Privacy Policy
Information on the processing of personal data when visiting and using this website pursuant to Articles 13 and 14 GDPR.
1. Overview and scope
(1) This privacy policy informs you about how Datargo GmbH (hereinafter “Datargo”, “we” or “us”) processes personal data arising from the visit to and use of this website as well as the functions directly connected with it (such as making contact and live chat). It is addressed to all persons whose data is processed in this context (hereinafter “data subjects” or “you”).
(2) Personal data means any information relating to an identified or identifiable natural person (Art. 4 No. 1 GDPR). The relevant legal bases are in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG).
(3) This privacy policy concerns exclusively the processing in connection with visiting the website. Separate provisions apply to the processing of personal data that you, as a business customer or its staff, enter into the platform within the scope of the contractual use of the Datargo Business Operations Platform (Datargo Monitor, Datargo CRM, Datargo ID, Datargo ERP, NextPKI and Datargo One). For such purposes, Datargo generally processes personal data as a processor on the basis of the data processing agreement (DPA) ; see Section 13 in this regard.
2. Controller
(1) The controller within the meaning of Art. 4 No. 7 GDPR for the processing operations described in this policy is:
Datargo GmbH Omniturm, Neue Mainzer Straße 52-58, 60311 Frankfurt am Main Germany
Represented by its management.
Email: hello@datargo.com Data protection enquiries: hello@datargo.com
For further mandatory information (commercial register, VAT identification number, authorised representatives) please refer to the legal notice (Impressum) .
(2) This privacy policy concerns the website operated under the contact details set out above. For linked third-party offerings, the respective bodies named there are responsible (see Section 11).
3. Data protection officer
We have not appointed a data protection officer, as there is no statutory obligation to do so under Section 38 BDSG. Please direct any enquiries and concerns regarding data protection to privacy@datargo.com .
4. Principles of our data processing
(1) Processing in the EU. The personal data processed in connection with the visit to and use of this website is processed exclusively within the European Union; this website is hosted in Frankfurt am Main. An exception applies to payment processing in connection with the chargeable use of our services (see paragraph 3).
(2) No third-country transfer. A transfer of personal data to a third country (a state outside the EU or the EEA) or to an international organisation does not take place in connection with the visit to the website. Should such a transfer become necessary in the future, it will only take place under the conditions of Art. 44 et seq. GDPR (for example an adequacy decision or appropriate safeguards) and will be disclosed in this policy.
(3) Payment processing and data transfer to third countries. The infrastructure used to operate this website and the service providers deployed in this context are established in the European Union and are not subject to any obligation to surrender data under the US CLOUD Act. For the processing of payments in connection with the chargeable use of our services, we use the payment service provider Stripe (Stripe, LLC, USA); in this respect, Datargo GmbH acts as an independent controller. The associated transfer of personal data (in particular payment and invoicing data) to the USA is safeguarded by the EU-US Data Privacy Framework (adequacy decision of the European Commission pursuant to Art. 45 GDPR); in addition, Standard Contractual Clauses pursuant to Implementing Decision (EU) 2021/914 are in place. Stripe, LLC is certified under the EU-US Data Privacy Framework. The legal basis for payment processing is Art. 6 (1) lit. b GDPR (performance of the contract).
(4) Data minimisation and purpose limitation. We collect and process personal data only insofar as this is necessary to achieve the respective purpose, and we delete it as soon as the purpose ceases to apply and no statutory retention obligations preclude deletion (see Section 9).
(5) Data security. We take appropriate technical and organisational measures pursuant to Art. 32 GDPR to protect the data processed by us against loss, manipulation and unauthorised access. This website is delivered via an encrypted connection (TLS); you can recognise an existing encryption by the address bar of your browser. Our security measures are continuously adapted in line with technical developments.
5. Processing when visiting the website (server logs and hosting)
(1) Description and data categories. When this website is accessed, your end device automatically transmits data to the server for technical reasons, which is temporarily stored in a log file (server log file). The following is recorded in particular:
| Data category | Example |
|---|---|
| IP address of the requesting end device | (shortened or anonymised, insofar as sufficient for the purpose) |
| Date and time of access | timestamp of the request |
| Accessed resource | URL, file name, volume of data transferred |
| Status message | HTTP status code (e.g. success or error) |
| Referrer | previously visited page, if transmitted |
| Browser and system information | browser type, version, operating system |
(2) Purpose. The processing serves the technical delivery of the website, ensuring stable and secure operation, detecting and averting attacks and misuse, and investigating and tracing security incidents.
(3) Legal basis. Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the secure, stable and functional provision of this website.
(4) Recipients / processors. A hosting service provider is engaged with operating the infrastructure as a processor pursuant to Art. 28 GDPR within the EU (Frankfurt am Main). You can find an overview under Sub-processors .
(5) Storage period. The log data is stored for a period of a maximum of 7 days, in justified security cases up to 90 days, and is subsequently deleted. Individual records are stored for a longer period only insofar as this is necessary to investigate a specific security incident; in this case, the affected data is exempt from the regular deletion until the matter has been conclusively clarified.
(6) This data is not combined with other data sources for the purpose of identifying individual persons.
6. Making contact (form and email)
(1) Description. If you contact us via a contact form, by email or via the “Arrange a conversation” function, we process the information you transmit in order to handle and respond to your enquiry and for any follow-up questions.
(2) Data categories. We process in particular your name, your contact details (e.g. email address, telephone number, company), the content of your message and any further information you provide voluntarily. Mandatory information is marked as such; without it we may not be able to process your enquiry, or not in full.
(3) Purpose and legal basis.
| Constellation | Legal basis |
|---|---|
| Enquiry aimed at initiating or performing a contract (e.g. pilot, offer, demo) | Art. 6 (1) lit. b GDPR (pre-contractual measures) |
| General enquiry without direct contractual relation | Art. 6 (1) lit. f GDPR (legitimate interest in handling enquiries) |
(4) Recipients / processors. As a rule, data is only passed on to the internally responsible bodies for processing. Insofar as an email or CRM service provider is engaged as a processor, this takes place exclusively within the EU (see Sub-processors ).
(5) Storage period. We store your information until your enquiry has been conclusively processed and there is no longer any reason for further retention. You may object to further storage or request deletion at any time, insofar as no statutory retention obligations preclude this. Enquiries of relevance under commercial or tax law are stored within the scope of the statutory retention periods (see Section 9).
7. Live chat and support
(1) Description. We optionally offer a live chat for convenience and support enquiries. This is a service of Datargo GmbH itself (not a third-party provider), operated under crm.datargo.com exclusively within the European Union (Frankfurt am Main).
(2) Consent and activation. The live chat is only loaded and activated after you have given your consent via the cookie or consent banner. Before consent is given, no personal data is transmitted to the chat service in this context.
(3) Data categories. We process the information you provide in the chat (name, contact details and message contents, insofar as provided by you) as well as technical connection data required to provide the function.
(4) Purpose and legal basis. The purpose is direct communication, responding to your enquiries and providing assistance within the scope of support and sales. The legal basis is Art. 6 (1) lit. b GDPR (insofar as the enquiry serves the initiation or performance of a contract) and Art. 6 (1) lit. f GDPR (legitimate interest in efficient communication). The loading of the chat service onto your end device takes place on the basis of your consent pursuant to Section 25 (1) TDDDG and Art. 6 (1) lit. a GDPR.
(5) Recipients and third-country transfer. The chat contents are not transmitted to third parties or to third countries. The service is operated exclusively by Datargo within the EU.
(6) Storage period. The chat histories are stored for as long as this is necessary to handle your concern and for any follow-up questions, but at most 90 days after the conversation has ended, unless contractual or statutory retention obligations require longer storage.
8. Cookies and local storage
(1) Use. We use cookies and comparable technologies (such as local storage in the browser, “Local Storage”). Cookies are small text files that are stored on your end device. We use exclusively technically necessary cookies as well as those functions that you have previously enabled by giving consent.
(2) Categories.
| Category | Purpose | Legal basis storage/reading | Legal basis processing |
|---|---|---|---|
| Technically necessary | operation of the website, storage of your cookie decision, security | Section 25 (2) No. 2 TDDDG (no consent required) | Art. 6 (1) lit. f GDPR |
| Consent-based (e.g. live chat) | optional convenience and support functions | Section 25 (1) TDDDG (consent) | Art. 6 (1) lit. a GDPR |
(3) No tracking or marketing cookies without consent. No cookies or comparable technologies are set for analysis, tracking or advertising purposes without your prior consent.
(4) Withdrawal and management of your consent. You may withdraw or adjust your consent at any time with effect for the future. To do so, use the “Cookie settings” button in the footer. The lawfulness of the processing carried out up to the withdrawal remains unaffected. In addition, you can prevent the storage of cookies in the settings of your browser or delete cookies already stored; the full functionality of the website may be limited as a result.
(5) Storage period. The storage period depends on the respective cookie. Session cookies are deleted when the browser is closed; your cookie decision is stored for 6 months so that your choice can be taken into account on a subsequent visit.
9. Storage period and deletion (general)
(1) Unless an express storage period is stated in this privacy policy, personal data is deleted as soon as the purpose of its processing ceases to apply and no statutory retention obligations preclude deletion.
(2) Statutory retention obligations arise in particular from the German Commercial Code (Section 257 HGB) and the German Fiscal Code (Section 147 AO) and amount to up to ten years depending on the type of document. During the running of such periods, the processing of the affected data is restricted.
10. Newsletter
(1) You can subscribe to the newsletter on the website and in the course of registering for our services. Subscription is voluntary and independent of the use of the services; no disadvantages arise from not consenting to the newsletter (no tying).
(2) Dispatch takes place using the double opt-in procedure: after registration you receive a confirmation email with a confirmation link; only once you click this link is the consent effective and your address added to the distribution list. Without confirmation, the registration is not activated and is deleted after a reasonable period.
(3) The legal basis is your consent (Art. 6 (1) lit. a GDPR, Section 7 (2) UWG). We process your email address as well as the time and proof of consent; the proof data is stored for as long as this is necessary for the purpose of proof.
(4) Dispatch takes place via the own infrastructure of Datargo GmbH (own mail system, own autonomous system, within the EU); dispatch via third-party service providers outside the EU does not take place.
(5) You may unsubscribe from the newsletter at any time and withdraw your consent with effect for the future, via the unsubscribe link in every newsletter email or by message to privacy@datargo.com .
11. External links
This website may contain links to external third-party websites. We have no influence over their content and data processing; the respective provider there is responsible for these. The data protection notices of the respective linked website apply.
12. Your rights as a data subject
You have the following rights vis-a-vis Datargo with regard to the personal data concerning you:
(1) Right of access (Art. 15 GDPR). You have the right to obtain confirmation as to whether we process data concerning you, as well as to obtain information about this data and the information referred to in Art. 15 GDPR (such as purposes, categories, recipients, storage period) and a copy of the data.
(2) Rectification (Art. 16 GDPR). You have the right to request the rectification of inaccurate data as well as the completion of incomplete data concerning you.
(3) Erasure (Art. 17 GDPR). You have the right to request the erasure of data concerning you, provided that one of the grounds referred to in Art. 17 GDPR applies and no statutory retention obligations preclude it.
(4) Restriction of processing (Art. 18 GDPR). You have the right, under the conditions of Art. 18 GDPR, to request the restriction of the processing of data concerning you.
(5) Data portability (Art. 20 GDPR). Insofar as the processing is based on consent or contract and is carried out by automated means, you have the right to receive the data concerning you in a structured, commonly used and machine-readable format or to request its transmission to another controller, where technically feasible.
(6) Objection (Art. 21 GDPR). You have the right, on grounds relating to your particular situation, to object at any time to processing of data concerning you that is based on Art. 6 (1) lit. f GDPR. We will then no longer process the data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
(7) Withdrawal of consent given (Art. 7 (3) GDPR). You have the right to withdraw a consent given at any time with effect for the future. The lawfulness of the processing carried out up to the withdrawal remains unaffected.
(8) Exercising your rights. To exercise your rights, an informal notice to the contact details named under Section 2 (or Section 3) is sufficient. The exercise of your rights is, as a rule, free of charge for you.
13. Note on platform use (processing on behalf and sub-processors)
(1) Insofar as Datargo processes personal data within the scope of the contractual provision of the Datargo Business Operations Platform on behalf of and on the instructions of a business customer, the respective business customer is the controller and Datargo is the processor within the meaning of Art. 28 GDPR. The details are governed by the data processing agreement (DPA) .
(2) An overview of the processors engaged as well as further compliance information can be found under Sub-processors and in the Trust Center .
14. Obligation to provide data
The provision of personal data is not required by law or contract in the context of merely visiting the website. When making contact and using the live chat, however, the provision of the information marked as required in each case is necessary in order to process your enquiry or to initiate a contract. Without this information, we may not be able to provide the relevant service.
15. No automated decision-making
Automated decision-making in individual cases, including profiling within the meaning of Art. 22 (1) and (4) GDPR, does not take place in the context of visiting the website.
16. Right to lodge a complaint with a supervisory authority
(1) Without prejudice to any other administrative or judicial remedy, you have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged infringement, if you consider that the processing of data concerning you infringes the GDPR.
(2) The supervisory authority responsible for Datargo is:
The Hesse Commissioner for Data Protection and Freedom of Information (Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, HBDI) Postal address: Postfach 31 63, 65021 Wiesbaden Street address: Gustav-Stresemann-Ring 1, 65189 Wiesbaden Telephone: +49 611 1408-0 Email: poststelle@datenschutz.hessen.de Website: datenschutz.hessen.de
Datargo GmbH is established in Hesse (registering court: Friedberg Local Court / Amtsgericht Friedberg); the competent supervisory authority is therefore the aforementioned Hesse Commissioner for Data Protection and Freedom of Information.
17. Changes to this privacy policy
We adapt this privacy policy as soon as changes to the data processing operations we carry out or to the legal framework make this necessary. The current version published on this website applies in each case.
Last updated: June 2026.
Authoritative language version
This document is provided in German, English and French. The English and French versions are translations provided solely for convenience. The German version is authoritative and solely binding in the event of any dispute or any difference of interpretation or translation.