Privacy Policy

Privacy Policy

Avenga Germany GmbH
Bahnhofsvorplatz 1
50667 Cologne, Germany
+49 (0) 221 84 630 0
Fax: +49 (0) 221 84 630 165

Thorsten May
Katarzyna Lubieniec
Sascha Langfus

(hereinafter referred to as »Avenga Germany«)

Protection Officer:
Roderich Pilars de Pilar



1. Information on data processing, legal bases and terminology

1.1. This data protection declaration clarifies the type, scope and purpose of the processing of personal data within our online offer and the websites,
functions and contents connected with it (hereinafter jointly referred to as “website” or “online offer”). The privacy policy applies regardless of
the domains, systems, platforms and devices (e.g. desktop or mobile) used to run the Website. For the area of our website aimed at applicants of
Avenga and operated under (hereinafter referred to as the “Applicant Area”), there are supplementary regulations under Art. 12 of this
Privacy Policy.

1.2. The terms used, such as ‘personal data’ or their ‘processing’, refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

1.3. The personal data of the users processed in the context of this online offer includes usage data (the visited websites of our online offer, access times), communication data (device IDs, IP addresses, location data, browser type and version, operating system used, website, from You visit us), content data (entries in the contact form) as well as applicant data (name, contact details, subject areas, application documents).

1.4. The term “user” covers all categories of persons affected by data processing. These include our business partners, customers, prospects, applicants and other visitors to our online offer. The terms used, such as “users” are to be understood gender-neutral.

1.5. We process personal data of users only in compliance with the relevant data protection regulations. This means that users’ data will only be processed if we have a legal permit. That is, especially if the data processing for the provision of our contractual services (eg processing of orders) as well as online services is required or required by law, the consent of the user exists, as well as our legitimate interests (ie interest in the analysis, optimisation and economic Operation and security of our online offer within the meaning of Art. 6 (1) lit. GDPR, in particular in the range measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and use of the services of third-party providers).

1.6. Please note that the legal basis for the consent is Art. 6 para. 1 lit. a. and Art. 7 GDPR. The legal basis for processing for the purpose of fulfilling our services and implementing contractual measures is Art. 6 para. 1 lit. b. GDPR. The legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c. GDPR and the legal basis for the processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f. GDPR.

2. Safety measures

2.1. We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

2.2 .The security measures include in particular the encrypted transmission of data between your browser and our server.

3. Disclosure of data to third parties and third parties 

3.1. A transfer of data to third parties is only within the scope of legal requirements. We only pass on the data of the users to third parties if, for example, on the basis of Art. 6 para. 1 lit. b) GDPR is required for contract purposes or based on legitimate interests in accordance with Art. Art. 6 para. 1 lit. f. GDPR for efficient and effective operation of our business operations.

3.2. If we use subcontractors to provide our services, we will take appropriate legal precautions and appropriate technical and organisational measures to protect personal data in accordance with applicable law.

3.3. In the context of this Privacy Policy, if content, tools or other means are used by other providers (collectively referred to as “Third Party Providers” ) and their registered office is located in a third country, it can be assumed that the data will be transferred to the countries of residence of the third party providers. Third countries are to be understood as countries in which the GDPR is not directly applicable law, ie in principle, countries outside the EU or the European Economic Area. The transfer of data to third countries occurs either when there is an adequate level of data protection, user consent or other legal authorization.

3.4. Avenga is a group of companies, see: Within this cooperation, marketing activities can be carried out by one partner for the entire group. For this purpose, data may be processed outside the EU, e.g. in Ukraine or the USA. Contracts were signed between the partners for processing personal data in compliance with EU security guidelines.

4. Collection of access data and log files

4.1. Based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f. GDPR Data on every access to the server on which our website is located (so-called server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, amount of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address (anonymised) and the requesting provider.

4.2. Log File information is stored for security reasons (eg to investigate abusive or fraudulent activities) for a maximum of 30 days and then deleted. Data whose further retention is required for evidential purposes are excluded from the erasure until the final clarification of the incident.

4.3. For the hosting of our website we use a service provided by Avenga Germany GmbH, Bahnhofsvorplatz 1, 50667 Cologne. As part of the hosting, the IP address of the user (anonymous) in the form of log files to the Avenga Germany GmbH transferred, where it will be deleted after 2 months at the latest. It processes the data on our behalf in accordance with Art. 28 (3) sentence 1 GDPR.

5. Cookies and reach measurement

5.1. Cookies are information transmitted by our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

5.2. The use of cookies in the context of pseudonymous range measurement informs users in the context of this privacy policy.

5.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

5.4. You may opt for the use of cookies for distance measurement and promotional purposes through the Network Advertising Initiative’s opt -out page ( ) and, in addition, the US website ( ) or the European website ( your-ad-choices/).

5.5. Our cookies usage can differ depending on the browser, device or network settings, as follows:

1. Session-Cookies, Strictly Necessary Cookies (mandatory / essential cookies)

Name Usage Storage period
fdx2t Identification of a page view Session
fdx2v Identification of a page view Session

2. Functional cookies, cookies on user behaviour and analysis technologies

Name Usage Storage period
CookieMessageClosed Store cookie banner information 30 days
fdx2s Maintaining the current session 2 minutes

3. Tracking-Cookies 

Name Usage  Storage period
fdx2u Recognizing a user 1 year

4. Third party cookies

Name Usage Storage period
_ga (Google) Differentiation from users 2 years
_gat (Google) Google property ID 1 minute
_gid (Google) Differentiation from users 1 day
_gac_<property-id> (Google) Differentiation of users in Google campaigns 1 minute
AMP_TOKEN Contains a token that can be used to retrieve a Client ID from the AMP Client ID Service 1 day
__cfduid (HubSpot) Security cookie from Cloudflare, the CDN provider of Hubspot 30 days
__hssc (Hubspot) Tracking of session 30 minutes
__hssrc (Hubspot) Session-Cookie session
__hstc (Hubspot) contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session) 13 month
hubspotutk (Hubspot) Tracking the identity of a visitor to deduplicate contacts 13 month
_pxhd (Hubspot) Sessioncookie from Zoominfo, Service provider of Hubspot session
connect.sid (Hubspot) Sessioncookie from Zoominfo, Service provider of Hubspot session
visitorId (Hubspot) Sessioncookie from Zoominfo, Service provider of Hubspot session
UserMatchHistory (LinkedIn) Feed and Insight Tag 30 days
bcookie (LinkedIn) Optimize reach of advertising on LinkedIn 2 years
bscookie (LinkedIn) Optimize reach of advertising on LinkedIn 2 years
lang (LinkedIn) Language in session Session
lidc (LinkedIn) Optimize reach of advertising on LinkedIn 1 day
lissc (LinkedIn) Optimize reach of advertising on LinkedIn 1 year
li_sugr (LinkedIn) Identification of the browser 3 month
BizographicsOptOut (LinkedIn) Determining the opt-out status for third-party tracking 10 years
_guid (LinkedIn) Browser identification for interaction with Google Ads 1 year
li-oatml (LinkedIn) Indirect identifier for conversion tracking, retargeting, analysis 1 month
li_fat_id (LinkedIn) Indirect identifier for conversion tracking, retargeting, analysis 1 month
U (LinkedIn) Identification of the browser, LinkedIn Insight tag if the IP address is in an unknown country 3 month
snid Tracking the identity of a visitor to deduplicate contacts 5 years


6. Google Analytics

6.1. Based on our legitimate interests (ie interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR), we use Google Analytics, a web analysis service provided by Google Inc. (“Google”), Google uses cookies. The information generated by the cookie about the use of the online offer by the users are usually transmitted to a Google server in the USA and stored there.

6.2. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation ( participant? Id = a2zt000000001L5AAI & status = Active ).

6.3. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offering and to provide us with further services related to the use of this online offer and the internet usage. In this case, pseudonymous user profiles of the processed data can be created.

6.4. We only use Google Analytics with activated IP anonymization. This means that the IP address of the users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address will be sent to a Google server in the US and shortened there.

6.5. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; Users may also prevent the collection of data generated by the cookie and related to their use of the online offer as well as the processing of this data by Google by downloading and installing a browser plug-in available under the following link: .com / dlpage / gaoptout? hl = en .

6.6. For more information about Google uses data, settings and opposition opportunities can be found on the websites of Google: / privacy / partners ( “How Google uses data when you use websites or apps our partners “), technologies / ads (” Use of data for promotional purposes “), (” Managing information that Google uses, to show you advertising “).

7. Сontact

7.1. When contacting us (via contact form or email), the information provided by the user to process the contact request and its processing acc. Art. 6 para. 1 lit. b) GDPR processed.

7.2. To process the contact requests Avenga Germany uses the Hubspot service, a service of Hubspot Inc. Hubspot has its headquarters in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here ( This involves the use of “cookies” or similar technologies (such as “web beacons”) that are stored on your computer and allow us to analyze your use of the site. The information collected (e.g., IP address, geographic location, browser type, length of visit and pages viewed) is analyzed by Hubspot on behalf of Avenga to generate reports about the visit and the Avenga websites visited. If you have registered on our website, Hubspot may also link a user’s visits to Avenga websites with personal information (primarily name/email address) based on consent given, thereby collecting personal data and providing users with individual and targeted information on preferred topics. For the same purpose we link approved personal data with further information from freely accessible sources. For more information about how Hubspot works, please see Hubspot Inc.’s privacy policy, available at:

7.3. In order to process contact requests, we use “Salesforce”, which is CRM software by the provider Germany GmbH, Erika-Mann-Str. 3, 80636 Munich, Germany. You can view the provider’s Data Policy here:

8. Embedding third-party services and contents

8.1. On the basis of our legitimate interests (i.e. the interest in the analysis, optimisation and economic operation of our website as defined by Section 6 Subsection 1 lit. f. GDPR), within our website, we use offers of content and services by third-party providers such as embedding possibilities for recommending our website (hereinafter holistically called “contents”). This always presupposes that the third-party providers perceive the users’ IP address, because they could not send the contents to their browser without the IP address. The IP address is thus necessary for the presentation of these contents. We endeavour to only use such contents whose respective provider solely uses the IP address to send out the contents. Furthermore, third-party providers can use so-called pixel tags (invisible graphic images also called “web beacons”) for statistical or marketing purposes. Via the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users’ device and contain, among others, technical information about the browser and operating system, referring websites, time of visit as well as other details on using our website, and can also be associated with such information from other sources.

8.2. The following provides an overview of third-party providers as well as their contents plus links to their Privacy Policies, which contain further information on the processing of data and, partially stated here, possibilities of revocation (so-called “opt-out”):

8.3. Functions of the service Google+ are embedded in our website. These functions are provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the contents of our pages with your Google+ profile by clicking the Google+ button. By doing so, Google can assign the visit to our pages to your user account. We must point out that we, as the provider of the pages, receive no knowledge of the content of the transmitted data, nor of the use of it by Google+. Privacy Policy:, Opt-Out:

8.4. Our website uses functions of the network, LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. When visiting one of our pages that contains functions of LinkedIn, a connection is established to servers of LinkedIn. LinkedIn is informed that you have visited our web pages with your IP address. If you click on the “Recommend-Button” of LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. We must point out that we as the provider of the pages receive no knowledge of the content of the transmitted data nor of the use of it by LinkedIn. Data Policy of LinkedIn:, Opt-Out:

8.5. We use social plug-ins of the social network, Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). If you visit a page that contains such a plugin, your browser makes a direct connection to the servers of Pinterest. The plugin transmits logging data to the server of Pinterest in the USA. This logging data may contain your IP address, the address of the page visited that equally contains Pinterest functions, type and settings of the browser, date and time of the request, your means of using Pinterest as well as cookies. Privacy Policy of Pinterest:

8.6. Functions of the service Twitter are embedded in our website. These services are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When using Twitter and the “retweet” function, the websites you have visited are linked up to your Twitter account informing others. At the same time, data is also transmitted to Twitter. We must point out that we, as the provider of the pages receive no knowledge of the content of the transmitted data nor of the use of it by Twitter. Privacy Policy of Twitter at You can change your Twitter privacy settings in the account settings at

8.7. We use functions of the network XING. The provider is XING SE Dammtorstraße 30, 20354 Hamburg, Germany. every time one of our pages containing functions of Xing is accessed, a connection is established to the servers of Xing. As far as we know, personal data is not stored. In particular, no IP addresses are stored nor is user behaviour analysed. Privacy policy of XING:

8.8. We use the marketing tool Unbounce on our websites to create forms for establishing contact and processing incoming enquiries. This is a service provided by Unbounce Germany GmbH, Friedrichstraße 68, 10117 Berlin, German. Privacy Policy of Unbounce: .

9. Downloading exclusive contents

9.1. Avenga offers registered users the possibility of requesting exclusive editorial contents on the website by e-mail and to download them. In the scope of this registration, we store the user’s name, e-mail address, the company and the telephone number for our own advertising purposes as well as the sending out of these contents as per their express consent as defined by Section 6 Subsection 1 lit. a. and Section 7 GDPR.

9.2. To process registrations, we use”MailChimp”, a marketing automation platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the marketing automation platform’s data protection provisions here: The Rocket Science Group LLC d/b/a MailChimp is certified under the EU-US Privacy Shield and, due to this, provides a guarantee of observing the European level of data protection (https://www.privacyshield .gov/participant?id=a2zt0000000TO6hAAG&status=Active).

9.3. The user can revoke the processing of the data stated under Item 9.1 at any time as defined by Section 14 of this Privacy Policy.

9.4. Avenga uses Hubspot, a service of Hubspot Inc., on its websites for analysis purposes. Hubspot is headquartered in the USA and is certified under the EU-US Privacy Shield. A current certificate can be viewed here. “Cookies” or similar technologies (such as “web beacons”) are used, which are stored on your computer and enable us to analyze your use of our website. Hubspot evaluates the information collected (e.g. IP address, geographical location, type of browser, duration of visit and pages viewed) on behalf of Avenga in order to generate reports about the visit and the pages visited on the Avenga website. If you have registered on our website, Hubspot allows us to link a user’s visits to Avenga websites to personal data (above all name/email address) on the basis of a consent given, thus recording personal data and informing users individually and purposefully about preferred topics. For the same purpose, we link approved personal data with further information from freely accessible sources. Further information about the functionality of Hubspot can be found in the Hubspot Inc. data protection declaration under:

10. Regulations for applicants

10.1. By submitting your application via our website, you agree to the processing of your personal data as part of the recruiting process. This includes name, address, date of birth, phone number, e-mail address and any other data from the CV or other attachments.

10.2. Application for a job in Germany: Controller of data is Avenga Germany GmbH, Bahngofsvorplatz 1, 50667 Cologne, Germany. During the process, the data is stored in our applicant management system Talention, a software of TFI GmbH, Delphiplatz 1, 42119 Wuppertal, Germany.

10.3. Application for a job in Poland: Depending on the particular recruitment process your data controller might be one of the following companies: 

a. IT Kontrakt Sp. z o.o. with the registered office is in Wrocław, 66 Gwiaździsta street, 53-413 Wrocław, KRS: 0000210937

b. ITK Inwestycje Sp. z o.o.  with the registered office in Warsaw, 26 Przyokopowa, 01-208 Warsaw, KRS: 0000654511

c. Solid Brain Sp. z o.o. with registered office in Cracow, 22 Gen. Zielińskiego, 30-320 Cracow, KRS: 0000518453 Contact on your personal data is available on After registration of your CV in the system you will receive detailed information clause and request for submitting consents. 

10.4. Application for a position in Ukraine or the USA: During the process, the application data is first sent by e-mail to CoreValue and then stored in our applicant management system Corebase. This is hosted and managed by CoreValue, Heroiv UPA St, 73, Lviv, Lviv Oblast, Ukraine, 79000.

10.5. If the application procedure is followed by the conclusion of an employment contract, the data transmitted by the applicant may be stored in the personnel file for the purpose of the usual organisational and administrative process in compliance with the legal regulations of relevant company from the Avenga Group.

10.6. If the conclusion of the application process does not follow the conclusion of a contract of employment, the applicant’s data will be stored for 2 months and then deleted completely. In case when you agreed for the data processing for future recruitment process your data will be stored until your consent withdrawal.

11. Inclusion in the talent pool

11.1. For candidates who are not candidates in a specific application process Candidates or their profile does not fit into a current vacancy (hereinafter referred to as “candidates” ), there is the possibility of inclusion in a relationship database of Avenga (hereinafter referred to as “talent pool” ). The type of database depends on your data controller. You will be specifically asked for a consent to be included in the talent pool by your respective data controller. 

11.2. The processing of these data takes place in accordance with the explicit consent of the candidate in accordance with Art. 6 para. 1 lit. a. and Art. 7 GDPR.

11.3. Candidates may at any time object to the processing of the data referred to in 10.1 in accordance with Art. 13 of this Privacy Policy.

12. Deletion of data

12.1. The data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and the deletion does not conflict with any statutory storage requirements. If the users’ data are not deleted because they are required for legally permitted purposes, their processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of users who must be kept for commercial or tax reasons.

12.2. Applicable only for Avenga Germany: According to legal requirements the storage takes place for 6 years according to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as for 10 years according to § 147 Abs. 1 AO (books, records, management reports, Accounting documents, commercial and business letters, documents relevant for taxation, etc.).

13. Right of revocation

13.1. Users can revoke future processing of their personal data according to statutory regulations at any time. The revocation may, in particular, be directed towards processing for purposes of direct marketing.

14. Amendments to the Privacy Policy

14.1. We reserve the right to amend the Privacy Policy to adapt it to changes in law or in the event of a change in the service as well as data processing. Insofar as the consent of the users is required or components of the data protection declaration contain regulations of the contractual relationship with the users, the changes are only made with the consent of the users.

14.2. Users are requested to obtain information about the content of the Privacy Policy at regular intervals.

Rules for general equal treatment

For easier readability, a gender-specific representation, such as employee, is dispensed with. Appropriate terms apply in the sense of equal treatment, of course, for all genders.

The Company is fully committed to providing equality to individuals fairly and irrespective of age, disability, gender, gender reassignment, marital or civil partnership status, pregnancy or maternity, race  including colour, ethnic or national origins and nationality, religion or belief or sexual orientation We aim to create a working environment that is free from discrimination and harassment in any form, in which all staff, customers and suppliers are treated with dignity and respect.