1. Definitions

Terms not specifically defined in this data protection declaration have the meaning set out in the DS-GVO, such as “personal data” and “processing” in accordance with Art. 4 DS-GVO:

Personal data: refers to any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier.
Processing: includes any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Controller

Unless otherwise stated in this data protection declaration, the controller for the processing of your personal data described herein within the meaning of Art. 4 No. 7 GDPR is:

viaduct partners GmbH (“viaductus”)
Gudrunstraße 2
80634 Munich
Germany
Managing Director: Artur Morozas
E-Mail: contact@viaductus.de

3. Provision of the website

3.1 Description and extent of the data processing

Whenever you use viaductus, the following data and information are transmitted to us by the computer system of the accessing computer:

• Browser type and browser version;
• Operating system used;
• Website from which you visit us (referrer URL);
• Host name of the accessing computer;
• Date and time of the server request;
• IP address.

These data are also stored in the log files of our system. These data are not stored together with other personal data of the user.

3.2 Purpose of data processing

The storage of data in log files serves to ensure the functionality of the website and the platform and to be able to offer you a technically efficient visit. For example, the temporary storage of the IP address is necessary to enable the delivery of the website or the platform to the user's device; in addition, the correct display requires an adaptation to the needs of your device.

In addition, this data is collected to ensure the security of our information technology systems, in particular to prevent attacks on our servers and on the website or platform.

3.3 Legal basis for data processing

The basis for data processing for the optimal presentation of the platform and website is Art. 6 para. 1 lit. b) DS-GVO, which allows the processing of data to fulfill a contract or to carry out pre-contractual measures.

Art. 6 (1) lit. f) GDPR serves as the legal basis for the temporary storage of data and log files to ensure system security. Our legitimate interest lies in preventing fraudulent or illegal activities and protecting our systems and servers.

3.4 Duration of storage

The data will be deleted as soon as it is no longer needed for the purpose for which it was collected.

When data is stored in log files for system security, it will be deleted after thirty (30) days at the latest.

3.5 Right to object and to erasure

The collection of data for the provision of the website or platform and the storage of the data in log files are essential for the operation of the website or platform. Therefore, there is no possibility of objection.

4. Use of cookies and analysis tools

We use cookies, similar technologies (collectively referred to as “cookies”) and analysis tools to store information about your preferred activities, to better align our offers with your interests and to increase the speed of your requests, as well as for advertising purposes. You can find more details in our separate Cookie Policy.

5. Data processing when providing the platform

5.1 Description and scope of data processing

5.1.1 Registration

In order to use our platform for brokering company acquisitions and sales, you must register via the website. To do this, we need to collect and process certain personal data as registration information as part of the registration process. This data includes the following information:

• email address;
  first name and surname;
  user ID for logging in, and password if applicable;
  selection of the platform language;
  registration circumstances, including the log data (section 3) at the time of registration, and reconfirmation of registration by the platform user.

5.1.2 After registration

After registration, a personal user account is generated for the user on the platform. In the protected user area, the user can view and manage the user data that we store for them. This user data includes, in particular, user master data, company data and documents and files that you provide to us for evaluation using the mechanisms provided on the platform.

5.2 Purpose of data processing

We collect and process your personal data as specified in Section 5.1 for the following purposes:

• for the establishment, execution or termination of the business relationship as described in the General Terms and Conditions.
• for the configuration of options in the user area, e.g. language;
• to ensure that the platform is presented and can be used by you in the most effective and appealing way possible (e.g. through statistical analysis);
• for the technical realization of the platform's functions, in particular for retrieving user data stored in the user area for the user, uploading documents and interacting with other users to initiate corporate transactions;
• to monitor and ensure compliance with legal requirements and contractual agreements when using the platform. This includes checking registration information (e.g. email address, password), logging and analyzing user activities to detect and prevent suspicious or illegal activities, and enforcing our terms of use;
  to provide you with technical support;
  to inform the user about changes to our services.

5.3 Legal basis for data processing

Insofar as we process your personal data in connection with the initiation and execution of a contract with you, the legal basis for this data processing is Art. 6 (1) point b GDPR (performance of a contract, pre-contractual measures). This concerns the registration and execution of the platform usage and brokerage contract.

If the processing is necessary to safeguard our legitimate interests or those of a third party and your interests, fundamental rights and freedoms, which require the protection of personal data, do not outweigh our interest, the legal basis is Art. 6 (1) sentence 1 lit. f) GDPR (safeguarding legitimate interests). This is the case in matters of the security of the operation and the data of other users of our platform as well if we have reason to suspect that your access is being used without authorization or otherwise poses a threat. In this case, our interest in measures that also preventively ensure secure operation and protection of the data of other users outweighs your interest in your data not being used for these purposes. You can object to the processing of this data at any time. The objection is subject to Section 16.6.

5.4 Duration of storage

The data will be stored, subject to a request for deletion, for as long as we need this data to execute the platform usage and brokerage contract with you. We will also delete your data or restrict your use (see below) if you permanently deregister from the platform using the delete function and thus terminate the platform usage and brokerage contract.

Storage beyond this period will take place in the following cases:

if we are obliged to do so due to legal or official regulations or measures, e.g. if the data, such as invoice data, falls within the scope of statutory retention requirements. As a rule, this data is not stored for longer than the retention period under commercial and tax law of four years (for correspondence) or 10 years (for data relevant to accounting);
if we have a legitimate interest in storing the data that outweighs your interest in having it deleted, e.g. if the data is required for asserting claims against you.

The deletion then takes place after the longest-running storage reason no longer applies and in the ordinary course of business.

6. What type of cookies are used

viaductus uses strictly necessary, analytical and marketing cookies:

6.1 Strictly necessary cookies

These cookies are essential for the operation of this website and our platform. Strictly necessary cookies include both first-party and third-party cookies. These cookies cannot be disabled.

6.2 Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited (“Google”). Google Tag Manager is a solution that allows us to manage website tags through a single interface. Google Tag Manager only implements the tags and does not process any personal data. It triggers other tags that may collect data under certain circumstances. Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain disabled for all tracking tags implemented with Google Tag Manager.

6.3 Analytics cookies (Google Analytics)

We use Google Analytics, a web analysis service provided by Google Ireland Limited (“Google”). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

We have activated IP anonymization. This means that your IP address will be truncated by Google within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there.

Google will use this information on our behalf to

• evaluate your use of the website,
• compile reports on website activity,
• provide other services related to website activity and internet usage for us

The IP address that your browser transmits within the scope of Google Analytics will not be associated with any other data held by Google.

6.4 Meta Pixel

We use the “Meta Pixel” of Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland) on our website. This enables us to track the behavior of users after they have been redirected to our website by clicking on a meta advertisement. This procedure is used to evaluate the effectiveness of meta advertisements for statistical and market research purposes and can help to optimize future advertising measures.

The data collected is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, the data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, in accordance with the Meta data usage guidelines.

6.5 Your control options

You can prevent cookies from being stored by adjusting your browser software settings accordingly.

You can decide whether you want to accept analysis and marketing cookies. You can make this decision both on your first visit to our website and at any time later via our cookie settings. You can change or withdraw your consent at any time with effect for the future.

In addition to our cookie settings, the individual services offer the following specific control options:

For Google Analytics, you can prevent the collection of data generated by cookies and related to your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

For Meta Pixel, you can disable the use of cookies by Meta in the advertising settings at https://www.facebook.com/settings?tab=ads.

6.6 Legal basis

The legal basis for the processing of data using analysis and marketing cookies is your consent in accordance with Art. 6 (1) point a GDPR. The use of Google Tag Manager is based on Art. 6 Sect. 1 lit. f GDPR, because the technical integration of various tracking tools represents a legitimate interest.

For more detailed explanations about cookies, how they work and how they are used, please see our Cookie Policy.

7. Job advertisements and applications

7.1 Description and extent of data processing

We offer you the opportunity to apply to us by email. In the following, we will inform you about the scope, purpose and use of your personal data collected during the application process.

As part of the application process, only the data provided by you (e.g. application, CV, photo if applicable) will be processed. If you explicitly give us permission to do so, we will also use data that we receive from third parties, e.g. referees. We also process the data collected during the application process, e.g. the content and circumstances of our communication with you, notes on the content of job interviews and, if you explicitly give us permission to do so, from/with referees.

Within our company, only those partners and employees who are involved in the application process will receive your personal data. Furthermore, a transfer of the relevant data in the respective individual case to third parties on the basis of legal provisions or contractual agreements is possible. These may be processors, such as an applicant platform, or an IT service provider. For more information about the service providers used in the application process, please refer to Section 13 2.

As part of the application process, you are only required to provide the data necessary to assess your suitability for the position to be filled. Without providing at least this data, you cannot participate in the application process. The submission of this information is therefore mandatory.

If you consent to this, we will be happy to store your data in our applicant pool for a maximum of 6 months in the case of speculative applications, but also in the case of a rejection, so that we can consider you for future job postings.

7.2 Purpose of data processing

The processing of your personal data is the basis for participating in the application process. Furthermore, the data provided should enable an assessment of the suitability of the person applying for the vacant position. Without this data, we cannot consider the application in the application process.

The purpose of storing you in the applicant pool is to make it easier for you and for us to consider you (again) for future job openings.

7.3 Legal basis

The legal basis for the processing of your personal data for the implementation of pre-contractual measures is § 26 BDSG (data processing for the purposes of the employment relationship) and Art. 6 (1) sentence 1 lit. b) DS-GVO (fulfilment and initiation of the contract).

If you have given us your consent to be included in the pool of applicants, the legal basis is Article 6 (1) sentence 1 lit. a) GDPR. This consent can be withdrawn at any time.

In the event of continued storage due to legal reasons, the legal basis is Article 6 (1) sentence 1 lit. c) GDPR.

7.4 Data erasure and storage period

Your data will be stored for at least the duration of the application process. Notwithstanding this, if your application is unsuccessful, we will delete your data no later than six (6) months after sending the rejection, unless you expressly authorize us to store the data for a defined period for a future application or we otherwise have a legitimate interest in continuing to store it. Such an interest may arise in particular from a legal dispute.

In individual cases, storage may also be necessary for legal reasons, for example due to retention obligations.

If the application is successful, the data you have submitted will be stored in your personnel file and on our data processing systems for further use on the basis of Section 26 of the German Federal Data Protection Act (BDSG) and Article 6(1)(b) of the GDPR for the purpose of implementing the employment relationship.

8. Processing on behalf of a third party

If we collect and process personal data in the context of the connection between buyers and sellers of companies (for example, to sign a non-disclosure agreement), you will find information on this on the website of the respective partner or under Section 13.1. In this case, only the third party determines the type, scope and use of the information.

9. Newsletter and advertising e-mails

9.1 Interested parties

who have not yet registered with us will only receive our newsletter if they have consented to receive such advertising e-mails. In such a case, we use the e-mail address of the interested party to send the requested information.
The legal basis for the use of the e-mail address for sending our newsletter is the consent given (Art. 6 para. 1 lit. a) DS-GVO). The interested party can revoke the given consent at any time, for example via the unsubscribe link in the newsletter. The legality of the data processing already carried out on the basis of the consent remains unaffected by the revocation.

9.2 Registered users

If you have a customer relationship with us, we will use the e-mail address you provided for direct e-mail advertising for our own services and goods that are similar to those you have used, unless you have objected to the sending of advertising e-mails. You can object to the use of your e-mail address for this purpose at any time by sending us an e-mail to contact@viaductus.de without incurring any costs, apart from the costs of transmitting the objection. Each e-mail sent to you for direct marketing purposes also contains an unsubscribe link.

The legal basis for using your e-mail address to send e-mail direct marketing to you as an existing customer is our legitimate interest in informing our existing customers about goods and services similar to those already purchased (Art. 6 (1) (f) GDPR).

You have the right to object to data processing for direct marketing purposes at any time. To exercise this right, you can contact us at any time using the contact details provided in Section 2 or use the unsubscribe link.

10. Evaluations of your activities in connection with the newsletter

If you receive direct email advertising from us and have given us your consent for this purpose, we may also use the data collected about you to tailor such advertising messages to you. In addition, we collect technical information such as information about the browser and your system, as well as your IP address and the time of retrieval. Furthermore, it can be determined whether the newsletter was opened and when and which links were clicked on.

The legal basis for the processing is your consent granted for this purpose, Art. 6 (1) (a) GDPR. You can revoke the consent granted at any time, for example by using the unsubscribe link in the newsletter. The lawfulness of the data processing already carried out on the basis of the consent remains unaffected by the revocation.

11. Processing of inquiries / customer support

If you contact us with an enquiry, for example via our service hotline or by email, we process your contact data, such as your name, email address or telephone number, as well as the time and duration of the telephone call and other personal data apparent from your enquiry. The data processing serves to process and answer your enquiry and to ensure a functioning customer relationship management.

We do not record telephone conversations.

The legal basis for this processing for the purpose of handling your request is the performance of a contract or in order to take steps at your request prior to entering into a contract (Art. 6 (1) (b) GDPR).

12. General information on storage duration

Our goal is to process your personal data only to the smallest extent possible. Specific information on the storage period is included in the descriptions of the respective processing operations above. If no specific storage periods are indicated in this statement, we will only store your personal data for as long as is necessary to achieve the purposes for which it was collected or – if there are any statutory retention requirements beyond that – for the duration of the statutory retention period. After that, your personal data will be deleted.

Retention obligations arise in particular from commercial and tax law, as well as from banking supervision and administrative regulations.

If you revoke consent on which the processing of your personal data is based, or if you exercise your right of objection to processing based on our legitimate interest, we will immediately delete your personal data, provided that the collection and processing of your personal data was based on the revoked consent and there is no longer any legal basis for the processing.

13. Disclosure of your personal data and third-country transfers

13.1 Our processors

In accordance with the applicable data protection regulations, we use processors (Art. 28 GDPR) who act on our behalf and provide services in connection with our website and the connection between company sellers and company buyers, for example in the areas of IT services, hosting, customer communication or customer service. These processors have access to your personal data. Data transfer is based on data processing agreements. Our processors may only process your personal data to the extent necessary to fulfill their specific tasks. They are contractually obliged to process your personal data only on our behalf and in accordance with our instructions.

Processors:

• Amazon Web Services, Inc. (cloud data storage)
• Vercel Inc. (hosting of the website)
• Mailchimp (sending of newsletters via email)
• Postmark, Inc (sending of emails)
• Neon, Inc. (database for data storage) https://neon.tech/dpa https://neon.tech/privacy-guide https://neon.tech/privacy-policy
• Clerk, Inc. (user management) https://clerk.com/legal/dpa
• Stripe, Inc. (payment processing) https://stripe.com/de/privacy

• OpenAI, Inc. (artificial intelligence) https://openai.com/privacy

• Calendly LLC (appointment scheduling) https://calendly.com/privacy
• Brevo (formerly Sendinblue) (email marketing and contact management) https://www.brevo.com/de/legal/privacypolicy/

13.2 Data protection provisions about the application and use of LinkedIn

Viaductus refers to LinkedIn for the profiles of its employees.

The controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. More than 400 million registered people in more than 200 countries use LinkedIn. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time our website receives an access request equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding display of the LinkedIn component. Further information about LinkedIn plug-ins can be found at developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website the data subject is visiting each time the data subject visits our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on a LinkedIn button integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is simultaneously logged into LinkedIn at the time of accessing our website; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.

At www.linkedin.com/psettings/guest-controls, LinkedIn offers users the option to unsubscribe from e-mail messages, text messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame. Such cookies can be rejected at www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn are available at www.linkedin.com/legal/privacy-policy. The LinkedIn Cookie Policy is available at www.linkedin.com/legal/cookie-policy.

13.3 Appointment scheduling via Calendly

We use the service Calendly LLC for making appointments. If you make an appointment through our website, the data you provide (e.g. name, email address, desired appointment) will be transmitted to Calendly. This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request is related to the fulfillment of a contract or is required for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in communicating effectively with you (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR), provided that the former has been requested.

Calendly LLC is based in the United States. Data is transferred to the United States on the basis of the EU standard contractual clauses. Further information on data protection at Calendly can be found at: https://calendly.com/privacy

13.4 Email marketing and contact management via Brevo

We use the Brevo (formerly Sendinblue) service for email marketing and contact management. If you register for our newsletter or otherwise get in touch with us, the data you provide (e.g. name, e-mail address) may be transmitted to Brevo. This data is processed on the basis of Art. 6 para. 1 lit. a DSGVO (consent), if you register for the newsletter. In other cases, the processing is based on our legitimate interest in an effective communication with you (Art. 6 para. 1 lit. f GDPR) or on the fulfillment of a contract or pre-contractual measures (Art. 6 para. 1 lit. b GDPR), provided that your request is related to the fulfillment of a contract.

Brevo has its headquarters in France, a country within the European Union, for which an adequate level of data protection applies in accordance with the GDPR. In the event that data is processed outside the EU, this is done on the basis of the EU standard contractual clauses or other suitable guarantees in accordance with Art. 46 GDPR.

Further information on data protection at Brevo can be found at: https://www.brevo.com/de/legal/privacypolicy/

You can view the data protection agreement (DPA) with Brevo here: https://www.brevo.com/de/legal/dpa/

14. Transfer of personal data to third countries

If viaductus transfers your personal data to a recipient outside the European Union or the European Economic Area, the recipients are either located in a third country for which the European Commission has decided that this country ensures an adequate level of data protection, or an adequate level of data protection is ensured by standard contractual clauses adopted by the European Commission and concluded between viaductus and the recipient. Further information on third-country transfers and the protective measures mentioned can be found in the list under Section 13.2. Further details on the protective measures mentioned in the list can be obtained by contacting us or our data protection officer using the contact details provided under Section II. of this data protection declaration.
Calendly LLC transfers your personal data to the USA. The data transfer to the USA is based on the EU standard contractual clauses. Further information on data protection at Calendly can be found at: https://calendly.com/privacy

15. Provision of personal data

The provision of personal data is partly technically necessary (see Section 3), partly we need the data for registration as a user (Section 5.1.1) and for the provision of our service. If you do not provide us with this personal data, we cannot provide you with the platform services.

16. Your rights under the GDPR

You have the following rights, depending on the circumstances of the specific case:

1. Right of access: You have the right to (i) know whether we store personal data about you and (ii) to access your personal data and obtain copies thereof. This includes information about the purpose of the data use, the type of data processed, recipients and authorized parties, as well as the planned storage period2. Right to rectification: When we process your personal data, we take reasonable steps to ensure that your personal data is accurate and up to date for the purposes for which it was collected. In the event that your personal data is inaccurate or incomplete, you may request that it be rectified.
2. Right to rectification: We strive to keep your personal data accurate and up to date. Should your data be inaccurate or incomplete, you have the right to request that it be rectified.
3. Right to erasure or restriction of processing: You may have the right to request the erasure of your personal data or the restriction of its processing.
4. Right to data portability: The right to (i) request the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from us. You also have the right, where applicable, to request that we transmit the personal data directly to another controller, where technically feasible.
5. Right to refuse consent or – without affecting the lawfulness of the data processing that occurred prior to the withdrawal – to withdraw your consent to the processing of your personal data at any time. **Unless otherwise stated elsewhere in this data protection declaration, you can contact one of the points of contact listed under II. to exercise your right of withdrawal.
6. Right to object: The right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on a legitimate interest of ours or a third party. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. In this case, please provide us with information about your personal situation. After reviewing the information you provide, we will either stop processing your personal data or provide you with compelling legitimate reasons for continuing the processing.
7. Right to object to direct marketing: The right to object at any time to the processing of personal data concerning you for the purposes of direct marketing. This also applies to profiling insofar as it is related to direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
8. Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority within the European Union.

You can (i) exercise the rights mentioned above, (ii) ask questions, or (iii) complain about our data processing by contacting us or our data protection officer using the contact details provided in Section II. of this privacy policy.

17. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy in accordance with updates to our website. Please always review the current Privacy Policy when visiting our website.

This Privacy Policy was last updated on July 24, 2024.