contactlog in
Privacy Policy
Privacy Policy
Data protection is of great importance to sematicon AG. We treat personal data confidentially and in accordance with the applicable data protection laws, in particular the General Data Protection Regulation (GDPR).

Our website can generally be used without you actively entering personal data, for example without registration. However, certain data is processed for technical reasons each time the website is accessed, such as your IP address in server log files, in order to provide and protect the website. If no other legal basis applies to a specific processing activity, we obtain your consent where required, for example for analytics or marketing cookies, newsletters, newsletter tracking, or the loading of external content.

We take appropriate technical and organisational measures to protect personal data. Nevertheless, data transmission over the internet may have security vulnerabilities, and absolute protection cannot be guaranteed. You may therefore also transmit personal data to us via alternative channels, for example by telephone.
Table of Contents
  1. Controller
  2. Data Protection Contact
  3. General Information on Legal Bases
  4. Visiting the Website / Server Log Files
  5. Cookies, Consent Tool & Consent
  6. Contact Requests (Email, Forms, Offer & Demo Requests)
  7. Newsletter 7.1 Subscription (Double Opt-In) 7.2 Mailing Service Provider (Brevo) 7.3 Newsletter Performance Measurement (Tracking)
  8. Google Analytics (Web Analytics)
  9. Google Ads / AdWords (Conversion Tracking, Remarketing / Retargeting)
  10. Google Web Fonts
  11. Social Media: LinkedIn, XING, Instagram 11.1 LinkedIn 11.2 XING 11.3 Instagram
  12. Embedded Content: YouTube, Vimeo, Google Maps 12.1 YouTube 12.2 Vimeo 12.3 Google Maps
  13. Google reCAPTCHA (Protection against Spam / Misuse)
  14. Recipients / Data Processors
  15. Transfers to Third Countries (outside the EU / EEA)
  16. Retention Period
  17. Your Rights
  18. Right to Lodge a Complaint
  19. Automated Decisions / Profiling
  20. Changes to this Privacy Policy
1. Controller
sematicon AG Schatzbogen 56 81829 Munich Germany Phone: +49 (89) 413 293 000 Email: office@sematicon.com
2. Data Protection Contact
If you have any questions about data protection or wish to exercise your rights, please contact: Email: office@sematicon.com (or by post at the address above).
3. General Information on Legal Bases
We process personal data in particular on the following legal bases: - Consent (Art. 6(1)(a) GDPR), for example for analytics / marketing cookies, newsletters, and newsletter tracking - Contract / pre-contractual measures (Art. 6(1)(b) GDPR), for example in connection with offer requests or product enquiries - Legitimate interests (Art. 6(1)(f) GDPR), for example for the secure operation of the website, IT security, and responding to general enquiries. Where processing is based on consent, you may withdraw that consent at any time with effect for the future. The lawfulness of processing carried out before the withdrawal remains unaffected.
4. Visiting the Website / Server Log Files
When you access our website, our technical service providers automatically process data transmitted by your browser. This includes, for example: IP address Date and time of access Page / file accessed Browser type and version, operating system Referrer URL. The purpose of processing is the technical provision, stability, and security of the website, for example defence against attacks, as well as error analysis. The legal basis is our legitimate interest under Art. 6(1)(f) GDPR. Log data is regularly deleted or anonymised; the specific retention period depends on our security and operational requirements. Technical Service Providers / Infrastructure Hosting (cloud infrastructure): Microsoft Azure, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland DNS services: Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
5. Cookies, Consent Tool & Consent
We use cookies and similar technologies. - Required cookies: necessary for the operation and basic functions of the website - Analytics / marketing cookies: only used if you have consented via our consent tool. You can withdraw or adjust your consent at any time with effect for the future via the cookie settings.
6. Contact Requests (Email, Forms, Offer & Demo Requests)
We provide various ways to contact us on our website, for example via contact forms or the email addresses provided. If you use these options, we process the personal data you submit, such as your name, company, email address, phone number, and message, in order to review and respond to your enquiry and to communicate with you.
Purposes of Processing
- Handling and responding to your enquiry - Follow-up questions, scheduling, and further communication - Documentation of the process, for example for traceability, internal allocation, and quality assurance
Legal Bases:
  • Art. 6(1)(b) GDPR, where processing is necessary for pre-contractual measures or contract performance
  • Art. 6(1)(f) GDPR, where we have a legitimate interest in efficient handling of enquiries, maintaining business relationships, and proper documentation.

Some information may be required in order to process your enquiry meaningfully, such as a way to contact you and the subject matter of your request. If this information is missing, we may not be able to respond, or may only be able to respond to a limited extent. In a B2B context, it may also be necessary to store contact details and communication histories in a customer or prospect management system, such as a CRM, for structured handling, internal ownership, follow-up on open items, and improved support. In such cases, the legal basis is Art. 6(1)(f) GDPR. Contact details from an enquiry are only used for marketing purposes where legally permissible. Where consent is required, it is obtained separately. You may object to marketing communication at any time. We store enquiry data only as long as necessary for processing and handling the request. Afterwards, the data is deleted or anonymised unless statutory retention obligations apply or there are legitimate reasons for continued storage, for example for the assertion, exercise, or defence of legal claims.
7. Newsletter
7.1 Subscription(Double-Opt-In) If you subscribe to our newsletter, we process your email address and, where applicable, additional voluntary information such as your name or company in order to send you the newsletter. To confirm your subscription, we use the double opt-in procedure. For this purpose, we also process data such as the time of subscription / confirmation and the IP address as proof of registration. The legal basis is consent under Art. 6(1)(a) GDPR. You may unsubscribe from the newsletter at any time, for example via the unsubscribe link included in every newsletter.
7.2 Mailing Service Provider(Brevo) The newsletter is sent via Brevo (formerly Sendinblue) as a service provider. Provider: Sendinblue GmbH, trading as “Brevo”, Köpenicker Str. 126, 10179 Berlin, Germany. Sendinblue GmbH is a subsidiary of Sendinblue SAS, 17 rue de Salneuve, 75017 Paris, France. Brevo processes data on our behalf under a data processing agreement.

7.3 Newsletter Performance Measurement (Tracking)
Our newsletters may contain tracking technologies, for example counting pixels or link tracking, which enable us to determine whether a newsletter was opened and which links were clicked, in order to improve content. The legal basis is consent under Art. 6(1)(a) GDPR. Consent can be withdrawn by unsubscribing from the newsletter or withdrawing your consent.
8. Google Analytics (Web Analytics)
If you have consented, we use Google Analytics to analyse usage of our website. Cookies may be set and usage data may be processed. It cannot be ruled out that data may also be processed in the United States. Provider in the EU: Google Ireland Limited, Dublin, Ireland. The legal basis is consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time via the cookie settings.
9. Google Ads / AdWords (Conversion Tracking, Remarketing / Retargeting)
If you have consented, we use Google Ads / AdWords to measure the success of advertising campaigns (conversion tracking) and, where applicable, to enable remarketing / retargeting. Provider in the EU: Google Ireland Limited, Dublin, Ireland. The legal basis is consent under Art. 6(1)(a) GDPR. Consent can be withdrawn at any time via the cookie settings.
10. Google Web Fonts
We use Google Web Fonts to ensure the consistent display of fonts. Your browser may establish a connection to Google servers; in particular, your IP address may be transmitted. Provider in the EU: Google Ireland Limited, Dublin, Ireland. Depending on the technical integration, the legal basis is either consent under Art. 6(1)(a) GDPR or legitimate interest under Art. 6(1)(f) GDPR.
11. Social Media: LinkedIn, XING, Instagram
Our website may contain buttons / links or embedded functions for social media platforms.
Important:
- If it is only a link, for example a button or icon linking to the platform, a connection to the respective platform is generally established only after you click it. - If plugins, widgets, or embeds are used, data may already be transmitted when the page is loaded. Unless technically necessary, such integrations should only be used after consent.
11.1 LinkedIn Provider in the EU: LinkedIn Ireland Unlimited Company, Dublin, Ireland. 11.2 XING Provider: NEW WORK SE (XING), Dammtorstraße 30, 20354 Hamburg, Germany. 11.3 Instagram Provider in the EU: Meta Platforms Ireland Ltd., Dublin, Ireland. If you are logged into the relevant network, the provider may associate your visit to our website with your user account. You can prevent this by logging out of the relevant account before using the buttons / plugins.
12. Embedded Content: YouTube, Vimeo, Google Maps
If we embed external content, such as videos or maps, a connection to the servers of the respective provider is established when the content is activated. In particular, the IP address, device / browser information, and, where applicable, usage data may be transmitted.

12.1 YouTube Provider in the EU: Google Ireland Limited, Dublin, Ireland.
12.2 Vimeo Provider: Vimeo.com, Inc., New York, USA.
12.3 Google Maps Provider in the EU: Google Ireland Limited, Dublin, Ireland. The legal basis is consent under Art. 6(1)(a) GDPR where the content is only loaded after activation, for example via consent or click-to-load.
13. Google reCAPTCHA (Protection against Spam / Misuse)
Google reCAPTCHA may be used to protect our forms against spam and misuse. Technically necessary data, such as IP address, interactions, and browser data, may be transmitted to and processed by Google. Provider in the EU: Google Ireland Limited, Dublin, Ireland. Depending on the implementation, the legal basis is either consent under Art. 6(1)(a) GDPR or legitimate interest under Art. 6(1)(f) GDPR in protecting against misuse.
14. Recipients / Data Processors
We use service providers who process data on our behalf and in accordance with our instructions, for example for hosting, DNS, IT operations, newsletter delivery, and analytics / marketing services where applicable. Where required, we conclude data processing agreements with these service providers.
15. Transfers to Third Countries (outside the EU / EEA)
When using certain services, personal data may be transferred to countries outside the European Union or the European Economic Area, or processed there. This may be the case in particular with providers based in the United States or globally operated IT infrastructures, for example Vimeo or, depending on configuration, Google services. Where data is transferred to a third country, we ensure, where required, that an adequate level of data protection exists. This may be based in particular on:
  • an adequacy decision by the European Commission, where applicable
  • EU Standard Contractual Clauses (SCCs) and, where necessary, additional safeguards.
Please note that, despite contractual and technical measures, it cannot be ruled out in all cases that government authorities may access data processed in third countries, especially in the USA.
16. Retention Period
We store personal data only as long as necessary for the respective purpose. Afterwards, the data is deleted unless statutory retention obligations apply or there are legitimate grounds for longer retention. Newsletter data is generally stored until you unsubscribe; proof data for the double opt-in process may be retained for longer where required for documentation purposes.
17. Your Rights
Under the GDPR, you have in particular the following rights:
  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7(3) GDPR).
18. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority.
19. Automated Decisions / Profiling
We do not carry out automated decision-making, including profiling, within the meaning of Art. 22 GDPR. Where third-party tools use their own profiling mechanisms, this occurs only on the basis of your consent via the cookie settings.
20. Changes to This Privacy Policy
We update this privacy policy regularly when our website, processes, or the services we use change. Last updated: 31 December 2025.
Your Munich‒based company specializing in IT security and cryptography in industrial and KRITIS environments.
Phone
+49 (089) 413 293 000
sematicon AG
Schatzbogen 56, 81829 Munich
E-Mail
office@sematicon.com