Privacy policy

As of: 21 March 2026

1. Scope

This Privacy Policy provides information about the processing of personal data by Infinitas Security GmbH in connection with the use of our website, our contact and demo forms, our newsletter sign-up, our cookie and consent settings, and our digital communication and marketing processes. If you switch from our website to a separate product, login, or application environment, additional or more specific privacy notices may apply there.

2. Controller

Infinitas Security GmbH
Adalbertstraße 20
80799 Munich
Germany
Phone: +49 172 6501391
Email: info@infinitas-security.com

You may contact us at any time using the contact details above with any data protection concerns.

3. General Principles of Processing

We process personal data only to the extent permitted by law. This includes, in particular, processing for the provision of our website, handling inquiries, initiating and performing contractual relationships, sending information and newsletters, measuring reach, optimizing marketing activities, ensuring IT security, preventing misuse, and fulfilling legal obligations.

In doing so, we observe the principles of purpose limitation, data minimization, transparency, integrity, and confidentiality. Personal data is disclosed only to the extent necessary for the purposes described, where we are legally obliged to do so, where valid consent has been given, or where disclosure is otherwise permissible under data protection law.

4. Legal Bases

Depending on the individual case, personal data is processed in particular on the following legal bases:

  • Article 6(1)(a) GDPR, where you have given us your consent,
  • Article 6(1)(b) GDPR, where processing is necessary for the initiation or performance of a contract or for pre-contractual measures,
  • Article 6(1)(c) GDPR, where we are subject to a legal obligation,
  • Article 6(1)(f) GDPR, where processing is necessary for the purposes of our legitimate interests, unless such interests are overridden by the interests, fundamental rights, or freedoms of the data subject.

Where we store information on your terminal equipment or access information already stored on your terminal equipment, this is done in accordance with the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz, TDDDG). Technically necessary operations are based on Section 25(2) TDDDG. Operations requiring consent are based on Section 25(1) TDDDG.

5. Security Measures

Our website uses SSL/TLS encryption in order to protect transmitted content against unauthorized access. In addition, we implement technical and organizational security measures designed to protect personal data as comprehensively as possible against loss, manipulation, unauthorized access, unauthorized disclosure, or other unauthorized processing. These measures include, in particular, access restrictions, role-based authorization concepts, logging, transport encryption, and the careful selection and contractual engagement of service providers.

6. Purely Informational Use of the Website, Server Log Files, and Technical Provision

6.1 Server Log Files

If you use our website for informational purposes only, meaning you do not actively transmit information to us, our systems or the systems of our technical service providers collect the data that your browser automatically transmits. This includes in particular:

  • the page or URL accessed,
  • date and time of access,
  • amount of data transferred,
  • referrer URL or source page,
  • browser type and browser version,
  • operating system used,
  • IP address, where applicable in truncated form or processed only technically.

This data is processed in order to provide the website technically, ensure system stability and security, detect attacks or malfunctions, and ensure use free from misuse. The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable, and functional operation of our website.

As a rule, this data is not combined with other data sources. However, we reserve the right to review log data retrospectively in individual cases where there are concrete indications of unlawful use, misuse, attacks, or security incidents.

6.2 Hosting via Webflow

We host our website via Webflow. The provider is Webflow, Inc., USA. In the context of hosting, all data arising from the use of our website may be processed on Webflow systems or by subcontractors engaged by Webflow. This includes in particular connection data, log data, form content data, technical usage data, and other data arising during the delivery and display of the website.

Processing takes place for the purposes of technical operation, secure delivery, maintenance, and improvement of the availability of our website. The legal basis is Article 6(1)(f) GDPR; insofar as form data is processed in the context of pre-contractual or contractual communication, Article 6(1)(b) GDPR also applies.

6.3 Content Delivery, Security, and Performance Services via Cloudflare

We may use services provided by Cloudflare in order to deliver content more quickly, more stably, and more securely, and to defend against misuse and attacks. The provider is Cloudflare, Inc., USA. In this context, IP address, request data, header information, browser and device data, and security and performance data may in particular be processed.

Processing serves the performant provision of the website, load distribution, fail-safety, defense against attacks, and general IT security. The legal basis is Article 6(1)(f) GDPR.

6.4 Protection of Our Forms and Inputs via Cloudflare Turnstile

In order to protect against automated input, bots, spam, DDoS attacks, and comparable abusive access, we may use Cloudflare Turnstile on form pages or comparable input fields. In this context, the IP address, browser and device recognition data, the operating system used, date and duration of the visit, and other technical information required for abuse detection may in particular be processed.

Processing serves our legitimate interest in protecting the integrity of our website, the functionality of our forms, and the security of our systems. The legal basis is Article 6(1)(f) GDPR. Where access to information on your terminal equipment is necessary for technical functionality, this is based on Section 25(2) TDDDG.

6.5 External Fonts (Google Web Fonts)

Where fonts on individual pages are not embedded locally but loaded from Google servers, your browser establishes a connection to Google servers when the page is accessed. The provider is Google Ireland Limited, Ireland; further processing may be carried out by Google LLC, USA. In particular, IP address, browser information, device information, and technical connection data may be transmitted.

Such externally hosted fonts are integrated exclusively on the basis of your consent, unless the fonts are embedded locally. The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG. You may withdraw any consent you have given at any time with effect for the future via our cookie settings.

7. Cookies and Consent Management

Our website uses cookies and comparable technologies. These are small text files or similar identifiers that are stored on your device or access information already stored on your device. Cookies may be technically necessary or may serve to store preferences, measure reach, optimize marketing activities, or recognize user interactions.

We distinguish in particular between:

  • session cookies, which are deleted after the end of your browser session,
  • persistent cookies, which remain on your device for a certain period,
  • technically necessary cookies,
  • preference, analytics, and marketing cookies.

When you first access our website, we display a consent or cookie banner. Via this consent management tool, you can consent to certain categories of optional processing, reject them, or change your choices later. Without your consent, only those technologies are used that are technically necessary for the operation of the website or may otherwise be used lawfully on another legal basis.

The consent management tool stores your selection, the time of declaration, the consent status, where applicable the banner version, technical browser information, and further evidence data required to document and manage your privacy preferences. Where personal data is processed in this context, processing takes place for the purpose of fulfilling our legal accountability obligations and for the legally compliant management of technologies requiring consent. The legal basis is Article 6(1)(c) and (f) GDPR. Where access to your terminal equipment is required to store your selection, this is based on Section 25(2) TDDDG.

You can withdraw or adjust your consent at any time with effect for the future via the link to the cookie settings or consent settings on our website. The lawfulness of processing carried out before the withdrawal remains unaffected.

You can also manage, delete, or block cookies in your browser settings. Please note that this may limit the functionality of our website.

8. Contact Requests, Demo Requests, Use of Forms, and Appointment Booking

8.1 General Contact

If you contact us via contact form, demo form, email, telephone, or by other means, we process the data you provide. This may include in particular:

  • master and contact data such as first name, last name, email address, telephone number, company,
  • content data of your message or request,
  • appointment details or preferences,
  • technical metadata of the transmission,
  • internal administrative and allocation information.

Processing takes place for the purpose of handling your request, contacting you, arranging demos or meetings, initiating contractual relations, technical administration, and, where applicable, the assertion, exercise, or defense of legal claims. The legal basis is Article 6(1)(b) GDPR where your request is aimed at concluding or performing a contract, and otherwise Article 6(1)(f) GDPR.

As a rule, we store your inquiry data only as long as necessary for final handling of the request. Longer storage may take place where statutory retention obligations apply, where further communication is requested by you, or where the data is required for the establishment, exercise, or defense of legal claims.

8.2 HubSpot for Contact, Appointment, and CRM Processes

We may use HubSpot for parts of our contact, demo, appointment, and CRM processes. The provider in the EEA is generally HubSpot Ireland Ltd., Ireland; data processing within the HubSpot group may also be carried out by HubSpot, Inc., USA. We may use HubSpot in particular for form management, appointment booking, contact management, sales organization, marketing automation, lead management, and email communication.

Depending on the specific function used, form data, contact data, interaction data, IP address, location information, timestamps of page visits, communication content, and administrative allocation data may in particular be processed via HubSpot. Where HubSpot is used solely for handling inquiries, appointment booking, contact management, or pre-contractual communication, processing is based on Article 6(1)(b) and/or (f) GDPR.

Where HubSpot is used for cookie-based or tracking-based marketing functions, this takes place only on the basis of your explicit consent pursuant to Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

9. Newsletter and Email Information

If you subscribe to our newsletter, we process your data in order to send you regular information by email about our company, our services, product developments, launch updates, early insights, events, or other subject-related content.

The mandatory information for newsletter registration is generally your email address. Further information may be provided voluntarily and may be used, where applicable, to address you more personally or tailor content more specifically.

Newsletter registration takes place using the double opt-in procedure. This means that after registration we will send you an email in which you must confirm your registration. If confirmation is not provided, your registration will not be completed. In order to document the registration and prevent misuse, we store the time of registration and confirmation, the IP address used in this process, and further technical evidence data.

The legal basis for sending the newsletter is your consent pursuant to Article 6(1)(a) GDPR. You may withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter email or by sending us a message.

After unsubscribing, your email address will be deleted from the newsletter distribution list or blocked from further newsletter mailings, unless another legal basis exists for further storage. Evidence data concerning the consent granted may be stored for longer in order to comply with our legal accountability obligations.

Where we use HubSpot or a comparable service for the sending, administration, or segmentation of our newsletter, this takes place on the basis of our contractual or service relationship with the respective provider. Cookie-based or tracking-based newsletter functions are used only to the extent legally permissible and covered by your consent.

10. Advertising to Existing Customers

If we have received your email address in connection with the sale of a product or service, we may, under the statutory requirements, send you information by email about our own similar products or services. The legal basis for this is Section 7(3) of the German Act Against Unfair Competition (UWG) in conjunction with Article 6(1)(f) GDPR.

You may object to such use of your email address at any time with effect for the future without incurring any costs other than the transmission costs according to the basic tariffs. In particular, you may object via an unsubscribe link in the respective email or by sending us a message.

11. Consent-Based Analytics, Marketing, and Advertising Services

Where you consent via our consent management tool, we use additional services to analyze the use of our website, better understand reach and user behavior, optimize our content and campaigns, create target groups, deliver advertising, and measure conversions and advertising success.

These services may process in particular cookies, pixels, web beacons, pseudonymous identifiers, browser and device information, approximate location information, page views, referrers, campaign parameters, interactions, dwell time, clicks, scrolling behavior, form events, conversions, and, where applicable, hashed contact information. The legal basis is Article 6(1)(a) GDPR; where access to your device is required for the service, additionally Section 25(1) TDDDG applies.

You may withdraw your consent at any time with effect for the future by opening the cookie settings and disabling the relevant category.

12. Google Tag Manager

We may use Google Tag Manager. The provider is Google Ireland Limited, Ireland; further processing may be carried out by Google LLC, USA. Google Tag Manager is used for the technical administration and deployment of further website tags and services. The service itself is not an independent analytics tool for user content profiles, but it may trigger other tags and, for technical reasons, process connection data such as your IP address.

Where it controls optional services or is loaded as part of our consent architecture, it is used on the basis of your consent pursuant to Article 6(1)(a) GDPR. Where information on your terminal equipment is accessed, this is additionally based on Section 25(1) TDDDG.

13. Google Analytics 4

13.1 Basic Function

We may use Google Analytics 4 in order to evaluate the use of our website statistically and to make our offering more user-friendly, efficient, and targeted. The provider is Google Ireland Limited, Ireland; further processing may be carried out by Google LLC, USA.

In the context of Google Analytics 4, the following in particular may be processed:

  • pseudonymous identifiers such as cookie IDs or client IDs,
  • information on pages accessed, interactions, and events,
  • browser and device information,
  • approximate location data,
  • referrers,
  • page access times, session data, and conversion events,
  • an IP address in truncated form or processed only technically.

We use Google Analytics 4 exclusively on the basis of your consent. The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

Unless otherwise specified in our configuration, we have reduced the retention period for the relevant analytics data to two months. Longer storage may result from aggregated reports, legal obligations, or otherwise anonymized evaluations.

13.2 Demographic Characteristics and Interests

Where activated, Google Analytics 4 may be used to create additional reports on demographic characteristics and interests. According to the functions provided by Google, aggregated or modeled information on age, gender, and interests is made available in report form. We do not receive from Google any obligation for Google to provide us with directly identifying individual profiles. This function is used only on the basis of your consent. Where we can configure a retention period for this function, we orient ourselves toward the shortest possible retention period, currently two months.

13.3 Google Signals

Where activated, we may use Google Signals. This function makes it possible to use cross-device reports and remarketing functions where users are signed into their Google account and have activated personalized advertising. As a rule, we receive statistical or aggregated information, but not direct access to Google account data of individual persons. Processing takes place only with your consent. You may also restrict the use of personalized advertising in your Google account.

13.4 User ID

Where we offer login or account functions on our website or in linked applications and you have consented accordingly, we may use a User ID function to assign usage across multiple devices to a pseudonymous user account. This serves the more consistent analysis of usage paths and conversions. Use takes place only where a corresponding technical function is provided on our website or in related applications and where the applicable data protection requirements are met.

13.5 User-Provided Data

Where activated and covered by your explicit consent, we may, within the framework of the Google function for collecting user-provided data, transmit certain first-party data collected with consent to Google Analytics, such as hashed email addresses or telephone numbers. This serves to improve measurement, assign conversions more precisely, and, where applicable, support linked advertising accounts in a privacy-friendly manner. The transfer of plain-text data is not intended; rather, such data should be hashed before transmission or transmitted in a privacy-friendly form.

14. Microsoft Clarity

We may use Microsoft Clarity. The provider is Microsoft Corporation, USA, or the Microsoft group company responsible for the respective service. Microsoft Clarity is an analytics and UX optimization service with which, among other things, heatmaps, scrolling and clicking behavior, session recordings, navigation paths, dwell time, and certain interactions can be evaluated.

Depending on the configuration, pseudonymous identifiers, cookie data, browser and device information, IP address, page views, scrolls, clicks, mouseover events, technical error messages, and interaction data may in particular be processed. According to the provider, Microsoft Clarity works with pseudonymous IDs. We use the service only on the basis of your consent. The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

Where configured accordingly by us, Clarity may operate in a restricted mode without persistent cookies if consent is not given. Where consent is given, first-party and third-party cookies may be set in order to recognize sessions and create related analyses.

15. Google AdSense

Where we use Google AdSense on individual pages or in certain campaigns, this takes place exclusively on the basis of your consent. The provider is Google Ireland Limited, Ireland; further processing may be carried out by Google LLC, USA.

Google AdSense may use cookies, similar technologies, or web beacons in order to evaluate the use of advertising space, ad interactions, and the delivery or optimization of advertising. Usage data, IP address, browser data, and interaction data may in particular be processed in this context. The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

16. Meta Pixel Including Advanced Matching

On the basis of your consent, we may use the Meta Pixel. The provider is Meta Platforms Ireland Limited, Ireland; further processing may be carried out by Meta Platforms, Inc., USA.

The Meta Pixel enables us to measure the effectiveness of our advertising on Facebook and Instagram, create user groups for advertising, track conversions, and display interest-based advertising to former website visitors. Where visits originate from Meta advertisements, campaign parameters may be processed. In addition, where activated and covered by your consent, advanced matching may take place. In this context, email addresses or other contact details that you enter on our website may, for example, be transmitted to Meta in hashed form in order to assign conversions more accurately and create target groups more precisely.

Depending on the function, the following may in particular be processed:

  • cookie IDs and other online identifiers,
  • IP address and browser/device information,
  • pages accessed and conversions,
  • form and interaction events,
  • hashed contact information such as email address or telephone number, where you enter such information and have consented.

Meta may combine the transmitted information with existing Meta profiles and use it for its own advertising purposes, its own analytics, and the display of personalized advertising on and outside the Meta platforms. As a rule, we receive reports, audience analyses, and conversion evaluations. Processing takes place only on the basis of your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

17. Google Ads Remarketing

On the basis of your consent, we may use Google Ads Remarketing. The provider is Google Ireland Limited, Ireland; further processing may be carried out by Google LLC, USA. Remarketing allows us to classify former visitors to our website into target groups and display advertising to them on other websites or in apps.

For this purpose, Google may process cookie IDs or comparable identifiers in order to recognize that you have visited our website. Where you are also signed into a Google account and have activated personalized advertising, Google may, under the conditions provided by Google, also create cross-device target groups.

The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

18. Google Ads Conversion Tracking

On the basis of your consent, we may use Google Ads conversion tracking. The provider is Google Ireland Limited, Ireland; further processing may be carried out by Google LLC, USA. If you reach our website via a Google advertisement, a conversion cookie may be set in order to track whether certain predefined actions have been performed on our website.

This enables us in particular to determine whether ad clicks have led to certain target actions, evaluate campaigns economically, and optimize our marketing. According to the functionalities described by Google, the conversion cookie does not generally serve to identify you directly. The duration of such cookies is typically up to 30 days, although the actual retention period may depend on the specific implementation.

The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

19. LinkedIn Insight Tag and LinkedIn Marketing Solutions

On the basis of your consent, we may use LinkedIn services for retargeting, conversion measurement, campaign evaluation, and interest-based B2B advertising. The provider is LinkedIn Ireland Unlimited Company, Ireland; data processing may also be carried out by LinkedIn Corporation, USA.

The LinkedIn Insight Tag and comparable LinkedIn marketing solutions may in particular serve to:

  • record former visitors to our website as a website audience,
  • measure conversion events,
  • obtain pseudonymized or aggregated demographic and interest-based insights for B2B marketing,
  • display personalized advertising on LinkedIn or in the LinkedIn advertising network.

In this context, pseudonymous identifiers, cookie data, IP address, browser and device information, referrers, timestamps, page views, and interactions may in particular be processed. The legal basis is Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

20. LinkedIn Plugins, Share Elements, and Other Social Features

Where we use LinkedIn plugins, share buttons, or comparable interactive LinkedIn elements on our website, their integration is designed to be as privacy-friendly as possible, for example in the form of a two-click or Shariff-like solution. This means that when a page is merely accessed, no direct data transfer to LinkedIn should initially take place. A connection to LinkedIn servers is established only once you activate such an element.

After activation, IP address, browser and device information, the specific page accessed, the time, and the type of interaction may in particular be transmitted to LinkedIn. If you are logged into LinkedIn at the same time, LinkedIn may assign the interaction to your user account and may make it visible to your contacts.

The legal basis for activating such functions is your consent pursuant to Article 6(1)(a) GDPR and, where applicable, Section 25(1) TDDDG.

21. Microsoft Teams for Digital Appointments, Demos, Meetings, and Webinars

Where we conduct digital meetings, demos, online meetings, video conferences, or webinars, we may use Microsoft Teams for this purpose. Microsoft Teams is a service of the Microsoft group. Depending on the contractual structure, Microsoft Corporation, USA, or a European Microsoft company is our contracting partner.

In the context of Teams appointments, the following in particular may be processed:

  • registration and contact data such as name, email address, telephone number,
  • meeting metadata such as subject, appointment, participant IP, device information, and, where applicable, descriptions,
  • audio, video, and chat content,
  • voice input, screen sharing, and shared files,
  • technical diagnostic data and log data.

Processing takes place for the purposes of preparing, conducting, documenting, and following up the respective appointment, as well as for efficient digital communication. The legal basis is Article 6(1)(b) GDPR where the appointment is contractually or pre-contractually initiated, Article 6(1)(a) GDPR where we request your separate consent, and otherwise Article 6(1)(f) GDPR.

Recordings of meetings, audio recordings, or video recordings do not take place without separate prior information and, where required, your consent or another separate legal basis.

22. BuchhaltungsButler for Invoicing and Financial Processes

Where invoicing or accounting processes arise as a result of an inquiry, a contract, an order, or another business relationship, we may use a cloud-based accounting solution. The provider is BuchhaltungsButler GmbH, Germany.

In this context, incoming and outgoing invoices, billing data, contract and service data, contact data, where applicable payment information, and bank transactions may in particular be processed. Processing serves proper financial accounting, invoice processing, compliance with tax and commercial law obligations, and internal administrative organization. Depending on the individual circumstances, the legal basis is Article 6(1)(b), (c), and (f) GDPR.

23. Recipients and Categories of Recipients

Within our company, personal data is made accessible only to those departments that need it for the respective purposes. In addition, we may transfer personal data to external recipients where this is necessary for the purposes described. These recipients may in particular include:

  • hosting, CDN, security, and anti-bot service providers,
  • CRM, form, appointment, and email marketing service providers,
  • analytics, advertising, and retargeting providers,
  • IT and support service providers,
  • providers of digital communication and meetings,
  • accounting, tax, and financial service providers,
  • banks, payment providers, and billing entities,
  • legal, tax, and business advisors,
  • courts, authorities, or other public bodies, where we are legally obliged to do so.

24. Third-Country Transfers

In the context of the processing described above, personal data may be transferred to states outside the European Union or the European Economic Area, in particular to the United States.

Where an adequacy decision pursuant to Article 45 GDPR exists for a provider, in particular in the case of active certification under the EU-U.S. Data Privacy Framework, we rely on this. Where such an adequacy decision does not apply or where additional safeguards are required, we base third-country transfers on appropriate safeguards pursuant to Article 46 GDPR, in particular standard contractual clauses, and, where applicable, additional technical and organizational protective measures.

Irrespective of this, we point out that, despite the protective measures taken, a residual risk may remain in the case of data transfers to third countries, for example because access by authorities in the recipient country may not in all respects correspond to the level of protection in the EEA.

25. Retention Period and Deletion

We store personal data only as long as necessary for the respective purposes. Thereafter, we delete or anonymize the data unless statutory retention obligations or legitimate reasons for further storage exist.

In particular, the following principles apply:

  • We store data based on consent until withdrawal of your consent and thereafter only insofar as this is necessary to document the consent or to safeguard legal claims.
  • Data from contact requests is generally stored until the request has been finally processed and thereafter only insofar as statutory retention obligations or interests in legal defense exist.
  • Contract and billing data is stored for the duration of the contractual relationship and thereafter in accordance with statutory commercial and tax retention obligations.
  • Newsletter data is stored until you unsubscribe or withdraw your consent; evidence data concerning your consent may be stored for longer.
  • According to our current configuration, we store Google Analytics 4 data for two months, unless aggregated, anonymized, or separately retained reports are concerned.
  • Data from demographic reports in Google Analytics is likewise oriented toward the shortest retention period selected by us, currently two months.
  • Google Ads conversion cookies typically expire after about 30 days, although the exact duration may depend on the specific technical implementation.
  • Server log files and technical security data are stored only as long as necessary for operation, security, error analysis, and misuse detection.
  • For optional marketing, pixel, and remarketing services, retention periods otherwise depend on the settings selected by us, your consent, and the retention requirements of the respective provider.

26. No Obligation to Provide Data and Possible Consequences of Not Providing It

You are under no obligation to provide us with personal data. However, for purely informational use of the website, the processing of certain technical data is unavoidable because otherwise the website cannot be delivered. If you wish to use contact forms, demo functions, or newsletter functions, the information marked as required is necessary so that we can process your request, organize an appointment, or send the newsletter. Without such information, we may not be able to provide the respective service or may be able to provide it only to a limited extent.

27. No Automated Decision-Making Within the Meaning of Article 22 GDPR

We do not make any decisions based solely on automated processing with legal effects or similarly significant effects within the meaning of Article 22 GDPR on the basis of personal data collected through our website. Where providers create pseudonymous profiles or modeling in the context of marketing or analytics functions, this serves only statistical, advertising-related, or technical purposes and does not lead to exclusively automated decision-making by us with legal effects concerning you.

28. Your Rights as a Data Subject

Within the scope of the statutory requirements, you have the following rights:

  • right of access pursuant to Article 15 GDPR,
  • right to rectification pursuant to Article 16 GDPR,
  • right to erasure pursuant to Article 17 GDPR,
  • right to restriction of processing pursuant to Article 18 GDPR,
  • right to notification pursuant to Article 19 GDPR,
  • right to data portability pursuant to Article 20 GDPR,
  • right to withdraw consent granted pursuant to Article 7(3) GDPR,
  • right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR.

You may contact us at any time first with your concern. Independently of this, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement. For companies based in Bavaria, the competent authority in particular is the Bavarian State Office for Data Protection Supervision.

29. Right to Object Under Article 21 GDPR

Where we process personal data on the basis of Article 6(1)(f) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to such processing with effect for the future.

If you object, we will no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

Where personal data is processed by us for direct marketing purposes, you have the right to object to such processing at any time with effect for the future. After an objection, we will no longer process the data concerned for direct marketing purposes.

30. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy where this becomes necessary due to technical developments, legal changes, new services, or changes in processing operations. The current version published on our website shall apply in each case.

31. Version Information

Version of this Privacy Policy: 21 March 2026

Infinitas Security Logo
Mail
Infinitas Security GmbH
Adalbertstraße 20,
80799 München
Deutschland

Imprint

Cookie-Präferenzen

Durch Anklicken erklären Sie sich damit einverstanden, Cookies auf Ihrem Gerät zu speichern, um die Navigation zu verbessern, die Nutzung zu analysieren und das Marketing zu unterstützen.

Essentiell

Essentielle Cookies ermöglichen zentrale Funktionen der Website wie Sicherheit und Barrierefreiheit. Sie speichern keine personenbezogenen Daten und können nicht deaktiviert werden.

Analytik

Diese Cookies sammeln anonyme Daten, um uns dabei zu helfen, die Funktionalität der Website zu verbessern und die Benutzererfahrung zu verbessern.

marketing

Diese Cookies verfolgen Nutzer auf verschiedenen Websites, um relevante Anzeigen zu schalten, und können personenbezogene Daten verarbeiten, für die eine ausdrückliche Zustimmung erforderlich ist.

Präferenzen

Diese Cookies erinnern sich an Einstellungen wie Sprache oder Region und speichern Anzeigeeinstellungen, um ein persönlicheres, nahtloses Erlebnis zu bieten.

Danke! Deine Einreichung ist eingegangen!
Hoppla! Beim Absenden des Formulars ist etwas schief gelaufen.
Präferenz speichernAblehnen

Cookie Consent Settings

Privacy Policy

Legal