Skip to content
Hybrick Logo

Data privacy

Data Protection Privacy Policy according to Article 13 of the European General Data Protection Regulation (GDPR)

Information on the processing of your data according to Article 13 of the European General Data Protection Regulation (GDPR). This privacy policy applies to the online offering of Hybrick GmbH and to the personal data collected through these websites.


I. Responsibility:

(1) Responsible for the processing of personal data on these websites is:

Hybrick GmbH
Törringstraße 22
D-81675 München

Registry entry Registration in the commercial register Local Court Munich HRB 282280


Represented by

Moritz Kränkl, Peter Forster


Contact details

T: +49 30 856 215 781

Please send data protection inquiries for Hybrick to our data protection team

Hybrick GmbH
co: Investa Holding GmbH
Data Protection Team
Düsseldorfer Straße 15
65760 Eschborn



(2) Hybrick, as part of the Investa Group, has appointed an external data protection officer with the competent supervisory authorities according to Article 37 GDPR. His personal contact details will be provided upon request.

(3) The online offering is maintained by service providers on our behalf and according to our specifications. Contracts for order processing are concluded with service providers, if necessary.



II. Data processing when using the website:


1) Personal data:

According to Article 4 GDPR, personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more special characteristics expressing the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.


2) Contact form:

If you provide us with personal data about yourself in the context of an inquiry through our contact form, we use this data to fulfill our tasks, your order, and solely for the purpose for which you provide us with this data. The provision of personal data about yourself for the processing of your inquiry is voluntary. In the course of processing your inquiry by us, it may be necessary to request further data and information from you. If you do not wish to provide us with the additional information in such a case, this does not have any immediately adverse legal consequences. In individual cases, however, the failure to provide the requested information may make it difficult or impossible to process your inquiry.


3) Usage data:

With each request for an internet file, the following non-personal access data is stored at Hybrick, Investa, and service providers for statistical evaluations:

the website from which our website or file was requested,

the name of the requested file,

the date and time of the request,

the amount of data transmitted,

the access status (file transmitted, file not found, etc.),

the type of access (GET, POST),

the browser or operating system used,

the anonymized IP address of the requesting computer,

the session ID


For the functionality, data security, to investigate unauthorized access, or to prevent misuse of the website, the complete IP address of the requesting computer is recorded, stored, and automatically deleted 14 days after the end of access.


4) Range measurement & Cookies:

This website uses session cookies for service processing, which are transmitted to the user’s browser either from our server or a third-party server. Cookies are small files that are stored on your end device. Your browser accesses these files. The use of cookies increases the user-friendliness and security of this website. Most browsers are set to accept cookies. However, you can disable the storage of cookies at any time in your browser or set your browser to notify you as soon as cookies are sent. We would like to point out, however, that you may then not be able to use all functions of this website.

Currently, only session cookies are used. There is no tracking of your usage behavior.


5) Data deletion and storage duration:

The personal data of users is deleted or blocked as soon as the purpose of storage ceases to apply. Unless storage is required beyond this, if this is required by laws or other regulations to which Hybrick, as the responsible party, is subject, or if it is necessary for the legitimate interests of the responsible party.


6) Data transmission to third parties:

User data is only transmitted to third parties if this is legally permitted or if a user has consented to the transmission. This is the case, for example, when the transmission of data serves the fulfillment of contractual obligations towards the user.


7) Recipients or categories of recipients:

As a rule, personal data that you provide to us about yourself is processed only by Hybrick. To fulfill our tasks and duties, it may be necessary for us to disclose the personal data stored about you to third parties; natural and legal persons, authorities, institutions, or other entities, if there is a legal basis for this.


8) Newsletter dispatch:

If you want to receive the newsletter offered on the website, we need your email address. The registration for the newsletter takes place in a double-opt-in procedure. To verify that registration is actually carried out by the owner of an email address, we use the double-opt-in procedure. This means that following your newsletter registration, you will receive an email in which you must confirm your registration again. This ensures that someone unauthorized cannot register with your email address. The registration for the newsletter is logged (storage of the registration and confirmation time and IP address). The logging allows the registration process to be documented in accordance with legal requirements. The legal basis for logging is Article 6(1)(f) GDPR: Our legitimate interest arises from the fact that we use a secure and user-friendly newsletter system that is useful for sending newsletters and protects the personal data of newsletter subscribers. Furthermore, it allows us to prove consents.

The legal basis for newsletter dispatch and the associated success measurement is based on the consent given by the data subject (recipient) according to Article 6(1)(a) GDPR, Article 7 GDPR.

Possibly, for existing customers, also based on Article 6(1)(f) GDPR in conjunction with § 7(2) No. 3 UWG or based on the legal permission according to § 7(3) UWG as well as Article 6(1)(f) GDPR. Our legitimate interest in success measurement arises from the fact that we can recognize the reading habits of our users based on the openings of newsletters, opening times, and the clicked links, in order to create and send them interest-based and useful content.

You can object to further receipt of the newsletter at any time by clicking on the unsubscribe link displayed at the end of each newsletter or by sending us an informal email with the subject “Unsubscribe from the newsletter” to the email:


9) Whitepapers, Webinars / Requirement for the use of free services:

We offer you the opportunity to use whitepapers and free webinars as free services through our website. As a condition for receiving these free services, consent to the dispatch of our newsletter may be made dependent. You can revoke your consent to receive advertising mailings (see newsletter) at any time and unsubscribe from the newsletter at any time, for example, via the unsubscribe link in each newsletter.

9.1) Whitepapers:

For the download of the whitepapers offered by us through our website, the indication of an email address and optionally first and last name as well as company is required. The use / download of the contents of the whitepapers is free of charge, but with the consent of the data subject that, in return, consent to receive advertising mailings (see newsletter) is given. After requesting the whitepaper download, you will receive a double-opt-in email in which you must confirm your consent to receive the whitepaper. This prevents unauthorized persons from misusing your email address. To receive the whitepaper, you must confirm the registration link in the registration email.

The storage period is generally for the registration for the whitepaper and newsletter as long as the consent to newsletter dispatch is not revoked.

9.2) Webinars via Microsoft (Teams):

For free webinars, your data is only collected by us during the respective live session. System-enabled recording is prevented for all participants. Registration data is deleted after the purpose has been fulfilled. Deletion usually takes place after a storage period of a maximum of six months in our system.

To conduct live webinars, we use the webinar solution of the Microsoft Teams video conferencing tool. The tool allows for effective content delivery to a larger number of participants over the Internet and helps to maintain the quality of the webinars. The video conferencing tool used for the webinars is configured by us in such a way that only personal data that is absolutely necessary for the execution of the webinar is processed, and that the collected data is best protected.

Ensuring an acceptable level of data protection is realized through system-enforced end-to-end encryption. This limits the transmission of data to the data specified by the user during registration and the metadata associated with participating in the seminar. The registered user is generally responsible for what data he reveals about himself during registration. Pseudonymous use is generally possible. During the webinars, the chat function is deactivated for all participants, messages and chats as well as participants can only be viewed by the moderator and presenter.

Recording of the webinar does not take place. System-enabled recording via Teams is prevented for all participants.

The use of Teams is based on a legitimate interest (Article 6(1)(f) GDPR), in the practical and user-friendly execution of the webinar, including a good user experience.

9.3) Third-country transfer for webinars:

Processing of personal data in the context of participation and execution of our free webinars outside the EU, namely in the USA, is not planned or intended. As a precautionary measure, we have nevertheless concluded guarantees in the form of concluded standard contract clauses with the provider Microsoft. The provider Microsoft is also certified for the Data Privacy Framework. Within the framework of the so-called “Data Privacy Framework” (DPF), the EU Commission has recognized the level of data protection for certain companies from the USA as safe within the framework of the adequacy decision of July 10, 2023. The list of certified companies as well as further information on the DPF can be found on the website of the US Department of Commerce at


9.4) Storage period:

Data is only collected by us during the respective live session. Recording usually does not take place or only with the prior, separate consent of the participants. Registration data is deleted after the purpose has been fulfilled. Deletion usually takes place after a storage period of a maximum of 6 months in our system.


10) Recipients of data / processors for newsletters, whitepapers, etc.:

For the dispatch of newsletters, possibly occurring evaluations, and provision of whitepapers, we use service providers who act as our processors. We have concluded agreements with all service providers who process personal data on our behalf in accordance with Article 28 GDPR for order data processing and have obligated them to treat your data confidentially.

I: Your rights

As a data subject, you have various rights under the GDPR, particularly arising from Articles 15 to 18, 21 GDPR:

1) Right to information:

You can request information according to Article 15 GDPR about your personal data processed by us. In your request for information, you should specify your concerns to facilitate the compilation of the necessary data for us.


2) Right to rectification:

If the information concerning you is not (no longer) correct, you can request rectification according to Article 16 GDPR. If your data is incomplete, you can request completion.


3) Right to erasure:

Under the conditions of Article 17 GDPR, you can request the erasure of your personal data. Your right to erasure depends, among other things, on whether the data concerning you is still needed by us to fulfill our legal tasks or if legitimate interests oppose erasure.


4) Right to restriction of processing:

Within the framework of the provisions of Article 18 GDPR, you have the right to request the restriction of the processing of the data concerning you.


5) Right to object:

According to Article 21 GDPR, you have the right to object to the processing of the data concerning you at any time for reasons arising from your particular situation. However, we cannot always comply with this, e.g., if there is a legal provision requiring us to process or if legitimate interests oppose it.

You can assert your data subject rights against us at any time, preferably in writing by email to our data protection team:

Hybrick GmbH, co: Investa Holding GmbH

Data Protection Team, Düsseldorfer Straße 15, 65760 Eschborn


Stand: February 2024