Skip to main content

Privacy statement

Protecting your data when you visit our website is very important to us. In the following, we will inform you which data is collected during your visit and how it is used. You will also receive information on what rights you have with regard to the use of your data. Our website is equipped with SSL/TLS encryption for security reasons. You can recognize this by the small lock icon at the top left of the address bar of your browser. This encryption prevents data that you submit to us from being read by third parties. Our security measures are also constantly being improved in line with technological developments.

1. Responsible person in terms of data protection law
The controller in accordance with Article 4 (7) of the EU General Data Protection Regulation (GDPR) is us, who:
Curia Consulting GmbH
Zollhof 6
40221 Dusseldorf
email: info@curiaconsulting.de
Managing Directors: Javid Safaei Ashtiani and Shahram Safaei Ashtiani


2. What is personal data?
Personal data is information that can be attributed to your person. This includes, for example, information such as name, address, e-mail address and telephone number.


3. Data collection when you visit our website
(1) When using the website for informational purposes only, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 (1) (f) GDPR):
IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software.

The data listed above is stored for a maximum of 7 days for security reasons (e.g. to investigate abusive or fraudulent acts) and then deleted. For the purpose of providing our website securely and efficiently, we use the services of a web hosting provider, from whose server the website can be retrieved. For this purpose, certain data, in particular the data mentioned above, is received by our hosting provider. The legal basis for this is Art. 6 (1) (f) GDPR.

(2) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot run programs or transfer viruses to your computer. They serve to make the website more user-friendly and effective overall.

(3) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below: Transient cookies (see b) Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. In particular, this includes session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the joint session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete cookies at any time in your browser's security settings.
d) Cookies that are not necessarily technically necessary for the operation of our website (such as those related to external media or statistics) are only used with your consent (which can be withdrawn at any time) when using the website. The legal basis in this respect is Art. 6 (1) (a) GDPR. Without your consent, only cookies are used that are absolutely technically necessary for the operation of our website (essential cookies). The legal basis in this case is Art. 6 (1) (f) GDPR. e) You can withdraw your consent, including by making the appropriate browser settings, for example by refusing to accept third-party cookies or all cookies. We would like to point out that in this case you may not be able to use all functions of this website. In addition, regarding the withdrawal of your consent, we refer to section 12 of this privacy policy.

Bitte aktivieren Sie Javascript, um die Liste aller deklarierten Cookies und ähnlicher Techniken zu sehen.

4. Data processing by Webflow
We host our website with Webflow. The provider is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA (hereinafter: Webflow). When you visit our website, Webflow collects various log files, including your IP addresses.

Webflow is a tool for building and hosting websites. Webflow stores cookies or other recognition technologies that are necessary to display the page, to provide certain website functions and to ensure security (necessary cookies).
For details, see Webflow's privacy policy: EU & Swiss Privacy Policy | Webflow 117.

Webflow is used on the basis of Art. 6 para. 1 lit. f DSGVO. We have a legitimate interest in presenting our website as reliably as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: EU & Swiss Privacy Policy | Webflow 117.

Order processing
We have concluded an order processing contract (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


5. Data processing in the context of applications
(1) If you apply to us (e.g. by email), we process your applicant data to fulfill our (pre) contractual obligations as part of the application process. The legal basis is Article 6 (1) lit. b. and f. GDPR and Section 26 BDSG.

(2) Insofar as you voluntarily provide us with special categories of personal data within the meaning of Article 9 (1) GDPR (such as status of severely disabled persons or ethnic origin) as part of the application process, they are processed on the basis of Article 9 (2) (b) GDPR.

(3) In the event of a successful application, we may further process your applicant data for the purposes of the employment relationship. Otherwise, if your application is not successful, we will delete your applicant data. The deletion takes place after a period of six months (starting with receipt of the rejection by you) so that we can answer any follow-up questions about the application and meet our reporting requirements under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax requirements.


6. Data collection when contacting us by email
(1) If you send us other inquiries by email, the data you provide (usually at least your name and email address) will be stored by us to answer your questions. If you want to work towards the conclusion of a contract through your message, the legal basis is Art. 6 para. 1 lit. b DSGVO. In addition, the legal basis for processing the data you have provided is Art. 6 para. 1 lit. f DSGVO.

(2) We delete the data arising in this context after storage is no longer necessary, or restrict processing if there are legal storage obligations.


7. Analysis tools and advertising
1. Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out any independent analyses. It is only used to manage and play out the tools integrated via it. However, Google Tag Manager collects your IP address, which can also be transferred to Google's parent company in the United States.

Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in quickly and easily integrating and managing various tools on his website. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

2. Google Analytics
This website uses features of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. Here, the website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the user's respective device. There is no assignment to a user ID.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in data analysis. Google Analytics uses technologies that enable the user to be recognized for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there. The use of this service is based on your consent in accordance with Article 6 (1) (a) GDPR and Section 25 (1) TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

3. Google conversion tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognize whether the user has carried out certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to generate conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information that allows us to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be withdrawn at any time.

You can find more information about Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=de.

Order processing
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

4. Meta-Pixel (formerly Facebook Pixel)
This website uses Facebook/Meta visitor action pixels to measure conversion. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the collected data is also transferred to the USA and other third countries.

In this way, the behavior of site visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. As a result, the effectiveness of Facebook ads can be evaluated for statistical and market research purposes and future advertising measures can be optimized.

The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook uses the data for its own advertising purposes, in accordance with the Facebook Data Usage Policy (https://de-de.facebook.com/about/privacy/) can use. This allows Facebook to place advertisements on Facebook pages and outside of Facebook. As the site operator, we cannot influence this use of data.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be withdrawn at any time.

Insofar as personal data is collected on our website using the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The processing carried out by Facebook after the transfer is not part of the joint responsibility. Our joint obligations have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for implementing the tool on our website in a manner that is secure under data protection law. Facebook is responsible for the data security of Facebook products. You can assert data subject rights (e.g. requests for information) with regard to the data processed by Facebook directly. If you assert the rights of data subjects with us, we are obliged to forward them to Facebook.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

In Facebook's privacy policy, you can find further information on how to protect your privacy: https://de-de.facebook.com/about/privacy/.

You can also use the “Custom Audiences” remarketing feature in the Ads Settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen deactivate. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.


Facebook Custom Audiences
We use Facebook Custom Audiences. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

When you visit or use our websites and apps, make use of our free or paid offers, submit data to us or interact with our company's Facebook content, we collect your personal data. If you give us consent to use Facebook Custom Audiences, we will transfer this data to Facebook, which Facebook can use to display suitable advertising to you. In addition, target groups can be defined with your data (lookalike audiences). Facebook processes this data as our order processor. Details can be found in the Facebook user agreement: https://www.facebook.com/legal/terms/customaudience.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be withdrawn at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/terms/customaudience and https://www.facebook.com/legal/terms/dataprocessing.


8th tools
1. Calendly
You can make appointments with us on our website. We use the “Calendly” tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter “Calendly”).

For the purpose of booking an appointment, enter the requested data and the desired date in the form provided for this purpose. The data entered is used for planning, carrying out and, if necessary, following up on the appointment. The appointment data is stored for us on Calendly's servers, whose privacy policy can be viewed here: https://calendly.com/de/pages/privacy.

The data you have entered will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies. Mandatory legal provisions — in particular retention periods — remain unaffected.

The legal basis for data processing is Article 6 (1) (f) GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.

Order processing
We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

2nd Zapier
We have integrated Zapier on this website. The provider is Zapier Inc., Market St. #62411, San Francisco, CA 94104-5401, USA (hereinafter Zapier).

Zapier allows us to connect various functionalities, databases and tools to our website and synchronize them with each other. In this way, it is possible, for example, to automatically display content that we publish on our website on our social media channels or export content from marketing and analysis tools. Depending on the functionality, Zapier can also collect various personal data.

Zapier is used on the basis of Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in integrating the tools used as effectively as possible. If a corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be withdrawn at any time.

Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://zapier.com/tos.

Order processing
We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


9. Audio and video conferences
data processing
Among other things, we use online conference tools to communicate with our customers. The tools we use in detail are listed below. When you communicate with us via video or audio conference via the Internet, your personal data is collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use to use the tools (email address and/or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” related to the communication process (metadata).

In addition, the provider of the tool processes all technical data required to process online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails uploaded photos and videos, files, whiteboards, and other information shared while using the service.

Please note that we do not have full influence on the data processing processes of the tools used. Our options are largely based on the corporate policy of the respective provider. For further information on data processing by the conference tools, please refer to the privacy statements of the tools used in each case, which we have listed below this text.

Purpose and legal basis
The conference tools are used to communicate with prospective or existing contract partners or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and speed up communication with us or our company (legitimate interest within the meaning of Article 6 (1) (f) GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; consent can be withdrawn at any time with effect for the future.

Storage period
The data collected directly by us via the video and conference tools is deleted from our systems as soon as you request us to delete it, revoke your consent to store it, or the purpose for data storage ceases to apply. Saved cookies remain on your device until you delete them. Mandatory legal storage periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference tools used
We're using Zoom. The provider is Zoom Video Communications, Inc. Details on data processing can be found in Zoom's privacy policy: https://explore.zoom.us/de/privacy/.

Order processing
We have concluded an order processing contract (AVV) for the use of the above service. This is a contract required by data protection law, which ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.


10. Your rights
You have the following rights vis-à-vis us with regard to personal data concerning you: to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of their data, unless they have been collected by us, as well as the existence of automated decision-making, including profiling and, if applicable, meaningful information about request their details; in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completion of your personal data stored by us; to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless processing is necessary to exercise the right of freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; in accordance with Article 18 GDPR to restrict the processing of your personal data insofar as the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection to processing in accordance with Article 21 GDPR; in accordance with Article 20 GDPR, your personal data that you have provided to us in a structured, standard and machine-readable to obtain the format or to request transmission to another person responsible; in accordance with Article 7 (3) GDPR, to withdraw your consent to us at any time. As a result, we are no longer allowed to continue data processing based on this consent in the future and, in accordance with Article 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data by us.

11. Objection or revocation against the processing of your data
(1) If you have given your consent to process your data, you can withdraw this consent at any time. Such a revocation affects the lawfulness of processing your personal data after you have submitted it to us. (2) Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if processing is in particular not necessary to fulfill a contract with you, which is described by us in each case in the following description of the functions. If you exercise such an objection, please explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the facts and will either stop or adjust the data processing or show you our compelling legitimate reasons on the basis of which we will continue processing. (3) You can explain your objection or revocation using the contact details listed in section 1.

12. Changes to the privacy policy
As a result of the development of our website or due to changes in legal or regulatory requirements, it may be necessary to change this privacy policy. You can access the latest privacy policy on our website at any time.