Skip to main content

Privacy Policy

The protection of your data and of your privacy is very important to us! The following describes how the Serrala Group GmbH (hereinafter referred to as “Serrala” or “we”) collects, processes and uses your personal data (hereinafter referred to as the “use” of your data) when you visit our website, associated websites at this domain, or other websites which we operate and which contain a direct link to this privacy policy (our “websites”). This privacy notice also explains how Serrala affiliates handle your personal data when you interact with us.

We encourage you to read this Privacy Policy in its entirety to ensure that you are fully informed.


1. Controller, Serrala Companies

Unless otherwise stated in this Privacy Notice or in a specific product or specific notice, the responsible for the collection, processing and use of personal data according to Section 13 of the German Telemedia Act (TMG), and controller according to the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR) is:

Serrala Group GmbH
Oldesloer Straße 63
22457 Hamburg, Germany
Phone: +49 (40) 51 48 08 - 0

2. Use of personal data

Personal data is any information relating to an identified or identifiable natural person (i.e. individual); this includes, in particular, personal or material information about you.

a) How we collect personal data
Serrala collects personal data when you visit our website (e.g. cookies), request free demos on our websites, register for webinars, contact us to subscribe to our newsletter, download content (e.g. whitepapers, success stories, etc.), or register to use certain areas of the website. Serrala collects and stores personal data that you explicitly share with us through our contact and registration forms, or when signing up for the newsletter or for webinars, as well as data deriving from cookies. 

b) Use of personal data
We use the personal data you provide to process your request(s), for example:
•    To respond to and fulfil your requests, such as sending you requested documents, information and marketing materials about our products and services, or the newsletter to which you subscribed
•    To register for our webinars, events or training sessions/workshops
•    To send marketing e-mails that may be of interest to you, insofar as you have not opposed to it
•    To personalise our websites with information and product-related content tailored to your needs
•    To register you for our partner portal or restricted customer areas
It is your decision whether to provide us with your data for the purposes mentioned above. To the extent that your request allows, you may also remain anonymous to us or use a pseudonym. Insofar as required, Serrala will obtain your consent to use your personal data for other purposes.
Furthermore, Serrala uses cookies and similar technologies on your browser or device to enable the technical and functional management of our websites, to improve the design and performance of our websites and to better understand the visitor’s behavior on our pages. These cookies and similar technologies may collect data such as your IP address, your operating system, your browser type and your device type (e.g. PC, smartphone). For details, see section 6.

c) Type of personal data we collect
The data we collect varies by activity and may include personal information such as first and last name, e-mail address, telephone number, country, city, postcode, device ID and IP; in certain cases, we may also collect data regarding your job title and company, area of activity, as well as other information we may need to provide you with full access to our products and services.  



3. Newsletter, Events & Webinars 

If you request a newsletter, we will use your personal data to provide you the newsletter, as well as to inform you of additional events, webinars, trade fair dates and information about the products and services offered by Serrala. 

We use a double opt-in procedure when you request one of our newsletters. When you register for a newsletter or event, your personal data are collected and stored. 

When you register for an event, we also collect your personal data. We may also transfer your data to other Serrala affiliates in order to improve the services we offer, for the purpose of marketing Serrala products and services, and to establish new business relationships (for more details please see section 8, 9 and 11). Once you have registered for the newsletter, we will send a confirmation e-mail to the address you provided, asking you to confirm that you wish to receive the newsletter. If you confirm the registration, the newsletter will be sent to your e-mail address on a continual basis. 

To document that your agreement to receive the newsletter, we also store your IP address and the dates on which you registered for and confirmed the newsletter.

If you no longer wish to receive the newsletter, you can unsubscribe at any time to stop receiving the newsletter. To do so, click the link contained in each newsletter to be guided through the unsubscribe process. Alternatively, you can send us your request to unsubscribe by e-mail (see section 12).


4. Log Files

We also collect and store information from the log files that your browser transmits to us. This includes:

•    IP (Internet Protocol) address of the computer accessing the website in order to maintain/improve the quality of our website, determine your geographic location, and enforce general security measures and access controls.
•    Browser type/version and operating system used in order to ensure that the websites are displayed in a way that is most compatible with your device settings.
•    Time of the server request in order to gather statistical information about which areas of our website were visited and how much time a visitor spent in each area.

These data are collected for technical reasons. They are evaluated exclusively for statistical purposes and do not include any reference to a specific person. Unless the IP address is classified as a malicious one (e.g. attack, bot, etc.), log files and corresponding data are deleted after 6 months.


5. Cookies

Cookies are small text files in which the web browser stores information about internet pages you have visited . This may include information about the page visit such as duration, login data, user inputs, etc.
Our website uses the following cookies:
– Transient cookies
– Persistent cookies
– Third-party cookies
– Flash cookies
(1) Transient cookies are automatically deleted when you close your browser. This category includes session cookies, among others. Session cookies store a session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to the site. Session cookies are deleted when you log out or close your browser.
(2) Persistent cookies are automatically deleted after a specified time period, which varies depending on the cookie. You can delete these cookies in your browser’s security settings at any time.
(3) Information on third-party cookies can be found in section 6. Use of Web Analytics Services.
(4) Flash cookies are not recorded by your browser but rather by your Flash plugin. These cookies store the necessary data independent of the browser used and have no automatic expiry date. Serrala does not use flash cookies. 
You can configure your choice in our Consent Management Tool and also via your browser settings according to your needs, for example to refuse third-party cookies or all cookies, except those strictly necessary. If you do so, however, you may not be able to use all the functions of this website.

For clarity, the list of all cookies please check our Cookie Notice here


6. Use of Web Analytics Services

We use the web analytics services for our websites; these services use cookies, which are text files stored on your computer to help the website analyse how users use the site. They also sometimes use web beacons, also known as tracking pixels. These are small graphics that are embedded in the HTML code of a website and stored on your computer. Web beacons are also used to monitor your use of the websites. 
The personal data we collect through cookies or web beacons may also be passed on to other Serrala companies for the purpose of improving our range of services, marketing Serrala products and services and establishing new business relationships. For transparency we use the following services:

a) Marketo
We use technologies from Marketo to send our newsletter and other mailings (information about fairs, invitations to webinars, etc.), to administer marketing permissions, and to collect statistical data about the use of our website and optimise our offerings accordingly.
If you express interest in or purchase a product or service from us, your e-mail address will be transferred to Marketo so that we can send you personalised informational e-mails for similar goods or services in the future. The legal basis for this data processing is Art. 6(1) lit. c) and f) of the GDPR.
Marketo uses cookies which are stored on your computer and which enable Marketo to analyse your use of our website; the legal basis for this data processing is Art. 6(1) lit. a) of the GDPR. Marketo uses this information on behalf of Serrala to evaluate how registered persons use the website and to compile reports on website activities. This information includes a geolocation (country and city), determined by estimating the IP address location.  
Marketo evaluates your user behaviour when it sends the newsletter or other requested information on our behalf. The e-mails sent contain tracking pixels to allow such an evaluation. Tracking pixels are single-pixel image files that link to our website and thus enable us to evaluate your user behaviour per session. This allows us to record when you read our newsletters, and which links you click in them, which allows us to infer your personal interests. Marketo stores this information on its server so that we can then evaluate it.
Tracking is not possible if you have image display disabled by default in your e-mail program. In this case, however, the newsletter will not be displayed in full and you may not be able to use all functions. If you enable display of the images manually, the aforementioned tracking takes place.

For further details please refer to this Privacy Policy.

b) Google Analytics
We highlight that personal data processing carried out by Google may not be fully anonymized and may be used by Google for its own purposes (e.g. linking or profiling); in addition, please note that this data may be processed and stored in the USA and that government agencies may have access to this data; this data may also be linked to other data about the user, such as search history, personal accounts, usage data from other devices and any other data Google has about that user. For this reason, you are asked to consent to the placement of Google cookies; the legal basis for this data processing is Art. 49(1) lit. a) of the GDPR.

Our websites uses cookies from Google Analytics to gather data about your use of our websites, including your IP address, is generally transferred to a Google server in the USA and stored there. Google uses this information to evaluate your use of our websites, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage. 

Our websites employ IP address anonymisation for use with Google Analytics. This means that your IP address is truncated by Google on servers located within member states of the European Union or other states party to the Agreement on the European Economic Area before it is transferred to the United States. 

You can also prevent Google Analytics from collecting the data generated by the cookie relating to your use of the website (including your IP address) and prevent Google from processing these data by downloading and installing the browser plugin available at the following link:

As an alternative to the browser plugin, you can also set an opt-out cookie for Google Analytics to prevent the collection of personal data by Google Analytics on our websites. Please click the following link to store this opt-out cookie on your hard drive: “Disable Google Analytics”.
For further details please refer to the terms of use of Google Analytics and to Google’s Privacy Policy, as well as  Google's overview of privacy and safeguarding data.

c) Google Tag Manager
Our websites use Google Tag Manager. Google Tag Manager is a solution that allows website tags to be managed through an interface. The Tag Manager tool itself, which actually implements the tags, is a cookie-free domain and does not collect any personal data. The tool triggers other tags that may themselves collect data. Google Tag Manager does not access these data. If tracking has been disabled at the domain or cookie level, this also applies for all tracking tags implemented with Google Tag Manager. The processing is carried out based on Art. 6 (1) a) and f) GDPR.
For further details please refer to Google Tag Manager and to Google’s Privacy Policy

d) Mouseflow 
We use the tool "Mouseflow" on our website to find out which articles are interesting for our website visitors to analyze, understand and improve this (provider: Mouseflow, Inc,501 Congress Ave Suite 150, Austin, TX 78701, United States). Data processing is for the purpose of analyzing this website and its visitors, which is collected and stored anonymously for marketing and optimization purposes. From this data, user profiles can be created under a pseudonym. Cookies, dropped after consent, can be used for this purpose. With the web analysis tool Mouseflow, randomly selected individual visits (only with anonymized IP address) are recorded. This creates a log of mouse movements and clicks with the intention of randomly replaying individual website visits and deriving potential improvements for the website. The data collected with Mouseflow will not be used to personally identify the visitor to this website without the separately granted consent of the data subject and will not be merged with personal data about the bearer of the pseudonym. The processing is carried out based on Art. 6 (1) a) and f) GDPR from the legitimate interest in direct customer communication and in the design of the website in line with requirements. 
The following information is collected when you visit our website: Clicks, mouse movements/hovers, scrolling; browser; device (desktop/tablet/phone); language; operating system; screen resolution; duration (time on page); navigation (URLs), page content (HTML); ISP (not for visitors from EU and California, USA) and approximate ISP location (city, state/region, country); keystrokes (only for non-EU/EEA data subjects in non-EU/EEA accounts and never for any passwords, digits or excluded fields); referring URL, visitor type (first time/recurring), custom tags or variables and responses in the feedback tool. All data is collected and analysed anonymously and does not allow any conclusion to your person.
If have consented to this cookie and do not wish this you can manage your cookie choices in our consent management tool or you can deactivate a recording on all websites that use Mouseflow globally for your currently used browser under the following link: For further details please refer to Mouseflow’s Privacy documents

e) AddThis
AddThis is a service provided by Oracle, which provides cookies and web widgets that site owners embed into their pages or other content, to enable visitors to create and share links to the content across social networks; the data collected provides advertisers and marketers with profile information for targeted, via cookies. AddThis cookies are only placed on your device once you consent to such. If have consented to this cookie and do not wish this you can manage your cookie choices in our consent management tool. The processing is carried out based on Art. 6 (1) a) and f) GDPR.For further details please refer to AddThis Privacy Policy.

f) LinkedIn
Insofar as you consent to the placement of LinkedIn cookie(s), we will use such to help us gather data about our website users and to provide us additional insights about users interacting with our websites and LinkedIn adverts and campaigns; this includes the collection of metadata (e.g. IP address information, timestamp) and events such as page views. If accepted, the LinkedIn cookie is stored on a visitor‘s browser until they delete the cookie or the cookie expires (see Cookie Notice). The processing is carried out based on Art. 6 (1) a) and f) GDPR. 

If have consented to this cookie and do not wish this you can manage your cookie choices in our consent management tool; alternatively, you can opt-out of cookies from LinkedIn on your LinkedIn settings page. For further details please refer to LinkedIn Privacy Policy.

g) Vimeo
We embed videos from Vimeo. Insofar as you press play, Vimeo will drop cookies to enable the video to play and to collect analytics data, such as how long a viewer has watched the video. If have consented to this cookie and do not wish this you can manage your cookie choices in our consent management tool; alternatively, you can opt-out of cookies from Vimeo on Vimeo Cookie Policy page. For further details please refer to Vimeo Privacy Policy.

h) Youtube
We embed videos from YouTube using its privacy-enhanced mode; this mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. For further details, please refer to YouTube’s information page

i) Google Ads
We highlight that personal data processing carried out by Google may not be fully anonymized and may be used by Google for its own purposes (e.g. linking or profiling, personalized and non-personalized advertisement); in addition, please note that this data may be processed and stored in the USA and that government agencies may have access to this data; this data may also be linked to other data about the user, such as search history, personal accounts, usage data from other devices and any other data Google has about that user. For this reason, you are asked to consent to the placement of Google cookies; the legal basis for this data processing is Art. 49(1) lit. a) of the GDPR.

We use GoogleAds cookies to provide us information (e.g. online identifiers, including cookie identifiers, IP address, device identifiers and client identifiers) when someone converts on our website and to enable re-marketing/re-targeting campaign and communication; these cookies may be used for both personalized and non-personalized ads; the personal data collected may be used for tracking and shared with third parties

For further details please refer to Google Ads and Google’s Privacy Policy.

j) OneTrust 
We use cookies from OneTrust to enable our Consent Management Platform. These cookies store information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. These cookies enable site owners to prevent cookies in each category from being set in the users' browser, when consent is not given; these cookies contain no personal information that can identify the site visitor. For further details, please see OneTrust privacy policy and cookie policy.


7. Webinars

It is also possible to register via our website for webinars conducted by Serrala. This registration is done via Marketo (see 6 a)) by entering your name and e-mail address. Your data is stored within Marketo and we clear our database at regular intervals. In addition, you will receive an email from us after the webinar has taken place.

The webinars are conducted via the providers ON24 (50 Beale Street, 8th Floor San Francisco, CA 94105) or via Go to Webinar (LogMeIn, 320 Summer Street, Boston, MA 02210, USA.). Which service we use to conduct our webinar depends on which tool we use to carry out our webinar. For more information, please see the privacy policies of ON24 and Go to Webinar. In case of deviations, a specific privacy notice will be provided.

8. Recipients of Data 

Our global presence means that your personal information may be transferred across the Serrala Group worldwide due, for example, to our shared IT systems and datacentres, and cross-border working practices.  Personal data transfers between Serrala entities rely on contractual agreements and other appropriate safeguards required under applicable law to such transfers of personal data, which include obligations on entities outside the EU, UK and other countries, considered adequate by the European Commission, the existence of Standard Contractual Clauses, as well as additional suplementary measyres, such as to resist and challenge demands for data made by local government agencies, to the extent possible.


9. Contact Form / Registration Form

On our website, you can send us a request using the encrypted contact field on the “Contact” tab. Cookies are automatically saved as soon as you fill out this field, even if you have rejected the saving of cookies. You may also use a registration form to register for webinars or other events. All of the following information applies to both the contact and registration forms.

In order to process your request as accurately as possible, we ask you to enter personal data in our input mask. This includes your company, your name, your e-mail address (to ensure we can contact you), your country (to assign you to the appropriate office) and your job title. We collect these data so that we may advise you as best we can.

The data you provide will only be used to contact you and process your request. These data are processed by Marketo; in addition this data may be further processed in Salesforce. The legal basis for this data processing is Art. 6(1) lit. f) of the GDPR. We have a legitimate interest in collecting this data because they are needed to process/answer your message, as well as to enable us to contact you about our products and solutions.

10. Duration of Data Storage

The data you provide to us will only be stored for as long as is necessary to fulfil the purpose for which they were provided or to comply with statutory provisions.


11. Transfer of data

Your personal data may be passed on to third parties only in the following cases:
– If you have given your express consent in accordance with Art. 6(1) lit. a) of the GDPR
– If transferring the data is necessary to fulfil contractual obligations pursuant to Art. 6(1) lit. b) of the GDPR
– If we are legally obliged to disclose the data under Art. 6(1) lit. c) of the GDPR
– If disclosure of the data is in the public interest within the meaning of Art. 6(1) lit. e) of the GDPR
– If disclosure of the data pursuant to Art. 6(1) lit. f) of the GDPR is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests in protecting your data prevail
– if, the data subject has explicitly consented to the proposed transfer after having been informed of the possible risks of transfers of personal data to a third country, due to the absence of an adequacy decision and appropriate safeguards, within the meaning of Art. 49(1) lit. a) of the GDPR. 

In addition, when processing your request, it may be necessary for Serrala to disclose your personal data to other Serrala companies or to external service providers acting on our behalf, including in non-European third countries. These service providers may be tasked with operating servers or sending news messages, for example. 

In all cases, we aim to ensure that your personal information is handled and protected in accordance with data protection law. 
Where personal data is processed by suppliers, processors or third parties outside the EEA in countries that the EU have not assessed as providing an adequate level of protection, we ensure that personal data is adequately protected in accordance with applicable data protection law, namely in accordance with Article 46 of the GDPR, thereby ensuring information security and other appropriate safeguards are in place, and using approved standard contractual clauses. In exceptional cases, when reliance on Article 46 is not possible to perform a personal data transfer to a third country, Serrala will rely on one of the derrogation set forth in Art. 49(1) GDPR.


12. Rights of the Data Subject

You have the following rights regarding the processing of your data:
•    Pursuant to Art. 15 of the GDPR, you have the right to obtain from us information about the processing of your personal data regarding the purpose of the processing, the categories of data processed, the recipients or categories of recipient to whom the data have been or will be disclosed, and the envisaged duration of storage or the criteria for determining the duration. You also have rights of rectification, deletion, restriction of processing or objection to processing for your data, as well as the right to lodge a complaint with a supervisory authority. You also have the right to obtain information on the origin of the data, if applicable, information on the existence of any automated decision-making and, if data are transferred to a third country or international organisations, information on safeguards for the transfer pursuant to Art. 46 of the GDPR.
•    Pursuant to Art. 16 of the GDPR, you have the right to immediate rectification of incorrect or incomplete personal data.
•    Pursuant to Art. 17 of the GDPR, you have the right to deletion of stored personal data if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if the data subject has withdrawn their consent and there is no other legal basis, or if an objection to processing has been filed and the data may no longer be processed pursuant to Art. 21(1) or Art. 21(2) of the GDPR. You also have the right of deletion if the data have been unlawfully processed, if the deletion is necessary to fulfil a legal obligation, or if the data have been collected in relation to information society services offered pursuant to Art. 8(1) of the GDPR. This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest, or to assert, exercise or defend against legal claims.
•    Pursuant to Art. 18 of the GDPR, you have the right to restrict the processing if you dispute the accuracy of the personal data (for the duration necessary to verify the accuracy) or if the processing is unlawful but you demand restriction of use rather than deletion. The right to restriction also applies if we no longer need your data for the purposes of processing, but you need the data to assert, exercise or defend against legal claims, or if you have lodged an objection to the processing pursuant to Art. 21(1) of the GDPR, provided it has not been established that Serrala’s legitimate reasons prevail over yours.
•    Pursuant to Art. 20 of the GDPR, you have the right to data portability, i.e. the right to receive the personal data that you have provided to Serrala in a structured, commonly used and machine-readable format or to transmit the data to another controller.
•    You have the right to object at any time to the processing of your personal data pursuant to Art. 21 of the GDPR (para. 2 if the data are processed for the purpose of direct marketing), or pursuant to Art. 21(1) of the GDPR (if the processing is based on Art. 6(1) lit. e) or f) of the GDPR) on grounds relating to your particular situation, unless Serrala has compelling legitimate reasons for the processing that outweigh your interests or the processing serves to assert, exercise or defend against legal claims.
•    Pursuant to Art. 7(3) of the GDPR, you have the right to revoke consent at any time. As a result, Serrala will cease processing the data from the time of revocation.
•    Pursuant to Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority. The right of complaint shall be without prejudice to other administrative or judicial remedies. The supervisory authority to which we are subject is listed in section 13.

Please direct all queries, requests for information or objections to data processing to

13. Supervisory Authority

The address for the presiding supervisory authority is:
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Prof. Dr. Johannes Caspar
Ludwig-Erhard-Str. 22
20459 Hamburg, Germany

Phone: +49 40 / 428 54 - 4040
Fax: +49 40 / 428 54 - 4000


14. Liability for Content

The content on our website was created with the utmost care. However, we cannot guarantee the accuracy, completeness or timeliness of the content.

Pursuant to Section 7(1) of the TMG, we are responsible according to general statutory provisions for any of our information that we make available for use. According to Sections 8 to 10 of the TMG, we as service provider are not obliged to monitor transmitted or stored third-party information or to monitor for circumstances that indicate illegal actions. Our obligation to remove or block the use of information in accordance with general statutory provisions remains unaffected. However, our liability does not start until we become aware of a concrete violation of the law. As soon as we become aware of such infringements, we will remove the content immediately.


15. Liability for Links

Our website may contain links to external, third-party websites over whose content we have no control. We therefore assume no responsibility for third-party content. 
The provider or operator of a linked website is always responsible for the content on the site. The linked site was checked for possible legal violations at the time of linking. No illegal content was discernible at the time of linking. Constant monitoring of the content on linked sites is not reasonable without concrete evidence of a legal violation. If we become aware of an infringement, we will remove such links immediately.


16. Data Security

We have taken technical and organisational measures to protect your data from loss, alteration or unauthorised access. We continuously improve these security measures in line with technological developments. Our website uses the industry standard SSL (Secure Sockets Layer) for encryption. This guarantees the confidentiality of your personal data when transmitted over the internet.

17. Updates and Modifications

We may change or update portions of this privacy policy without prior notice. Please review the privacy policy before using our services to ensure that you are always up to date with any changes or updates.
Last update of privacy policy: 14. October 2022


18. Data Protection Officer

If you have questions, please contact our Data Protection Officer at