Data protection

I. Data Protection Notice for Business Customers and Suppliers of Circle2 GmbH

With the following information, we would like to provide you with an overview of how we process your personal data and your rights under the General Data Protection Regulation (Regulation (EU) 2016/679 – „DSGVO“) and the German Federal Data Protection Act („BDSG“).
This Privacy Policy applies to personal data of persons with whom we enter into contractual or business relationships, as well as of officers, directors, key account managers or other employees of our contractual or business partners, which we process in the context of existing or prospective contractual and business relationships. This includes, among others, existing or potential suppliers, service providers, customers or consultants as well as existing or potential cooperation partners or other partner companies.


1. responsible person and data protection officer


The data controller for the purposes of the DSGVO for the data processing activities outlined in this data protection declaration is

Circle2 GmbH
Sumpfweg 6, 72070 Tübingen
Managing directors: Dr. Tobias Heisig, Dr. Alexander Wittwer
Register court and number: AG Stuttgart, HRB 781420
phone: +49 89 20984810


2. sources and types of personal data


 We primarily process personal data that the data subjects themselves provide to us in the course of contractual and business relationships or that we receive from the respective contractual and business partners (e.g., from your colleagues with whom we are already in contact), for example, in the course of processing an inquiry or an order. In addition, we process personal data that we collect from publicly available sources (such as commercial register, press, Internet) or receive from third parties (e.g. credit agencies, business partners). If necessary, we will refer separately to any collection of personal data from third-party sources.

Relevant personal data are in particular personal details (such as surname, first name, address, bank details, billing address, tax number/USt-Id.) and other contact details (such as telephone number, e-mail address). In addition, this may also include contract or order data (e.g. sales data, volumes, planned quantities), data from the fulfillment of our contractual obligations, information about your financial situation (e.g. creditworthiness data), personal data (e.g. business interests, profession, industry, position, duties and powers) and other data comparable with the above categories.
The scope of the data processed about a person varies depending on the function in which the person appears to us, such as the position he or she holds with the respective business partner.


3. processing purposes and legal bases


 We process personal data for the following purposes on the basis of the following legal grounds:

We process personal data for the following purposes on the basis of the following legal grounds:
In individual cases, we process data because you have expressly consented to this (Art. 6(1)(a) DSGVO), such as receiving advertising by electronic mail and/or telephone;

Data processing is carried out for the performance of contracts concluded with you or your employment company and/or for the performance of pre-contractual measures (Art. 6 para. 1 lit. b DSGVO). As a rule, these are service contracts, possibly in combination with paid ancillary services, such as the granting of the possibility to use third-party software that supports us in providing the service. In this respect, we will process personal data e.g. in the context of processing and reviewing corresponding offers and inquiries; authentication of contractual partners, preparation and signing of contractual documents, processing of payments; sending of information letters;

Further data processing is carried out on the basis of legal requirements (Art. 6 para. 1 lit. c DSGVO): for example, to fulfill tax and other legal control and reporting obligations, as well as audits by tax or other authorities and to comply with legal retention periods;

  • In addition, we process your data to protect our legitimate interests (Art. 6(1)(f) DSGVO); namely for the following purposes:
  • Optimal contact support/relationship, also regarding the employees of our business partners;
  • Optimization of our business processes, such as by maintaining a supplier or prospect database, also in the context of „customer relationship management“;
  • Centralization or outsourcing of corporate functions;
  • Mitigating default risks in our business processes by consulting credit agencies (such as Creditreform, Bürgel) and determining score values (profiling), which help us to assess the likelihood of contractual partners meeting their payment obligations in accordance with the contract on the basis of a recognized mathematical-statistical procedure;
  • Assertion and defense of legal claims;
  • Market research purposes.


4. Market research purposes


Under certain circumstances (beyond the cases already mentioned above), your personal data will be passed on for the purposes mentioned above; in detail:

  1. if it is necessary for the clarification or prosecution of illegal or abusive incidents, personal data will be forwarded to our legal advisors, law enforcement authorities and, if applicable, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behavior. A transfer may also take place if this serves the enforcement of contractual provisions between us and our contractual and business partners.
  2. We are also legally obligated to provide information to certain public authorities upon request. These are primarily law enforcement agencies, authorities that prosecute administrative offenses subject to fines and the tax authorities.
  3. if it is necessary for the processing of your request or the conclusion or implementation of a contractual or business relationship with you, as well as in the case of centralized or outsourced corporate functions, your data may be passed on to companies affiliated with us for the fulfillment of the above-mentioned purposes (for example, in the event that we make third-party software available to you for use and therefore have to communicate personal data of the users to the software provider in order to have a user account created there and thus verify the intended users).
  4. Occasionally, in order to fulfill the purposes described in this Privacy Policy or to provide our services, we may rely on contractually affiliated third-party companies or other cooperation partners located outside the EU or EEA, as well as external service providers, such as brokers, logistics companies, IT service providers, business consultants and financial institutions. In such cases, information is passed on to these companies or individuals to enable them to continue processing. Insofar as these are entities outside the EU or the EEA, we ensure an appropriate level of data protection, for example by concluding appropriate contracts with the data recipient.
  5. as part of the further development of our business, the structure of our company may change by changing its legal form or by founding, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information is transferred along with the part of the company being transferred. Whenever personal information is transferred to third parties to the extent described above, we will ensure that it is done in accordance with this Privacy Policy and relevant data protection laws.

5. processing period

We process your personal data for the duration of your employment with one of our business partners, but no longer than until the final termination of the respective business relationship between us and your employment company. We delete transaction-related information (such as relating to a specific contractual or order relationship) after the end of the respective transaction, e.g. fulfillment of a supply contract, with a period of three years after the end of the respective calendar year, unless these are subject to longer statutory retention obligations (such as the six- or ten-year retention period pursuant to Section 257 of the German Commercial Code); in such a case, the data concerned will be blocked for any further processing.

6. data subject rights


  You have the right to obtain information about the data stored about you at any time. If the respec- tive requirements are met, you are also entitled to the following rights:

  • Right to rectification: You are entitled to the correction of incorrect personal data concerning you.
  • Right to erasure: You may also request the erasure of your personal data, for example if your data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • Right to restriction of processing: You also have the right to request the restriction of the processing of your personal data; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data is disputed between you and us.
  • Right to data portability: if we process your personal data for the performance of a contract with you or on the basis of your consent, you also have the right to receive your personal data in a structured, common and machine-readable format, if and to the extent that you have provided us with the data.
  • Right to revoke consent: If you have given us consent to process your personal data, you may revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
  • In addition, you may object to data processing for reasons arising from your particular situation. However, this only applies in cases where we are processing data to fulfill a legitimate interest. If you can present such a reason and we cannot assert a compelling interest worthy of protection in the further processing, we will not further process this data for the respective purpose.

In addition, you may object to data processing for reasons arising from your particular situation. However, this only applies in cases where we are processing data to fulfill a legitimate interest. If you can present such a reason and we cannot assert a compelling interest worthy of protection in the further processing, we will not further process this data for the respective purpose.


7. status and amendment of this data protection declaration


The status of this data protection declaration is 12/2021.

The further development of our company may also affect the handling of personal data. We therefore reserve the right to amend this data protection declaration in the future within the framework of the applicable data protection laws and, if necessary, to adapt it to changed data processing realities. We will notify you separately of any significant changes to the content.

II.Data protection declaration of CIRCLE2 GmbH (as of 12/2021) for users of our website

We take the protection of your personal data very seriously! The following statement gives you an overview of how we ensure this protection and what kind of data is collected for what purpose. Basically, the basis for the storage and use of your data is your consent. Or a legal permission. What we do with your data depends on this. A note in advance: For better readability, we refrain from using masculine and feminine forms of speech – all personal designations apply equally to both genders.


„GDPR“ is used here as a short form for the EU General Data Protection Regulation. The following information serves in accordance with Art. 13 (or Art. 14) DSGVO to fulfill the information obligations in areas in which Circle2 GmbH collects, processes or uses personal data as the responsible party.


Responsible for data protection:

CIRCLE2 GmbH, Managing Directors Dr. Alexander Wittwer, Dr. Tobias Heisig, Sumpfweg 6, 72070 Tübingen.


Rights of the data subject:

In order to ensure fair and transparent processing, we would like to point out that the following rights, among others, exist for the data subject:

  • The right to information
  • The right to correction or deletion or to restriction of processing
  • The right to withdraw consent
  • The right to data portability

As a legal basis, reference should be made here to Articles 15-22 DSGVO. For purposes of exercising these rights, please contact:, if required. Furthermore, there is the right to complain to a supervisory authority.


Other information:


There is currently no automated decision-making including profiling. If CIRCLE2 GmbH intends to further process the personal data for a purpose other than that for which the personal data was collected, it will provide the data subject with information about this other purpose and any other relevant information prior to such further processing. Provided that the other purpose is compatible with the previous purposes for which permissibility was given or legitimate interests of CIRCLE2 prevail, separate information is not necessary. Your trust is important to us. Therefore, we are available at any time to answer any questions you may have regarding the processing of your personal data. If you have any questions that cannot be answered by this data protection declaration or if you would like more detailed information on any point, please contact the data protection officer at any time at

For all users of our website

When using our website, the following data is stored for organizational and technical reasons: the names of the pages accessed, the browser and operating system used, the date and time of access, names of downloaded files and their shortened IP address. This evaluation serves exclusively to optimize our Internet presence and does not allow any conclusions to be drawn about an individual person.


Use of cookies


We use cookies to make our site more user-friendly. Cookies are small text files that are stored on your terminal device. They help you to navigate the website comfortably and without delay. Only anonymous data is used for this purpose – it is not possible for us to identify you as a person behind it. Cookies do not cause any damage to your computer and do not contain viruses. Most of the cookies we use are so-called „session cookies“. They are automatically deleted after the end of your visit. Other cookies remain on your terminal device and enable us to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. You can block or delete individual cookies. However, for technical reasons, this may result in some functions of our website being impaired and no longer functioning fully.