Privacy Policy

The following information provides an overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally. For detailed information, please refer to the sections below.

The party responsible for data processing on this website is:

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

In the event of data protection complaints, please contact the competent supervisory authority:

Under Article 77 GDPR you have the right to lodge a complaint with the supervisory authority at any time if you believe that the processing of your personal data infringes the GDPR.

The processing of your personal data is based on the GDPR and the German Federal Data Protection Act (BDSG). The relevant legal bases are:

• Article 6(1)(a) GDPR – Consent
• Article 6(1)(b) GDPR – Performance of a contract
• Article 6(1)(c) GDPR – Compliance with a legal obligation
• Article 6(1)(f) GDPR – Legitimate interests

When you visit our website, information is automatically transmitted by your browser and temporarily stored in so-called log files. This includes:

• Browser type and version
• Operating system used
• Referrer URL
• Hostname of the accessing computer
• Time of the server request
• IP address

Legal basis: Article 6(1)(f) GDPR (legitimate interest in the technical provision and security of the website). The log files are deleted after 30 days at the latest.

This website is hosted with Amazon Web Services EMEA SARL (AWS), Avenue John F. Kennedy 38, 1855 Luxembourg. The server location used is Frankfurt am Main (eu-central-1), so that all data is processed within the European Economic Area (EEA). No transfer to third countries takes place.

We have concluded a data processing agreement with AWS in accordance with Article 28 GDPR.

Legal basis: Article 6(1)(f) GDPR (legitimate interest in a reliable and secure provision of the website).

Our website uses cookies. Cookies are small text files that are stored on your device. We distinguish between technically necessary cookies and optional cookies.

Technically necessary cookies

These cookies are strictly necessary for the operation of the website and cannot be disabled. They do not store any personally identifiable information. Legal basis: Article 6(1)(f) GDPR.

Optional cookies (only with consent)

All optional cookies – in particular analytics and marketing cookies – are only loaded after your active consent via our consent manager. You can withdraw or adjust your consent at any time via our cookie banner. Legal basis: Article 6(1)(a) GDPR.

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics is activated exclusively after your consent via our consent manager.

Google Analytics uses cookies that enable an analysis of your use of the website. We have activated IP anonymization, so that IP addresses are truncated before transmission.

Purpose: Statistical analysis of website usage to optimize our offering.

Legal basis: Article 6(1)(a) GDPR (consent).

Third-country transfer: Google LLC (USA) is certified under the EU-US Data Privacy Framework (DPF) (since July 2023). Further information: https://policies.google.com/privacy

Opt-out: Withdrawal via the cookie banner; additionally via browser add-on: https://tools.google.com/dlpage/gaoptout

We use the Google Tag Manager provided by Google Ireland Limited. The Tag Manager is only loaded after your consent; before consent is given, no data is transferred to Google. The Tag Manager itself does not set any cookies and does not collect any personal data – it merely manages the other integrated tags.

Legal basis: Article 6(1)(a) GDPR (consent).

Third-country transfer: Google LLC (USA), certified under the EU-US Data Privacy Framework.

This website uses Google Ads as well as Google Conversion Tracking provided by Google Ireland Limited. Both services are activated exclusively after your consent.

Conversion tracking records whether a user performed a specific action on our website after clicking on a Google ad (e.g. making contact, registering). For this purpose, a cookie is set that expires after 30 days. We use Google Consent Mode v2, which ensures that conversion data is only fully recorded when consent has been given.

Purpose: Serving relevant advertisements and measuring advertising effectiveness.

Legal basis: Article 6(1)(a) GDPR (consent).

Third-country transfer: Google LLC (USA), certified under the EU-US Data Privacy Framework.

Opt-out: Withdrawal of consent is possible at any time via our cookie banner.

This website uses the LinkedIn Insight Tag, an analytics and conversion tracking tool provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The Insight Tag is activated exclusively after your consent via our consent manager.

The LinkedIn Insight Tag enables us to record whether users performed a specific action on our website after clicking on a LinkedIn ad (e.g. making contact or registering). In addition, we may receive anonymized demographic information about website visitors (e.g. job title, industry). It is not possible for us to identify individual users in this process. For this purpose, LinkedIn sets a cookie that is stored on your device for up to 90 days.

Purpose: Measuring the advertising effectiveness of LinkedIn campaigns (conversion tracking) and anonymized audience analysis.

Legal basis: Article 6(1)(a) GDPR (consent).

Third-country transfer: LinkedIn Corporation (USA) is certified under the EU-US Data Privacy Framework (DPF). Further information: https://www.linkedin.com/legal/privacy-policy

Opt-out: Withdrawal via our cookie banner; additionally directly in your LinkedIn account settings under “Privacy & Settings”.

We use HubSpot, a CRM and marketing tool provided by HubSpot Ireland Limited, 1 Sir John Rogerson’s Quay, Dublin 2, Ireland. HubSpot processes data collected via our website (e.g. through contact forms or newsletter sign-ups). Data hosting takes place in Europe (EU region). We have concluded a data processing agreement with HubSpot in accordance with Article 28 GDPR.

Purpose: Management of contact requests, email marketing and CRM.

Legal basis: Article 6(1)(a) GDPR (consent) for marketing cookies; Article 6(1)(b) and (f) GDPR for the processing of contact requests.

Third-country transfer: In the case of support access by HubSpot Inc. (USA), the transfer takes place on the basis of Standard Contractual Clauses (SCCs) pursuant to Article 46(2)(c) GDPR.

You can register on our website to use additional features. We use the data entered in this process exclusively for the purpose of using the respective service. Mandatory information is marked as such; further information is voluntary.

Legal basis: Article 6(1)(b) GDPR (performance of a contract). Data is deleted as soon as the user account is deleted, unless statutory retention obligations apply.

If you subscribe to our newsletter or fill out a contact form, we process your email address as well as the information you voluntarily provide. Newsletter sign-up takes place using the double opt-in procedure.

Legal basis: Article 6(1)(a) GDPR (consent). You can withdraw your consent at any time, e.g. via the unsubscribe link in every newsletter.

We store your personal data only for as long as is necessary to fulfil the respective purposes or as required by statutory retention periods (in particular commercial and tax retention obligations of up to 10 years). After the respective period has expired, the data is routinely deleted.

You have the following rights with regard to your personal data:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (“right to be forgotten”, Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Article 20 GDPR)
• Right to object (Article 21 GDPR)
• Right to lodge a complaint with the supervisory authority (Article 77 GDPR, see Section 03)

To exercise your rights, please contact: datenschutz@top.legal

Many data processing operations are only possible with your express consent. You can withdraw consent already given at any time with effect for the future – for example via our cookie banner or by an informal email to datenschutz@top.legal. The lawfulness of the data processing carried out up to the withdrawal remains unaffected by the withdrawal.

We use external payment service providers to process payments. The payment data you enter is processed exclusively by the respective payment service provider and is not stored by us.

Legal basis: Article 6(1)(b) GDPR.

We offer you the opportunity to apply for a position with us. Application data is processed exclusively for the purpose of handling your application and is deleted after the procedure has been completed (usually after 6 months), unless consent to longer storage has been given.

Legal basis: Article 6(1)(b) GDPR in conjunction with Section 26 BDSG.

We integrate third-party services on our website to provide you with a better user experience. Integration takes place on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR or after your consent pursuant to Article 6(1)(a) GDPR. Further information is available on request.

We reserve the right to amend this privacy policy at any time in order to adapt it to changed legal situations or changes to our services. The current version is always available on this website. Last updated: June 2026.