Privacy Policy

1) Introduction and contact details of the controller

1.1 We are delighted that you have visited our website and are interested in our company. Below, we provide information in accordance with Articles 13 and 14 of the GDPR about the nature, scope, purpose, and legal basis of the processing of personal data in connection with the use of our website.

According to Art. 4 No. 1 GDPR, personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics.

1.2 The controller within the meaning of the General Data Protection Regulation (GDPR) for the processing of personal data on this website is:

Barlage GmbH

Am Gleis 5

49740 Haselünne-Flechum

Germany

Tel.: +49 59 62 939 0

Email: info@barlage.com

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer. They can be contacted as follows:

CYDA Consulting GmbH

Leuschnerstraße 20d

95447 Bayreuth

Phone: +49 151 55992277

Email: info@cyda-consulting.com

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, i.e. if you do not provide us with any other information (e.g. by contacting us or using a form), we only collect the personal data that your browser automatically transmits to our server (so-called server log files).

When you visit our website, the following data in particular is processed:

Website visited

Date and time of access

Amount of data transferred in bytes

Source/reference (referrer URL) from which you accessed our website

Browser type and browser version used

Operating system used

IP address used (in anonymized or abbreviated form, if applicable)

This data is processed on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in ensuring trouble-free operation, system security, and the stability and functionality of our website.

This data is not merged with other data sources. As a matter of principle, it is not passed on to third parties.

However, we reserve the right to evaluate the server log files retrospectively if there are concrete indications of illegal use of our website.

2.2 This website uses SSL or TLS encryption for data security reasons and to protect the transmission of personal data and other confidential content (e.g., in the context of inquiries or orders).

You can recognize an encrypted connection by the string “https://” in the address bar of your browser and by the lock symbol in the browser bar.

3) Hosting & Content Delivery Network

We use the services of ipCONN GmbH, Mühlenstraße 28, 49808 Lingen, Germany, to provide our website and display its content.

Processing takes place exclusively on servers within the European Union.

All personal data collected in the context of using our website is processed on this provider’s servers.

The legal basis for processing is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the secure, efficient, and reliable provision of our website.

A contract for order processing in accordance with Art. 28 GDPR has been concluded with the provider. This ensures that the personal data of our website visitors is processed exclusively in accordance with our instructions and that unauthorized disclosure to third parties is excluded.

4) Cookies

We use cookies to ensure that our website is user-friendly and to provide certain functions. Cookies are small text files that are stored on your device via your Internet browser.

Some of these are so-called “session cookies,” which are automatically deleted after you close your browser session. Other cookies remain on your device for a specified period of time (“persistent cookies”) and enable your browser to be recognized and settings to be stored. You can find the respective storage period in your Internet browser settings.

If personal data is processed by individual cookies used by us, the processing is carried out

in accordance with Art. 6 (1) lit. b GDPR, if the processing is necessary for the initiation or execution of a contract,
in accordance with Art. 6 (1) lit. a GDPR in the event of your consent, or
in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the technical functionality, stability, and optimization of our website, as well as in a user-friendly design of the site visit.

You can configure your Internet browser so that you are informed about the setting of cookies and can decide in each individual case whether to accept them or to exclude the acceptance of cookies in certain cases or in general.

Please note that if you deactivate cookies, the functionality of our website may be limited.

5) Contacting us

If you contact us by email, we will process your email address and all data you provide in your inquiry for the purpose of responding to your message. The processing is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

6) Website features

6.1 Google Maps

Our website uses Google Maps (API), a service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter referred to as “Google”).

Google Maps is a web service for displaying interactive maps in order to visually present geographical information and, in particular, to show our location and facilitate directions.

When you visit subpages that incorporate Google Maps, information about your use of our website (e.g., your IP address) is transmitted to Google servers and processed there. This may also involve the transfer of personal data to Google LLC, USA. This occurs regardless of whether you have a Google user account or are logged in there.

If you are logged in to Google, the processed data can be directly assigned to your user account. If you do not want this assignment, you must log out of Google before visiting the corresponding subpage. Google also stores the collected data as usage profiles for users who are not logged in and evaluates this data.

The integration of Google Maps is based on your consent in accordance with Art. 6 (1) (a) GDPR, insofar as this is legally required. If no consent is required, processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in the appealing presentation of our online offering and in making it easier to find our company location.

You can revoke your consent at any time with effect for the future. To exercise your right of revocation, you can adjust the corresponding settings in our consent management tool.

You also have the option of deactivating JavaScript in your browser to prevent data transmission to Google. In this case, however, Google Maps cannot be used or can only be used to a limited extent.

For data transfers to the USA, Google has joined the EU-US Data Privacy Framework. Based on the adequacy decision of the European Commission, this ensures an adequate level of data protection.

Further information on data protection at Google can be found at:

https://business.safety.google/intl/de/privacy/

6.2 Microsoft Teams

We use Microsoft Teams, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter “Microsoft”), to conduct online meetings, video conferences, and webinars.

When using Microsoft Teams, the personal data of the respective communication participants is processed. The scope of the data processed depends on the information you provide before or during your participation in an online meeting, video conference, or webinar.

This includes in particular:

Login data (e.g., name, email address, phone number [optional], password),
Session data (e.g., topic, participant IP address, device information, optional descriptions),
Image and audio contributions from participants,
Contents of chat messages and voice inputs.

The processing of personal data is carried out

in accordance with Art. 6 (1) lit. b GDPR, insofar as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures,
in accordance with Art. 6 (1) lit. a GDPR, insofar as you have given us your consent,
and otherwise on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the efficient and proper execution of online meetings, video conferences, and webinars.

You can revoke your consent at any time with effect for the future.

We have concluded a contract with Microsoft for order processing in accordance with Art. 28 GDPR. This ensures that personal data is processed exclusively in accordance with our instructions and is protected against unauthorized access.

When using our services, the transfer of personal data to the USA cannot be ruled out. Microsoft has joined the EU-US Data Privacy Framework for data transfers to the USA. Based on the adequacy decision of the European Commission, this ensures an adequate level of data protection.

6.3 Applications for job vacancies by email

We publish current job vacancies in a separate section of our website. Interested parties have the opportunity to apply by email to the contact address specified in the respective job advertisement.

As part of the application process, we only process personal data that is necessary for the proper review and evaluation of the application. This includes, in particular, general personal information (e.g., name, address, contact details) as well as performance-related evidence and other information relevant to the application. If required for the advertised position, health-related information may also be processed. The specific requirements are set out in the respective job advertisement.

Processing is carried out in accordance with the principles of purpose limitation, data minimization, and confidentiality in accordance with Art. 5 GDPR. Access to the application documents is restricted to those persons who are entrusted with the application process.

Once we have received your application, the data you have provided will be stored and evaluated solely for the purpose of conducting the application process. If we have any questions, we will use the contact details you have provided (e.g., email address or telephone number).

The legal basis for processing is Art. 6 (1) lit. b GDPR in conjunction with § 26 (1) BDSG. In this respect, the application process is considered a pre-contractual measure in the context of initiating an employment relationship.

If special categories of personal data within the meaning of Art. 9 (1) GDPR are processed as part of the application process (e.g. health data or information on severe disability), the processing is carried out in accordance with Art. 9 (2) (b) GDPR in order to exercise the rights arising from labor law, social security law, and social protection law and to fulfill the corresponding obligations.

Cumulatively or alternatively, the processing of special categories of personal data may be based on Art. 9 (2) (h) GDPR, provided that this is done for the purposes of health care or occupational medicine, for the assessment of working capacity, for medical diagnosis, or for the management of systems and services in the health or social sector.

If you are not hired or if you withdraw your application, we will delete the data you have provided, including any related electronic correspondence, no later than six months after the application process has been completed.

The storage period is based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in answering any queries regarding the application and in fulfilling our legal obligations to provide evidence, in particular in accordance with the provisions of the General Equal Treatment Act (AGG).

In the event of a successful application, the personal data provided will be further processed on the basis of Art. 6 (1) lit. b GDPR in conjunction with § 26 (1) BDSG for the purpose of establishing and implementing the employment relationship.

6.4 Online applications via a form

We publish current job vacancies in a separate section on our website. Interested parties have the opportunity to apply using an online form provided for this purpose.

As part of the application process, we only process personal data that is necessary for the proper review and assessment of the application. This includes, in particular, general personal details (e.g., name, address, contact details) as well as performance-related evidence and other information relevant to the application. If required for the advertised position, health-related information may also be processed. The specific requirements are set out in the respective job advertisement.

The data entered in the form is transmitted to us in encrypted form using state-of-the-art technology. Processing is carried out in accordance with the principles of purpose limitation, data minimization, and confidentiality in accordance with Art. 5 GDPR. Access to the application data is restricted to those persons who are entrusted with the application process.

The transmitted data is stored and evaluated exclusively for the purpose of conducting the application process. The legal basis is Art. 6 (1) lit. b GDPR in conjunction with § 26 (1) BDSG. In this respect, the application process is considered a pre-contractual measure in the context of initiating an employment relationship.

If the applicant is not hired or withdraws their application, we will delete the form data transmitted, including the associated electronic correspondence, no later than six months after completion of the application process.

The storage period is based on our legitimate interest pursuant to Art. 6 (1) (f) GDPR in responding to any queries regarding the application and in fulfilling our legal obligations to provide evidence, in particular in accordance with the provisions of the General Equal Treatment Act (AGG).

7) Tools and other stuff

7.1 Cookie consent tool

This website uses a cookie consent tool to get and manage consent for cookies that aren’t technically necessary, as well as cookie-based apps.

When visiting our website for the first time, the user is presented with an interactive user interface through which consent can be given or refused by active selection (e.g., via a checkbox). Cookies that are not technically necessary and comparable technologies are only set or activated once consent has been given. This ensures that the use of technologies requiring consent is based exclusively on effective consent.

The cookie consent tool sets a technically necessary cookie to store your selected cookie preferences. This cookie is used exclusively to document and implement your selection decision. No further processing of personal data takes place.

Insofar as personal data (e.g., IP address) is processed in individual cases for the purpose of storing, assigning, or logging consent, this processing is carried out on the basis of Art. 6 (1) lit. f GDPR. Our legitimate interest lies in the legally compliant, user-specific, and user-friendly design of consent management, as well as in fulfilling our data protection obligations to provide evidence.

An additional legal basis is Art. 6 (1) (c) GDPR. As the controller, we are subject to the legal obligation to use cookies that are not technically necessary only after prior consent and to document this consent in a verifiable manner.

Where necessary, we have concluded a contract for order processing with the provider of the cookie consent tool in accordance with Art. 28 GDPR. This ensures that personal data is processed exclusively in accordance with our instructions and is protected against unauthorized disclosure to third parties.

Further information on the cookie consent tool used and the individual setting options can be found in the corresponding user interface on our website.

7.2 LinkedIn

On our website, you have the option of being redirected to our LinkedIn social media service via a hyperlink. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”).

By clicking on the corresponding link, personal data (e.g., your IP address and, if applicable, other technical connection data) will be transmitted to LinkedIn and processed there. Data processing is carried out by LinkedIn on its own responsibility.

The legal basis for the integration of the hyperlink is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in a professional and contemporary corporate image and in providing additional information and communication options.

When using the service, the transfer of personal data to LinkedIn Inc., USA, cannot be ruled out. LinkedIn has joined the EU-US Data Privacy Framework for data transfers to the USA. Based on the adequacy decision of the European Commission, this ensures an adequate level of data protection.

Further information on data processing by LinkedIn can be found in the provider’s privacy policy.

7.3 Instagram

On our website, you have the option of being redirected to our Instagram social media service via a hyperlink. The provider is Meta Platforms Ireland Limited, Ballsbridge, Dublin 4, Ireland (hereinafter “Meta”).

By clicking on the corresponding link, personal data (e.g., your IP address and, if applicable, other technical connection data) is transmitted to Meta and processed there. Data processing is carried out by Meta on its own responsibility.

In the context of use, the transfer of personal data to Meta Platforms, Inc., USA, cannot be ruled out. For data transfers to the USA, Meta has joined the EU-US Data Privacy Framework. Based on the adequacy decision of the European Commission, this ensures an adequate level of data protection.

Further information on data processing by Meta can be found in the provider’s privacy policy.

7.4 Facebook

On our website, you have the option of being redirected to our Facebook page via a hyperlink. The provider is Meta Platforms Ireland Limited, Ballsbridge, Dublin 4, Ireland (hereinafter “Meta”).

The legal basis for the integration of the hyperlink is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in a professional and contemporary corporate presence and in providing additional information and communication options.

Further information on data processing by Meta can be found in the provider’s privacy policy.

7.5 Watchguard

For security purposes, we use a service provided by Defiant Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter referred to as “provider”) on our website.

The provider serves to protect our website and the associated IT infrastructure from unauthorized access, cyber attacks, malware, and other security-related threats.

During use, the IP address of the website visitor and, if necessary, other technical access data (e.g., URLs accessed and header information) are processed. The processing is carried out for the purpose of detecting and defending against illegitimate access. The IP address collected is compared with a database of known security-related anomalies. If an IP address is identified as a potential security risk, access to our website may be automatically restricted or blocked.

The information collected in this process is transferred to the provider’s servers and processed there.

The legal basis for the processing operations described is Art. 6 (1) lit. f GDPR. Our legitimate interest lies in protecting our website from harmful cyber attacks and in ensuring the integrity, availability, and confidentiality of our information technology systems.

If site visitors have login rights, the provider also sets technically necessary cookies on the respective end device used. These cookies enable the evaluation of certain device and location information in order to verify the legitimacy of a login process. They are also used to manage and verify access rights and to detect unusual administrator access (e.g., from new devices or locations).

The cookies described are only set for users with corresponding login rights. If you use our website for informational purposes only without login authorization, this service does not set any cookies.

Insofar as personal data is processed in the context of cookie use, the processing is also based on Art. 6 (1) lit. f GDPR. Our legitimate interest lies in preventing unauthorized access to the site administration and in securing administrative access.

A contract for order processing in accordance with Art. 28 GDPR has been concluded with the provider. This ensures that processing is carried out in accordance with instructions and that the data of our website visitors is protected against unauthorized disclosure.

For data transfers to the USA, the provider relies on the standard contractual clauses of the European Commission in accordance with Art. 46 (2) (c) GDPR to ensure an adequate level of data protection.

7.6 Sophos

For security purposes, we use a service provided by Sophos Ltd., The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom (hereinafter referred to as “Sophos”) on our website.

The service serves to protect our website and the associated IT infrastructure from unauthorized access, cyber attacks, malware, and other security-related threats.

When using the service, the IP address of the respective user and, if necessary, other technical access data (e.g., URLs accessed, header information, or security-related event data) are processed. The processing is carried out for the purpose of detecting, analyzing, and defending against security-related incidents. Automated checking mechanisms may be used to identify unusual access patterns and, if necessary, to take appropriate protective measures (e.g., access restrictions).

The information collected in this process may be processed on servers belonging to Sophos or affiliated companies.

The legal basis for the processing operations described is Art. 6 (1) (f) GDPR. Our legitimate interest lies in protecting our website from harmful cyber attacks and in ensuring the integrity, availability, and confidentiality of our information technology systems.

Insofar as personal data is processed within the scope of security measures, this is done exclusively to the extent necessary for hazard prevention and system security.

Where necessary, a contract for order processing has been concluded with Sophos in accordance with Art. 28 GDPR. This ensures that processing is carried out in accordance with instructions and that the data of our website visitors is protected against unauthorized disclosure.

For data transfers to the United Kingdom, there is a recognized adequate level of data protection based on the adequacy decision of the European Commission. Insofar as data is transferred to other third countries, appropriate safeguards within the meaning of Art. 46 GDPR, in particular standard contractual clauses of the European Commission, are applied.

8) Rights of the data subject

8.1 The applicable data protection law grants you the following rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective conditions for exercising these rights:

– Right of access pursuant to Art. 15 GDPR;

– Right to rectification pursuant to Art. 16 GDPR;

– Right to erasure pursuant to Art. 17 GDPR;

– Right to restriction of processing pursuant to Art. 18 GDPR;

– Right to notification pursuant to Art. 19 GDPR;

– Right to data portability pursuant to Art. 20 GDPR;

– Right to withdraw consent pursuant to Art. 7(3) GDPR;

– Right to lodge a complaint pursuant to Art. 77 GDPR.

8.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE HAVE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING.

CAN PROVE THAT THEIR INTERESTS, FUNDAMENTAL RIGHTS, AND FUNDAMENTAL FREEDOMS OVERRIDE YOUR INTERESTS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE, OR DEFEND LEGAL CLAIMS.

IF WE PROCESS YOUR PERSONAL DATA FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNING YOU FOR DIRECT MARKETING PURPOSES.

9) Duration of storage of personal data

The duration of storage of personal data depends on the respective legal basis, the specific processing purpose and, where relevant, the statutory retention periods (e.g., commercial and tax law retention obligations).

If personal data is processed on the basis of consent pursuant to Art. 6 (1) (a) GDPR, it will be stored until consent is revoked, unless there is another legal basis for further processing.

Personal data that is necessary for the performance of a contract or for the implementation of

Pre-contractual measures based on Art. 6 (1) (b) GDPR are stored for the duration of the respective contractual relationship. After termination of the contractual relationship, the data will be deleted unless there are legal retention obligations or a legitimate interest in further storage. If there are statutory retention periods, the relevant data will be routinely deleted after their expiry.

If processing is based on Art. 6 (1) lit. f GDPR, the personal data will be stored until the data subject exercises their right to object in accordance with Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the further processing which override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.

If personal data is processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, it will be stored until the right to object is exercised in accordance with Art. 21 para. 2 GDPR.

Unless the other provisions of this privacy policy specify different storage periods, personal data will otherwise be deleted as soon as it is no longer required for the purposes for which it was collected or otherwise processed.

Status: February 16, 2026

Privacy Policy

Sitemap

Career

Download

Legal