Legal Notice

SDA SE Open Industry Solutions
Reeperbahn 1
20359 Hamburg



Court of Register: Hamburg
HRB number: 144213
VAT ID No.: DE309465329

Members of the Administrative Board:
Marco Ziegler

Members of the Supervisory Board:
Prof. Dr. Markus Warg (Chairman), Daniela Rohde (Deputy Chairman), Carsten Middendorf, Daniel Thomas, Norman Pankratz, Dr. Jürgen Zehetmaier

Photo credits

Photo “Who we are”: Jakob Sittel
All other photos: Ingo Stahl

Data Privacy

The protection of personal data and the responsible handling of information that you entrust us with are important and special concerns to us. SDA SE (SDA) processes personal data only in accordance with the legal regulations, the EU GDPR (GDPR) and the Bundesdatenschutzgesetz (BDSG, Federal Data Protection Act), in particular.
With this Privacy Policy we inform you as to how, to what extent and for which purposes we will process personal data with regard to the use of our website and the online shop.

1. Data Controller and Data Protection Officer

The Data Controller within the meaning of the data privacy laws is
SDA SE Open Industry Solutions
Reeperbahn 1
20359 Hamburg, Germany

Please refer to the Legal Notice for more details.

Contact details of our Data Protection Officer:

SDA SE Open Industry Solutions
Reeperbahn 1
20359 Hamburg

2. Processing of your personal data

The subject matter of data protection are personal data, i.e. information which is related to an identified or identifiable person, such as name, address, email address and telephone number.
In general, the processing of personal data is not required for using this website. Data collection and data processing occurs, if you voluntarily supply us with your personal data. We will explain this to you in detail in paragraph 4.
The kind of data that we automatically collect when a user visits our website will be explained below in paragraph 3.

3. Data processing to enable the use of website

When you visit our website we will collect the required data to enable you to use the site (usage data). This includes your IP address and data regarding the start, end and subject matter of your use of the website as well as, if applicable, identification data (for example, your login details when logging into your personal area). Moreover, it also includes technical data submitted by your browser, such as browser type / browser version, previously visited website (referrer URL), screen resolution, operating system and, if applicable, information regarding your device (such as the type of device), etc. We process such usage data in our legitimate interest to provide and design this website in a way that it meets the demands (Art. 6 Paragraph. 1 S. 1 lit. f GDPR).

3.1 Cookies

This website is currently not using cookies.

4. Contact via e-mail

When you contact us by sending an e-mail to, we will store and process your details (title, first and last name, email address, reference and the text of your message and, if applicable, your telephone number) to process your enquiry. The legal basis for this data processing is – depending on the subject matter of your message – the admissibility of such processing as part of a contract initiation, a contract or our legitimate interest in providing a contact form for general enquiries (Art. 6 Paragraph. 1 lit. b or f GDPR).

5. Google Maps

The contact form page includes a plugin which show a map provided by Google Maps. Google Maps is a web service to display interactive maps for the visual representation of geographic information. By using this service our location will be displayed to make it easier for you to find us and to provide directions.

Google Maps is operated by Google LLC. (hereinafter referred to as “Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. A connection is established between your browser and the Google servers, as if you were visiting the website of the Google search engine. If you are logged into your Google account, your data will be directly associated to your account. If you do not wish this data to be associated to your Google profile, you need to log out prior to activating the button. Google is responsible for any data processing performed by Google. There will be no tracking by Google on our website.

If you do not consent to the future submission of your data to Google as part of using Google Maps, it is also possible to fully deactivate the Google Maps web service by disabling the JavaScript application in your browser. As a result, Google Maps and thus the map shown on this website cannot be used.

6. Transfer to third parties – recipients of personal data

As part of the purposes stated in this Privacy Policy, personal data will be transferred to service providers who work for us and, in particular, support us in providing our services. In addition to their legal obligation to comply with all data protection regulations, those service providers are bound to us by means of additional contractual data protection standards. On a regular basis, this includes the obligation as a processor in accordance with Article 28, Paragraph 3 GDPR.
Apart from that, we only transfer personal data to third parties if authorised by law or if you have given prior consent to such transfer. In case you have given consent, you may revoke this consent at any time, to be effective in the future. We will only transfer your data to government agencies as part of our legal obligations or based on a regulatory action or court decision and only to the extent that is permissible by data protection laws.

7. Transfer to non-EU countries

In general, the transfer of data to non-EU and non-EEA countries (third countries) is not required for the purposes stated in this Privacy Policy and therefore does not occur. Apart from that, we will only transfer data to third countries if it will be guaranteed that the recipient of the data ensures an adequate data protection level within the meaning of Chapter V GDPR and no other interests worth being protected will contradict such data transfer. We use, in particular, the model contract clauses of the EU Commission regarding the transfer of personal data to third countries to ensure an adequate protection level on the part of the data recipient.
The analysis and web service provider Google (see 3.3) is certified in compliance with the EU-U.S. Privacy Shield and thus an adequate data protection level is ensured.

8. Erasure

We will delete your personal data as soon as they are no longer required for the data processing purposes described in this Privacy Policy, unless prevented by legal obligations to preserve records. The German commercial and tax law includes, in particular, retention periods of six years (for business letters of any kind) and of ten years (accounting-relevant files).

9. Data security

We have taken the necessary technical and organisational measures to protect the personal data provided by you against loss, damage, manipulation and unauthorised access.
Our staff and all people involved in data processing are obliged to comply with the GDPR, the BDSG and other data protection laws and to treat personal data as confidential. Our staff has been trained, accordingly. Both internal and external checks will ensure compliance with all data protection processes at SDA.
To protect the personal data of our users we use a secure online transmission method, the so-called “Secure Socket Layer” (SSL) transmission. You will recognize it by the “s” that has been added to the http:// in the URL (https://) and by the green, closed lock icon displayed in the browser. By clicking on the icon you will see information about the SSL certificate used. The SSL encryption ensures the secure and complete transmission of your data.

10. Your rights

The data privacy law grants you a number of rights with regard to data related to you as an individual (the so-called “rights of the data subject”). In general, those are

– the right to obtain information about personal data concerning you that are stored by us,
– the right to rectify inaccurate data,
– the right to erasure of data that may no longer be stored,
– the right to restrict data processing in certain cases,
– the right to object to processing of personal data if based on legitimate interests and on grounds relating to your particular situation, demonstrating compelling legitimate grounds which override the interests (Article 21, Paragraph 1 GDPR),
– the right to object to processing for the purposes of direct marketing (Article 21, Paragraph 2 GDPR),
– the right to data portability, meaning the right to have the personal data that you provided transmitted electronically to you or a third party, and
– the right to revoke any given consent, to be effective in the future.

Whether and insofar as those rights apply in individual cases and which conditions apply follows from the GDPR and the BDSG. Furthermore, you have the right to file a complaint with a supervisory authority for data protection. However, if you have any questions or complaints regarding data protection at SDA or would like to exercise your rights, we recommend to contact our Data Protection Officer first (see paragraph 1).

11. No automated individual decision-making

We do not use your personal data for automated individual decision-making within the meaning of Article 22, Paragraph 1 GDPR.

12. Modification of the Privacy Policy

New legal requirements, business decisions or technical development may require modifications to our Privacy Policy. In this case, the Privacy Policy will be amended, accordingly. The latest version can always be found on our website.

Effective: May 2018