EN | DE
Home
DE

Privacy Policy

Privacy Policy

Last updated: March 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

emproof GmbH
Hattinger Straße 44
44789 Bochum, Germany

Managing Director: Marc Schieder
Email: contact@emproof.com
Commercial Register: Amtsgericht Bochum, HRB 17815
VAT ID: DE323893507

2. Overview

We take the protection of your personal data seriously. This privacy policy explains what data we collect when you visit our website www.emproof.com, how we use it, and what rights you have regarding your data.

We process personal data in compliance with the EU General Data Protection Regulation (GDPR, EU 2016/679), the German Federal Data Protection Act (BDSG), § 5 DDG (Digital Services Act, replacing the former TMG since May 2024), and § 25 TDDDG (Telecommunications Digital Services Data Protection Act, replacing the former TTDSG since July 2024).

Personal data is only collected to the extent necessary to provide a functional website, our content, and services. Processing occurs exclusively with your consent or where permitted by law.

3. Website Hosting

This website is hosted by HubSpot, Inc. on its EU1 cluster infrastructure, with servers located in Frankfurt, Germany and Ireland. The processing entity within the EU is HubSpot Ireland Limited.

When you access our website, the hosting servers automatically collect and store information in server log files that your browser transmits. This includes:

  • Your IP address (anonymized after processing)
  • Date and time of the request
  • Browser type and version
  • Operating system
  • Referrer URL (the page from which you arrived)
  • Pages visited and resources requested
  • Amount of data transferred

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in ensuring the secure and efficient operation of our website.

Retention: Server log files are automatically deleted after 7 days.

4. Cookies and Consent Management

Our website uses cookies — small text files stored on your device by your browser. Some cookies are technically necessary for the website to function; others help us analyze usage or improve your experience.

In accordance with § 25 TDDDG, cookies that are not strictly necessary for providing the service you requested require your prior consent. We use Cookiebot by Usercentrics A/S (Havnegade 39, 1058 Copenhagen, Denmark) as our consent management platform.

When you first visit our website, Cookiebot presents a consent banner that allows you to choose which cookie categories you accept. Your consent preferences are stored in the CookieConsent cookie, which is a strictly necessary cookie with a retention period of 12 months. You can change or withdraw your consent at any time by accessing the cookie settings via the link in our website footer.

Cookiebot processes your consent data (consent ID, timestamp, consent status) on servers within the EU. For more information, see the Cookiebot Privacy Policy.

Legal basis: Art. 6(1)(c) GDPR — legal obligation to document consent per § 25 TDDDG; the CookieConsent cookie itself is strictly necessary per § 25(2) TDDDG.

5. Cookies Used on This Website

The following table provides an overview of the cookies used on our website, organized by category:

Necessary Cookies

These cookies are essential for the website to function and cannot be switched off. They are set in response to actions you take, such as setting your privacy preferences, logging in, or filling in forms.

Cookie Provider Purpose Retention
CookieConsent Cookiebot Stores the user’s cookie consent preferences 12 months
__hs_opt_in HubSpot Records cookie consent banner opt-in 13 months
__hs_do_not_track HubSpot Prevents tracking when user opts out 13 months
__cfruid / __cf_bm HubSpot (Cloudflare) CSRF protection and bot management Session
hs-membership-csrf HubSpot CSRF protection for membership login Session
__hs_initial_opt_in HubSpot Records initial consent state on first visit 7 days

Preference Cookies

Preference cookies enable the website to remember information that changes the way the website behaves or looks, such as your preferred language. These are only set with your consent.

Cookie Provider Purpose Retention
messagesUtk HubSpot Identifies the user for HubSpot messaging and live chat 13 months
lang HubSpot Stores the user’s language preference Session

Statistics Cookies

Statistics cookies help us understand how visitors interact with our website by collecting and reporting information anonymously. These are only set with your consent.

Cookie Provider Purpose Retention
_ga Google Analytics Distinguishes unique users by assigning a randomly generated ID 2 years
_ga_G-Y97SJPESJK Google Analytics Maintains session state for the GA4 property 2 years
__hstc HubSpot Tracks visitor sessions — contains domain, utk, initial timestamp, last timestamp, current timestamp, and session number 13 months
__hssc HubSpot Keeps track of the current session and determines if a new session has started 30 minutes
__hssrc HubSpot Determines if the visitor has restarted their browser (session reset check) Session
hubspotutk HubSpot Tracks a visitor’s identity; passed to HubSpot on form submission to de-duplicate contacts 13 months

Marketing Cookies

We do not currently use any marketing or advertising cookies on this website. No retargeting pixels, ad network trackers, or similar technologies are deployed. Should this change in the future, we will update this policy and request your consent accordingly.

6. Web Analytics — Google Analytics 4

We use Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Our GA4 property ID is G-Y97SJPESJK.

GA4 uses the cookies _ga and _ga_G-Y97SJPESJK (see cookie table above) to distinguish users and maintain session state. These cookies are only set after you have given your consent via the Cookiebot banner.

GA4 does not store full IP addresses. IP addresses are used temporarily for geolocation purposes and are then discarded — they are not logged or accessible to us. We have configured data retention in GA4 to the minimum available setting.

Google processes data on our behalf under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR.

Opt-out: You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-out Browser Add-on. You can also withdraw your consent at any time via the cookie settings in our website footer.

Legal basis: Art. 6(1)(a) GDPR — your consent.

For more information, see the Google Privacy Policy.

7. Google Tag Manager

We use Google Tag Manager (GTM) provided by Google Ireland Limited. Our container ID is GTM-WNQW2BKM.

GTM is a technical tag management system that loads and manages other tracking scripts (such as Google Analytics). GTM itself does not set any cookies and does not collect personal data independently. However, loading the GTM container script requires a connection to Google servers, which transmits your IP address to Google.

All tags managed through GTM are configured to fire only after appropriate consent has been granted through the Cookiebot consent management platform. Without consent, no analytics or marketing tags are executed.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in the efficient and centralized management of website tracking tools. The tags themselves (e.g., GA4) are subject to separate consent requirements as described in their respective sections.

8. HubSpot CRM and Tracking

We use HubSpot as our customer relationship management (CRM) platform and for website analytics. The service is provided by HubSpot, Inc. (25 1st Street, Cambridge, MA 02141, USA), with data processing handled by HubSpot Ireland Limited within the EU.

Our HubSpot account is hosted on the EU1 cluster (data centers in Frankfurt, Germany and Ireland), meaning your data is stored and processed within the European Union.

HubSpot sets the cookies listed in the statistics and preference sections of the cookie table above (__hstc, __hssc, __hssrc, hubspotutk, messagesUtk). These tracking cookies are only activated after you provide consent via the cookie banner.

Necessary HubSpot cookies (such as __hs_opt_in, __hs_do_not_track, CSRF tokens, and session cookies) are set without consent as they are required for the website to function properly.

We have entered into a Data Processing Agreement (DPA) with HubSpot in accordance with Art. 28 GDPR.

Legal basis: Art. 6(1)(a) GDPR for analytics tracking (consent); Art. 6(1)(f) GDPR for strictly necessary cookies and CRM functionality (legitimate interest).

For more information, see the HubSpot Privacy Policy.

9. Contact Forms

Our website includes contact forms powered by HubSpot Forms. When you submit a form, we collect the data you provide, which may include:

  • Your name
  • Email address
  • Company name
  • Your message or inquiry
  • Any additional fields you voluntarily complete

This data is stored in our HubSpot CRM (EU1 hosted) and used to respond to your inquiry and, where applicable, to establish a business relationship.

Legal basis: Art. 6(1)(b) GDPR — processing necessary for the performance of a contract or to take pre-contractual steps at your request.

Retention: Your data is retained for the duration of the business relationship and any statutory retention periods (typically 6 years under § 257 HGB or 10 years under § 147 AO for commercial and tax-relevant correspondence). After these periods, the data is deleted.

10. Meeting Booking

We offer the ability to book meetings or product demos through HubSpot Meetings. When you schedule a meeting, we collect the following data:

  • Your name and email address
  • Company name (if provided)
  • Preferred date and time
  • Any notes or additional information you provide

A contact record is created in our HubSpot CRM to manage the scheduling and follow-up process.

Legal basis: Art. 6(1)(b) GDPR — processing necessary to take pre-contractual steps at your request.

11. Membership Area

Certain areas of our website are restricted and require registration and login. This membership functionality is provided by HubSpot Membership.

When you register for a membership account, we collect and process:

  • Your email address (used as login identifier)
  • A password (stored in hashed form by HubSpot)
  • Session data for authentication management

Session cookies are used to maintain your authenticated state while you are logged in. These are strictly necessary cookies and do not require consent.

Legal basis: Art. 6(1)(b) GDPR — processing necessary for the performance of a contract (providing access to membership content you registered for).

12. Knowledge Base

We provide a Knowledge Base powered by HubSpot that contains documentation and support articles. HubSpot tracks basic usage data within the Knowledge Base, including:

  • Articles viewed
  • Search queries
  • Article feedback (helpful/not helpful)

For logged-in users, this activity may be associated with your membership account to provide a personalized experience and improve our documentation.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in improving the quality and relevance of our support documentation; Art. 6(1)(b) GDPR for logged-in member functionality.

13. Social Media Links

Our website contains simple hyperlinks to our profiles on the following social media platforms:

  • LinkedIn — operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (Privacy Policy)
  • X (formerly Twitter) — operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (Privacy Policy)
  • GitHub — operated by GitHub, Inc. (a subsidiary of Microsoft Corporation), 88 Colin P Kelly Jr St, San Francisco, CA 94107, USA (Privacy Policy)

These are standard HTML links only. We do not embed social media plugins, widgets, tracking pixels, or share buttons. No data is transmitted to these platforms simply by visiting our website. A connection to the respective platform is only established when you actively click on a link. The privacy policies of the respective platforms apply once you visit their sites.

14. Fonts

This website uses the Geist font, which is self-hosted on our servers. The font files are loaded directly from our HubSpot CMS hosting infrastructure within the EU. No connection to external font delivery networks (such as Google Fonts, Adobe Fonts, or any CDN) is established. Consequently, no personal data (including your IP address) is transmitted to third-party font providers when you visit our website.

15. Data Processors

We work with the following third-party data processors, each operating under a Data Processing Agreement (DPA) in accordance with Art. 28 GDPR:

Processor Purpose Location
HubSpot, Inc. / HubSpot Ireland Ltd CMS hosting, CRM, forms, meetings, membership, knowledge base, analytics EU (Frankfurt / Ireland)
Google Ireland Limited Google Analytics 4, Google Tag Manager Ireland / USA
Usercentrics A/S Cookie consent management (Cookiebot) Denmark (EU)

16. International Data Transfers

Some of our processors are based in the United States. We ensure that any transfer of personal data to the USA is compliant with GDPR through the following safeguards:

  • EU-US Data Privacy Framework (DPF): The European Commission adopted an adequacy decision for the EU-US Data Privacy Framework on July 10, 2023. Both Google LLC and HubSpot, Inc. are certified under the DPF, meaning transfers to these companies are considered adequate under Art. 45 GDPR.
  • Standard Contractual Clauses (SCCs): As a supplementary safeguard, we rely on EU Standard Contractual Clauses (Commission Implementing Decision 2021/914) with our US-based processors.

Our primary advantage is that our HubSpot CRM and CMS data is hosted on the EU1 cluster in Frankfurt and Ireland, minimizing the need for transatlantic data transfers in everyday operations.

Usercentrics A/S (Cookiebot) processes data exclusively within the EU.

17. Data Retention

We retain personal data only for as long as necessary for the purpose for which it was collected or as required by law. Specific retention periods are:

  • Server log files: 7 days
  • Analytics cookies: As specified in the cookie table above (ranging from session to 2 years)
  • CRM contact data: Duration of the business relationship plus applicable statutory retention periods (§ 257 HGB: 6 years for commercial correspondence; § 147 AO: 10 years for tax-relevant records)
  • Form submission data: Retained for the duration of the business purpose and statutory requirements
  • Consent records (Cookiebot): 12 months (consent cookie), consent logs retained for the legally required documentation period
  • Membership data: Duration of membership plus statutory retention periods; deleted upon account deletion request

After the applicable retention period expires, data is securely deleted or anonymized.

18. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

  • Right of Access (Art. 15 GDPR): You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of that data along with information about the processing.
  • Right to Rectification (Art. 16 GDPR): You have the right to request correction of inaccurate personal data or completion of incomplete data.
  • Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data where, among other grounds, the data is no longer necessary for its original purpose, you withdraw consent, or the data has been unlawfully processed.
  • Right to Restriction of Processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your data in certain circumstances, for example while we verify the accuracy of contested data.
  • Right to Data Portability (Art. 20 GDPR): You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller.
  • Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. You can withdraw cookie consent at any time via the cookie settings in our website footer.

To exercise any of these rights, please contact us at contact@emproof.com. We will respond to your request within one month, as required by Art. 12(3) GDPR.

19. Right to Object (Art. 21 GDPR)

Where we process your personal data based on legitimate interests (Art. 6(1)(f) GDPR), you have the right to object to such processing at any time on grounds relating to your particular situation.

Upon receiving your objection, we will cease processing the data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defence of legal claims.

To exercise your right to object, please send an email to contact@emproof.com with the subject line “Data Processing Objection.”

20. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR (Art. 77 GDPR).

The supervisory authority responsible for emproof GmbH is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Kavalleriestraße 2–4
40213 Düsseldorf, Germany
Email: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

21. Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR that would produce legal effects concerning you or similarly significantly affect you. While we may use HubSpot’s CRM features to organize contacts, no automated decisions are made without human involvement.

22. Consumer Dispute Resolution

The EU Online Dispute Resolution (ODR) platform was discontinued on July 20, 2025 (Regulation EU 2024/3228). A list of consumer dispute resolution bodies is available at consumer-redress.ec.europa.eu.

We are neither willing nor obligated to participate in dispute resolution proceedings before a consumer arbitration board.

23. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect changes in our data processing practices, legal requirements, or the services we use. When we make material changes, the “Last updated” date at the top of this page will be revised. We encourage you to review this page periodically. Continued use of our website after changes have been posted constitutes your acceptance of the updated policy.

Last updated: March 2026