Privacy Statement of The atarax Group

We are pleased to welcome you on our website and appreciate your interest in our company. We are taking the protection of your data very seriously. We are processing your data in accordance with legislation on data protection, in particular the EU General Data Protection Regulation (GDPR) and applying local legislation. WE are basically designing administrative processes in a way safeguarding compliance with applicable provisions of data protection legislation, anytime.

This privacy statement is to inform you comprehensively about how your personal data is processed as well as about your rights as a data subject.

Personal information is every information, which allows to identify a natural person. This, e.g., is name birthdate, address, telephone number, e-mail-address, but also your IP-Address.

Anonymous data is present, if no relation to a single user may be established.

Data Controller and Data Protection Officer

atarax Unternehmensgruppe – atarax Group

atarax Consulting GmbH & Co. KG

An der Schütt 26
D-91074 Herzogenaurach

Personally liable partner
atarax GmbH
An der Schütt 26
D-91074 Herzogenaurach

atarax Norbert Rauch
Consulting GmbH & Co. KG

An der Schütt 26
D-91074 Herzogenaurach

Personally liable partner
atarax Norbert Rauch GmbH
An der Schütt 26
D-91074 Herzogenaurach

Postal Address
Luitpold-Maier-Str. 7
D-91074 Herzogenaurach


+49 (0)91 32 / 7 98 00


Privacy Contact

Your Rights as a Data Subject

We would first like to notify you of your rights as a data subject. These rights are set out in Articles 15 - 22 GDPR, and include:

  • The right of access (Art. 15 GDPR),
  • The right to rectification (Art. 16 GDPR),
  • The right to data portability (Art. 20 GDPR),
  • The right to object to data processing (Art. 21 GDPR),
  • The right to erasure / right to be forgotten (Art. 17 GDPR),
  • The right to restriction of data processing (Art. 18 GDPR).

To exercise these rights, please contact: The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.

Right to object

Please note the following with respect to your right to object:

Should we process your data to protect legitimate interests, you may object to such processing at any time for reasons that arise from your specific situation; this also applies to profiling based on these provisions.

We will then cease to process your personal information unless we can demonstrate compelling legitimate grounds for processing such information that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

Purposes and legal Bases of Data Processing

The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 GDPR.

Your data will be used to provide a website for the presentation of our company, including the publication of our contact details (Art. 6 I f GDPR).

Processing of special categories of personal data within the meaning of Art. 9 I GDPR may only take place where necessary on the grounds of legal regulations and that there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.

Data Transfers / Disclosure to third Parties

We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients

Within our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data.

In some cases, service providers assist our specialist departments to fulfil their tasks (IT-service-providers, disposal service providers, tax consultants). The required data protection contract has been concluded with all service providers.

Transfers of personal Data to third Countries

A transfer of data to third countries (outside the European Union or the European Economic Area) shall only take place if required by law or if you have provided your consent for such a transfer.

We currently do not transfer your data to third parties outside the European Economic Area).

Period of Data Storage

We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required.

We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period, which may be up to 30 years; the standard limitation period is 3 years.

Secure transfer of Data

We implement the appropriate technical and organisational security measures to ensure the optimal protection of the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security levels are continuously reviewed in collaboration with security experts and adapted to new security standards.

The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website, and always use the current encryption protocols.

Automated Decisions in individual Cases

We do not use purely automated processing to make decisions.

Obligation to provide Data

A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of the relevant contractual and legal obligations. The same applies to the use of our website and the various functions we provide.

We have summarised the relevant details in the above point. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without this information.

Provision of our Website

Data categories, sources and origin of data

The data we process is defined by the relevant context:

If you are just surfing our website for information purposes or to contact us by e-mail, we process the following data upon your visit to our website:

  • Name of the internet service provider
  • Information about the website you visited before
  • Web-browser and operating system used
  • The IP-Address assigned by your internet service provider
  • Requested files, amount of data transferred, downloads/ export of files
  • Information about the websites surfed including date and time.

For reasons of technical security (specially to defend against attack-attempts to the disadvantage of our web-server) this data is stored in compliance with the GDPR. After 7 days latest, your data is anonymized by shortening the IP-address, which results in establishing a link to a single user becoming impossible.

Concerning a contact-request we may process the following data:

  • Name, Surname
  • Contact Data
  • Your Message

A contact form is available on our website which can be used to contact us electronically. If you write to us using the contact form, we will process the data you submitted in the contact form to respond to your queries and requests (art. 6 I a, b GDPR).

In so doing, we respect the principle of data minimisation and data avoidance, such that you only have to provide the information we require to contact you, which is your email address and the message field itself. Your IP address will also be processed for technical reasons and for legal protection. All other data is voluntary, and additional fields are optional (e.g. to provide a more detailed response to your questions).

If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request

Handling Data of Customers, Suppliers, Contracting Partners, Interested Parties

Categories / Origin of Data

Concerning a contractual relationship or to establish such, we may process the following data:

  • Contact data (such as e.g. name/surname of current and possibly former contact personas as well as name suffixes, firm and address, telephone number including extension, business-e-mail-address)
  • Occupation-related data (such as e.g. function in the company, department)
  • Possibly bank details (in case of as SEPA direct debit mandate also name/ Surname of the account-owner)

Your personal data uses to be collected from yourself upon establishing a contractual relationship or during a contractual relationship present.

Purposes and legal Bases of Data Processing

The processing of your personal data complies with the provisions of the GDPR, BDSG (German Federal Data Protection Act) and all other applicable data protection regulations.

We use your personal data only to execute pre-contractual measures (e.g. communication; drafting offers for products and services) and to comply with contractual obligations (e.g. executing our services, contracts or for purposes of handling orders or payments, Art. 6 I b GDPR), respectively in cases where we are legally obliged to process data (e.g. for purposes of tax law) (Art. 6 I c GDPR). These do also represent the purposes, the data was initially collected for.

Your consent also constitutes a data protection legal basis. In this respect, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.

Handling Applicant Data

Categories / Origin of Data

Concerning a contractual relationship or to establish such, we may process the following data:

  • Your basic data (name, surname, name suffixes)
  • Contact data (address, telephone, e-Mail-Address)
  • Qualification data (CV, cover letter, formal qualifications)
  • Photograph / work permit / residence permit/ birthdate where given

Your personal data uses to be collected from yourself during the application process.

In exceptional cases your personal data may in certain constellations also be collected from further entities, such as e.g. recruitment agencies.

Purposes and legal Bases of Data Processing

The processing of your personal data complies with the provisions of the GDPR, BDSG (German Federal Data Protection Act) and all other applicable (labour-law) regulations.

As we are aware of the importance of your data, your personal data will be used for purposes of affectively and correctly handling the application process, to contact you in regard of the application process and to make a decision concerning the initiation of a work-relationship.

In addition hereto, we may process your data, if we are legally obliged to do so, especially for reasons of labour-law. If sensitive data in the sense of Art. 9 I GDPR should be affected, a balancing of interests will be executed in addition, which means that your data will be processed only if your protective interest does not outweigh our interest in processing the data (Art. 88 I GDPR, Section 26 I, III BDSG).

Your consent may also be a legal basis to process your data. Should you have consented (e.g. into a further processing of your applicant data), we may also process your data for this purpose (Art. 88 I GDPR, Section 26 II BDSG). If we should ask for your consent, we will of course inform you about the exact purpose of processing and about your right to withdraw your consent. If your consent should also be related to a processing of sensitive data in the sense of Art. 9 GDPR, we will inform you explicitly in advance.

Storage Period

Your data will be stored until the application process is finished, respectively until your data is no longer required to be processed for the purposes mentioned above or until you withdraw your consent. If you should become employed with us, we will continue to process your applicant data as afar as required in this regard to execute the work-relationship.

Should we unfortunately have to reject your application, we will delete your applicant data 6 months after, latest, if you should not have consented into providing your data for our applicants-pool and into the corresponding longer processing of your data. In the latter case your data will be deleted after 12 months latest or upon withdrawal of your consent.

Recipients of Data / Categories of Recipients

Within our company we ensure, that your applicant data is accessible to the persons and departments, who require to know about it for purposes of executing the application process or to comply with according legal obligations, only.

Whistleblower Portal

In the capacity of a person of trust, we offer various whistleblower services as an outsourcing-partner on behalf of our customers. The whistleblower portal on this website enables to report improper behavior in the respective company via our website.

The processing takes place for the purpose of fulfilling the legal obligation to provide a whistleblower portal, Article 6 Paragraph 1 lit. a, c EU-GDPR.

The principle of data minimization is observed here, in that you only have to provide the data that is absolutely necessary to clarify the facts. On the one hand, the company name must be entered in order to be able to assign the respective entry to the correct company. On the other hand, it is necessary for you to report your observations in the "Message" field.

Your IP address is recorded for technical reasons and for the purpose and provision of the system. In addition, you can optionally provide us with your first and last name as well as your telephone number and/or e-mail address so that we can contact you to discuss the matter in more detail (Art. 6 Para. 1 lit. a EU-GDPR). You can revoke your consent at any time and without giving reasons with effect for the future. To do this, contact: Please note that in the event of a revocation, we will only remove your personal data from our systems; Regardless of this, the information that is necessary to clarify the facts, continues to be stored.

The information provided will only be passed on to those persons who have to be involved in processing your report, insofar as this is absolutely necessary to determine the facts. The persons employed for this purpose are bound to confidentiality. However, depending on the violation you are reporting, we may be required by law to share your report with third parties (e.g. authorities) for law enforcement purposes.

As soon as the purpose for storage no longer applies, we will delete your personal data.

Cookies (Art. 6 I f GDPR / Art. 6 I a GDPR in case of consent)

Our website does not make use of cookies.

User Profiles/ Web Tracking

There are no programs used on our website which would allow for analysis or in another way enable us to evaluate your behaviour as a user.

Social Plugins of Social Networks

There are no social plugins active on our website.