Privacy Policy

1. Preamble

We hereby inform you how we collect personal data when you use our website. Personal data is all data which refer to you personally such as your name, address or email addresses.

2. Name and contact data of the person/ body responsible for the processing (“controller”)

This Privacy Policy governs the processing of data by:


app.a GmbH & Co. KG
Brienner Straße 12
80333 Munich

Email address:

3. Collection and storage of personal data and nature and purpose of its use

a) When you visit our website

When you access our website, the browser which is used on your terminal automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is thereby collected without your help or cooperation and stored until its automated deletion:

• Pages visited
• Date and time of access
• Volume of the data sent, in bytes
• Source/ link from which you were redirected to the page
• Browser used
• Operating system used
• IP address used

We process the afore-mentioned data for the following purposes:

• Ensuring smooth connection to the website
• Ensuring comfortable use of the website
• Analysis of system security and stability.

The legal basis for the data processing is Art. 6 subs. 1 sentence 1 f) GDPR. Our legitimate interest follows from the purposes of data processing listed above.

b) When you subscribe to our newsletter

You may give your consent for subscription to our newsletter by which we will inform you about the current goods and services we offer. The advertised goods and services are specified in the declaration of consent.

The newsletter is sent via “CleverReach” which is a newsletter transmission platform provided by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany.

We use the so-called double opt-in procedure for your newsletter subscription. This means that, after you have subscribed, we will send you an email to the email address you have indicated, in which we ask you to confirm that you want us to send you our newsletter. This confirmation is necessary to prevent others from subscribing or logging in under foreign email addresses. We record the newsletter subscriptions to be able to provide evidence of the subscription process in accordance with the legal requirements. This includes storage of the time of subscription and the time of confirmation as well as storage of the IP address. Any changes of your data which is stored with CleverReach will be recorded, too. If you fail to confirm your subscription within 24 hours, your information will be blocked and deleted automatically after one month.

The only mandatory information you must necessarily provide for the transmission of the newsletter is your email address. Disclosure of further specifically marked data is voluntary and such data allows us to address you personally. After you have confirmed your subscription, we will store your email address for sending you the newsletter.

The email addresses of our newsletter subscribers as well as their additional data as described in this policy are stored on the servers of CleverReach in Germany or Ireland. CleverReach uses this information for transmitting and analysing the newsletters on our behalf.

The data protection information of Clever Reach is available for inspection at .

The legal basis for the data processing is Art. 6 subs. 1 sentence 1 a) GDPR.

You may withdraw your consent to the newsletter transmission and unsubscribe at any time. You may declare your withdrawal by clicking the link which is provided in every newsletter email or by sending a message to the contact indicated in the legal information.

Please be aware that, in the context of newsletter transmission, we will analyse the user behaviour of the newsletter recipients. In this context, we may, among other things, analyse how many of our newsletter recipients have actually opened the newsletter message and which link in the newsletter was clicked and how often. We may also use the so-called Conversion Tracking to analyse whether, after the link in the newsletter has been clicked, a pre-defined action (e.g. purchase of a product) has taken place. Further information on data analysis by CleverReach Newsletter is available at:

You may at any time object to the tracking by clicking the appropriate link which is provided in every email or by contacting us via any other channel. The information will be stored for the duration of your newsletter subscription. After you have unsubscribed, we will only store the data in anonymous form for mere statistical purposes.

c) When you contact us by email

When you contact us by email, we will store the data you have disclosed to us (your email address, possibly your name and telephone number) for the purpose of processing your request and/or answering your questions.

The processing of data in the context of contacting us is based on your voluntary consent you have given according to Art. 6 subs. 1 sentence 1 a) GDPR.

We will delete the data collected in this context as soon as the storage is no longer necessary, for instance because your request has been settled, or we will restrict the processing in the case that there are statutory retention periods to be observed.

d) In the case of online applications

If you file an online application with us, we will process the personal data you have disclosed and transmitted to us (application data) including but not limited to your

• Surname, first name
• Address
• Telephone number
• Email address
• Application documents (application letter, curriculum vitae, certificates/references etc.)

for no purposes other than filling vacancies in our company. We do not use your application data for any other purposes.

This personal data is, as a rule, deleted automatically three months after termination of the application procedure if your application for the vacancy to be filled is unsuccessful. Only if deletion of this data is prevented by statutory provisions or storage of the data is necessary for the establishment, exercise or defence of legal claims or when you have explicitly consented to an extended storage of your data, the data will not be deleted after expiry of three months.

The legal basis for this data processing is Art. 6 subs. 1 sentence 1 a) and f) GDPR.

4. Disclosure/ transfer of data

We do not disclose or transfer your personal data to third parties for any purposes other than those listed below.

We only disclose or transfer your personal data to third parties when:

• you have given your explicit consent according to Art. 6 subs. 1 sentence 1 a) GDPR,
• the transfer is necessary for the establishment, exercise or defence of legal claims according to Art. 6 subs. 1 sentence 1 f) GDPR and there is no reason to assume that such interests are overridden by your interest in the non-disclosure of your data,
• we have to comply with a legal obligation to disclose or transfer the data according to Art. 6 subs. 1 sentence 1 c) GDPR, and
• this is permitted by law and necessary for the performance of contractual relationships with you according to Art. 6 subs. 1 sentence 1 b) GDPR.

5. Cookies

We use cookies on our website. These are small text files which are automatically generated by your browser and stored on your terminal (laptop, tablet, smart phone etc.) when you visit our website.

The cookie stores information which is generated in the context of the specific terminal used from time to time. However, this does not mean that we can immediately identify you.

On the one hand, the use of cookies helps to render the use of the services we offer more comfortable for you. For such purpose, we use so-called session cookies which enable us to see that you have already visited certain pages of our website before. These cookies are deleted automatically after you have left our website.

Moreover, also to optimize the user-friendliness of our website, we use temporary cookies which are stored on your terminal for a certain pre-defined period of time. When you visit our website again to make use of our services, we become automatically aware that you have visited our website before and which entries and settings you have made to spare you entering them once again.

Moreover, some third-party services which we have integrated in our website may use cookies, too. Please go to the websites of the appropriate providers to inform yourself about their respective modes of operation and the data processing associated therewith. The services which we use are listed in this Privacy Policy.

The data which is processed by means of cookies is necessary for the afore-mentioned purposes to safeguard our legitimate interests as well as those of third parties according to Art. 6 subs. 1 sentence 1 f) GDPR.

Most browsers accept cookies automatically. You may however set your browser to prevent the storage of cookies on your computer or such that an appropriate message is displayed every time a new cookie is set. Complete deactivation of cookies may however prevent you from using all features and functions of our website.

6. Google Analytics

This website uses the “Google Analytics“ service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). This service uses “cookies“. These cookies are stored on your computer such that Google is able to analyse how you use our website. The information generated by the cookies about how you use this website and your IP address are usually transferred to a server of Google Inc. in the USA and stored there.

However, if the IP anonymisation is activated on this website, Google will shorten your IP address within EU Member States or in any other country party to the Agreement on the European Economic Area prior to the transfer. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Google, acting upon the instruction of the operator of this website, will use the information to analyse how you use the website, to compile reports on the website activities and render to the website operator additional services that are related to the website use.

This website uses Google Analytics with the supplementary feature “anonymizeIp()“. This makes sure that only shortened IP addresses are processed further which prevents IP addresses from being allocated to specific persons.

As to the exceptional cases where personal data is transferred to the USA, Google has agreed to respect and comply with the EU-US Privacy Shield,

You can set your browser to refuse the storage of cookies on your terminal. However, in this case, you may be unable to use all functions and features of this website without restrictions if your browser does not permit cookies. You may also prevent the collection and transfer to Google of the data generated by the cookie regarding your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:

We use this tracking measure to ensure customized design and continuous optimisation of our website. Moreover, we use this tracking measure to prepare statistics regarding the use of our website and analyse the use of our website to optimise the services we offer to you. These interests are legitimate in terms of the afore-mentioned provision.

We implement this measure on the basis of Art. 6 subs. 1 sentence 1 f) GDPR.

7. Social media plug-ins

Based on Art. 6 subs. 1 sentence 1 f) GDPR, we use on our website plug-ins of the social network Facebook which is operated by Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (“Facebook”) to enable personalized use of our website and thereby improve the publicity of our company. For this, we use the “LIKE” button.

In this context, we use the so-called two-click solution. This means that, when you visit our website, as a rule, we do not immediately transfer any personal data to Facebook.

Please note:
You should absolutely use this approach because otherwise the data is automatically transferred to the social networks as soon as the visitor accesses the page of the website where the plug-in is embedded and, in this case, the website visitor is not given any discretion as regards the transfer of his/her data.

Only when you click the Facebook button, a direct connection is established to the servers of Facebook and data such as the IP address of your computer and the website you have visited will be transferred to Facebook. Thus, Facebook is informed that your browser has accessed the relevant page of our website, even if you do not have a Facebook account or are not logged in to Facebook at that moment. Your browser transfers this information (including your IP address) directly to a Facebook server in the USA where it is stored.

When you are logged in to Facebook, Facebook is able to directly allocate your visit to our website to your Facebook account. When you interact using the plug-ins, e.g. when you click the “LIKE” button, this information is also directly transferred to a Facebook server and stored there. In addition, this information is published on Facebook and shown to your Facebook friends.

Facebook may use this information for the purpose of advertising, market research and customized design of the Facebook pages. For such purpose, Facebook creates user, interest and relationship profiles, e.g. to analyse how you use our website with a view to the advertisements which are shown to you on Facebook, to inform other Facebook users about your activities on our website and to render further services which are related to the use of Facebook.

If you do not want Facebook to allocate the data collected via our website to your Facebook account, you must log out from Facebook before you visit our website.

For information on the purpose and scope of data collection and the further processing and use of the data by Facebook, on the rights to which you are entitled in this context and on the possible settings to protect your privacy, please go to the Privacy Policy of Facebook (

Facebook has agreed to respect and comply with the EU-US Privacy Shield,

8. Marketing tools (visitor action pixels)

Subject to your prior consent, we will use on our website “visitor action pixels” of the social networks Facebook (operated by Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA (“Facebook”)), Instagram (operated by: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”)) and Twitter (operated by: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94304, USA (“Twitter”)).

The pixels enable us to track actions of users after they have seen or clicked an advertisement of the social networks. This enables us to measure the efficiency of advertisements of the social networks for statistical and market research purposes. The so collected data is anonymous which means that we do not see any personal data of individual users. This data is however stored and processed by the social networks; we will inform of such storage and processing within the limits of our own knowledge.

Facebook, Instagram and Twitter can allocate this data to your social network account and they may also use the data for their own advertising purposes, according to their respective privacy policies. The privacy policy of Facebook is available for you at, that of Instagram at and that of Twitter at

Facebook and Twitter have agreed to respect and comply with the EU-US Privacy Shield,

You may allow the social networks and their partners to place advertisements on and outside the social networks. Moreover, a cookie may be stored on your computer for such purposes.

Only users who are older than 13 years may give this consent. If you are younger, please ask your parents or legal guardians for advice.

If you want to withdraw your consent, please click here.

Please note:

This tool may only be used with the consent of the website visitors. Thus, when the cookie information is shown which should appear as a banner when the visitor starts using the website, also the consent regarding the use of this tool should be obtained. The appropriate wording might be as follows:

„On our website, we use the visitor action pixel of Facebook, Instagram and Twitter for statistical purposes. As far as we know, this causes personal data including but not limited to your IP address to be transferred to these social networks. So, it is possible to measure by means of a cookie how our advertising measures are received in the social networks and how they can be improved. We would highly appreciate your consent to this approach. Information on the visitor action pixel, cookies and your right to withdraw your consent is available in our Privacy Policy.

I agree to the use of cookies and the visitor action pixel of Facebook, Instagram and Twitter:

Attention! It is important to ensure that the tool is only used after the website visitor has given his/her consent (e.g. when the website is reloaded)

9. Links to other websites

Our website may contain links to the websites of other providers. We cannot influence the nature and scope of data processing by such other providers and cannot verify either whether they comply with the applicable data protection regulations. This Privacy Policy only applies for the website operated by us. For further information about how your personal data is handled when you use the other websites, please go to the respective privacy policies of the relevant providers.

10. Your rights
a) Information/ access, rectification, erasure, restriction of processing, data portability, withdrawal of consent, complaint

You have the right:

• to request information under Art. 15 GDPR about your personal data which is processed by us. In particular, you may request information on the purposes of the processing, the categories of personal data processed, the categories of recipients to whom your data was or is disclosed, the intended duration of storage, your right to demand rectification, erasure, restriction of processing and your right to object to the processing, your right to lodge a complaint, the origin of the data in case it was not collected by us as well as information on the existence of automated decision-making processes including profiling and, where applicable, sound information regarding the pertinent details;
• to request from us without undue delay (“unverzüglich”) rectification of inaccurate data or completion of your personal data which we have stored, according to Art. 16 GDPR;
• to request from us according Art. 17 GDPR the erasure of your personal data we have stored unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
• to request the restriction of processing of your personal data according to Art. 18 GDPR where the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure of the personal data and we no longer need the personal data but you require the data for the establishment, exercise or defence of legal claims or you have objected to the processing according to Art. 21 GDPR;
• to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to request transmission of your data to another controller, according to Art. 20 GDPR;
• to withdraw at any time the consent you have granted to us according to Art. 7 subs. 3 GDPR by appropriate notice to be given to us. In this case, we are no longer allowed to continue the data processing which was based on this consent in the future and
• to lodge a complaint with a supervisory authority according to Art. 77 GDPR. As a rule, you can address the complaint to the supervisory authority at the place of your habitual residence or your place of work or the place of our establishment.

b) Right to object

When your personal data is processed based on legitimate interests under Art. 6 subs. 1 sentence 1 f) GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR if this is done on grounds relating to your particular situation or if you object to the processing of your data for direct marketing purposes. In the latter case, you have the right to generally object to the processing which we will respect with no need to state a particular situation.

If you want to exercise your right to object, it is sufficient to send an email to:

11. Data security

We use appropriate technical and organisational security measures to protect your data against accidental or wilful manipulation, total or partial loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in conformity with the technological progress.

12. Up-to-dateness of, and changes to, this Privacy Policy

This Privacy Policy is currently valid and is prepared as of July 2018.
It may be required, due to the further development of our website and the services offered there or due to changes of the statutory or regulatory requirements, to adjust this Privacy Policy.