Privacy policy


1. Provider of

1.1. INVICTO Holding GmbH, Hohenstaufenstr. 2, 40547 Düsseldorf, tel.: + 49 (0) 211 175 20 10 0, Fax: + 49 (0) 211 175 20 10 30, E-mail: (hereinafter “provider”), operates the website under with its sub-pages (hereinafter “website”).

1.2. The provider takes the protection of your personal data very seriously and respects the applicable data protection regulations, in particular the Basic Data Protection Ordinance (GDPR) and the Federal Privacy Act (BDSG). The following declaration gives you an overview of how the provider guarantees this protection and what kind of data is collected for which purpose.

1.3. If you have any questions or problems with data protection matters, please contact the provider’s data protection Officer (see Section 12).

2. Collection, processing and use of general data

2.1. When the website or its subpages are called, the provider automatically collects and stores information that your browser transmits to the provider, if the corresponding functions are not disabled. This data is only evaluated to ensure trouble-free operation of the website and to improve the offer and does not allow the provider to make any inferences to your person. These are:

2.2. The access logs of the Web servers log which page views have occurred at what time. They include the following data: IP, directory protection user, date, time, pages accessed, logs, status code, DataSet, Referer, user agent, called hostname.

2.3. The IP addresses are stored anonymously. To do this, the last digit block is removed, i.e. is 127.0.0. *. IPv6 addresses are also anonymized. The anonymized IP addresses are kept for 60 days. Information about the directory protection users used will be anonymized after one day.

Error logs that log erroneous page views are deleted after seven days. These include, in addition to the error messages, the accessing IP address and, depending on the error, the called Web page.

FTP access is logged anonymously and kept for 30 days.

E-mail logs in Office 365

Summary reports for mailboxes60 daysMessage data aggregation is largely completed within 24 to 48 hours. Smaller incremental, aggregated changes can occur for up to 5 days.
E-mail Protection messages90 daysThe aggregation of message data is usually completed within 24 to 48 hours. Smaller incremental, aggregated changes can occur for up to 5 days.
Email protection Details90 daysFor detail data that is less than 7 days old, data should appear within 24 hours, but may not be completed until 48 hours later. Some minor incremental changes can take up to 5 days.To view detailed reports for messages that are older than 7 days, it may take a few hours for the message trace results to be emitted.
Message trace Data90 daysIf you start message tracking for messages that are less than 7 days old, the messages should appear within 5-30 minutes.If you are running a trace for messages that are older than 7 days, it may take a few hours for results to be output.

3. Personal Data

3.1. Personal data will be collected, processed and used in the course of the use of the website only as described below. Personal data are all individual information about personal or factual circumstances of a certain or identifiable natural person (not including: legal persons, such as a GmbH or AG). Personal data includes, above all, information such as the name, address, e-mail address or professional relationships of a person.

4. Collection, processing and use of personal data

4.1. The provider collects, processes and stores your personal data, if you inform the provider in turn in the context of a mandate request or-issue or other contact (e.g. by e-mail or telephone).

In the context of the aforementioned interaction with you, the required data are collected. In addition, further data can be queried, which are useful for advice and information on demand; However, the disclosure of this data is voluntary and will be marked accordingly. The provider uses the information you provide to process your inquiries or to process the contract. In order to ensure that you do not have to provide the same information repeatedly to the provider in case of inquiries or ongoing consultations, it shall save them as long as they are required for the clarification of the request or the customer relationship.

Data processing is carried out on the basis of article 6 (1), sentence 1 lit. (b) GDPR if it serves a contract or preparatory action. In so far as you have agreed to the data collection and data processing, the data processing according to § art. 6 par. 1 sentence 1 lit. A GDPR.

4.2. All personal data are stored or processed on servers in Germany or within the EU. Data are transferred to places outside the EU only in accordance with article 44 ff. GDPR allowed frame.

4.3. You are entitled to object to the collection of data for direct marketing purposes. In order to exercise this right of withdrawal, you can send an informal message to, stating your e-mail address, in which your intention to cancel is expressed.

5. Transfer of data to third parties

5.1. The provider will only share your personal information with third parties in the following cases:

5.1.1. If a service provider for whose services INVICTO is interested, this data is needed for you to create an individual offer for you. These service providers shall be entitled to use your data only in so far as they are not expressly communicated to you and give you consent, only in so far as this is necessary or authorized by you for the particular purpose; or

5.1.2. If the transmission is otherwise necessary for the provision of a service requested or commissioned by you; or

5.1.3. If there is a mandatory administrative or judicial order.

6. Deletion and correction of data

6.1. Upon request or after termination of the contract with the provider, your personal data will be deleted immediately if the retention or documentation obligations are not contrary to tax or commercial law or if the guarantee of the legitimate Interests of the provider.

6.2. As long as all contractual obligations have not yet been fulfilled and your data are required to do so, there is no entitlement to data deletion.

6.3. If data are faulty, they are corrected at the knowledge or at your request.

7. Right of information/other rights

7.1. Upon request, the provider shall, in particular, provide you with information on the

• collection of personal data

• purpose of data processing

• categories of data processed, and if applicable, the recipients who are required to comply with legal obligations or Contractual relationships.

7.2. Upon request, you will receive a copy of the data collected and processed by the provider.

7.3. Upon request, your data may be made available for a fee in a format that is readable for you and a subsequent service provider, in order to enable a fast transmission.

7.4. In the event of violations of data protection regulations, you are entitled to a right of appeal which you can exercise with a supervisory authority.

8. Cookies

8.1. The website uses so-called “cookies” in several places. They serve, among other things, to make the offer of the website more user-friendly, more effective and safer. Cookies are text information that a Web page transmits to the browser’s cookie file on your computer hard drive or other device, so that the website can, among other things, remember which device accessed it. A cookie typically contains the name of the domain from which the cookie originated, the “lifetime” of the cookies, and a value, usually a randomly generated unique number. The website uses the following types of cookies:

8.1.1. Session cookies: These are temporarily stored cookies that remain in your browser’s cookie file until you leave the site. Session cookies allow you to identify the device during the duration of use. This information will not be stored further after you have left the site.

8.1.2. Persistent cookies: These remain in the cookie file of your browser for a long time. How long depends on the “lifetime” of the special cookie. At the end of this lifetime, the cookie itself is deleted. The purpose of using these persistent cookies is to ensure the functionality of the website (e.g. shopping cart in the webshop). The permanent cookies do not contain personal data. Name, IP address, etc. are not stored in it.

8.1.3. Web beacons: These are electronic characters (also known as “clear GIFs” or “web Bugs”) that allow the provider to count the number of users who have visited the portal.

8.2. If you do not want to accept cookies or web beacons, you can reject them and deny access to previously saved information by setting your Web browser accordingly. The settings within your Web browser that allow you to do this vary from browser to browser, they can usually be found under “privacy” or “cookies” of the “Internet Options” or “properties” menus of your browser. If you need help to stop cookies, you should refer to the Help menu within your browser. Please note, however, that you may not be able to use all features of the website if cookies and/or web beacons are turned off.

8.3. Google Analytics the provider uses Google Analytics, a Web Analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics also uses cookies (see the description in Section 8), which allows you to analyze the use of the website. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. IP anonymization has been activated on this portal, so that the IP address of the users of Google is shortened in advance within Member States of the European Union or in other contracting States of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there. On behalf of the provider, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services related to the use of the website and the Internet to the Provider. The IP address submitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by a corresponding setting of your browser software; However, the provider points out that in this case you may not be able to use all functions of this website in full. You can also prevent Google from capturing the data generated by the cookie and related to your use of the website (including your IP address) to Google as well as the processing of such data by using the browser plugin available at the following link Download and install:

8.4. Using webfonts on the website, Google fonts are included on the server side. However, for technical reasons, some Google fonts are used. Google Fonts is a service of Google Inc. (“Google”). The integration of these web fonts is done by a server call, usually a server from Google in the USA. This is transmitted to the server, which the website of the provider visited the users. Also, the IP address of the browser of the terminal of the visitor of these internet pages is stored by Google. For more information about the Google Inc. privacy policy, see or

8.5 Use of Google Maps on this website is a map of Google Maps embedded, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). No user data will be transferred to Google if you only look at the card. Once you click on the map, data can be transferred to Google Maps.

8.6. You can set your browser to notify you when you receive a cookie or you can exercise your legal right to object by rejecting cookies in the browser settings.

If you do not accept cookies, you may not be able to use the full range of Web page features.

For more information on how to handle cookies, refer to the Help pages of your browser, as well as the Web page of:

9. Social Plugins

The provider maintains online presences within social networks and platforms in order to communicate with the active customers, interested parties and users and to inform them about services there. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

Unless otherwise stated in the data protection declaration of the provider, the provider processes the data of the users if they communicate with the provider within the social networks and platforms, e.g. write contributions to online presences or Send news to providers.

The provider uses based on legitimate interests (i.e. interest in the analysis, optimization and economic operation of the online offer in the sense of art. 6 para. 1 lit. f. GDPR) Social plugins (“plugins”) of the social network, which is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is operated (“Facebook”). The plugins can include interaction elements or content (e.g. videos, graphics or text contributions) and can be seen on one of the Facebook logos (white “f” on blue tile, the terms “like”, “like” or a “thumbs up” sign) or are with the addition “Facebook Social plugin”. The list and the appearance of the Facebook social plugins can be viewed here:

Facebook is certified under the Privacy Shield Agreement and provides a guarantee to comply with European Data protection Law ( ).

When a user calls a function of this online offer that contains such a plugin, his device establishes a direct connection with the servers of Facebook. The content of the plugin is transmitted directly by Facebook to the user’s device and is included in the online offer. Users can create user profiles from the processed data. The provider therefore has no influence on the amount of data that Facebook collects with the help of this plugin and therefore informs users accordingly about this knowledge level.

By incorporating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged on to Facebook, Facebook can assign the visit to his Facebook account. When users interact with the plugins, for example press the Like button or leave a comment, the corresponding information is transmitted from their device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will know and store its IP address. According to Facebook, only an anonymized IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and settings for the protection of the privacy of the users can be read in the Privacy policy of Facebook:

If a user is Facebook and does not want Facebook to collect data about him via this online offer and link it with his member data stored on Facebook, he must log out before using the online offer of the provider on Facebook and Delete its cookies. Other settings and contradictions regarding the use of data for advertising purposes are possible within the Facebook profile settings:; Or on the American side or the EU-side The settings are platform independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.

Within the online offer of the provider, functions and contents of the service Xing, offered by Xing AG, Dammtor Straße 29-32, 20354 Hamburg, Germany, can be integrated. This may include, for example, content such as images, videos or texts and buttons, with which users can share contents of this online offer within Xing. If the users are members of the platform Xing, Xing can assign the call of the above contents and functions to the respective profiles of the users. Xing Privacy Policy:

Within the provider’s online offering, features and content of the LinkedIn service, offered by the LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, can be included. This may include, for example, content such as images, videos or text and buttons that allow users to share content from this online offering within LinkedIn. If users are members of the LinkedIn platform, LinkedIn can assign the above content and features to the users’ profiles. LinkedIn Privacy Policy: LinkedIn is certified under the Privacy Shield Agreement and provides a guarantee to comply with European Data protection Law ( Privacy Policy:, opt-out:

10. Amendment of this privacy policy

The provider reserves the right to adapt security and data protection measures to the extent necessary for technical or legal development. In these cases, the provider will also adjust this privacy statement accordingly. Please note the current version of the provider’s privacy policy.

11. Questions and contact

You have the right to receive free information about the data stored by the provider about you and, if applicable, the right to correct, block or delete this data. If you have any questions regarding the collection, processing or use of your personal data, for information, correction, blocking or deletion of data, and revocation of any given consent or opposition to a particular use of data, please contact

12. Data protection officer

Ms Julia Czech

Contact us

INVICTO Holding GmbH
Hohenstaufenstr. 2
40547 Düsseldorf
T: +49 211 175 2010-0

Ferdinand von Hammerstein

Managing Director

Dr. Christoph Hamann

Managing Director