Here you will find information about the handling of personal data on At this point we would like to draw your attention to your statutory rights, which will come into force on 25.05.2018 as a result of the DSGVO. Subsequently, we would like to take the opportunity to briefly describe what this means for us and present our guidelines for the handling of your data:

Artikel 5 describes the principles of the processing of personal data

Should you have any doubts as to whether the principles stated there are applied in the processing of your data, you can exercise your right of information at any time, as described in Article 15 of the DSGVO.

Artikel 15 – DSGVO

And if, even after the fact, you do not consent to the processing of your data, you may at any time exercise your rights to have your data corrected, deleted or limited, as described in Articles 16, 17 and 18 below:

Artikel 16 – DSGVO

Artikel 17 – DSGVO

Artikel 18 – DSGVO

There is not only a right to information, correction and deletion of the data, but also a right to the transferability of the data. Thus articles 20 and 21 describe in which form you are entitled to information about their personal data processed by us.

Artikel 20 – DSGVO

Artikel 21 – DSGVO

For complaints or advice regarding your rights, you can consult the responsible bodies and supervisory authorities of the Federal Network Agency in accordance with Article 77. You can also assert legal claims for violations of your rights there.

Artikel 77 – DSGVO

With our guideline for the handling of personal data, we want to show how seriously we take the topic of data protection. We hope to strengthen your confidence in the company and our products.

Integrity of data means their reliability and thus ultimately their usability. It must therefore be ensured that data is not falsified and that false data is not processed. Applications must not be falsified so that they produce faulty results or execute functions that are not desired.

All necessary steps must be taken to prevent data from falling into unauthorized hands or from being disclosed to unauthorized persons. Ensuring confidentiality is pursued proactively through a systemimmanent role and rights concept; and reactively through the logging of accesses and the regular checking of protocols.

All necessary steps must be taken to ensure that all data required for the performance of the services and compliance with the rights of data subjects are permanently available.

Anonymous and pseudonym data
As far as possible, data will be processed in anonymous form. If this is not possible – e.g. because newly collected data must be merged with existing data – pseudonymisation should take place in such a way that a link with other data without knowledge of the pseudonym can be largely ruled out. This means in particular that an assumed subsequent combination of the data does not lead to any misuse.

A De-Pseudonymisation can only be justified by the emergence of new processing purposes and the concerned party shall be notified.

Saving data
For each processing purpose only categories of data are processed which are necessary for the fulfilment of the purpose.

Controlled data transfer
The data transfer between processing units, server entities or participants is controlled. Before data is transferred to another participant, existing identifiers of the concerned user are replaced with a pseudonym. All other direct personal references that are not necessary for processing are removed from the data or encrypted for the receiving procedure. As far as possible without endangering the purposes, the possibilities of aggregation and compression of data offered in this way are used, so that only the minimum necessary data is transferred between the points.

Necessity and Purpose Limitation

Each participant’s personal, non-pseudonymised data will only be distributed and processed to those parties who have a direct relationship with the purpose of fulfilling the data acquisition and only for as long as this is necessary to achieve the objective. The collection and processing of data only takes place with the express and documented consent of the participant. The collected data and their processing are subject to strict purpose limitation for the performance of individual services within the scope of the services to the participant. An extension or interruption of the purpose is only permitted with the informed, written consent of the person concerned (or an authorised representative).

In addition to customer information, comjoo business solutions GmbH processes personal data of comjoodoc users as well as connection protocols and data resulting from the use of the platform itself for billing purposes and the providing of the services offered. This results in the following categories of data, which are stored at comjoo business solutions GmbH:

Contract information, and data used for billing purposes, are subject to the tax law and are kept in accordance with the legal provisions for the prescribed period.

Personal Data of comjoodoc users are processed and stored in encrypted form exclusively for the agreed and necessary purposes. This data will not be evaluated or combined with other data.

Connection information, such as user access and times not required for billing purposes, is pseudonymously recorded in order to maintain our services and to undergo a continuous improvement process:

  • Browsertype/ Browserversion
  • Operating system
  • Referrer URL
  • Hostname
  • Timestamp

These types of data cannot be assigned to specific persons. The data will not be merged with other data sources. We reserve the right to subsequently check this data when we become aware of concrete indications of illegal use.

  • For information about your data processed by us,
  • To access, modify or withdraw any personal information you have provided to us,
  • If you suspect that personal data that you have provided to us has been misused, lost or accessed without authorisation,
  • For questions or suggestions on these topics,

you can always contact our data protection officer with confidence.


In the event of a change in the legal situation, we will adjust our processing methods and explanations if necessary and inform you of this at this point.