Legal

Privacy notice

Last updated: 22 May 2026

English summary. The German version of this privacy notice is legally binding under the GDPR for this jurisdiction. The following is a faithful summary in English. For the full legal text in German, see /datenschutz.

Preamble

This privacy notice explains the types of personal data we process, the purposes for which we process them, and the scope of that processing. It applies to all processing of personal data we carry out, both in the course of our services and in particular on our websites, in mobile applications and within external online presences such as our social-media profiles (together: the "online offering").

Controller

Stefan Junge
Freiherr-vom-Stein-Straße 11
57518 Betzdorf, Germany

Email: impact@jufinity.de

Overview of processing

Types of data processed

  • Master data, employee data, contact data, content data, usage data
  • Meta, communication and procedural data; log data

Categories of data subjects

  • Employees, users, third parties, whistleblowers

Purposes of processing

  • Communication, security measures, feedback
  • Provision of our online offering and user experience
  • IT infrastructure, whistleblower protection, public relations

We process personal data on the following GDPR legal bases:

  • Consent (Art. 6(1)(a) GDPR) — the data subject has given consent to the processing for one or more specific purposes.
  • Legal obligation (Art. 6(1)(c) GDPR) — processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Legitimate interests (Art. 6(1)(f) GDPR) — processing is necessary for the legitimate interests of the controller or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override those interests.

In addition to the GDPR, German national data-protection law applies, in particular the German Federal Data Protection Act (BDSG).

Security measures

We take appropriate technical and organisational measures in accordance with statutory requirements, taking into account the state of the art, implementation costs, the nature, scope, circumstances and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons. This includes securing the confidentiality, integrity and availability of data, including TLS/SSL encryption (HTTPS) for online connections.

Retention and deletion

We delete personal data we process in line with statutory requirements as soon as the consents on which processing is based are withdrawn or no further legal basis exists for the processing. Exceptions apply where statutory obligations or special interests require longer retention or archiving.

Data-subject rights

Under the GDPR you have the following rights, in particular under Art. 15-21 GDPR:

  • Right to object to processing based on legitimate interests at any time on grounds relating to your particular situation, and at any time to processing for direct marketing.
  • Right to withdraw consent at any time.
  • Right of access, including a copy of your data.
  • Right to rectification of incorrect data and to completion of incomplete data.
  • Right to erasure ("right to be forgotten") and to restriction of processing.
  • Right to data portability in a structured, commonly used and machine-readable format.
  • Right to lodge a complaint with a supervisory authority.

Online offering and web hosting

We process user data to make our online services available. This includes the user's IP address, which is required to deliver the content and functions of our online services to the user's browser or device. Access to our online offering is logged in server log files (URL accessed, date and time, transferred data volume, success status, browser type and version, operating system, referrer URL, IP address and requesting provider). Log information is stored for a maximum of 30 days and then deleted or anonymised. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Blogs and publication media

We operate a blog and similar publication media. Reader data is processed only insofar as necessary for presentation, communication between authors and readers, or security purposes. Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Social-media presences

We maintain online presences on social networks (LinkedIn) and process user data within this context to communicate with users active there or to provide information about ourselves. User data may be processed outside the European Union by these networks, which may carry risks for users (e.g. enforcement of user rights may be harder).

LinkedIn: Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland; Legal basis: legitimate interests (Art. 6(1)(f) GDPR); Privacy policy: linkedin.com/legal/privacy-policy.

Changes and updates

Please review this privacy notice regularly. We update it whenever changes to our data processing make this necessary. If changes require action on your part (e.g. consent) or other individual notification, we will inform you.

Glossary

Terms such as "personal data", "processing", "controller", "master data", "contact data", "content data", "usage data" and "log data" are used in the sense of the GDPR.

Created with the free Datenschutz-Generator.de by Dr Thomas Schwenke