Status: 21.03.2026
This privacy policy provides information about the processing of personal data by Infinitas Security GmbH in connection with the use of our website, our contact and demo forms, our newsletter subscription, our cookie and consent settings, and our digital communication and marketing processes. If you switch from our website to a separate product, login or application environment, additional or more specific data protection information may apply there.
Infinitas Security GmbH
Adalbertstrasse 20
80799 Munich
Germany
Telephone: +49 172 6501391
E-mail: info@infinitas-security.com
You can contact us at any time using the contact details above with any data protection concerns.
We only process personal data to the extent permitted by law. This is done in particular to provide our website, to process inquiries, to initiate and execute contractual relationships, to send information and newsletters, to measure reach, for marketing optimization, IT security, to prevent misuse and to fulfill legal obligations.
In doing so, we comply with the principles of purpose limitation, data minimization, transparency, integrity and confidentiality. Personal data will only be passed on if this is necessary for the purposes described, if we are required to do so by law, if there is effective consent or if the transfer is otherwise permitted under data protection law.
Depending on the individual case, personal data is processed on the following legal bases in particular:
- Art. 6 para. 1 lit. a GDPR, insofar as you have given us consent,
- Art. 6 para. 1 lit. b GDPR, insofar as processing is necessary for the initiation or fulfilment of a contract or for pre-contractual measures,
- Art. 6 para. 1 lit. c GDPR, insofar as we are subject to a legal obligation,
- Art. 6 para. 1 lit. f GDPR, insofar as processing is necessary to protect our legitimate interests and there are no overriding interests, fundamental rights or fundamental freedoms of the data subject.
Insofar as we store information in your terminal device or access information already stored in your terminal device, this is done in accordance with the Telecommunications Digital Services Data Protection Act (TDDDG). We base technically necessary processes on Section 25 (2) TDDDG. We base transactions that require consent on Section 25 (1) TDDDG.
Our website uses SSL/TLS encryption to protect transmitted content from unauthorized access. We also take technical and organizational security measures to protect personal data as completely as possible against loss, manipulation, unauthorised access, unauthorised disclosure or other unauthorised processing. These include in particular access restrictions, role-based authorization concepts, logging, transport encryption and the careful selection and contractual integration of service providers.
If you only use our website for informational purposes, i.e. do not actively transmit any information to us, our systems or the systems of our technical service providers collect the data that your browser automatically transmits. In particular, this includes:
- the page or URL accessed,
- date and time of retrieval,
- Amount of data transferred,
- referrer URL or source page,
- browser type and browser version,
- operating system used,
- IP address, possibly abbreviated or only technically processed.
This data is processed to make the website technically available, to ensure the stability and security of the system, to detect attacks or malfunctions and to ensure misus-free use. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure, stable and functional operation of our website.
As a matter of principle, this data is not combined with other data sources. However, we reserve the right to evaluate log data retrospectively in individual cases if there is concrete evidence of illegal use, misuse, attacks or security incidents.
We host our website via Webflow. The provider is Webflow, Inc., USA. As part of hosting, all data generated when using our website can be processed on Webflow Systems or Integrated Subcontractors. This applies in particular to connection data, log data, content data of forms, technical usage data and other data that arise when the website is delivered and displayed.
Processing is carried out for the purpose of technical operation, secure delivery, maintenance and improvement of the availability of our website. The legal basis is Art. 6 para. 1 lit. f GDPR; insofar as form data is processed as part of pre-contractual or contractual communication, Art. 6 para. 1 lit. b GDPR is also relevant.
We can use Cloudflare Services to deliver content faster, more stable and secure as well as to prevent misuse and attacks. The provider is Cloudflare, Inc., USA. In particular, IP address, request data, header information, browser and device data as well as security and performance data can be processed.
The processing is used for high-performance provision of the website, load distribution, reliability, attack prevention and general IT security. The legal basis is Art. 6 para. 1 lit. f GDPR.
To protect against automated inputs, bots, spam, DDoS attacks and comparable abusive access, we can use Cloudflare Turnstyles on form pages or comparable input fields. In particular, the IP address, browser and device recognition data, the operating system used, date and duration of the visit and other technical information required to identify misuse can be processed.
The processing serves our legitimate interest in protecting the integrity of our website, the functionality of our forms and the security of our systems. The legal basis is Article 6 (1) (f) GDPR. Insofar as access to information in your terminal equipment is required for technical functionality, this is done on the basis of Section 25 (2) TDDDG.
If fonts are not loaded locally on individual pages but from Google servers, your browser connects to Google servers when you access the page. The provider is Google Ireland Limited, Ireland; further processing can be carried out by Google LLC, USA. In particular, IP address, browser information, device information and technical connection data may be transmitted.
The integration of such externally hosted fonts is based exclusively on your consent, unless the fonts are integrated locally. The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG. You can withdraw your consent at any time with effect for the future via our cookie settings.
Our website uses cookies and similar technologies. These are small text files or similar identifiers that are stored on your device or access existing information on your device. Cookies may be technically necessary or used to save settings, measure coverage, optimize marketing measures or recognize user interactions.
In particular, we differentiate between:
- Session cookies, which are deleted after the end of your browser session,
- persistent cookies, which remain on your device for a specific period of time,
- technically necessary cookies,
- Preference, analytical and marketing cookies.
When you visit our website for the first time, we will show you a consent or cookie banner. With this consent management tool, you can consent to certain categories of optional processing, reject them or change them later. Without your consent, only technologies that are technically necessary to operate the website or may be used in a permitted manner on another legal basis will be used.
The consent management tool stores your selection, the time of declaration, the consent status, the banner version, if applicable, technical browser information and other supporting data that is required to document and control your data preferences protection. Insofar as personal data is processed in this process, the processing is carried out to fulfill our legal documentation requirements and to control technologies that require consent in a legally secure manner. The legal basis is Art. 6 para. 1 lit. c and lit. f GDPR. Insofar as access to your terminal equipment is required to save your selection, this is done on the basis of Section 25 (2) TDDDG.
You can withdraw or adjust your consent at any time with effect for the future via the link to the cookie settings or consent settings on our website. The lawfulness of the processing carried out up to the time of revocation remains unaffected.
You can also manage, delete, or block cookies in your browser settings. Please note that the functionality of our website may be limited as a result.
If you contact us via contact form, demo form, e-mail, telephone or other means, we process the data you provide. In particular, this may include:
- Master and Contact Details such as First Name, Last Name, Email Address, Telephone Number, Company
- the content of your message or request,
- date or desired information,
- technical metadata of transmission,
- internal administrative and allocation information.
The processing is carried out for the purpose of processing your request, contacting you, arranging demonstrations or discussions, initiating contracts, technical administration and, if necessary, defending or enforcing legal claims. The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as your request is directed at the conclusion or execution of a contract, and otherwise Art. 6 para. 1 lit. f GDPR.
In principle, we only store your request data for as long as is necessary for the final processing. Longer storage may take place if there are legal storage obligations, if further communication from you is desired or if the data is required to assert, exercise or defend legal claims.
We can use HubSpot for parts of our contact, demo, appointment and CRM processes. The provider in the EEA is regularly HubSpot Ireland Ltd., Ireland; data processing within the HubSpot Group can also be carried out by HubSpot, Inc., USA. We can use HubSpot in particular for form management, appointment booking, contact management, sales organization, marketing automation, lead management and email communication.
Depending on the specific function used, HubSpot can process form data, contact data, interaction data, IP address, location information, times of page views, communication content and administrative assignment data. Insofar as HubSpot is only used to process inquiries, appointment bookings, contact management or pre-contractual communication, processing is based on Art. 6 para. 1 lit. b and/or lit. f GDPR.
Insofar as HubSpot is used for cookie or tracking-based marketing functions, this is only based on your express consent in accordance with Art. 6 para. 1 lit. a GDPR and — where applicable — § 25 para. 1 TDDDG.
When you sign up for our newsletter, we process your data to send you regular information about our company, our services, product developments, launch updates, early insights, events or other subject-related content by email.
Your email address is regularly required for subscribing to the newsletter. Further information can be provided voluntarily and may be used to address you more personally or to make content more targeted.
Newsletter registration is carried out using the double opt-in procedure. This means that after you sign up, we will send you an email in which you must confirm your subscription. If the confirmation is not received, your registration will not be completed. To document the registration and prevent abusive registrations, we store the time of registration and confirmation as well as the IP address used and other technical evidence data.
The legal basis for sending the newsletter is your consent in accordance with Article 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter email or by sending us a message.
After unsubscribing, your email address will be deleted from the newsletter mailing list or blocked from continuing to send you the newsletter, unless there is another legal basis for further storage. As part of our legal accountability obligations, we can store evidence of the consent given for a longer period of time.
Insofar as we use HubSpot or a comparable service to send, manage or segment our newsletter, this is based on our order or service relationship with the respective provider. We only use cookie or tracking-based newsletter functions insofar as this is legally permitted and is covered by your consent.
If we have received your email address in connection with the sale of a good or service, we can send you information about our own similar services by email, subject to legal requirements. The legal basis for this is Section 7 (3) UWG in conjunction with Article 6 (1) (f) GDPR.
You can object to such use of your e-mail address at any time with effect for the future without incurring any costs other than the transmission costs at the basic rates. An objection is possible in particular via an unsubscribe link in the respective e-mail or via a message to us.
If you consent via our consent management tool, we use additional services to analyze the use of our website, better understand reach and user behavior, optimize our content and campaigns, create target groups, manage advertising and measure conversions and advertising success.
In particular, these services may process cookies, pixels, web beacons, pseudonym identifiers, browser and device information, approximate location information, page views, referrers, campaign parameters, interactions, length of stay, clicks, scroll movements, form events, conversions and, if applicable, hashed contact information. The legal basis is Art. 6 para. 1 lit. a GDPR; insofar as access to your device is required for the service, in addition § 25 para. 1 TDDDG.
You can withdraw your consent at any time with effect for the future by accessing the cookie settings and deactivating the corresponding category.
We can use Google Tag Manager. The provider is Google Ireland Limited, Ireland; further processing can be carried out by Google LLC, USA. Google Tag Manager is used for the technical administration and control of other website tags and services. The service itself is not an independent analysis tool for content user profiles, but can trigger other tags and process connection data such as your IP address in particular for technical reasons.
Insofar as it controls optional services or is loaded as part of our consent architecture, it is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Insofar as information is accessed in your terminal device, this is also done in accordance with Section 25 (1) TDDDG.
We can use Google Analytics 4 to statistically evaluate the use of our website and to make our offering more user-friendly, powerful and targeted. The provider is Google Ireland Limited, Ireland; further processing can be carried out by Google LLC, USA.
As part of Google Analytics 4, in particular, the following can be processed:
- pseudonymous identifiers such as cookie IDs or client IDs,
- Information about pages viewed, interactions and events,
- browser and device information,
- approximate location data,
- referrer,
- page view times, session data and conversion events,
- an abbreviated or only technically processed IP address.
We use Google Analytics 4 exclusively on the basis of your consent. The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
Unless otherwise specified in our configuration, we have reduced the storage period for corresponding analytics data to two months. Longer storage may result from aggregated reports, legal obligations or otherwise anonymized evaluations.
If activated, additional reports on demographics and interests can be created via Google Analytics 4. In particular, aggregated or modeled information on age, gender and interests is provided in report form based on the functions provided by Google. We are not required by Google to provide us with directly identifying individual profiles. The use of this function is only based on your consent. Insofar as we can configure a storage period for this function, we aim for the shortest possible storage period, currently two months.
If enabled, we may use Google Signals. This feature makes it possible to use cross-device reporting and remarketing features when users are signed in to their Google account and have activated personalized advertising. In general, we receive statistical or aggregated information, but not direct access to individual individuals' Google account data. Processing is only carried out with your consent. You can also limit the use of personalized advertising in your Google account.
Insofar as we offer login or account functions on our website or in linked applications and you have consented to this, we may use a user ID function to assign uses across multiple devices to a pseudonymous user account. This is used for a more consistent analysis of usage channels and conversions. It is only used if a corresponding technical function is provided on our website or in associated applications and the data protection requirements for this are met.
If activated and covered by your express consent, we may transfer certain first-party data collected with consent to Google Analytics, such as hashed email addresses or telephone numbers, as part of the feature offered by Google to collect data from users. This is used to improve measurements, allocate conversions more precisely and, if necessary, to support linked advertising accounts in a privacy-friendly manner. The transmission of plain data is not intended here; rather, such data should be hashed before transmission or transmitted in a privacy-friendly form.
We can use Microsoft Clarity. The provider is Microsoft Corporation, USA, or the Microsoft Group company responsible for the respective service. Microsoft Clarity is an analysis and UX optimization service that can be used to evaluate heat maps, scroll and click behavior, session recordings, navigation paths, length of stay and specific interactions, among other things.
Depending on the configuration, pseudonymous identifiers, cookie data, browser and device information, IP address, page views, scrolls, clicks, mouse-over events, technical error messages and interaction data can be processed. According to provider information, Microsoft Clarity works with pseudonymous IDs. We only use the service based on your consent. The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
If we have configured it accordingly, Clarity can work in a restricted mode without persistent cookies in the absence of consent. If consent is given, first-party and third-party cookies can be set to recognize sessions and create coherent analyses.
Insofar as we use Google AdSense on individual pages or in specific campaigns, this is based exclusively on your consent. The provider is Google Ireland Limited, Ireland; further processing can be carried out by Google LLC, USA.
Google AdSense may use cookies, similar technologies, or web beacons to evaluate the use of advertising space, ad interactions, and delivery or optimization of advertising. In particular, usage data, IP address, browser data and interaction data can be processed. The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
We can use the meta pixel based on your consent. The provider is Meta Platforms Ireland Limited, Ireland; further processing can be carried out by Meta Platforms, Inc., USA.
The Meta Pixel allows us to measure the effectiveness of our advertising on Facebook and Instagram, create user groups for ads, track conversions and display interest-based advertising to previous website visitors. When accessed via Meta Ads, campaign parameters can be processed. In addition — if activated and covered by your consent — an extended data reconciliation can take place. For example, email addresses or other contact details that you enter on our website can be sent to Meta in hashed form in order to better allocate conversions and form target groups more precisely.
Depending on the function, in particular, the following can be processed:
- cookie IDs and other online identifiers,
- IP address and browser/device information,
- pages viewed and conversions,
- form and interaction events,
- Hashed contact information such as email address or telephone number, provided that you have entered this and consented.
Meta can combine the submitted information with existing meta profiles and use it for its own advertising purposes, its own analyses and to display personalized advertising on and outside the meta platforms. We generally receive reports, target group and conversion evaluations. Processing is only carried out on the basis of your consent in accordance with Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
We can use Google Ads Remarketing based on your consent. The provider is Google Ireland Limited, Ireland; further processing can be carried out by Google LLC, USA. Remarketing allows us to classify previous visitors to our website into target groups and let them display advertising on other websites or in apps.
For this purpose, Google may process cookie IDs or comparable identifiers to recognize that you have visited our website. If you are also logged into a Google account and have activated personalized advertising, Google can also form cross-device target groups under the conditions provided by Google.
The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
We can use Google Ads conversion tracking based on your consent. The provider is Google Ireland Limited, Ireland; further processing can be carried out by Google LLC, USA. If you access our website via a Google ad, a conversion cookie can be set to understand whether certain previously defined actions have taken place on our website.
In particular, this allows us to recognize whether ad clicks have led to specific target actions, evaluate campaigns economically and optimize our marketing. According to the functions described by Google, the conversion cookie is not regularly used to directly identify you. The duration of such cookies is typically up to 30 days, although the actual storage period may depend on the specific implementation.
The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
Based on your consent, we can use LinkedIn services for retargeting, conversion measurement, campaign evaluation and interest-based B2B advertising. The provider is LinkedIn Ireland Unlimited Company, Ireland; data processing can also be carried out by LinkedIn Corporation, USA.
The LinkedIn Insight Tag or Comparable Marketing Solutions from LinkedIn can be used in particular to
- to record previous visitors to our website as a website audience,
- to measure conversion events,
- to gain pseudonymous or aggregated demographic and interest-based insights for B2B marketing,
- Display personalized advertising on LinkedIn or in the LinkedIn advertising network.
In particular, pseudonymous identifiers, cookie data, IP address, browser and device information, referrers, times, page views and interactions can be processed. The legal basis is Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
Insofar as we use LinkedIn plugins, share buttons or comparable interactive LinkedIn elements on our website, their integration is as data-efficient as possible, for example in the form of a two-click or Shariff-like solution. This means that when you simply view a page, there should initially be no direct data transfer to LinkedIn. Only when you activate such an element is a connection to LinkedIn servers established.
After activation, in particular, IP address, browser and device information, the specific page accessed, time and type of interaction can be transmitted to LinkedIn. If you are logged in to LinkedIn at the same time, LinkedIn can associate the interaction with your user account and, if necessary, make it visible to your contacts.
The legal basis for activating such functions is your consent in accordance with Article 6 (1) (a) GDPR and — where applicable — Section 25 (1) TDDDG.
When we conduct digital meetings, demos, online meetings, video conferences, or webinars, we can use Microsoft Teams to do so. Microsoft Teams is a service provided by the Microsoft Group. Depending on the Contract Constellation, Microsoft Corporation, USA, or a European Microsoft company is our contractual partner.
In particular, the following can be processed as part of team appointments:
- Registration and contact details such as name, email address, telephone number,
- Meeting metadata such as topic, appointment, participant IP, device information and, if applicable, descriptions
- audio, video and chat content,
- voice inputs, screen shares, and shared files,
- technical diagnostic data and log data.
Processing is carried out for the purpose of preparing, carrying out, documenting and following up on the respective appointment as well as for efficient digital communication. The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the deadline is contractually or pre-contractual, Art. 6 para. 1 lit. a GDPR, insofar as we ask you for separate consent, and otherwise Art. 6 para. 1 lit. f GDPR.
Meetings, voice or video recordings will not be made without separate prior information and — if necessary — your consent or another separate legal basis.
If billing or accounting processes occur as a result of an enquiry, contract, order or other business relationship, we can use a cloud-based accounting solution. The provider is BuchhaltungsButler GmbH, Germany.
In particular, incoming and outgoing invoices, billing data, contract and service data, contact data, payment information, and bank transactions may be processed. The processing is used for proper financial accounting, invoice processing, compliance with tax and commercial obligations and internal administrative organization. Depending on the facts, the legal basis is Art. 6 para. 1 lit. b, lit. c and lit. f GDPR.
Within our company, personal data is only made available to those bodies that need it for the respective purposes. In addition, we may transfer personal data to external recipients insofar as this is necessary for the purposes described. In particular, these recipients may include:
- hosting, CDN, security and anti-bot service providers,
- CRM, Form, Appointment and Email Marketing Service Providers,
- analytics, advertising and retargeting providers,
- IT and support service providers,
- providers of digital communication and meetings,
- Accounting, Tax and Financial Service Providers,
- Banks, Payment and Settlement Offices,
- legal, tax and business advisors,
- Courts, authorities or other public bodies, insofar as we are legally obliged to do so.
As part of the processing described above, personal data may be transferred to countries outside the European Union or the European Economic Area, in particular to the USA.
Insofar as there is an adequacy decision for a provider in accordance with Article 45 GDPR, in particular in the case of active certification in accordance with the EU-U.S. Data Privacy Framework, we base the transmission on this. Insofar as such an adequacy decision does not apply or additional guarantees are required, we base transfers to third countries on appropriate guarantees in accordance with Article 46 GDPR, in particular standard contractual clauses, and, where appropriate, on further technical and protective organizational measures.
Irrespective of this, we would like to point out that data transfers to third countries may remain a residual risk despite protective measures taken, for example because access by authorities in the recipient country does not meet the level of protection of the EEA in all respects.
We only store personal data for as long as is necessary for the respective purposes. We then delete or anonymize the data, unless there are legal storage obligations or legitimate reasons for further storage.
In particular, the following principles apply:
- We store data based on consent until you withdraw your consent and beyond that only to the extent necessary to document consent or to protect legal claims.
- We generally store data from contact requests until the request has been finally processed and beyond that only to the extent that there are legal storage obligations or legal defense interests.
- We store contract and billing data for the duration of the contractual relationship and beyond in accordance with legal commercial and tax storage obligations.
- We store newsletter data until you unsubscribe or until you withdraw your consent; evidence of your consent can be stored for a longer period of time.
- According to our current configuration, we store Google Analytics 4 data for two months, unless aggregated, anonymized or separately stored reports are affected.
- Data from demographic reports in Google Analytics is also based on the shortest possible storage period chosen by us, currently two months.
- Google Ads conversion cookies typically expire after around 30 days, although the exact duration may depend on the specific technical implementation.
- Server log files and technical security data are only stored for as long as is necessary for operation, security, error analysis and misuse detection.
- For optional marketing, pixel and remarketing services, the storage period is otherwise based on the settings selected by us, your consent and the storage requirements of the respective provider.
You are not required to provide us with personal data. However, for purely informational use of the website, the processing of certain technical data is unavoidable, otherwise the website cannot be delivered. If you would like to use contact forms, demo or newsletter functions, the information marked as required is necessary so that we can process your request, organize an appointment or send the newsletter. Without this information, we may not be able to provide the respective service or only to a limited extent.
Based on the personal data collected via our website, we do not make exclusively automated decisions with legal effect or in a similarly significant way within the meaning of Article 22 GDPR. Insofar as providers create pseudonymous profiles or models as part of marketing or analysis functions, this only serves statistical, advertising or technical purposes and does not result in an exclusively automated decision by us with legal effect on you.
Within the framework of legal requirements, you have the following rights:
- Right to information in accordance with Article 15 GDPR,
- Right to correction in accordance with Article 16 GDPR,
- Right to deletion in accordance with Article 17 GDPR,
- The right to restrict processing in accordance with Article 18 GDPR,
- the right to be informed in accordance with Article 19 GDPR,
- the right to data portability in accordance with Article 20 GDPR,
- Right to withdraw consents granted in accordance with Article 7 (3) GDPR,
- Right to lodge a complaint with a data protection supervisory authority in accordance with Article 77 GDPR.
You can contact us at any time with your request first. Irrespective of this, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. For companies based in Bavaria, the Bavarian State Office for Data Protection Supervision is particularly responsible.
Insofar as we process personal data on the basis of Article 6 (1) (f) GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation.
If you file an objection, we will no longer process the data concerned unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object to this processing at any time with effect for the future. Following an Objection, We Will No Longer Process the Relevant Data for Direct Marketing Purposes.
We reserve the right to adapt this privacy policy if this is necessary due to technical developments, legal changes, new services or changes in processing processes. The latest version published on our website applies in each case.
Status of this privacy policy: 21.03.2026
