Insights
Close
Events
Podcasts
Articles

Privacy Policy

Privacy Notice

With this Privacy Notice, we inform you about the processing of personal data when you use our website, as well as about our presences on social networks.

The protection of your personal data is of great importance to us. We process your data exclusively within the scope of the applicable data protection laws, in particular the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG).

1. Controller

Strichpunkt – Agentur für visuelle Kommunikation GmbH represented by Philipp Brune Krefelder Straße 32 70376 Stuttgart

2. Data Protection Officer

If you have any questions regarding our data protection measures, the processing of your data or the exercise of your data subject rights, you can contact us and our Data Protection Officer as follows:

External Data Protection Officer

ePrivacy GmbH represented by Prof. Dr. Christoph Bauer Burchardstraße 14 20095 Hamburg

For all questions and concerns relating to your data, please contact us at: datenschutz@sp.design

If you wish to communicate directly with our Data Protection Officer, for example because your concern is particularly sensitive, please contact the Data Protection Officer by post, as communication by email may always involve security vulnerabilities. Please state in your request that your matter relates to Strichpunkt – Agentur für visuelle Kommunikation GmbH.

3. Categories of Personal Data

We process, in particular, the following categories of personal data:

  • Contact details, e.g. first and last name, address, email address, telephone number
  • Communication data, e.g. correspondence with us
  • Usage data, e.g. information about the use of our website
  • Protocol data / log files, e.g. IP address, date and time of access, browser type
  • Online identifiers, e.g. cookie IDs, device identifiers or comparable identifiers

4. Purposes of Processing

We process personal data in particular for the following purposes:

  • to provide and technically deliver our website
  • to communicate with you
  • to initiate and perform contracts
  • to process enquiries
  • for reach measurement and statistical analysis, where a legal basis exists for this
  • for marketing and communication purposes, where a legal basis exists for this
  • for IT security and to prevent misuse

5. Legal Bases

Unless otherwise stated in individual cases, we base the processing of your personal data on the following legal bases:

  • Art. 6(1)(a) GDPR, where you have given your consent
  • Art. 6(1)(b) GDPR, where processing is necessary for the initiation or performance of a contract
  • Art. 6(1)(c) GDPR, where processing is necessary for compliance with a legal obligation
  • Art. 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests and where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject

Where information is accessed on terminal equipment or stored on terminal equipment, the legal basis is additionally governed by Section 25 TDDDG.

6. Legitimate Interests

Where we process data on the basis of Art. 6(1)(f) GDPR, we pursue, in particular, the following legitimate interests:

  • ensuring the stability and security of our website
  • improving our online offering and our services
  • traceability of communication processes
  • preventing misuse and IT security incidents
  • internal administrative and organisational purposes

7. Requirement or Obligation to Provide Data

Unless expressly stated otherwise, the provision of personal data is neither legally nor contractually required. However, without certain information, we may not be able to provide individual services, or may only be able to provide them incompletely, or may be unable to process enquiries.

8. Retention Period

We store personal data only for as long as this is necessary for the respective purposes or for as long as statutory retention obligations apply.

  • Data processed on the basis of consent is generally stored until consent is withdrawn, unless another legal basis applies.
  • Contract-related data is stored for the duration of the contractual relationship and beyond that within the scope of statutory retention periods.
  • Data that we process on the basis of legitimate interests is stored until the processing purpose ceases to apply or until a justified objection is raised, unless compelling legitimate grounds for the processing prevail.

9. Use of Cookies and Similar Technologies

9.1 General Information

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your terminal device and may contain information. In addition, comparable technologies may be used, such as local storage, pixels, tags or scripts.

These technologies are used to technically provide our website, store settings, make content and functions user-friendly and — where you have given your consent — carry out reach measurement and analysis.

9.2 Categories

We use, in particular, the following categories of cookies and similar technologies:

Technically necessary cookies

These are necessary to provide the website and its basic functions.

Preference cookies

These enable settings such as language or region to be stored.

Analytics and statistics cookies

These help us evaluate the use of our website and improve our offering.

Marketing and third-party cookies

These may be used to measure content or campaigns, embed external media or enable interest-based communication.

9.3 Legal Bases

The storage of information on your terminal device or access to information already stored on your terminal device generally takes place only with your consent pursuant to Section 25(1) TDDDG.

Consent is not required where the storage or access is strictly necessary in order for us to provide a digital service expressly requested by you; in this case, the use is based on Section 25(2) TDDDG.

Where personal data is processed in connection with cookies or similar technologies, this is carried out — depending on the individual case — on the basis of:

  • Art. 6(1)(a) GDPR for processing based on consent
  • Art. 6(1)(f) GDPR for technically necessary processing and legitimate interests in the secure and functional provision of our online offering

9.4 Consent Management

We use a consent management tool to manage your consents. When you first visit our website, you can choose whether and to what extent you consent to the use of cookies and similar technologies that require consent.

You may withdraw or adjust your consent at any time with effect for the future via the cookie settings on our website.

9.5 Retention Period

Cookies are stored either as session cookies only for the duration of your session and are deleted after you close your browser, or as persistent cookies for a specified period of time. The specific storage period of the respective cookies used can be found in the settings of our consent management tool.

9.6 Browser Settings

You can configure your browser so that you are informed when cookies are set, so that cookies are permitted only in individual cases, so that cookies are generally rejected, or so that cookies are automatically deleted when you close your browser.

Please note that the functionality of our website may be limited if technically necessary cookies are disabled.

9.7 Cookie List

The cookies actually used, the respective providers, purposes and retention periods can be found in the settings of our consent management tool and in the cookie list provided there in its current version.

10. Data Recipients / Service Providers

We use external service providers who support us in operating our website and our processes. These service providers process personal data only as processors acting on our instructions or — where required under data protection law — as independent controllers.

10.1 Hosting – Mittwald

We use Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany, to host our website.

In connection with hosting, technical usage data, server log files and, where applicable, content data are processed in particular, insofar as such data arise when the website is accessed or forms are used.

The processing is carried out on the basis of Art. 6(1)(f) GDPR due to our legitimate interest in the secure and efficient provision of our online offering.

10.2 Consent-Management – Osano

We use a consent management platform provided by Osano, Inc., 3800 North Lamar Blvd, Suite 200, Austin, Texas 78756, USA, to manage consents.

In this context, your consent decision, timestamps, device/browser information and IP address may be processed in particular, insofar as this is necessary for the provision and documentation of consent management.

The processing is carried out to comply with legal obligations and to document consents and is based — depending on the specific configuration — on Art. 6(1)(c) GDPR, Art. 6(1)(f) GDPR and, where applicable, Section 25(2) TDDDG, insofar as the technical use of the tool is necessary for this purpose.

11. Analytics and Tag Management Services

11.1 Google Analytics

Where you have given your consent, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse and statistically evaluate usage behaviour on our website. In particular, information about pages accessed, interactions, technical characteristics of the browser and terminal device, and pseudonymous identifiers may be processed.

The processing is carried out exclusively on the basis of your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

The specific configuration — in particular the cookies used, retention period and any activated additional functions — depends on the configuration actually used in live operation and the information provided in the consent management tool.

11.2 Google Tag Manager

We use Google Tag Manager provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tag management system that can be used to manage and trigger website tags and code snippets. From a data protection perspective, the relevant factor is which specific services are integrated via Google Tag Manager.

Where Google Tag Manager is used as technically necessary, processing is carried out on the basis of Art. 6(1)(f) GDPR and — where required — Section 25(2) TDDDG. Where services requiring consent are loaded via Google Tag Manager, such services are used exclusively on the basis of your consent.

12. Newsletter / Mailchimp

If you subscribe to our newsletter, we process your email address and, where applicable, further information provided voluntarily by you for the purpose of sending the newsletter and measuring its success.

For sending newsletters, we use Mailchimp, a service provided by The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

The processing is carried out on the basis of your consent pursuant to Art. 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, in particular via the unsubscribe link included in each newsletter.

13. Applications / Personio

We use Personio, a service provided by Personio GmbH & Co. KG, Rundfunkplatz 4, 80335 Munich, Germany, to conduct application procedures.

As part of the application process, we process the application data provided by you in order to review your application and carry out the selection process.

The processing is carried out in particular on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR, insofar as the application serves to initiate an employment relationship.

14. Presences on Social Networks

We maintain corporate presences on social networks, in particular on Facebook, Instagram, X and LinkedIn.

When you visit our presences there, personal data is regularly processed not only by us but also by the respective platform operator. This may also apply if you do not have a profile there or are not logged in.

Where the platform operators provide us with aggregated usage statistics such as “Insights” or “Page Insights”, joint controllership may exist in this respect. The scope of this joint controllership depends on the respective agreements and the actual possibilities of influence.

Important: The withdrawal or adjustment of consents for data processing on the platforms themselves is generally carried out via the respective platform settings and privacy notices of the providers, not via the consent tool on our website, insofar as the visit to the platforms themselves is concerned.

14.1 Facebook and Instagram

The provider of Facebook and Instagram is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Where we receive Insights or comparable aggregated statistics, joint controllership with Meta may exist in this respect. In all other respects, Meta processes personal data as an independent controller in accordance with its own privacy policies.

14.2 X (formerly Twitter)

The provider is X Internet Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Irland.

14.3 LinkedIn

The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Where LinkedIn provides us with “Page Insights”, joint controllership may apply in this respect.

15. Embedded Media / Vimeo

Videos from the provider Vimeo may be embedded on our website. When such videos are played, or even as a result of the technical embedding, a connection to Vimeo servers may be established, whereby in particular your IP address and technical usage data may be processed.

Whether and to what extent cookies or similar technologies are used in this context depends on the specific embedding and your consent status.

16. Transfers to Third Countries

Where we transfer personal data to recipients in countries outside the European Economic Area or have such data processed there, this is done only where the statutory requirements are met.

A transfer to third countries takes place in particular where

  • an adequacy decision of the European Commission exists for the respective third country, or
  • appropriate safeguards, in particular standard contractual clauses, have been agreed, or
  • another legally permissible case applies.

17. Your Rights

Subject to the statutory requirements, you have, in particular, the following rights:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object
  • right to withdraw consent given, with effect for the future
  • right to lodge a complaint with a data protection supervisory authority

Where we process personal data on the basis of Art. 6(1)(f) GDPR, you have the right to object to the processing on grounds relating to your particular situation.

Status of this Privacy Notice

If our processes change, we will update this information accordingly.

This Privacy Notice was last updated on: 13 March 2026