Privacy Policy

1. Data protection, controller and data privacy officer

We would like to inform you about how we collect personal data when you use our website. Personal data is any data which relates to you personally, such as your name, address, e-mail addresses, and user behavior. The controller responsible for processing your personal data through this website is

Marvin Scheffold


You can contact our data privacy officer using the email address

2. Cookies

To make our website easier to use, we use functional cookies, in which we e.g. store your language settings. Using functional cookies represents a legitimate interest on our part. The legal basis of this is also Art. 6, Par. 1 lit. f GDPR.

Cookies are small text files which are copied onto your hard drive and deleted again automatically according to the settings in your browser or after a defined period. Cookies cannot execute any programs or place viruses on your computer. They serve to make the website more user-friendly and effective as a whole.

You can set your browser at any time to permit or exclude the use of cookies, or to ask for your confirmation before using them, and to delete them automatically after the end of each session. If you do not authorize cookies, it may be that not all the features of this website will work properly.

Information on tracking cookies can be found in Section 5 below.

3. Information on data transfer to the USA and other non-EU countries

Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.

4. Personal details

(1) If you use our website for information only, without registering or otherwise providing us with information, then we will only collect the personal data which your browser sends to our server. If you wish to view our website, we will collect the following information, which is technically necessary to display our website to you and to ensure it remains stable and secure (the legal basis is Art. 6 Par. 1 cl. 1 lit. f GDPR):

IP address, Date and time of enquiry, Time zone difference from Greenwich Mean Time (GMT), Content of request (actual page), Access status / HTTP status code, Quantity of data transmitted, Website from which the request was sent, Browser, Operating system and its interface, Language and version of browser software.

Logfile information is kept for a maximum of seven days for security reasons (such as the investigation of misuse and fraudulent activities), then it is deleted. Any data which needs to be kept for evidence purposes will not be deleted until the particular case has been resolved fully. The legal basis is Art. 6 Par. 1, lit. f GDPR.

(2) Personal data is only collected by us if and to the extent that you provide it to us on your own account, such as when making contact or submitting an application. We will handle this data confidentially and only use it for the original purpose for which it was sent, which is usually for processing and handling your enquiry. Your data is not usually given to third parties, unless we are obliged or legally allowed to, or if you have given us your consent, or if we have been ordered to do so by the authorities. If your enquiry relates to one of our group companies, then we will of course forward it to that company. If you contact us by e-mail, then your e-mail will be stored in our mail system. We may store your enquiry and the data associated with it in our CRM system. The e-mails themselves are not stored with their content encrypted. Our contact form is transport-encrypted using SSL/TLS, which you can recognize by the ‘https’ before the URL. Our mail server also uses conventional transport encryption protocols. The legal basis of this is Art. 6 Par. 1 lit. b GDPR.

5. Data protection in the application process

(1) In the event of an application, we process the data you provide us with voluntarily for the purpose of performing and handling the application process. The only people to receive the data are those involved in the application process in the human resources department, who may forward your application to other group companies if you have applied to them or if we believe that your application may be of interest to one of our group companies. The legal basis of this is Art. 6 Par. 1 lit. b GDPR.

(2) If we turn down your application, then we will not store your data for more than six months after the end of the application process. This storage period relates to the assertion of claims under the AGG (German Equal Treatment Act) and our associated legitimate interest in defending ourselves against such claims. The legal basis of this is Art. 6 Par. 1 lit. f GDPR.

(3) If you give your consent to be included in our applicant pool, then we can agree on a different period with you. You may revoke this consent at any time with future effect. The legal basis for that is Art. 6 Par. 1 lit. a GDPR.

6. Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. Google may consolidate these data in a profile that is allocated to the respective user or the user’s device. Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored. This analysis tool is used on the basis of Art. 6(1)(f) GDPR. The operator of this website has a legitimate interest in the analysis of user patterns to optimize both, the services offered online and the operator’s advertising activities. If a corresponding agreement has been requested (e.g., an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6(1)(a) GDPR; the agreement can be revoked at any time.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:

Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g.,DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 months. For details, please click the following link:

7. Your rights

(1) You have the right to find out whether we are processing your personal data at any time, according to Art. 15 GDPR. If we are, then we have other additional information duties as a result.

(2) You also have the right to have your data corrected pursuant to Art. 16 GDPR, deleted according to Art. 17 GDPR and for its processing to be limited pursuant to Art. 18 GDPR, provided no other legal regulations say otherwise.

(3) Of course, you can at any time revoke your consent to have your data processed according to Art. 6 Par. 1 lit. a or Art. 9, Par. 2 lit. a GDPR without providing reasons. This does not affect the legality of processing done up to that point.

(4) You also have the right to data portability according to Art. 20 GDPR.

(5) You also have, pursuant to Art. 21 GDPR, the right to object to the processing of your data, in particular processing on the basis of Art. 6 Par. 1 lit. e or f GDPR. Should you wish to exercise that right, please tell us the reason why you do not want us to keep processing your personal data the way we are. If your objection is justified, we will assess the case and either stop processing your data, amend the way we do it, or inform you of the compelling reasons we have for continuing to process it, these reasons being deemed worthy of protection.

(6) You also have the right to complain to the responsible regulatory authorities, which can be found here:


Got questions?

Maybe you want to know more about how Phelb works? Or you want to get straight to the point and hire a team? Whatever it is: