Data privacy statement

Information about the use by and security of data in context of

Published on: 13. April 2021


Your personal data is processed in accordance with the requirements of the EU General Data Protection Regulation (”GDPR”) and the German Federal Data Protection Act (”BDSG”) as well as other legal requirements as the basis for a trusting business relationship with visitors to our website, our customers and business partners. Maintaining the confidentiality of your personal data is a top priority for us, and we ensure the protection of your personal data through technical and organizational security measures that meet current security standards and comply with legal requirements.

In the following, we inform you about the type, scope and purpose of the collection and use of your personal data in the context of the use of our offers on the website


The controller pursuant to Art. 4 No. 7 GDPR is: 

andugo GmbH

Represented by:

Dirk Engelbrecht

Hagsdorfer Str, 1c

85368 Wang


Phone: 089 74077569

E-mail address:

You can find more information about us on the GO2automation main page by clicking on the ”Imprint” menu item ( 


1. ”Personal data” means any information relating to an identified or identifiable natural person (hereinafter ”data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

2. ”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


We process the following personal data:: 

1. Personal information such as name, identification number, date of birth, documents establishing customer identity (including a copy of your identity card or passport), contact details you provide to us and all details relating to our business relationship, such as contract data, customer identifiers, customer number and bank details (IBAN, BIC, bank, account holder) and payment information.    

2. Data when accessing our website, which is transmitted by your browser and automatically collected by our server, such as the date and time of your visit, your IP address, data on the input device with which you interact with the customer portal (e.g. browser settings; browser type, operating system, device ID), name of the file retrieved and the amount of data transmitted. Additional data is only collected if you actively disclose it, e.g. when registering or making a request. 

3. Data provided to us by third parties in the context of contract initiation or fulfillment, such as data records of contractual partners, interested parties, cooperation partners and suppliers, as well as other third parties.


We process your personal data only if there is a legal basis in the GDPR or based on your consent:

  • Consent: Based on your previously given express and voluntary consent. You have the right to withdraw your consent at any time with effect for the future. 
  • Fulfillment of a contract / pre-contractual measures: For the initiation and execution of your contractual relationship with the Company (Art. 6 para. 1 sentence 1 lit. b) GDPR).
  • Safeguarding legitimate interests: To safeguard our legitimate interests, subject to the condition that your interests are not overriding (Art. 6 para. 1 sentence 1 lit. f) GDPR). 

We will only transfer your personal data to third parties if: 

  • you have given your express consent to do so. 
  • the transfer is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your personal data and in the event that a legal obligation exists for the transfer 
  • this is legally permissible and required for the processing of contractual relationships with you.


We always process your personal data for a specific purpose and only process the personal data relevant to achieving this purpose (data minimization principle). We process personal data in particular for the following purposes: 

  • to fulfill the contract concluded with you and to manage our business relationship, including communication with you, as well as to handle customer service-related questions and complaints, and to facilitate receivables management
  • to learn more about you as a prospective customer or client, about the products and services you have used, and about other products and services you may wish to use 
  • to take steps to improve our products and services and the technologies we use, including reviewing and updating our systems and processes, and for market research purposes to learn how we can improve our existing products and services or what other products and services we may offer 
  • marketing and advertising, for example, to contact you about products and services we think may be of interest to you and to perform marketing campaigns 
  • to take steps to improve and develop services and products to provide you with a customized approach with tailored offers and products. 
  • purposes for which you have given us prior consent, for example, when subscribing to a newsletter
  • to enter into consultation and data exchange with credit agencies (e.g. Schufa, Creditreform) to determine creditworthiness or non-payment risks, in particular if the requirements of § 31 BDSG are met. 
  • the filing, exercise or defense of legal claims
  • to ensure IT security and IT operations and to manage risks

If we intend to further process your personal data for a purpose other than that for which the personal data was collected, we will provide you with information about that other purpose and any other relevant information in accordance with this Data Privacy Notice prior to such further processing. 


An operational erasure concept ensures that all your personal data is erased in line with the principle of data minimization and Art. 17 of the GDPR.

We keep your personal data in accordance with Art. 17 GDPR only as long as necessary for the respective relevant purposes for which we process your personal data. If we process personal data for multiple purposes, it will be automatically deleted or blocked as soon as the last specific purpose has been fulfilled, if no legal, statutory or contractual retention periods prevent deletion.

The commercial and tax law retention periods are up to ten years for the retention or documentation. In addition, the retention periods are also based on the statutory limitation periods pursuant to § 195ff BGB (German Civil Code), which are up to 30 years, whereby the regular limitation period is 3 years if the data is required for the filing, exercise or defense of (civil) legal claims. The general period of limitation is 3 years. 

Under certain circumstances, your data must also be stored for a longer period due to official or court orders.

Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the company is subject.


We process your personal data in accordance with the security requirements of Art. 32 GDPR. For this purpose, we have implemented appropriate technical and organizational measures that comply with recognized IT standards and are reviewed on an ongoing basis. In this way, we ensure that your data is adequately protected against misuse or any other unauthorized data processing at all times. Personal data that you provide to us via our website is transmitted in encrypted form; we use Secure Socket Layers (SSL) encryption technology for this purpose. 


1. We may also transfer your personal data to third parties for the purposes outlined in this Data Privacy Notice  and within the scope of statutory disclosure and reporting obligations. These include companies and institutions in the following categories: 

  • Tax consultant/CPA-Companies
  • Authorities
  • Insurances 
  • Collection agencies and Attorneys-at-law
  • Suppliers 
  • Public agencies and institutions (e.g. social insurance agencies, supervisory authorities, etc.) if a corresponding obligation/authorization exists 

2. In the course of fulfilling our business relationship, we also transfer your personal data to subcontractors (order processors) who support us in handling our business processes. They process your data according to our instructions ”on behalf” based on a so-called contract on data processing according to Art. 28 GDPR. We use processors of the following categories:

  • Salespartner 
  • Internet-Provider 
  • (IT-) Service Provider 
  • Supportcenter  
  • IT-Provider 
  • Tracking Serviceprovider 
  • Logistics 
  • Print service provider 
  • Archiving service provider 
  • Credit agencies 
  • Financial institutions and payment service providers

3. Data transfer to non-EU member states

To the extent that data is processed in countries outside the EU or the European Economic Area (”EEA”), Company will ensure that your personal data is processed in accordance with European data protection standards and the relevant jurisdiction. If the third country does not have a level of data protection recognized as adequate by the European Commission, we will ensure prior to the transfer that the recipient can demonstrate an adequate level of data protection in accordance with Art. 44 et seq. of the GDPR (e.g. through self-certification of the recipient or we agree on so-called EU standard contractual clauses by the European).


1. Automated individual decision-making

We do not use automated decision-making pursuant to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you about this specifically within the framework of the legal provisions.

2. Google Web Fonts 

Our website uses so-called web fonts provided by Google for the uniform display of fonts. A connection to Google servers therefore does not take place.


1. Visit of the website 

a) Data categories: When you access our website, data is automatically stored in the server statistics (so-called server log files), which your browser automatically transmits to us. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • Date and time of the access 
  • IP address of the accessing device or server 
  • Request details and destination address 
  • Name of the retrieved file and amount of data transferred
  • Message whether the retrieval was successful 
  • Name of your Internet service provider 
  • Information about the browser type and version used 
  • the operating system of the user

For data protection reasons, the IP address is anonymized in the log files containing this data.

b) Purpose of processing: We process the above data for the following purposes:

  • Ensuring a smooth connection to the website 
  • Ensuring a comfortable use of our website 
  • Evaluation of system security and stability
  • for administrative purposes 

c) Legal basis for data processing according to Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the purposes for data collection listed above.  

d) Erasure of your data: The log file information is kept anonymously for a short time by the provider for security reasons (e.g. to clarify acts of abuse) and deleted when it is no longer required.

2. Activities via the website 

a) Data categories: When you register on our website or register for an event through our website, subscribe to our newsletter, submit an application, or use one of our web contact forms, you will be asked to provide us with some of your personal information.  mitzuteilen.  

These data processed in the procedure are, in addition to the data collected when visiting the website as well as during the registration process:

  • First and last name
  • E-mail address 
  • The IP address of the user
  • Date and time of registration 
  • Phone number

b) Purpose of processing: The processing of personal data provided by you is necessary to process your request and to communicate with you, as well as to operate our business, to enable business contact among registered members.

c) The legal basis for data processing is your consent under Art. 6 para. 1 sentence 1 lit. a) GDPR.

Inquiries: For the processing of data, your consent is obtained in advance by opt-in and reference is made to this Data Privacy Notice . By activating the checkbox and sending the contact form or request, you consent to the transmission and storage of your personal data and IP address in accordance with Art. 6 para. 1 lit. a GDPR.

Newsletter: The double opt-in procedure is used for the newsletter, i.e. after your registration we will send you an e-mail to the specified e-mail address containing a link to the final registration. Your confirmation ensures that the newsletter has also been ordered by you. Only by confirming the link in the e-mail, your data for newsletter dispatch will be stored for the duration of the use of our newsletter offer.

Events: If you register for an event via our event form, your personal data will be collected, stored, processed by us for the organization and implementation of the event. You declare your consent to this by sending the registration.

d) Deletion periods for requests: We store your data only for processing your request. Your data will be deleted after it has been processed, at the latest after four weeks, unless new processing purposes arise from the request (e.g. a contractual relationship) with other legal retention periods.

Newsletter: If you do not confirm the registration of the newsletter in the double opt-in procedure, your data will be deleted after 48 hours.

Events: Your data will be deleted no later than 30 days after your visit. 

You can unsubscribe at any time using the unsubscribe links included in our communications or by sending an email to with the subject ”UNSUBSCRIBE”.

3. First Party Cookies 


Cookies are small text files that are automatically created by your browser and stored on your terminal device (PC, laptop, tablet, smartphone or similar) when you visit our site. 

First party cookies are cookies that are set directly by our website.

a) Data categories: Our website uses so-called session cookies.

The use of session cookies, which are technically necessary cookies for our Internet services (functional cookies), serves to make the use of our offer more pleasant for you. Session cookies store data about your visit to the website and thus increase its user-friendliness: if you visit our site again, your entries and settings from your first visit are automatically applied so that you do not have to enter them again.

The following data is stored and transmitted in the cookies:

  • Language settings 
  • Log-In Information
  • Shopping Cart Information

b) Purpose of processing: The purpose of using technically necessary cookies is to simplify the use of websites for users. 

c) Legal basis for data processing: The data processed by session cookies are necessary for the aforementioned purposes to protect our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, namely to provide our services in a form that enables a user-friendly perception of the online offer and to provide certain functions such as the shopping cart function. The storage of log files serve the integrity and security of the website.

d) Duration of storage 

Session cookies are temporary cookies and are automatically deleted when you close the browser. 

d) Possibility of objection and removal (Opt-Out) 

Most browsers accept cookies automatically. You can object to the use of cookies at any time with effect for the future by changing the settings in your browser so that it does not accept cookies or only accepts certain cookies or you are notified as soon as cookies are sent. Cookies that have already been stored can be deleted at any time. This can also be done automatically. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

You can find these for the respective browsers using the following links: 

  • Internet Explorer™: 
  • Safari™: 
  • Chrome™: 
  •  Firefox™ 
  •  Opera™ : 

If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. 

If you use our website with multiple end devices, you must object to the use of each end device.

4. Google Analytics

We create pseudonymized user profiles for the purpose of customer-oriented advertising using Google Analytics, a web analytics service provided by Google USA. Google Analytics and Google Analytics 360 are operated by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter ”Google USA”). First party cookies are used to operate the service.

a) Data categories: The following data categories are collected by Google Analytics:

  •  the anonymized IP address of the accessing system of the user
  • the web page accessed 
  • the web page from which the user has reached the accessed web page (referrer) 
  • the subpages that are visited from the accessed website 
  • the time spent on the website 
  • the frequency of the website access

This information generated by the cookie about your use of this website may be transmitted to Google servers located in the United States or Google may obtain access to data from the United States. We have activated IP anonymization on this website (”anonymizeIP”) so that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. In exceptional cases, the full IP address is transmitted to a Google server and shortened there. It is not excluded that in this case the data processing takes place outside the scope of application of EU law.

To the extent that a contract for commissioned processing must be concluded with Google, which obligates Google to handle your data in a data protection-compliant manner, we will use the standard contractual clauses provided by Google as the transmission mechanism and check whether these meet the requirements for the level of data protection of the GDPR. In this respect, we refer to the website of Google:!#gdpr with further information on Google's data protection in particular international data transfers.

Google Analytics stores information about which pages you visit, how long you are on the website, from which page you came here and what you click. This Analytics data is collected in the pages of our website, but is not linked to any personal information, so this information cannot be used to identify you. The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google. Only after the anonymization described above, an evaluation of the user behavior takes place.

b) Purpose of processing: For the anonymized evaluation and creation of statistics relating to the use of and the associated detailed pages. Optimization and expansion of our respective web offer through personalization/individualization of the offer as well as recognition and characteristic assignment of users in the case of offers financed by advertising.

c) Legal basis for data processing: The legal basis is based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR, which we obtain from you by opt-in before you use the website.

d) For more information about Google's privacy position with respect to its analytics service, please visit

5. Third Party Cookies 

a) Third party cookies are cookies that are placed on your computer by external websites whose services are used on this website.

We integrate content or services from third-party providers within our online offer. When integrating third-party content, the user's IP address is transmitted to the third-party providers. Furthermore, the providers of the third-party content set their own cookies (third-party cookies) When calling up our website, the user is informed about the use of third-party cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, a reference to this data protection information is also made. 

b) The processing purpose for this is a user-friendly design of the website and our products and services offered.

c) The legal basis for the data processing is your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR, which we obtain from you by opt-in before you use the website. 

We currently use services from the following third-party providers:

  • Amazon AWS
  • Cloudflare
  • Salesforce
  • HubSpot (only internally, but this is where personal data is stored).


A Google Maps service is integrated on our website for the display of interactive maps and the creation of directions. The company that provides the service in the European Economic Area and Switzerland is Google Ireland Limited, a company incorporated and operated under the laws of Ireland) with its registered office at Gordon House, Barrow Street, Dublin 4 (hereinafter ”Google Ireland”). 

By using Google Maps, information about your visit to this website, including your IP address and the address data entered, is transmitted to Google, including to Google servers located in the USA. Google will subsequently collect the following data:

  • Date and time of the access 
  • IP address of the accessing device or server 
  • Request details and destination address 
  • Information about the browser type and version used 
  • the user's operating system 
  • addresses entered during route planning 

The data transfer takes place regardless of whether you have a user account with Google. If you have a user account and are logged in to Google, your data will be directly assigned to your account. To avoid this, you must log out before activating the button or you activate the so-called incognito mode under 

This has the consequence that all accruing data is not linked to your user account and stored there until the incognito mode is terminated.

Google will otherwise store your data as usage profiles. You have the right to object to this, which you must exercise against Google.

As the terms of the EU-US Privacy Shield are no longer in line with the GDPR, Google has amended its terms to this extent. This can be found at:!#gdpr

To the extent that Google acts as a processor of personal data, Google states that it makes available for this purpose the legal terms and conditions of data processing that take into account the relationship between the data controller and processor, if necessary.

For more information on the processing of personal data by Google Maps and your settings options for protecting your privacy, please refer to the terms of use at  as well as the data protection information under, see 


On some of our websites and the content provided by our partner, we embed Youtube videos. The company providing the service on in the European Economic Area and Switzerland is Google Ireland Limited. 

The videos are embedded in ”extended privacy mode”. This means that a connection is only established between your browser and a server of the operator in the USA when you play the videos. The following information about your visit and your IP address will be stored there:

  • Date and time of the access 
  • IP address of the accessing device or server 
  • Request details and destination address
  • Page accessed 
  • Information about the browser type and version used 
  • The operating system of the user 

The data transfer takes place regardless of whether you have a user account with Youtube or Google. If you have a user account and are logged in to Youtube or Google, your data will be directly assigned to your account. To avoid this, you must log out before activating the button. Google stores your data as usage profiles. You have the right to object to this, which you must exercise against Google.  For data protection and data security, please refer to the comments on Google Maps.



1. As a person affected by the processing of your personal data, you can assert the following rights with us in accordance with the GDPR and the BDSG (”data subject rights”):    

  • Right of access regarding the personal data concerning you,
  • Right to rectification of the data concerning you,
  • Right to erasure (Art. 17 GDPR),
  • Right to restrict the processing of your personal data,
  • Right to data portability (Art. 20 GDPR),
  • Right to object to the processing of personal data concerning you.
  • Amendment and erasure of data (”right to be forgotten”)

2. You also have the right to complain to a supervisory authority pursuant to Article 77 of the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace.

3. As a rule, we comply with requests within one month. However, this period may be extended due to the specific data subject right or the complexity of your request. In this case, we will inform you of the reasons within the one-month period. 


Please direct any further questions regarding data protection to the andugo representatives named in the imprint (GO2automation homepage > Imprint). There you can also assert your legal rights to information.

You can reach it via the e-mail address or by mail at the address given in the imprint (

This Data Privacy Notice can be printed and/or saved at any time. We reserve the right to change or adapt the data protection declaration in order to take into account further development of the GO2automation platform and the expansion and optimization of our offer. In doing so, we observe the data protection requirements to adapt.