Data Protection Declaration

Data Protection Declaration

Please be informed: This privacy policy has been automatically translated with DeepL. Please refer to the German reference: Datenschutzerklärung.

This privacy policy and data protection declaration applies to the collection, processing and use of your personal data ("data processing") when using our websites including

This policy also applies to the collection, processing and use of your personal data in e-mails and other SerNet online services.

For webinars and webmeetings we refer you to our additional privacy policy for webinars and webmeetings.

The responsible party for data collection, data processing and data use on these sites within the meaning of the General Data Protection Regulation is SerNet Service Network GmbH, Bahnhofsallee 1b, 37081 Göttingen, Germany (hereinafter referred to as "SerNet").

Data protection is a matter of trust and your trust is important to us. We respect your privacy and personal sphere. The protection and legally compliant collection, processing and use of your personal data is therefore an important concern for us. When processing your personal data, we strictly observe the legal provisions on data protection

The provisions of the Basic Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG as amended) are the benchmark. We protect your data against manipulation, loss, destruction or access by unauthorised persons with the aid of technical and organisational measures. These measures are regularly checked and adjusted.

This data protection declaration is intended to give you an overview of the way in which SerNet collects and uses personal data when you use this website and the services and offers available through it.

Collection, processing and use of personal data

We collect, store and process your personal data only if you voluntarily provide us with them during the ordering process. We use the collected data exclusively for the processing of the contract, including any subsequent warranties.

In the form fields, the information we need for the services you request is marked as mandatory; other information is voluntary. For the conclusion and processing of contracts, we require, depending on the individual case, your correct contact details, such as name, delivery and billing address, as well as details of the product ordered and the type of payment method you have chosen, together with the associated payment information, such as your credit card details.

We need your e-mail address so that we can confirm receipt of your order and communicate with you. We also use it for your identification (customer login).

The data will be deleted after expiry of the warranty periods and statutory retention periods, unless you have expressly agreed to further use. Data linked to a user account (see below) will in any case be retained for the time that this account is maintained.

The legal basis for the processing of these data is Article 6(1)(b) of the GDPR.

Sharing of personal data

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR,

  • the disclosure pursuant to Art. 6 para. 1 sentence 1 letter f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

  • in the event that there is a legal obligation to pass on the data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and

  • this is legally permissible and required under Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you. This applies in particular to the processing of payments via PayPal and Stripe.

Creation of a customer account

You have the possibility to create a customer account on our website. To do so, you must enter the data requested in the input mask - mandatory data are marked as such - including name, address and e-mail address. At the same time, we then record the IP address and the date and time of your registration. Registered users receive password-protected direct access to their inventory data stored with us (customer account). When logging in later, only your e-mail address as login name and the password you have chosen are required.

The processing of the data communicated to us is exclusively for the purpose of contract processing or pre-contractual measures. The creation of a customer account is a prerequisite for placing an order. The use of our digital offers is not possible without the provision of your data. The data arising in connection with your ordering activities are automatically saved to your customer account and linked to this account and the data saved there. If necessary, a link is also made to data that is generated in connection with the purchase of subscriptions. Subscription customers can manage their subscription account via another password-protected portal (OPOSSO), e.g. perform data and software downloads.

The processing of your personal data is necessary for the performance of a contract or a pre-contractual measure. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. Further processing within the scope of setting up and using your account may also be carried out on the basis of your consent. The legal basis in these cases is Art. 6 Paragraph 1 S.1 lit. a GDPR. Your registration is required in order to fulfil the contract or carry out a pre-contractual measure. Furthermore, it is also required for the provision of content and services on our website.

The storage of the IP address and the time of the respective user action in the course of registration and renewed applications as well as the use of our online services is based on our legitimate interests as well as the user's need for protection against misuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c GDPR.

As a user you have the possibility to close your customer account. A corresponding request in text form (e.g. e-mail, letter) is sufficient for this. You will find address information at the end of this declaration. If the data is required for contract processing and/or invoicing or for the implementation of pre-contractual measures, an early deletion of the data is only possible if there are no contractual or legal storage obligations that prevent deletion.

Use of contact forms

Using the contact forms provided on our website, you can contact us directly or request current information from us. In the course of this process, your consent will be obtained and reference will be made to this data protection declaration.

When using these forms as well as when sending e-mails to contact us, the data you provide (such as name and surname, e-mail address, the reason for contacting us or additional information) will be processed by us exclusively for the purpose of processing your request. This information may be stored in our customer relationship management system. Your data will not be passed on to third parties in this context.

At the time of sending the message, the IP address of the user as well as the date and time of sending are also stored. These serve to prevent misuse of the contact form and to ensure the security of our information technology systems. This is also our legitimate interest in the data processing according to Art. 6 Para. 1 letter f GDPR.

The data entered in the contact form will be processed exclusively on the basis of your consent (Art. 6 Para. 1 letter a GDPR). You can revoke this consent at any time. All you need to do is send us an informal message by e-mail. The legality of the data processing operations carried out up to the point of revocation remains unaffected by the revocation.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent for storage or the purpose for which the data was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.


To subscribe to a SerNet newsletter service, we need at least your e-mail address. Further details are voluntary and will be used to address you personally.

When registering for the newsletter, in addition to the data from the input mask, IP address and time of registration as well as date and time of the confirmation mail (double opt-in procedure) are transmitted to us. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

For the processing of the data, your consent will be obtained during the registration process and reference will be made to this data protection declaration. If you would like to receive a newsletter from us, we need your express consent. For this purpose we use the so-called Double-Opt-In procedure: If you have consented to receive the newsletter(s) you have selected by e-mail, we will send you an e-mail with a confirmation link to the e-mail address you have provided, via which you can register to receive the newsletter. In order to prevent misuse, the registration process and your confirmation will be logged to prove your consent.

The legal basis for sending the newsletter is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR Art. 7 GDPR in conjunction with § 7 Para. 2 No. 3 UWG. The legal basis for the logging of the registration is our legitimate interest in proof that the dispatch was carried out with your consent in accordance with Art. 6 Para. 1 lit. f GDPR.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the links provided at the end of each newsletter article.

Photo note

At our events we reserve the right to make picture and video recordings of speakers, participants and guests. We will point this out in a suitable manner when announcing the event in the invitation and when holding the event. We process the image and video recordings for the purpose of event documentation and public relations. Individual recordings can therefore be published on our website and in our company accounts on Twitter.

The legal basis is our legitimate interest within the meaning of Art. 6 Para. 1 f GDPR. The taking of photographs and their distribution to the public does not involve a serious encroachment on individual rights, so that the balance of interests is in favour of the organiser.

The data will be deleted after the end of their use.

A description of your rights as a participant in our events can be found below under "Your rights" in this privacy policy.

Storage of access data

When you access our website, data such as the IP address, date and duration of the visit, the identification data of the type of browser and operating system used or the name of the Internet service provider and the referrer page are temporarily stored on our web servers as standard.

The storage is done to ensure the functionality of the website. In addition, the data is used to optimise our web offer and to guarantee the security of our information technology systems.

The data will not be evaluated in any other way except for statistical purposes and then generally in anonymised form.

The legal basis for the data processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the above-mentioned purposes for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.

The data will be deleted or blocked as soon as the purpose of the storage no longer applies. In the case of data processing for the purpose of providing the website, the data is deleted as soon as you leave our websites and the respective session is thus terminated.


It is not in our interest to collect personal data from children under the age of 16. We do not knowingly or intentionally collect information about children. The processing of personal data of children is only permitted with the consent of their legal guardians. SerNet GmbH advises all parents and guardians to instruct their children in the safe and responsible handling of personal data. If you are of the opinion that we have collected data about your child, you can inform us as a parent or guardian at The data will be completely deleted.


You can apply to us electronically. We will of course only use your details to process your application. Your details will only be passed on to those positions at SerNet involved in the application process (in particular team leaders, managing directors, personnel management). Please note that e-mails are generally not sent in encrypted form and applicants must ensure that they are encrypted themselves. We can therefore not accept any responsibility for the transmission path of the application between the sender and receipt on our server. You are free to send us your application by post.

The legal basis for the processing is Article 6(1)(b) of the GDPR in conjunction with § Article 26 Paragraph 1 BDSG). After completion of the application procedure, we will delete your data unless we are legally obliged to retain this data or your consent has been obtained.

social media

We do not use social media plug-ins on our websites. Only links to various social media platforms such as Twitter and Youtube, Github are integrated into our websites. However, this is not an integration of data such as the "Like" button, but only links to the respective external presentation of our company on the corresponding platform. There is no automated data exchange with the social network. Only after clicking on the integrated graphic will you be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on the handling of your personal data when using these websites, please refer to the respective data protection regulations of the providers.

Data security

We secure our website and other systems through technical and organisational measures in accordance with Art. 32 GDPR, which we continually adapt to the state of the art. All our employees who collect, process or use personal data are obliged to observe confidentiality in accordance with the GDPR and to handle data processing systems properly. Your personal data will be transmitted by us encrypted using the SSL procedure. This applies to your order and other inquiries as well as to the customer login. Credit card data and data on your bank account are not stored by us, but are collected and processed directly by our payment service provider. Access to your customer account is only possible after entering your personal password. You should always keep your access information confidential and always log out of your personal account after use, especially if you share the computer with others.

Use of cookies

Cookies are small text files which are transmitted from the Internet to the computer together with the data actually requested. These data are stored there and kept ready for later retrieval. Through these cookies, certain information from you, such as your browser or location data or your IP address, is processed to an individual extent.

This processing makes our internet presence more user-friendly, more effective and more secure, as the processing enables, for example, the reproduction of our internet presence in different languages or the offer of a shopping basket function.

Most of the cookies we use are so-called "session cookies". These are automatically deleted from your hard drive at the end of your visit. Other cookies remain on your computer system and enable us to recognize your computer system during your next visit (so-called permanent cookies). Cookies do not cause any damage to your computer and do not contain viruses.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, insofar as these cookies process data for the purpose of contract initiation or contract implementation.

If the processing does not serve the purpose of contract initiation or contract implementation, our legitimate interest lies in the improvement of the functionality of our Internet presence. The legal basis is then Art. 6 Para. 1 lit. f GDPR.

Most browsers are set in such a way that they automatically accept cookies. Of course you can also view our web pages without cookies. If you do not want us to recognize your computer, you can prevent cookies from being stored on your hard drive by selecting "do not accept cookies" in your browser settings. Please refer to the instructions of your browser manufacturer for details of how this works.

If you disable cookies, certain features on our site may not be available to you and some web pages may not display properly.

Web tracking

Your visit to our website is currently recorded by Matomo (previous name: Piwik), a web analysis tool. With the help of this tool, data is collected in real time for statistical analysis of visitor access. Cookies are used for this purpose. These are text files which are stored on your computer and which enable an analysis of your use of the website. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymised before it is saved. The information generated by the cookie about your use of the site will not be disclosed to third parties.

The legal basis for the processing of users' personal data is Art. 6 Para. 1 letter f GDPR. Our legitimate interest is to continuously improve our website and its user-friendliness. By making the IP address anonymous, the interest of the users in their protection of personal data is sufficiently taken into account.

You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser accordingly. Cookies already stored can be deleted at any time. You also have the option of preventing any form of user analysis by clicking on the button below to object to it at any time. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo (previous name: Piwik) does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie is also deleted and may have to be reactivated by you. Of course you are free to exercise your right of objection by post or by e-mail.

External links

If you use external links which are offered within the framework of our Internet pages, this data protection declaration does not extend to these links. We do not accept any responsibility for external content that is made available for use via links and do not adopt their content as our own.

If we offer links, we assure that at the time of setting the link, no violations of applicable law on the linked websites were apparent. However, we have no influence on the compliance with data protection and security regulations by other providers. Therefore, please also inform yourself on the websites of the other providers about the data protection declarations provided there.

Your rights as data subject

Under applicable laws, you have various rights regarding your personal information. If you wish to exercise these rights, please send your request by e-mail or by post, clearly identifying yourself, to the following address.

SerNet GmbH
z.Hd. Datenschutz
Bahnhofsallee 1b
37081 Göttingen

Below you will find an overview of your rights.

Right of access to information

Under Article 15(1) of the DPA, you have the right to obtain confirmation as to whether personal data concerning you are being processed. If this is the case, you can ask us for the following information:

  • Processing purposes

  • Categories of personal data processed

  • Recipients or categories of recipients who have already received or will receive such data

  • planned storage period if possible, otherwise the criteria for determining the storage period

  • Rights of rectification, erasure or limitation of processing

  • Right to object to such processing

  • Right of appeal by the data subject to the supervisory authority

  • the origin of the data, if not collected from the data subject himself

  • the existence of automated decision-making, including profiling, with meaningful information on the logic involved and the scope and intended impact of such procedures

If personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.

Right of rectification

You have the right to ask the data controller to correct and/or complete any personal data processed concerning you if it is incorrect or incomplete, in accordance with art.16 of the DPA.

Right of cancellation

The right to deletion under Art. 17 GDPR includes the possibility for the person concerned to have data deleted by the person responsible. However, this is only possible if the personal data concerning him/her is no longer necessary, is processed unlawfully or if his/her consent to this has been revoked. The exceptions to this right regulated in § 35 BDSG apply.

Right to limit processing

In accordance with Art. 18 GDPR, you can demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it to assert, exercise or defend legal claims. You are also entitled to the right under Art. 18 GDPR if you have lodged an objection to the processing in accordance with Art. 21 GDPR.

Right to information

If you have asserted your right to rectification, deletion or restriction of processing vis-à-vis us, we are obliged under Art. 19 GDPR to notify all recipients to whom we have disclosed your personal data of this rectification, deletion or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You also have the right to be informed about these recipients.

Right to data transferability

In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided us with in a structured, common and machine-readable format so that you can make this data available to another person responsible.

Rights of revocation and objection

In accordance with Art. 7 Para. 3 GDPR, you can revoke your consent to us at any time. As a result, we may no longer continue to process data based on this consent in the future.

Under Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 letter f GDPR. We will then no longer process the personal data unless there are demonstrably compelling reasons for processing that are worthy of protection and outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

Please send the revocation of consents granted as well as your objection request by e-mail or by post under clear identification of your person:

SerNet GmbH
z.Hd. Datenschutz
Bahnhofsallee 1b
37081 Göttingen

Changes to our privacy policy

We reserve the right to change the data protection declaration at any time in compliance with the applicable statutory data protection provisions.

Competent supervisory authority

The State Commissioner for Data Protection of Lower Saxony
Prinzenstrasse 5
30159 Hannover
Phone 0511 120-4500


If you have any questions or comments about this data protection declaration or about data protection in general, please contact our data protection officer:

Telefon: 0551-370000-0

Contact us
We are right here!

Our sales team is happy to help you with any questions about SerNet products and services - personally and individually tailored to your needs.

You can call us directly at  +49 551 370000-0
or send email to

Contact us!
linke Spalte
rechte Spalte
* Mandatory fields