Data Protection

Pri­va­cy poli­cy


  1. Gene­ral

The ope­ra­tor of this web­site, Ret­res­co GmbH, takes the pro­tec­tion of your per­so­nal data very serious­ly. When pro­ces­sing your data, we com­ply with app­li­ca­ble legis­la­ti­on rela­ting to pro­tec­tion of per­so­nal data, in par­ti­cu­lar the EU Gene­ral Data Pro­tec­tion Regu­la­ti­on (GDPR) and rele­vant natio­nal imple­men­ting legis­la­ti­on. This pri­va­cy state­ment con­ta­ins detail­ed infor­ma­ti­on about how Ret­res­co GmbH pro­ces­ses your per­so­nal data and about your rights.

Per­so­nal data is any infor­ma­ti­on that can be used to iden­ti­fy a natu­ral per­son. It inclu­des in par­ti­cu­lar a person’s name, data of birth, address, tele­pho­ne num­ber and email address, as well as their IP address.

Anony­mous data is data that can­not be used to iden­ti­fy a user.

1.1 Data con­trol­ler and data pro­tec­tion offi­cer

Ret­res­co GmbH
Grün­ber­ger Stra­ße 44a
10245 Ber­lin

Tel. +49 (0)30 60 98 39 600
Fax +49 (0)30 60 98 39 608

Email: kontakt[at]

Data pro­tec­tion offi­cer con­tact address: datenschutz[at]

1.2 Your rights as data sub­ject

First of all, here is some infor­ma­ti­on about your rights as a data sub­ject. The­se rights are esta­blished in Arti­cles 15–22 of the GDPR. They com­pri­se:

  • the right of access (Arti­cle 15 GDPR),
  • the right to era­su­re (Arti­cle 17 GDPR),
  • the right to rec­tifi­ca­ti­on (Arti­cle 16 GDPR),
  • the right to data por­ta­bi­li­ty (Arti­cle 20 GDPR),
  • the right to restric­tion of data pro­ces­sing (Arti­cle 18 GDPR),
  • the right to object to data pro­ces­sing (Arti­cle 21 GDPR).

If you wish to exer­cise any of the­se rights, plea­se con­tact us at datenschutz[at] You can also use this address if you have any ques­ti­ons about how we pro­cess data. You also have the right to lodge a com­p­laint with a data pro­tec­tion super­vi­so­ry aut­ho­ri­ty.

1.3 Rights to object

Plea­se note the fol­lo­wing in con­nec­tion with your rights to object:

If we pro­cess your per­so­nal data for direct mar­ke­ting pur­po­ses, you have the right to object to this data pro­ces­sing at any time without sta­ting grounds. This also app­lies to any pro­filing that we car­ry out to the extent that this pro­filing is rela­ted to direct mar­ke­ting.

If you object to pro­ces­sing for direct mar­ke­ting pur­po­ses, we will no lon­ger pro­cess your per­so­nal data for tho­se pur­po­ses. It costs not­hing to make an objec­tion, and the­re are no for­mal requi­re­ments for your noti­ce, which you should pre­fer­a­b­ly send to: insert con­tact details.

If we pro­cess your data in order to pur­sue our legi­ti­ma­te inte­rests, you can object to this pro­ces­sing at any time on grounds rela­ting to your par­ti­cu­lar situa­ti­on; this also app­lies to any pro­filing based on the­se pro­vi­si­ons.

If you do so, we will no lon­ger pro­cess your per­so­nal data unless we demons­tra­te com­pel­ling legi­ti­ma­te grounds for the pro­ces­sing which over­ri­de your inte­rests, rights and free­doms or for the esta­blish­ment, exer­cise or defence of legal claims.

1.4 Pur­po­ses of and law­ful bases for the data pro­ces­sing

Your per­so­nal data is pro­ces­sed in com­pli­an­ce with the pro­vi­si­ons of the GDPR and all other data pro­tec­tion legis­la­ti­on. The law­ful bases for data pro­ces­sing are defi­ned in par­ti­cu­lar in Arti­cle 6 of the GDPR.

We use your data for busi­ness deve­lop­ment pur­po­ses, to ful­fil con­trac­tu­al and sta­tu­to­ry obli­ga­ti­ons, to per­form our con­tract with you, to offer pro­ducts and ser­vices and to streng­t­hen the custo­mer rela­ti­ons­hip, which may also invol­ve ana­ly­sis of data for mar­ke­ting and direct mar­ke­ting pur­po­ses. A law, a con­tract or a legi­ti­ma­te inte­rest may pro­vi­de a law­ful basis for use of your data.

Use of your data may also be based on your con­sent. When obtai­ning your con­sent we will sta­te the pur­po­ses of the data pro­ces­sing and inform you of your right to with­draw your con­sent. If the con­sent con­cerns the pro­ces­sing of spe­cial cate­go­ries of per­so­nal data, we will sta­te this expli­cit­ly when obtai­ning your con­sent (Arti­cle 88(1) GDPR).

Pro­ces­sing of spe­cial cate­go­ries of per­so­nal data wit­hin the mea­ning of Arti­cle 9(1) GDPR will be car­ri­ed out only if requi­red due to pro­vi­si­ons of law and the­re is no rea­son to belie­ve that you have an over­ri­ding legi­ti­ma­te inte­rest in not having the data pro­ces­sed (Arti­cle 88(1) GDPR).

1.5 Dis­clo­sure of data to third par­ties

We will dis­c­lo­se your data to third par­ties only wit­hin the limits of the sta­tu­to­ry pro­vi­si­ons or if you have given your con­sent to such dis­clo­sure. Other­wi­se, we will not dis­c­lo­se your data to third par­ties unless we are requi­red to do so by man­da­to­ry pro­vi­si­ons of law (dis­clo­sure to exter­nal bodies such as the super­vi­so­ry aut­ho­ri­ties or the law enforce­ment aut­ho­ri­ties).

1.6 Reci­pi­ents of the data/categories of reci­pi­ents

Wit­hin the com­pa­ny, we ensu­re that your data is recei­ved only by indi­vi­du­als who need it for per­for­mance of our con­trac­tu­al and sta­tu­to­ry obli­ga­ti­ons.

In many cases, exter­nal ser­vice pro­vi­ders sup­port our teams in their work. We have ent­e­red into the necessa­ry data pro­tec­tion agree­ments with all ser­vice pro­vi­ders. We use ser­vices by soft­ware and com­mu­ni­ca­ti­ons pro­vi­ders for e.g. tech­ni­cal infra­st­ruc­tu­re pro­vi­si­on.

1.7 Trans­fer to third countries/intention to trans­fer to third coun­tries

Data is trans­fer­red to third coun­tries (out­side the Euro­pean Uni­on or the Euro­pean Eco­no­mic Area) only if necessa­ry for the per­for­mance of our con­tract with you, whe­re requi­red by law, or if you have given your con­sent. This rela­tes sole­ly to the use of Goog­le Ana­ly­tics.

We trans­fer your per­so­nal data to a ser­vice pro­vi­der or group com­pa­nies out­side the Euro­pean Eco­no­mic Area. In the case of Goog­le Ana­ly­tics (USA), an ade­qua­te level of data pro­tec­tion is ensu­red by par­ti­ci­pa­ti­on in the Pri­va­cy Shield Frame­work (Arti­cle 45(1) GDPR).

1.8 How long we store your data for

We will store your data for as long as necessa­ry for the pur­po­se of the pro­ces­sing con­cer­ned. Plea­se note that we are sub­ject to nume­rous reten­ti­on peri­ods that requi­re us to con­ti­nue to hold your data. The­se inclu­de in par­ti­cu­lar reten­ti­on requi­re­ments under com­mer­ci­al and tax law (such as the Ger­man Com­mer­ci­al Code (Han­dels­ge­setz­buch) and Tax Code (Abga­ben­ord­nung), etc.). Unless any addi­tio­nal reten­ti­on requi­re­ments app­ly, your data will be rou­ti­nely era­sed once the pur­po­se for which it was stored has been achie­ved.

We can also retain your data if you have aut­ho­ri­sed us to do so or in the event of legal dis­pu­tes if we use evi­dence wit­hin the sta­tu­to­ry limi­ta­ti­on peri­ods, which may be up to thir­ty years; the stan­dard limi­ta­ti­on peri­od is three years.

1.9 Secu­re trans­fer of your data

We employ appro­pria­te tech­ni­cal and orga­ni­sa­tio­nal mea­su­res to pro­tect the data we store as ful­ly as pos­si­ble against acci­den­tal or inten­tio­nal mani­pu­la­ti­on, loss or dest­ruc­tion and against unaut­ho­ri­sed access. The levels of secu­ri­ty pro­vi­ded are review­ed and adap­ted in line with new secu­ri­ty stan­dards on an ongo­ing basis in col­la­bo­ra­ti­on with secu­ri­ty experts.

Data sent to and from our web­site is encryp­ted. We offer the HTTPS trans­fer pro­to­col on our web­site and use cur­rent encryp­ti­on pro­to­cols. Alter­na­ti­ve chan­nels of com­mu­ni­ca­ti­on (such as post) can also be used.

1.10 Obli­ga­ti­on to pro­vi­de data

Various types of per­so­nal data are requi­red for the pur­po­se of con­clu­ding, per­for­ming or ter­mi­na­ting con­tracts and for com­pli­an­ce with the asso­cia­ted con­trac­tu­al and sta­tu­to­ry obli­ga­ti­ons. This also app­lies to the use of our web­site and the various func­tions that it pro­vi­des.

Details of the­se are sum­ma­ri­sed in the pre­vious para­graph. In cer­tain cases data, must also be collec­ted or pro­vi­ded due to sta­tu­to­ry pro­vi­si­ons. Plea­se note that we will not be able to respond to your inqui­ry or per­form the under­ly­ing con­tract if the­se data are not pro­vi­ded.


  1. Cate­go­ries, sources and ori­gin of data

Which data we pro­cess is deter­mi­ned by the con­text and will depend on whe­ther you have for examp­le pla­ced an order online, sub­mit­ted a que­ry using our con­tact form, sent us a job app­li­ca­ti­on, or made a com­p­laint.

Plea­se note that we may pro­vi­de infor­ma­ti­on rela­ting to spe­ci­fic pro­ces­sing situa­ti­ons sepa­r­a­te­ly in a sui­ta­ble loca­ti­on, e.g. when you upload job app­li­ca­ti­on docu­ments or ask us to con­tact you.

We collect and pro­cess the fol­lo­wing data when you visit our web­site:

  • name of your inter­net ser­vice pro­vi­der
  • details of the web­site from which you acces­sed our web­site
  • web brow­ser and ope­ra­ting sys­tem used
  • the IP address allo­ca­ted by your inter­net ser­vice pro­vi­der
  • files requested, volu­me of data trans­fer­red, downloads/file exports
  • details of which pages on our web­site you visit, inclu­ding the date and time of access

For tech­ni­cal secu­ri­ty rea­sons (in par­ti­cu­lar to avert attemp­ted attacks on our web ser­ver) the­se data are stored pur­suant to Arti­cle 6(1)(f) GDPR. After seven days at the latest, the IP address will be anony­mi­sed in such way that the indi­vi­du­al user can­not be iden­ti­fied.


  1. Con­tact form/email con­tact (Arti­cle 6(1)(a) and (b) GDPR)

Our web­site con­ta­ins a con­tact form which you can use to get in touch with us elec­tro­ni­cal­ly. If you wri­te to us using the con­tact form, we will pro­cess the data you pro­vi­de in the form to respond to your ques­ti­ons or requests.

We prac­tice data mini­mi­sa­ti­on and data avo­id­ance, and so requi­re you to pro­vi­de only the data that we need to con­tact you. For tech­ni­cal rea­sons and for rea­sons of legal pro­tec­tion, your IP address will also be pro­ces­sed. Some of the fiel­ds are optio­nal and you can pro­vi­de this infor­ma­ti­on if you wish (e.g. to enab­le us to respond to your ques­ti­ons per­so­nal­ly).

If you con­tact us via email, we will use the per­so­nal data you pro­vi­de to us only for the pur­po­se of respon­ding to your enqui­ry. No fur­t­her infor­ma­ti­on will be collec­ted if you do not use the forms pro­vi­ded to con­tact us.

If you send us a con­tact request, we will collect and pro­cess the fol­lo­wing data:

  • sur­na­me, first name
  • con­tact infor­ma­ti­on
  • com­pa­ny name
  • tit­le
  • details of requests and inte­rests


  1. Coo­kies (Arti­cle 6(1)(f) GDPR/Article 6(1)(a) GDPR if con­sent is given)

Coo­kies are used in various pla­ces on our web­site. They help impro­ve the user expe­ri­ence and make our web­site more effec­tive and secu­re. Coo­kies are small text files which are pla­ced on your com­pu­ter and stored (local­ly on your hard dri­ve) by your brow­ser.

We can use the­se coo­kies to ana­ly­se how visi­tors use our web­site. This enab­les us to tailor our web­site con­tent to the needs of visi­tors. The coo­kies also enab­le us to mea­su­re the effec­tiveness of par­ti­cu­lar ads and to deter­mi­ne whe­re tho­se ads will be dis­play­ed, for examp­le in accord­ance with the inte­rest of users in par­ti­cu­lar sub­jects.

Most of the coo­kies we use are “ses­si­on coo­kies”. Ses­si­on coo­kies are dele­ted auto­ma­ti­cal­ly when you lea­ve the site. Per­sis­tent coo­kies are auto­ma­ti­cal­ly dele­ted from your com­pu­ter when they expi­re (nor­mal­ly after six mon­ths) or if you dele­te them yours­elf befo­re this time.

Most web brow­sers accept coo­kies auto­ma­ti­cal­ly. Howe­ver, if you pre­fer not to send this infor­ma­ti­on, you can nor­mal­ly adjust your brow­ser set­tings to pre­vent this. If you do this you will still be able to make full use of this web­site (with the excep­ti­on of con­fi­gu­ra­ti­on tools).

Coo­kies are stored on the user’s com­pu­ter and sent to the web­site by the com­pu­ter. You as a user the­re­fo­re have full con­trol over the use of coo­kies. You can chan­ge your brow­ser set­tings to dis­able or restrict the trans­mis­si­on of coo­kies. In addi­ti­on, coo­kies that are alre­ady on your com­pu­ter can be dele­ted at any time using an inter­net brow­ser or other soft­ware pro­gram­mes. This is pos­si­ble in all popu­lar inter­net brow­sers.

Plea­se note that if you dis­able coo­kies, you may not be able to make full use of all the fea­tures of our web­site.


4.1 Goog­le Ana­ly­tics

This web­site uses Goog­le Ana­ly­tics, a web ana­ly­tics ser­vice pro­vi­ded by Goog­le Inc., 1600 Amphi­theat­re Park­way, Moun­tain View, CA 94043, USA. (“Goog­le”). The basis for use of Goog­le Ana­ly­tics is Arti­cle 6(1)(f) of the GDPR. Goog­le Ana­ly­tics uses coo­kies, which are pla­ced on your com­pu­ter to help the web­site ana­ly­se how you use the site. The infor­ma­ti­on gene­ra­ted by the coo­kie about your use of the web­site, such as

  • brow­ser and brow­ser ver­si­on,
  • ope­ra­ting sys­tem used,
  • refer­rer URL (the pre­vious site visi­ted),
  • host name of the acces­sing com­pu­ter (IP address) and
  • time of ser­ver request

will nor­mal­ly be trans­mit­ted to and stored by Goog­le on a ser­ver in the United Sta­tes. The IP address sent by your brow­ser for Goog­le Ana­ly­tics will not be com­bi­ned with any other data held by Goog­le. We have also added the “anony­mi­zeIP” fea­ture to Goog­le Ana­ly­tics on this web­site. This masks your IP address and ensu­res that all data are collec­ted anony­mous­ly. Only in excep­tio­nal cases will your full IP address be trans­mit­ted to a Goog­le ser­ver in the USA and anony­mi­sed the­re.

Goog­le may also trans­fer this infor­ma­ti­on to third par­ties whe­re requi­red to do so by law or whe­re such third par­ties pro­cess the infor­ma­ti­on on Google’s behalf. Goog­le will not asso­cia­te your IP address with any other data held by Goog­le. You may refu­se the use of coo­kies by selec­ting the appro­pria­te set­tings on your brow­ser, howe­ver plea­se note that if you do this you may not be able to use the full func­tio­na­li­ty of this web­site.

By using this web­site, you con­sent to the pro­ces­sing of data about you by Goog­le in the man­ner and for the pur­po­ses set out above. More infor­ma­ti­on is avail­ab­le from

You can modi­fy your brow­ser set­tings to reject coo­kies. You can also pre­vent Goog­le from record­ing and pro­ces­sing the data gene­ra­ted by the coo­kie about your use of the web­site (inclu­ding your IP address) by down­loa­ding and instal­ling the brow­ser add-on avail­ab­le from


4.2 Matomo web ana­ly­sis (form­er­ly PIWIK)

Scope of data pro­ces­sing

Our web­site uses the open-source soft­ware tool Matomo (form­er­ly PIWIK) for ana­ly­sing the brow­sing beha­viour of our users. The soft­ware saves coo­kies onto the user’s com­pu­ter. When the user acces­ses a page on, Matomo saves the fol­lo­wing data:

  1. two bytes of the user’s IP address
  2. the acces­sed web­page
  3. the web­site from which the user is direc­ted to the acces­sed page (refer­rer)
  4. the sub-pages to which the user is direc­ted from the acces­sed page
  5. the length of time the user remains on the page
  6. the fre­quen­cy the page is acces­sed

The soft­ware runs exclu­si­ve­ly on the ser­vers of our web­site. Any sto­ra­ge of the user’s per­so­nal data only takes place the­re. No data is sha­red with third par­ties.
The soft­ware is con­fi­gu­red in such a way that it does not store full IP addres­ses, but only two bytes of the user’s IP address. This ren­ders it impos­si­ble to attri­bu­te the abbre­via­ted IP address to the que­ry­ing com­pu­ter.



  1. Soci­al plug­ins

This web­site inclu­des soci­al plug­ins, which can send data to soci­al net­works and which you can use. The­se plug­ins can be reco­gnis­ed by the logos of the soci­al net­work con­cer­ned and the cap­ti­on “tweet” or “sha­re”. Cur­r­ent­ly, we inclu­de plug­ins for Face­book, Twit­ter, Lin­kedIn and Xing. No data is sent to the­se soci­al net­works when you access our web­site. Only when you click on the but­tons will data be sent to and stored by the soci­al net­works con­cer­ned. Use of the soci­al plug­ins is vol­un­ta­ry and not con­nec­ted with use of the web­site.

When you click on a soci­al plug­in, the pro­vi­der of that plug­in will be infor­med that you have acces­sed our web­site and, if you are log­ged into a user account with that pro­vi­der, can link this infor­ma­ti­on with your account. Ret­res­co has no influ­ence over the scope, pur­po­se or dura­ti­on of sto­ra­ge. It is also pos­si­ble that the soci­al net­work pro­vi­der uses coo­kies.
You can access ser­vices by the fol­lo­wing pro­vi­ders by using the soci­al plug­ins on our web­site:

Twit­ter Inc. (1355 Mar­ket St, Sui­te 900, San Fran­cis­co, Cali­for­nia 94103, USA)

Face­book Inc. (1601 S Cali­for­nia Ave, Palo Alto, Cali­for­nia 94304, USA)

Lin­kedIn Cor­po­ra­ti­on (2029 Stier­lin Court, Moun­tain View, CA 94043, USA)

Xing AG (Gän­se­markt 43, 20354 Ham­burg, Ger­ma­ny)


  1. Links to other pro­vi­ders

Our web­site also con­ta­ins links to the web­sites of other com­pa­nies. The­se links are clear­ly reco­gnis­able as such. We have no influ­ence over the con­tent of web­sites of other pro­vi­ders that we link to. The­re­fo­re, we can give no assuran­ces and accept no lia­bi­li­ty in respect of such con­tent. Respon­si­bi­li­ty for the con­tent of the­se web­sites lies with the rele­vant pro­vi­der or web­site ope­ra­tor.

The web­sites we link to were review­ed for pos­si­ble rights infrin­ge­ments and obvious vio­la­ti­ons of law at the time of lin­king. No unla­w­ful con­tent was in evi­dence at the time of lin­king. Howe­ver, the ope­ra­tor of this web­site can­not rea­son­ab­ly be expec­ted to moni­tor the con­tent of the web­sites lin­ked to on an ongo­ing basis. Any infrin­ging links will be remo­ved without delay after we beco­me awa­re of them.