Privacy Policy

Privacy Policy and further legal information

Should it become necessary to change this privacy policy in the future, we will publish it immediately on this page.


The contents of this website are created with utmost care. However, the provider assumes no responsibility for the accuracy, completeness and timeliness of the content provided. The use of the contents of the website is at the user's own risk. Contributions marked by name reflect the opinion of the respective author and not always the opinion of the provider. With the pure use of the website of the provider comes no contractual relationship between the user and the provider.


This website contains links to third-party websites ("external links"). These websites are the responsibility of the respective operators. The provider has checked the third-party content when first linking external links to determine whether any legal violations exist. At that time, no violations were evident. The provider has no influence on the current and future design and content of the linked pages. The setting of external links does not mean that the provider accepts the content behind the reference or link. A constant control of these external links is not reasonable for the provider without concrete references to legal offenses. With knowledge of legal offenses however such external links are deleted immediately.


The content published on this website is subject to German copyright and ancillary copyright. Any use not permitted by German copyright and ancillary copyright law requires the prior written consent of the provider or respective copyright holder. This applies in particular to duplication, processing, translation, storage, processing or reproduction of content in databases or other electronic media and systems. Contents and rights of third parties are marked as such. The unauthorized duplication or passing on of individual contents or complete sides is not permitted and punishable. Only the production of copies and downloads for personal, private and non-commercial use is permitted.

The presentation of this website in external frames is only permitted with written permission.


Name and address of the responsible person
The person responsible within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:

CreaLog Software-Entwicklung und Beratung GmbH
Frankfurter Ring 211
80807 Munich
tel: +49 89 324656-0
fax: +49 89 324656-99

Name and address of the data protection officer
If you have any questions concerning these instructions, please send them to:

CreaLog Software-Entwicklung und Beratung GmbH
Attn. Data protection officer
Frankfurter Ring 211
80807 Munich

General information about data processing

Extent of processing of personal data
In principle, we process personal data of our users only insofar as this is necessary to provide a functioning website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.

Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (DS-GVO) as legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DS-GMO as legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO as legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third-party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO as legal basis for processing.

Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage is deleted. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

Provision of the website and creation of log files

Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected here:

  • Information about the browser type and version used
  • The operating system of the user
  • The Internet service provider of the user
  • The IP address of the user
  • Date and time of access
  • Websites, from which the system of the user reaches our website (referrer)
  • Websites that are accessed by the user's system through our website

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DS-GMO.

Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems in accordance with § 100 of the Telecommunications Act (TKG) Sentence 1 - Disturbances of telecommunications equipment and misuse of telecommunications services. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest lies in the processing of data according to Art. 6 para. 1 lit. f DSGVO.

Storage time
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Opposition and removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.

Use of cookies

Description and scope of data processing
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google").
Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.
Our cookies do not contain any personal information, so your privacy is protected. Most web browsers accept cookies automatically.

Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6 (1) lit. f DSGVO. The data of the users collected in this way are pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data will not be stored together with other personal data of the users.

Purpose of data processing
The use of the analysis cookies is for the purpose of improving the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and so we can constantly optimize our offer. For these purposes, our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f DS-GMO.

Duration of storage, objection and disposal options
You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading the browser plug-in available under the following link and install. The current link is

Newsletter and Contact forms
On our website contact forms and newsletter subscriptions are available, which can be used for electronic contact. If a user realizes this option, the data entered in the input mask will be transmitted to us and saved. These might be some or all of the following:

  • Company
  • Department
  • Salutation
  • First name
  • Surname
  • e-mail address
  • Telephone
  • Street, house number
  • Postcode, town
  • Country
  • The IP address of the user
  • Date and time of registration

For the processing of the data in the context of the sending process your consent is obtained and referred to this privacy statement.
Alternatively, a simple contact via the provided e-mail address is possible. In this case, the user's personal data transmitted by e-mail will be stored.
In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

Legal basis for data processing
Legal basis for the processing of the data is in the presence of the consent of the user Art. 6 para. 1 lit. a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.

Purpose of data processing
The processing of the personal data from the input mask serves us only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

Opposition and removal possibility
The user has the possibility at any time to revoke his consent to the processing of the personal data.
If the user contacts us by e-mail, he may object to the storage of his personal data at any time. In such a case, the conversation can not continue.
All personal data stored in the course of contacting will be deleted in this case.

Rights of the person concerned
If personal data is processed by you, you are the person concerned within the meaning of the DSGVO and you have the following rights towards the responsible person:

The right of information
You may ask the person in charge to confirm if personal data concerning you is processed by us.

If such processing is available, you can request information from the person responsible about the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data that are processed;
  3. the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
  4. the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
  5. the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal information relates to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

Right of rectification
You have a right to rectification and / or completion to the controller, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.

Right of restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:

  1. if you contest the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
  2. the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of the personal data;
  3. the controller no longer requires personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  4. if you objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible prevail over your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, the person responsible will inform you before the restriction is lifted.

Right to delete

Obligation to delete
You may require the controller to delete your personal information without delay, and the controller is required to delete that information immediately if one of the following is true:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent to the processing pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. DSGVO and there is no other legal basis for processing.
  3. You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate reasons for the processing or you object to the processing pursuant to Art. 21 (2) DSGVO.
  4. Your personal data has been processed unlawfully.
  5. The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personal data concerning you were collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Information to third parties
If the person responsible has made the personal data concerning you public and is obliged to delete them according to Article 17 (1)  GDPR, s/he shall take appropriate measures, also of a technical nature, taking into account the available technology and the implementation costs, in order to inform the persons responsible for data processing who process the personal data that you as the person concerned have requested them to delete all links to this personal data or copies or replications of this personal data.

The right to erasure does not exist if the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. to fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task of public interest or in the exercise of official authority conferred on the controller;
  3. for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
  4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
  5. to assert, exercise or defend legal claims.

Right of information
If you have the right of rectification, erasure or restriction of processing to the controller, he / she is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless: this proves to be impossible or involves a disproportionate effort.

You have a right to the person responsible to be informed about these recipients.

Right of data portability
You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that

  1. the processing on a consent acc. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract acc. Art. 6 para. 1 lit. b DSGVO is based and
  2. the processing is done using automated procedures.

In exercising this right, you also have the right to obtain that your personal data relating to you are transmitted directly from one person to another, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

Right of objection
You have the right at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e or f DSGVO takes an objection; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.

Right to revoke the data protection consent declaration
You have the right to revoke your data protection declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Automated decision on an individual basis including profiling
You have the right not to be subjected to a decision based solely on automated processing - including profiling - that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

  1. is required for the conclusion or performance of a contract between you and the controller,
  2. is permissible on the basis of Union or Member State legislation to which the controller is subject, and that legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
  3. with your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g DSGVO applies and reasonable measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and their legitimate interests, including at least the right to obtain the intervention of a person by the controller, to express his / her own position and heard on challenge of the decision.

Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you violates the DSGVO.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

The site logs clicks on links in our newsletters. However, these are not counted personally comprehensible but only stored aggregated. A justification standard for data processing can be found in Art. 6 para. 1 lit. to be found in the DSGVO.

Privacy policy for the CreaLog presence on Facebook

CreaLog uses the technical platform and services of Meta Platforms Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the information service offered.

We would like to point out that you use the Facebook page and its functions on your own responsibility. This applies in particular to the interactive functions (for example, commenting, sharing, rating). Facebook processes personal data about your account, your IP address as well as about the end devices you use; cookies are used for data collection. These are small files that are stored on your end devices. Facebook describes in general terms what information it receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook, the options for objecting, and the settings options for advertisements. The data usage guidelines are available at the following link: Facebook's complete data guidelines can be found here:

The information may be used by Facebook to provide us, as operators of the Facebook pages, with statistical information such as gender and age distribution about the use of the Facebook page. In addition, Facebook may display further information or advertisements to you according to your preferences. Facebook provides more detailed information on this at the following link:

The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union.

If you visit one of our presences in the social media (e.g. Facebook), you trigger a processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 DSGVO, provided that we actually make a joint decision with the operator of the social network about the data processing and we also have an influence on the data processing. As far as possible, we have concluded joint responsibility agreements with the operators of the social networks pursuant to Art. Art. 26 DSGVO, so in particular the Page Controller Addendums of Facebook Ireland Ltd. Your rights (right to information pursuant to Art. 15 DSGVO, right to rectification pursuant to Art. 16 DSGVO, right to erasure pursuant to Art. 17 DSGVO, right to restriction of processing pursuant to Art. 18 DSGVO, right to data portability pursuant to Art. 20 DSGVO and right to lodge a complaint pursuant to Art. 77 DSGVO ) can in principle be asserted both against us and against the operator of the respective social network (e.g. Facebook).
Please note that despite the joint responsibility pursuant to Art. 26 DSGVO with the operators of social networks, we have no full influence on the data processing of the individual social networks. The corporate policy of the respective provider has a significant influence on our options. In the event of the assertion of data subject rights, we could only forward these requests to the operator of the social network.

In what way Facebook uses data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your terminal device is transmitted to Facebook. According to Facebook, this IP address is anonymized (for "German" IP addresses) and deleted after 90 days. Facebook also stores information about its users' end devices (for example, as part of the "login notification" function); this may enable Facebook to assign IP addresses to individual users.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is located on your end device. This enables Facebook to track that you have visited this page and how you have used it. This also applies to all other Facebook pages. Via Facebook buttons embedded in websites, it is possible for Facebook to record your visits to these website pages and assign them to your Facebook profile. Based on this data, content or advertising can be offered tailored to you.

If you want to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device and exit and restart your browser. In this way, Facebook information through which you can be directly identified will be deleted. This will allow you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a Facebook login screen will appear. After any login, you will again be recognizable to Facebook as a specific user. Alternatively, you can use a different browser than usual to visit our Facebook page.

Information on how to manage or delete information about you can be found on the following Facebook support pages:

We, as the provider of the information service, do not collect or process any data from your use of our service beyond this. You can find this privacy policy in its current version under the item "Data Policy" on our Facebook page.

Privacy policy for the CreaLog presence on XING

XING is a social network of the operator XING SE, based in Hamburg. In it, members can primarily manage their professional, but also private contacts and make new contacts. Organizations can set up a page with a logo and short profile, post news and initiate discussion groups.

A personal profile with administrator rights must be assigned to the company profile. Dialog in groups can only be done via the personal profile of a natural person.

To use the network functions you have to be registered as a user. There is a free basic version and a paid version with additional functions. Unlike other social networks, XING is based more on a combination of personal and electronic contact, and is less commercial and less visual. The focus is on professional exchange on specialist topics with people who have the same professional interests. In addition, XING is frequently used by companies and other organizations for recruiting personnel and presenting themselves as attractive employers. For this purpose, XING is linked to the employer review platform kununu.

XING provides further information at:

XING is currently only used by CreaLog to a very limited extent, with a short profile and occasional posting of news, primarily relating to current vacancies.  A topic-related discussion group is currently not maintained but is conceivable in the future.

The current information on data protection can be found at

CreaLog does not collect or process any personal data via XING.

Privacy policy for the CreaLog presence on XING

When you visit our LinkedIn page, LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland), as the controller within the meaning of the GDPR, collects personal data of users (e.g., through the use of cookies). Certain information about your visit to our LinkedIn page is also collected and processed by LinkedIn if you do not have a LinkedIn user account or are not logged in to LinkedIn. For information on data collection and further processing by LinkedIn, please refer to LinkedIn's privacy policy.

For CreaLog it is not comprehensible which user data is collected by LinkedIn. For CreaLog as operator of this LinkedIn page, only your public profile on LinkedIn is visible. What information is visible depends on your profile settings.

CreaLog receives anonymous statistics from LinkedIn on the use and usage of our LinkedIn page. In this context, the following information, for example, is provided and processed by us:

Evaluation of followers: e.g. number of people who follow CreaLog - including development of followers over defined periods of time.
Information on reach: e.g. number of people who see our specific posts or evaluation of interactions on our posts. This can be used, for example, to determine which content is more popular in our community than others. 
Evaluation of ad performance: e.g. information about how many people see our ads including information about the cost per click.
This statistical data cannot be linked by CreaLog to the profile data of our subscribers, moreover, no conclusions can be drawn about individual users. We use the data to constantly improve our online offer on LinkedIn and to better respond to the interests of our users. In your LinkedIn settings, you can decide in which form targeted advertising is displayed to you. The collection of this data is carried out by LinkedIn. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). CreaLog would like to adapt the offer on its LinkedIn page to target groups and recognize usage preferences (e.g. number of so-called followers, number of views of individual page areas, user statistics by age, geography and language).

In addition, CreaLog processes your personal data (such as your name and the content of your messages, inquiries, or other contributions to us) when you contact us via our LinkedIn page (e.g., via the message function, via the comments function, or via email). We then process this data for the purpose of processing your contributions accordingly and, if necessary, responding to them. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). CreaLog would like to contact you in response to your inquiries or contributions.

DIN EN ISO 9001:2015 and 14001:2015 certified

The quality management system operated by CreaLog, has been certified according to ISO 9001:2015 (Reg. No. 1210017937 TMS) for Sales, Development and Operation of Telecommunication and Voice Automatization Solutions.

An Environmental Management System according to ISO 14001:2015 is included.

Please download our ISO Certificate for reference.

Click here to subscribe to our quarterly newsletter!