by us. If we have processed any data on you, you have further information rights named in section 15 GDPR.
    Right to correction
  • If your data that we have recorded about you are inaccurate or incomplete, you may demand rectification according to section 16 GDPR without delay.
  • Right to restriction of processing
    Subject to the provisions of section 18 GDPR, you may also demand restriction of processing of the personal data referring to you under certain circumstances. After the restriction, your data must only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of any other natural person or legal entity, or for reasons of an important public interest of the Union or a member state. We will inform you before the restriction is revoked.
  • Right to deletion
    If one of the reasons from section 17 para. 1 GDPR is present, you may demand that we erase the personal data referring to you without delay, except if an exception from the deletion obligation according to section 17 para. 3 GDPR applies.
    Right to information
  • If you have asserted your right to rectification, deletion or restriction of processing against us, we shall be obligated according to section 19 GDPR to inform all recipients of your personal data of this, except if notification is impossible or subject to an unreasonable effort. You also have the right to be informed about the recipients. You have the right to be informed about these recipients by the controller.
    Right to transferability of data
  • You also have the right according to section 20 GDPR to receive the personal data referring to you from us in a machine-readable format and to transfer the data to another controller without obstruction if the prerequisites of section 20 para. 1 lit. a GDPR are met.
  • Right to object
    You have the right to object to distribution of the personal data referring to you towards Staufen AG according to set. 6 para. 1 lit. f GDPR. You have the right to revoke consent granted to us at any time, effective for the future. This shall only require an informal notification of the responsible office or If you revoke your consent, we shall delete your personal data. Data that we must keep due to archiving obligations under the law, articles of associations or contracts, shall be blocked instead of being deleted in order to prevent use for any other purposes.
  • Staufen AG shall no longer process your personal data, except if protection-worthy reasons for processing overrule your interests, rights and freedoms or if processing serves to assert, exercise or defend legal claims.
  • Right to revocation of the declaration of consent under data protection law
    You have the right to revoke your declaration of consent under data protection law at any time by declaration towards Staufen AG. Revocation of your consent shall not affect legality of the processing that took place due to your consent until revocation.

Data protection officer

Blumenstraße 5 . D-73257 Köngen
Phone: 49 7024 8056 0

Contact details of the responsible

Blumenstraße 5 . D-73257 Köngen
Phone: +49 7024 8056 0

represented by the management:
Board of directors: Wilhelm Goschy (CEO) . Markus Riegger
Chairman of the supervisory board: Martin Haas

More things to know


Read here about the things that move us and your industry. Our selection of news will keep you up to date about people, projects and the latest issues of interest.

Read more


In times of rapid, sometimes even disruptive change, an organization’s ability to adapt and change is the success factor par excellence. Without a finely tuned culture of change that promotes a pioneering spirit and personal responsibility, it will not be possible to successfully anticipate future developments. In our podcast, business leaders and innovators discuss the challenges ahead as well as new ways and opportunities to flexibly adapt to them.

Read more


In our blog you will find insightful articles about the topics that drive us: Lean Management, Organizational Development, Digitalization, …

Read more
Staufen Back To Top Button