Privacy Policy
We are pleased that you are interested in our company. Data protection is of particularly high priority for the management of CPT cometis Publishing & Technologies GmbH (hereinafter „CPT"). Use of CPT's websites is generally possible without any indication of personal data. However, if a data subject wishes to use special services offered by our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to CPT. By means of this privacy policy, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.
As the controller, CPT has implemented numerous technical and organisational measures to ensure the most complete protection of personal data processed via this website. Nevertheless, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, e.g., by telephone.
1. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection is:
CPT cometis Publishing & Technologies GmbHFriedrichstrasse 22
65185 Wiesbaden
Germany
Phone: +49 611 205855-0
E-mail: diegelmann@cometis.ai
Website: https://cometis.ai
Managing Director: Michael Diegelmann
Commercial Register: Amtsgericht Wiesbaden HRB 8805
VAT ID: DE256617569
2. Name and Address of the Data Protection Officer
The Data Protection Officer of the controller is:
StraSev UGJana-Alice Stratmann-Severin
Data Protection Officer
Diekweg 16
26160 Bad Zwischenahn
Germany
Mobile: +49 800 151 17 51
E-mail: jana@strasev.de
Any data subject may contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
3. Cookies
Our website does not currently use cookies that process personal data. If technically necessary or consent-based cookies are used in the future, you will be informed separately and asked for your consent.
4. Collection of General Data and Information (Server Log Files)
When you visit our website, our hosting provider (see Section 9) automatically collects information transmitted by your browser. This includes:
- Browser type and version
- Operating system used
- Referrer URL (the previously visited page)
- IP address of the accessing device
- Time of the server request
This data cannot be attributed to specific individuals by us. This data is not combined with other data sources and is deleted after statistical evaluation and once the retention periods applicable at our hosting provider have expired. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR (legitimate interest in the stable and secure operation of the website).
5. Contact Form and Contact by E-mail
We collect your data for the purpose of processing your contact request. Data processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to respond to your request. With the exception of the technical service providers mentioned in Section 6, data is not transferred to third parties. The data is deleted as soon as it is no longer required for the purpose of processing and no statutory retention obligations conflict with deletion.
You have the right to object at any time to the use of your data for the purpose of sending information material. An informal e-mail to the address provided in the legal notice is sufficient.
6. Use of HubSpot (Contact Form & Marketing Automation)
We use functions of the provider HubSpot on our website to provide contact forms. The provider is HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. HubSpot processes the data submitted via the form on our behalf (in particular name, e-mail address, telephone number, and message) to receive your enquiry and forward it to us.
When using HubSpot, personal data is transferred to servers in the USA. HubSpot Inc. is certified under the EU-U.S. Data Privacy Framework; in addition, standard contractual clauses pursuant to Art. 46 GDPR are in place with HubSpot. The legal basis for the processing is Art. 6 para. 1 lit. b GDPR (initiation of a contractual relationship) or Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient handling of enquiries).
Further information on data protection at HubSpot is available at https://legal.hubspot.com/privacy-policy.
7. Locally Hosted Fonts
This website uses the „Prompt" typeface, which is hosted locally on our web server. There is no connection to servers of Google or other external font providers. No personal data is transferred to third parties in this context.
8. SSL/TLS Encryption
To protect your transmitted data as best as possible, we use SSL/TLS encryption. You can recognise such encrypted connections by the prefix https:// in the address bar of your browser. All data that you transmit to this website — for example via the contact form — cannot be read by third parties thanks to SSL/TLS encryption.
9. Hosting at Netlify
This website is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, USA („Netlify"). When you access our website, technically necessary data (in particular your IP address, date and time of access, requested URL, transferred data volume, browser type, and operating system) are processed by Netlify in so-called server log files. This processing is necessary to be able to deliver the website.
When using Netlify, personal data is transferred to the USA. Netlify, Inc. is certified under the EU-U.S. Data Privacy Framework; in addition, a Data Processing Addendum with standard contractual clauses pursuant to Art. 46 GDPR is in place with Netlify. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR (legitimate interest in the stable and secure operation of the website).
Further information on data protection at Netlify is available at https://www.netlify.com/privacy/.
10. Routine Erasure and Blocking of Personal Data
The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as required by the European legislator or another legislator in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with statutory provisions.
11. Rights of the Data Subject
You have the right to:
- Information pursuant to Art. 15 GDPR
- Rectification pursuant to Art. 16 GDPR
- Erasure pursuant to Art. 17 GDPR
- Restriction of processing pursuant to Art. 18 GDPR
- Data portability pursuant to Art. 20 GDPR
- Objection to processing pursuant to Art. 21 GDPR
- Withdrawal of consent pursuant to Art. 7 para. 3 GDPR (with effect for the future)
To exercise your rights, please contact one of the contact details listed in Sections 1 and 2.
12. Right to Lodge a Complaint with a Supervisory Authority
If you believe that the processing of your data violates data protection law or otherwise infringes your data protection rights, you may lodge a complaint with a supervisory authority. The authority responsible for CPT is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit(Hessian Commissioner for Data Protection and Freedom of Information)
Postfach 31 63
65021 Wiesbaden, Germany
Phone: +49 (0)611 1408-0
Fax: +49 (0)611 1408-611
E-mail: poststelle@datenschutz.hessen.de
13. Automated Decisions in Individual Cases, including Profiling
CPT does not make any automated decisions, including profiling within the meaning of Art. 22 GDPR, on this website.
14. Data Protection in Applications and Application Procedures
The controller collects and processes personal data of applicants for the purpose of handling the application procedure. Processing may also be carried out by electronic means, in particular if an applicant submits relevant application documents by e-mail. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless other legitimate interests of the controller conflict with deletion.
15. Legal Basis for Processing
Art. 6 para. 1 lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 para. 1 lit. b GDPR. If our company is subject to a legal obligation requiring the processing of personal data, the processing is based on Art. 6 para. 1 lit. c GDPR. In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person — the legal basis would be Art. 6 para. 1 lit. d GDPR. Finally, processing operations may be based on Art. 6 para. 1 lit. f GDPR (legitimate interest).
16. Legitimate Interests in Processing
If the processing of personal data is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest is to conduct our business operations for the benefit of the well-being of all our employees and our shareholders.
17. Duration of Storage of Personal Data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfilment or contract initiation.
18. Statutory or Contractual Requirements to Provide Personal Data
We would like to inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual provisions (e.g., information on the contracting party). Before personal data is provided by the data subject, our staff must clarify whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of non-provision would be.
As of: May 2026