Privacy Policy

We set great store by the protection of your personal data. As the protection of your personal privacy and also your business data is very important to us, we observe the data protection regulations applicable in Germany.

In the following, we would like to inform you in detail about the type of data that is collected when you visit our website and use the services we offer there, and how this data is subsequently processed or used, as well as which accompanying protective measures we have taken with regard to technical and organisational matters.

1.Data controller / service provider

The data controller as defined by the GDPR and, at the same time, the service provider within the meaning of the German Teleservices Act (TMG) is Chamäleon GmbH, legally represented by the CEO Sascha Hagemann, cf. our Legal web page.

Please direct questions or comments about this privacy policy or general questions regarding data protection to the following email address:

To exercise your rights in connection with this privacy policy, please contact: 

Chamäleon GmbH
Rudolf-Diesel-Straße 8a
69115 Heidelberg

Alternatively, you can send an email to:

2. Collecting and processing non-personal data

(1) If you simply visit the website, we do not collect any personal data. However, every server stores access to websites automatically. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. The user’s IP address must be stored for the duration of the session. Our web server records temporarily for the purpose of system security the IP address of the accessing computer, the browser you use, the operating system used, the access data and the time, the web sites that you visit, the uniform resource locators (URL) accessed on our websites and the website you have just visited (referrer URL). This information is stored anonymously and is not connected with your personal data. It is not possible to draw conclusions about your person or your individual behaviour.

The legal basis for the temporary storage of data and the log files is point (f) of Article 6(1) GDPR.

(2) We store computer-related data to record trends and produce statistics. This stored data serves also for the purposes of identification and the tracking of unauthorised access attempts on our server. We produce profile information about the use of our own websites, which is exclusively anonymised, and solely for the improvement of the user experience and the optimisation of the offer in the interests of users. No personally-related surfer profile or similar is produced or processed.

(3) The website uses cookies in various places. These are small text files, which are placed on your computer and stored by your browser. Cookies serve to design our offer in a more user-friendly, effective and secure way. These purposes include our legitimate interest in the processing of personal data pursuant to point (f) Article 6(1) GDPR. Most of the cookies deployed by us on this website are session cookies, which are automatically deleted at the end of the visit to the website.

In this way, the following data can be transmitted: search terms entered, frequency of website access, use of website functions.

The data of users that is collected in this way is pseudonymised using technical measures. Therefore, it is no longer possible to associate the data with the user accessing the website. This data is not stored together with other of the user’s personal data. When our website is accessed, users are notified of the use of cookies for analysis purposes by an info banner and referred to this privacy policy. In this context, information is also given on how the storage of cookies can be prevented in the browser settings.

You can determine yourself through the settings in your browser whether cookies should be placed and downloaded. For instance, in your browser you can completely deactivate the storage of cookies, limit it to certain websites or configure your browser so that it notifies you automatically as soon as a cookie is about to be placed and request your feedback with regard to this. For technical reasons, however, it is necessary that you allow session cookies for all the features of our website to be fully functional.

No collection or storage of personal data in cookies takes place in this connection. Neither do we use any technologies to link information from cookies with user data. 

The legal basis for the processing of personal data by using cookies is (f) of Article 6(1) GDPR.

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. This happens when the particular session has ended, in the event of data being captured for the provision of the website. IP addresses are, in principle, deleted seven days after collection at the latest. It is possible for data to be stored beyond this point. In this instance, the IP addresses of users are erased or anonymised, so that an association with the accessing client is no longer possible.

The capture of data to provide the website and the storage of data in files is an absolute requirement required for the operation of the website. Consequently, there is no opt-out option for the user.

3. Google Analytics

We use Google Analytics on our website. This is a web analysis service of Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, US ("Google"). Google Analytics uses cookies, which are stored on your computer and which enable an analysis of the use of the website to be made. The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the US and stored there. Google will use this information to analyse your use of the website, to compile reports on website activities for the website operator and to provide other services related to the use of the website and the internet. Google will also transfer this information to third parties, if necessary, provided this is legally prescribed or provided third parties process this data on behalf of Google. Google will not under any circumstances bring your IP address together with other Google data. In the event of activation of IP anonymisation on this website, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there.

You can prevent the storage of cookies by selecting the appropriate setting in your browser software; however, we would point out that in this event you may not be able to use all the functions of this website should the occasion arise.

In addition, you can prevent data generated by cookies and data related to the use of the website (including your IP address) being sent to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: ( .

Further information with regard to this can be found at or at (general information on Google Analytics and data protection). We would point out that on this website Google Analytics has been extended to include the code “gat._anonymizeIp();” to ensure anonymous collection of IP addresses (IP masking).

4. Facebook plugins (Like button)

Plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, US are integrated into our website. You can recognise the Facebook plugins from the Facebook logo or the “Like button” on our website. An overview of Facebook plugins can be found here:

If you visit our web pages, a direct connection is made between your browser and the Facebook server. Facebook receives the information with your IP address that you have visited our site. If you click on the Facebook "Like button" when you are logged into your Facebook account, you can link the content of our site to your Facebook profile. Through this, Facebook can associate the visit to our web pages with your user account. We would point out that we, as the provider of the website, receive no knowledge of the content of the data transmitted or its use by Facebook.  Further information with regard to this can be found in Facebook’s privacy policy at  http://de-

If you do not want Facebook to be able to associate the visit to our website with your Facebook user account, please log out of your Facebook user account.

5. Instagram

Features of the Instagram service are integrated into our website. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, US. If you are logged into your Instagram account, by clicking on the Instagram button, you can link the content of our website to your Instagram profile. Through this, Instagram can associate the visit to our web pages with your user account. We would point out that we, as the provider of the website, receive no knowledge of the content of the data transmitted or used by Instagram.

Further information with regard to this can be found in Instagram’s privacy policy:

6. YouTube videos

Our website has integrated YouTube videos in privacy-enhanced mode. These are stored on the servers of the provider, YouTube, and can be played back from our website through embedding.

YouTube provides privacy-enhanced mode, thus ensuring that YouTube does not store any cookies with personal data on your computer. As soon as you access the website, connection is made with YouTube and the DoubleClick network. To embed videos, the IP address is transferred. Provided you have not logged in or have been logged in for a long time to YouTube or another Google service before you access the website, no association is made with your account. It is possible that data is transferred to Google Inc., Amphitheater Parkway, Mountain View, CA 94043, US, as the YouTube operator.

Currently, if you play back videos stored on YouTube, at least the following data is transferred to Google Inc., as the YouTube operator and the operator of the DoubleClick network: IP address and cookie, the specific address of the web page accessed on our website, system date and time of access, identification of your browser.

If you click on an embedded YouTube video, this can trigger further processing events over which we, as the operator of this website, have no influence.

Detailed information with regard to the integration of YouTube videos can be found on the
YouTube website:

You can find further information on the handling of user data in YouTube's privacy policy at:

7. Use of SalesViewer® technology

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by Salesviewer will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

8. Collecting and using personal data

(1) We collect, store and process your actively transmitted personal data (e.g.: your name, your address details or email address), provided this is required to process enquiries or to fulfil our contractual obligations. The collection and use of the personal data of users takes place regularly only with the consent of the user. An exception to this applies in such cases where the obtaining of such consent is not possible for actual reasons and the processing of data is permitted by statutory regulations or is required for the performance of our contracts.

If we ask a data subject for consent to use their personal data for processing operations, point (a) of Article 6(1) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When it is required that we process personal data to perform a contract to which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are required to carry out pre-contractual measures.

If we are required to process personal data to fulfil a legal obligation to which our company is subject, point (c) of Article 6(1) GDPR serves as the legal basis.

If processing is required to safeguard a legitimate interest of our company or a third-party and the interests, constitutional rights and fundamental freedoms of the data subject do not outweigh the first-named interest, point (f) of Article 6(1) GDPR serves as the legal basis for the processing.

(2) Your registered data is always transferred under encryption in our systems. This protects communication between you and our server and prevents the misuse of data. For encryption, we deploy a recognised and widely-used system, which is secure in its current version.

(3) A contact form is available on our website, which can be used for making contact with us electronically. If a user takes this option, the data entered in the input mask is transmitted to us and stored. This data is: name, title, email address, telephone number.

At the time of sending the message, the following data is also stored: IP address of the visitor to the website, date and time when contact was made.

To process data as part of this sending procedure, your consent is obtained, if required, and you are referred to this privacy policy.

Alternatively, you can contact us using the email address provided. In this instance, the user’s personal data transmitted with the email is stored. Data is not passed on to third parties in this context. Data is used exclusively for the processing of the conversation.

The legal basis for the processing of data is the presence of consent by the user pursuant to point (a) of Article 6(1) GDPR.

The legal basis for the processing of the data transmitted in the course of sending an email is point (f) of Article 6(1) GDPR. If the purpose of your contact by email is to terminate a contract, the additional legal basis for the processing is pursuant to point (b) of Article 6(1) GDPR. The processing of personal data that we obtain from the input mask serves only to enable us to process your contact with us. If you contact us by email, there is also the required legitimate interest in the processing of data.

The other personal data processed during the sending procedure serves to prevent misuse of the contact form and to ensure the security of our IT systems. 

(4) The personal data of the data subject is erased or blocked as soon there is no longer a purpose for storage. This is the case for personal data from the input mask of the contact form and the personal data that was sent with the email, if the conversation concerned is finished with the user. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified.

The additional personal data collected during the sending procedure is deleted after a period of seven days at the latest.

If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In such an event, the conversation cannot be continued.

Storage can take place beyond this if it is provided for by Union law directives, laws or other regulations by European or national legislators to which we are subject. Data is also blocked or erased if a retention period prescribed by the standards mentioned expires, unless there exists a requirement for further storage of the data for the conclusion of a contract or the performance of a contract.

9. Right of access

You can request confirmation from us about whether we process personal data that concerns you.

If such processing takes place, you can request the following information from us:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that is processed;

(3) the recipients or categories of recipient to whom the personal data has been or will be disclosed;

(4) the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(5) the existence of a right to request from us rectification or erasure of personal data, a right to the restriction of our processing of personal data or to object to such processing;

(6) the existence of a right to complain to a supervisory authority;

(7) all available information about the origin of the data where the personal data is not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Article 22 (1) and (4) GDPR and – at least in these instances – meaningful information about the logic involved as well as the consequences and effects aspired to by processing of this kind.

You have the right to information about whether personal data was transmitted to a third country or to an international organisation. In this connection, you have the right to be informed of suitable guarantees in connection with the transfer pursuant to Article 46 GDPR.

10. Right to rectification

You have a right to rectification and/or completion by us, provided the processed personal data that concerns you is inaccurate or incomplete. We will carry out the rectification without undue delay.

11. Right to restrict processing

Subject to the following prerequisites, you can request the restriction of the processing of the personal data that concerns you, if:

(1) you contest the accuracy of the personal data that concerns you for a period that enables the controller to check the accuracy of the personal data;

(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) we no longer need the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims; or

(4) you have objected to processing pursuant to Article 21(1) GDPR pending verification of whether our legitimate grounds override yours.

If the processing of the personal data that concerns you is restricted, this data may – apart from its storage – be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural person or legal entity or on grounds of public interest of the Union or a member state.

If the restriction of the processing is carried out in accordance with the above-mentioned prerequisites, you are notified by us before the restriction takes place.

12. Right to erasure

A) Erasure obligation

You can request that we erase the personal data without undue delay, provided that one of the following reasons applies:

(1) The personal data that concerns you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), GDPR and where there is no other legal basis for the processing.

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.

(4) The personal data has been unlawfully processed.

(5) The personal data has to be erased for compliance with a legal obligation in Union or member state law to which we are subject.

(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

B) Information given to third parties

If we have made the personal data public and are obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform data controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Exceptions

The right to erasure does not exist, provided the processing is required

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation, which requires the processing in accordance with the law of the Union or member states to which we are subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;

(3) for reasons of public interest in the area of public health pursuant to point (h) of Article 9(2) and Article 9(3) GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, provided that the right mentioned under section a) probably makes the realisation of the goals of this processing impossible or seriously impairs it, or

(5) for the establishment, exercise or defence of legal claims.

13. Right to notification

If you have asserted your right to obtain rectification, erasure or restriction of your personal data from us, we are obliged to notify all the recipients to whom the personal data affected was disclosed of this rectification or erasure of the data or the restriction of the processing, unless this proves impossible or involves disproportionate effort.

You have the right to be notified by us of these recipients.

14. Right to data portability

You have the right to receive the personal data that concerns you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by us, provided

(1) the processing is based on consent pursuant to point (a) of Article 6(1) GDPR or point (a) Article 9(2) GDPR or on a contract pursuant to point (b) Article 6(1) GDPR and

(2) the processing is carried out by means of automated processes.

In exercising this right, you have the further right to have the personal data transmitted directly from us to another controller, where technically feasible. The rights and freedoms of others must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

15. Right to withdrawal and right to object

You have the right for reasons resulting from your special situation to object to the processing of personal data that concerns you, pursuant to point (e) or (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions.

We shall no longer process the personal data that concerns you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerned for the purpose of this sort of advertising; this also applies to profiling, provided it is connected to such direct advertising.

If you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

You have the option, in connection with the use of services of the information society – notwithstanding Directive 2002/58/EU – to exercise your right to object by means of automated processes in which technical specifications are used.

Right to withdraw the data protection declaration of consent

You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up until the point of withdrawal;

16. Right to lodge a complaint with a supervisory authority.

If you consider that the processing of personal data relating to you infringes the GDPR, you have, without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

The supervisory authority where the complaint was lodged, informs the complainant of the status and results of the complaint including the possibility of judicial remedy pursuant to Article 78 GDPR.

17. Confidentiality

(1) We will maintain silence about all information to be treated confidentially, which has come to our knowledge within the scope of the contractual relationship or will only use this information with the prior agreement of the other contractual partner in relation to third parties - for whatever purpose. Information to be treated confidentially includes information from the party sharing the information that is designated as confidential and such information, the confidentiality of which is obvious from the circumstances of the handover of information. Your personal data, in particular, is to be treated confidentially by us, as well as the used data, should we gain knowledge of it.

(2) The obligations pursuant to para 1 do not apply to such information or parts thereof for which we can prove that it

  • was known to us before the date of receipt or is generally accessible;
  • was in the public domain before the date of receipt or was generally accessible;
  • was in the public domain after the date of receipt or became generally accessible, without us being responsible for this.

(3) public statements by the parties regarding a collaboration are only made by prior mutual consent.

(4) the obligations pursuant to para 1 also go beyond the end of the contract for an indeterminate period, and indeed as long as an exception has not been proved pursuant to para 2.

18. Scope of application

This privacy policy applies to the services of Chamäleon GmbH on the Website

19. Downloading the privacy policy

You can download and print out this privacy policy from any page of the website at the link “Privacy policy”.

20. Status of this privacy policy

This privacy policy is up to date, valid and dated 25/5/2018.

Provided circumstances arise which require a new privacy policy, the updated privacy policy will be published in this place and valid from the date of publication.

Privacy Policy for Mobile Application

Privacy Policy

Chamäleon GmbH built the Chamaeleon App as a Free app. This SERVICE is provided by Chamäleon GmbH at no cost and is intended for use as is.

This page is used to inform visitors regarding our policies with the collection, use, and disclosure of Personal Information if anyone decided to use our Service.

If you choose to use our Service, then you agree to the collection and use of information in relation to this policy. The Personal Information that we collect is used for providing and improving the Service. We will not use or share your information with anyone except as described in this Privacy Policy.

The terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, which are accessible at Chamaeleon App unless otherwise defined in this Privacy Policy.

Information Collection and Use

For a better experience, while using our Service, we may require you to provide us with certain personally identifiable information. The information that we request will be retained by us and used as described in this privacy policy.

The app does use third-party services that may collect information used to identify you.

Link to the privacy policy of third-party service providers used by the app

Log Data

We want to inform you that whenever you use our Service, in a case of an error in the app we collect data and information (through third-party products) on your phone called Log Data. This Log Data may include information such as your device Internet Protocol (“IP”) address, device name, operating system version, the configuration of the app when utilizing our Service, the time and date of your use of the Service, and other statistics.


Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device's internal memory.

This Service does not use these “cookies” explicitly. However, the app may use third-party code and libraries that use “cookies” to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of this Service.

Service Providers

We may employ third-party companies and individuals due to the following reasons:

  • To facilitate our Service;
  • To provide the Service on our behalf;
  • To perform Service-related services; or
  • To assist us in analyzing how our Service is used.

We want to inform users of this Service that these third parties have access to their Personal Information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.


We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it. But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

Links to Other Sites

This Service may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Children’s Privacy

These Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from children under 13 years of age. In the case we discover that a child under 13 has provided us with personal information, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us so that we will be able to do the necessary actions.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page.

This policy is effective as of 19/05/2022

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at