Data privacy policy

Thank you for visiting our website and your interest in the KÖNIGSTEINER AGENCY and our services. We take the protection of your personal data and its confidential handling very seriously, so you feel safe and secure when visiting our website.

With this information about data protection, we would like to inform you about when we store data, which data we store, and what we use it for – naturally in compliance with the applicable data protection laws.

The KÖNIGSTEINER AGENCY is part of the KÖNIGSTEINER Group and a subsidiary of KÖNIGSTEINER GmbH. Because we have outsourced certain services to other companies within our Group, in some cases data may also be shared with other KÖNIGSTEINER companies. Of course, we only do this when there is a legal basis for it. We have ensured through internal agreements that your data is handled in accordance with the applicable data protection laws.

If you have further questions regarding how your personal data is handled, you are welcome to contact our Group’s Data Protection Officer (DPO). The DPO’s contact information can be found below.

Constant technological development, changes to our services or legal status, or other reasons may require our data privacy statement to be revised. Therefore, we reserve the right to change this data privacy policy at any time and ask you to inform yourself regularly about the current status.

General information

Unless stated otherwise in the following sections, as a rule, when you use our website, we do not collect, process, or use any personal data.

When you access our internet pages, our web server automatically collects information of a general nature. This includes the type of web browser, the operating system used, the domain name of the internet service provider, the IP address of the computer being used, the webpage you are visiting us from, the pages that you visit on our website, and the date and duration of your visit.

We cannot use this data to identify the individual user. We merely evaluate the information statistically and use it exclusively to improve the attractiveness, content, and functionality of our webpages.

Access to personal data

The term “personal data” is defined in Art. 4 (1) of the General Data Protection Regulation. It states that this is any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Legal basis for collecting and processing personal data

If we obtain your consent for processing personal data, Art. 6 (1) (a) of the GDPR serves as the legal basis for processing your personal data.

When processing your personal data to fulfill a contract between you and KÖNIGSTEINER AGENTUR GmbH, Art. 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing that must be performed prior to entering into a contract.

If processing personal data is required to comply with a legal obligation to which our company is subject, Art. 6 (1) (c) of the GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms, Art. 6 (1) (f) of the GDPR serves as the legal basis.

Deletion of data and duration of storage

Your personal data is deleted or locked as soon the purpose for storing the data no longer applies. Beyond that, data can be stored if it is designated by European or national legislation, laws or other regulations to which KÖNIGSTEINER (the “controller”) is subject. The data can also be locked or deleted if the predefined retention period expires due to the stated standards, except where continued retention of the data is required to fulfill or conclude a contract.


You can contact us via our email address or our contact form. The personal data provided to us this way is voluntary and we will of course only use it for the purpose for which you provided it when you contacted us and to contact you in this way.

We process the data that you provide to us in this way for the purpose of our legitimate interest in answering your request, Art. 6 (1) (f) GDPR. If you contact us to inform yourself about our offerings, the legal basis is Art. 6 (1) (b) GDPR.

Job applications

You can apply for jobs at the KÖNIGSTEINER AGENCY through our online job portal. Your online application is forwarded directly to the human resources department via an encrypted connection and naturally is handled confidentially. We will only use your information to process your application and not share it with third parties outside of the KÖNIGSTEINER AGNECY.

You can find more information about how we process data as part of the application process in the data privacy policy on our job portal. If you have applied for a specific position and it has already been filled or if we think you would be equally or even better suited for another position, we would like to forward your application within our company. Please let us know if you do not consent to us forwarding your application. After concluding the application process, your personal data is deleted immediately or after a maximum of six months unless you have expressly given us your consent to store your data for a longer period of time.

Please note that we offer only our job portal for employment applications. However, if you do submit an application via email, we would like to explicitly state that email attachments must not be encrypted.

Data sharing with other Group companies

As a rule, your data will not be shared with third parties outside of the KÖNIGSTEINER Group unless we are legally obligated to do so, or if sharing the data is necessary to execute the contractual relationship, or you have expressly given consent to sharing your data previously. External service providers and partner companies only receive your data if needed to process your request. In these cases, the scope of shared data is limited to the required minimum. If our service providers come into contact with your personal data, we ensure that they follow the provisions of data privacy laws in the same manner. Please also note the respective data privacy policies for those providers. The respective service provider is responsible for the content of third-party services, whereby we will conduct within reasonable limits a review of the services with regard to compliance with regulatory requirements.

Data sharing with external service providers (processors)

Your data will be shared with partner service providers if they are acting on our behalf and supporting the KÖNIGSTEINER AGENCY when providing their services.

Processing of your personal data by a third-party service provider will be carried out in accordance with Art. 28 GDPR.

The above-mentioned service providers only receive access to personal information that they need to perform the respective activity. These service providers are prohibited from sharing your personal information or using it for other purposes, especially their own commercial purposes.

If external service providers come into contact with your personal data, we have ensured through legal, technical, and organizational measures as well as through regular controls that they comply with the applicable data privacy laws.

Your personal data will not be shared with other companies for commercial purposes.


On our website, we offer you the opportunity to sign up for our newsletter. To avoid errors during the entry of your email address, we use the double opt-in process: After you have signed up for our service with your email address, we send you a confirmation link. Your email address will only be added to our distribution list after you click on this link.

Your electronic contact data is processed on the basis of your consent. Art 6 (1) (a) GDPR, which you declare when you subscribe to the newsletter. You can withdraw your consent at any time with effect for the future by clicking on the unsubscribe link available in every email.

Website optimization and cookies

We use cookies in some areas of our website. A cookie is a small text file that a website stores on your hard drive. Cookies do not damage your computer in any way and do not contain viruses. The cookies on our webpages do not contain any personal data. We use the information in the cookies to make your use of our website easier and customized to your needs.

Our website uses both session cookies as well as persistent cookies. Session cookies are temporary cookies that are stored in the user’s internet browser until the browser window is closed, which deletes the session cookies. Persistent cookies are used for repeated visits and are stored in the user’s browser for a certain amount of time (generally one year or longer). These cookies are not deleted when the browser is closed. This type of cookie is utilized to reuse a user’s preferences as soon they return to the webpage.

Naturally, you can view our website without cookies. If you do not want cookies to be stored on your computer, you can deactivate the respective option in the system settings of your browser. You can delete stored cookies at any time in the system settings of your browser. Check the instructions from your browser provider to see in detail how to do this. However, we would like to point out that use of our online offerings without cookies may potentially be limited.

Cookies are used on this website

If and when we use cookies that are absolutely necessary for our webpages to function (necessary cookies), the legal basis for processing personal data when using these cookies is Art. 6 (1) (f) GDPR. Provisioning this website and the customized rendering of content represent our legitimate interests here.

Personal data is only processed through cookies for marketing purposes or for generating statistics (non-necessary cookies) if you have given us your consent to do so. The legal basis for this activity is Art 6 (1) (a) GDPR.

You can withdraw your consent at any time without providing a reason at the following link by changing the approved functionalities.

Google Analytics

We use the services of Google Analytics exclusively with your prior consent. The legal basis for this activity is Art 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by changing your cookie settings as described above.

On behalf of the operator of this website, Google evaluates your use of the website to compile reports about website activities and to further provide services associated with the website use and internet use to the website operator.

Since the Hamburg Data Protection Authority’s agreement with Google based on the Düsseldorf Higher Regional Court’s decision on designing analytics processes for measuring the reach of internet offerings in compliance with data privacy laws, using Google Analytics in a manner that complies with data protection laws and without objection is allowed under certain conditions. We will naturally comply with these conditions. In particular, we would like to point out that Google Analytics was expanded on this website by the code “gat._anonymizeIp();” to ensure anonymized capturing of IP addresses (IP masking). Your IP address will be truncated by Google within European Union member states and in other member countries of the European Economic Area. The full IP address will only be transmitted in exceptional cases to a Google server in the USA and truncated there. The IP address communicated to Google Analytics via your browser will not be compiled with other data from Google. You can find further information about the terms and conditions of use and data privacy at and

Google Analytics also uses cookies. The information about your use of this website generated by the cookie is normally transmitted to a Google server in the USA and stored there.

Google Ads

We use the service Google Ads. Google Ads is an online advertising program from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This means that we activate Google Ads and in that context we use Google Remarketing and Conversion Tracking as well. The ads are displayed depending on search requests on websites in the Google advertising network. In addition, we use ads remarketing lists for search ads. This enables us to adapt our search request campaigns for users who have already visited our website. Through these services, we may combine our ads with specific search terms or activate ads for returning visitors to advertise services, for instance, that those visitors have viewed before. That enables us to show visitors to our website interest-based advertising on other websites within the Google advertising network (as Google Ads as part of Google Search or on other websites).

An analysis of online user behavior is necessary for interest-based ads. Google uses cookies to perform this analysis. When a user visits our website or clicks on an ad, Google stores a cookie on their computer. These cookies will be deleted after 90 days. The information gathered by the respective cookies is used for a targeted sales approach when the user enters a search request later. You can also find more information about the cookie technology being used in Google’s tips about website statistics and data protection regulations. This technology gives Google, and us as customers, information about when a user has clicked on an ad and was redirected to our website. The information collected here is used exclusively for statistical analysis to optimize advertising. We do not receive any information that personally identifies visitors. Your IP address is sent to Google because we use Google’s IP masking on this website as part of our use of Google Analytics. However, your IP address is anonymized. The statistics provided to us by Google include the total number of users who clicked on one of our ads, and where applicable, if they were redirected to a page on our web presence that is marked with a conversion tag. Based on the statistics, we can track which search keywords in our ad are clicked on particularly often and which ads lead to users making contact with us via the contact form.

We process your data for the purpose of target group-oriented ad displays in accordance with Art. 6 (1) (a) GDPR. However, you can withdraw your consent at any time by changing your cookie settings.

For more information about data protection within the scope of Google Ads, please visit:

If data is processed outside of the EEA where the data protection level is not equivalent to the European standard, we have signed EU Standard Contractual Clauses with the service provider to establish a secure level of data protection.

Google DoubleClick

We use DoubleClick, a service provided by Google Inc. DoubleClick uses cookies to display user-based ads. The cookies recognize which ad has already been activated in your browser and whether you were redirected to a website by clicking on an ad. In this process, the cookies do not collect personal information that can be used to identify you.

This service is used exclusively with your consent per Art. 6 (1) (a) GDPR. You can withdraw your consent at any time with effect for the future by changing your cookie settings as described above.

For more information about how Google uses cookies, please read Google’s data privacy policy.

Google Maps

This website uses the map service Google Maps. Google maps is a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

To use the functions of Google Maps, information including the IP address as well as the address entered as part of the route service can be sent to the service provider. This information is normally transmitted to a Google server in the USA and stored there. When visiting a website that contains Google Maps, your browser establishes a direct connection with Google’s servers and sends the map content to your browser, which stores the information. The provider of this webpage has no influence on this data transmission. Based on current knowledge, this includes the following data:

– date and time of the visit to the relevant website,

– internet address or URL of the accessed website

– IP address in the scope of route planning for the (start) address entered

For more information about how user data is handled, please read Google’s data privacy policy:


On our website we use services from YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company owned by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

To protect your personal data, we use the extended data protection option provided by YouTube. When you access a webpage that has an embedded YouTube video, a connection is established between the YouTube servers and your browser to display the content on the webpage. According to statements by YouTube, in “extended data protection mode” the data will only be transmitted to the YouTube server if you actively start the video. If you are logged into YouTube at that point in time, YouTube assigns the information about the videos you have viewed to your member account. You can prevent this by logging out of your member account before visiting our website.

The legal basis for this is our legitimate interest per Art 6 (1) (a) GDPR. This enables us to customize the rendering of our website as well as improve your user experience.

Further information about YouTube’s data protection is provided by Google at the following link:

Our social media channels

We operate channels on a variety of social platforms to communicate with you directly and inform you about interesting updates and innovations at our company.

In this area we process the user data from our channels, particularly information about user interactions (including likes, comments, retweets), demographic and statistical data, and data communicated to us in the context of news and comments.

We would like to point out that using these social networks also gives the individual provider access to your data. This data can be used for market research and advertising purposes. We have no further knowledge about the data processing performed by providers of the respective social media platforms. Please note that the links to the individual platforms embedded in our website are merely links. These platforms only process data when you visit them.

We process the personal data of visitors to our online presences on the legal basis of our legitimate interest per Art 6 (1) (f) GDPR. Our legitimate interest lies in securing communications with our customers and informing them about updates and innovations associated with our products.

The social media networks are partially operated by providers located outside the EU/EEA. For that reason, we cannot rule out that your data might be transmitted to countries that have a different level of data protection than within the EU. We have signed EU Standard Data Protection Clauses with the providers to meet the requirements of Art. 44 GDPR and ensure a sufficient level of data protection. Please note that we have no influence on the data that the network providers process under their own responsibility.

For a comprehensive account of the individual data processing and opt-out possibilities, we would like to refer you to the following provider pages:

YouTube / Google (Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland)

Data privacy policy:


Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

Data privacy policy:


LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irleand) 

Data privacy policy:


Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Data privacy policy:


Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

Data privacy policy:


Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Data privacy policy:


Kununu (kununu GmbH, Neutorgasse 4-8, Top 3.02, Vienna, Austria)

Data privacy policy:


Data security

The KÖNIGSTEINER AGENCY deploys technological and organizational security measures to protect your data that is managed by us against accidental or intentional manipulation, loss, or deletion as well as against access by unauthorized persons. We continually improve our security measures in keeping with technological developments.

Your rights (subject’s rights)

If your personal data is processed, you are the data subject within the meaning of the GDPR, and you have the following rights vis-à-vis KÖNIGSTEINER (the controller):

  • Right of access per Art. 15 GDPR

You have the right to obtain confirmation from us whether or not we process personal data concerning you. If we have processed your data, you have additional rights of access as stated in Art. 15 GDPR.

  • Right to rectification

If the data we have obtained from you is inaccurate or incomplete, according to Art. 16 GDPR you can demand rectification from us without undue delay.

  • Right to restriction of processing

Under the conditions set out in Art. 18 GDPR, you can restrict the processing of your personal data under certain circumstances.

After restriction, your data can only be processed with your consent or to establish, exercise, or defend against legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a Member State. We will notify you before the restriction is lifted.

  • Right to erasure

You have the right of erasure of personal data without undue delay if one of the reasons listed in Art. 17 (1) GDPR applies, unless there is an exception to the obligation to erase data per Art. 17 (3) GDPR.

  • Notification obligation

If you have exercised the right to rectification, erasure, or restriction of processing with us, per Art. 19 GDPR we are obligated to communicate this to all recipients of your personal data, unless this proves impossible or involves disproportionate effort. In addition, you have the right to be notified about those recipients by KÖNIGSTEINER.

  • Right to data portability

In addition, according to Art. 20 GDPR, you have the right to receive from us personal data concerning you in a machine-readable format and to transmit that data to another controller without hindrance if the conditions in Art. 20 (1) (a) GDPR apply, or to have the personal data transmitted directly from us to another controller, if it is technically feasible and does not adversely affect the rights and freedoms of others. This right does not apply to processing of personal data that is necessary to perform a task carried out in the public interest or in the exercise of official authority.

  • Right to object

You have the right to object at any time to processing of personal data concerning you by the KÖNIGSTEINER AGENCY per Art. 6 (1) (f) GDPR.

We will no longer process your personal data unless legitimate reasons for processing override your interests, rights, and freedoms, or the processing serves to establish, exercise, or defend against legal claims.

  • Right to withdraw the data privacy declaration of consent

You have the right to withdraw your data privacy declaration of consent from the KÖNIGSTEINER AGENCY at any time. The withdrawal of consent does not affect the legality of processing performed due to the consent prior to its withdrawal.

Changes to the data privacy policy

This data privacy policy is continuously updated to reflect developments in the internet or our portfolio offerings. We will announce changes on this page in a timely manner. To stay up-to-date regarding the current status of our data usage conditions, please visit this page regularly.

Data Protection Officer

You can reach our Data Protection Officers as follows:

Contact information of the controller

Jurastr. 8
70565 Stuttgart, Germany

Tel. 0711 99007-0
Fax 0711 7801802

Managing Director:
Bernhard H. Reese