Privacy Notice

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled under the data protection regulations, the European General Data Protection Regulation (GDPR).

This privacy notice informs you about the nature, scope and purpose of the processing of personal data within our website (hereinafter "website"). The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data in the sense of the GDPR is all data that can be personally related to you, e.g. name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services used by us.

We use various other terms in our privacy notice in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymization, controller, processor, recipient, third party, consent, supervisory authority and international organization. You can find corresponding definitions for these terms in Art. 4 GDPR.

1. Who is responsible for data processing and whom can I contact?

The entity responsible for the processing of personal data is:
Moccu GmbH & Co. KG
Am Treptower Park 28-30
12435 Berlin
Telefon: +49 (0)30 - 44 01 30 - 30
Fax: +49 (0)30 - 44 01 30 - 50

You can reach our data protection officer at:
mip Consult GmbH
Rechtsanwalt Dietrich Felgner
Wilhelm-Kabus-Straße 9
10829 Berlin
Telefon: +49 (0)30 - 44 01 30 - 30

2. What sources and data do we use?

We process personal data that we receive from you while using our website and, if applicable, our business relationship.

In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and safety. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail address, telephone number and, if applicable, the data you send us as a message (hereinafter referred to as "contact data").

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:

3.1 Based on your consent, Art. 6 para. 1 lit. a GDPR

Insofar as you have given us consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by e-mail for processing and handling the inquiry) the lawfulness of this processing is based on your consent.

Any consent given can be withdrawn at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is therefore not affected by the withdrawal. The withdrawal can be sent to the contact details above or to

3.2 On the basis of the balancing of interests to safeguard legitimate interests, Art. 6 para. 1 lit. f GDPR and § 25 para. 2 lit. 2 TDDDG; on the basis of your consent, Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.

We use cookies and similar technologies on our website. We store information on your end device if this is absolutely necessary in order to make our website available to you. The data processing is carried out to protect our legitimate interest to ensure the best possible functionality of the website.

When you visit our website for the first time, you will also be asked whether you wish to consent to the use of non-essential cookies and similar technologies. If you consent to the collection and storage of data in accordance with § 25 para. 1 TDDDG and any subsequent data processing in accordance with Art. 6 para. 1 lit. a GDPR, we may use this information, for example, to analyze the use of our website or to perform marketing activities.

You have the option to withdraw your consent at any time with effect for the future via our cookie notice in the footer of our website.

For more information about the services, cookies and similar technologies we use, in particular how to manage and delete cookies, please refer to point 10.

3.3 For the performance of pre-contractual activities on request of the person, Art. 6 para. 1 lit. b GDPR

When contacting us (via contact form or e-mail), your data will be processed on the basis of the performance of pre-contractual activities, Art. 6 para. 1 lit. b GDPR, in addition to any consent you may have given for processing the contact request and its handling.

3.4 Establishment of an employment relationship, § 26 BDSG and after completion of the application process in the event of rejection to protect legitimate interests, Art. 6 para. 1 lit. f GDPR (defense against claims), if applicable, if consent has been given, Art. 6 para. 1 lit. a GDPR.

When contacting us (via contact form or e-mail) in connection with your application, we process your data in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your applicant data will be screened by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. There, a decision will be made on the further procedure. As a matter of principle, only those persons in the company who require your data for the proper conduct of our application process have access to it.

3.5 As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR

We process your access data (see data listed above under point 2) to protect legitimate interests of us or of third parties. In particular, we pursue the following legitimate interests:

  • Ensuring IT security, in particular the safety of the website;

  • Advertising or market and opinion research, insofar as you have not objected to the use of your data;

  • Assertion of legal

4. Who gets my data?

Within our company, those departments receive access to your data that need it to fulfill our contractual and legal obligations.

Processors used by us (Art. 28 GDPR) may also receive data for the purposes mentioned above. These are companies in the categories of IT services, telecommunications, consulting and advisory services, and sales and marketing. If we pass on data to our service providers, they may only use the data to perform their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have suitable technical and organizational measures in place to protect the rights of the data subjects, guarantee an appropriate level of data protection and are carefully monitored by us.

Data is only passed on to third parties who are not processors within the framework of legal requirements. We only pass on users' data to third parties if this is necessary, for example, on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR in the economic and effective operation of our business operations, or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties as a matter of principle.

5. How long will my data be stored?

For security reasons (e.g. for the clarification of abuse or fraud) log file information is stored for a maximum of seven days and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is exempt from deletion until final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of an agreement via contact form or by e-mail.

Applicant data is deleted after 6 months in the event of a rejection. If we are not able to hire you, but your application is still of interest to us, we will continue to keep your application on file for future job postings, provided we have your express written consent. The data will be deleted after two years at the latest.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

Insofar as you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to § 31 para. 2 lit. 1 OWiG, § 41 para. 1 BDSG, Art. 83 para. 5 lit. b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by supervisory authorities).

6. Is data transferred to a third country or to an international organization?

The data provided will be processed within the European Union and in the USA. When transferring data to the USA, we ensure that the recipients of the data are certified in accordance with the EU-U.S. Data Privacy Framework or that we enter into EU standard data protection clauses with recipients without certification. If we base the data transfer on the EU standard data protection clauses, we will take additional security measures to protect your data and to achieve an adequate level of protection for your personal data. You have the opportunity to receive or view a copy of the EU standard data protection clauses. If necessary, we will obtain your express consent for the transfer of data to the USA.

7. What data protection rights do I have?

Every data subject has

  • the right of access according to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right to rectification according to Art. 16 GDPR (i.e. in the event that your personal data is inaccurate or incomplete, you may request that it be rectified),
  • the right to erasure under Art. 17 GDPR and the right to restriction of processing under Art. 18 GDPR (i.e. you may have the right to request erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require continued storage),
  • the right to data portability under Art. 20 of the GDPR (i.e. you may have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance).

Furthermore, you can withdraw consents, in principle with effect for the future.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG). You can find the supervisory authority responsible for you at

In addition, we would like to point out your right to object according to Art. 21 GDPR:

Information about your right to object according to Art. 21 GDPR.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 para. 1 lit. e of the GDPR (data processing in the public interest) and Art. 6 para. 1 lit. f of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 lit. 4 of the GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and no transmission costs other than those according to the prime rates will be incurred.

If possible, the objection should be addressed to:

Moccu GmbH & Co. KG
Am Treptower Park 28-30
12435 Berlin

or by e-mail to:

8. To what extent is there automated decision-making in individual cases, including profiling?

In the context of accessing our website or in the context of contacting us by form or email, we generally do not use fully automated decision-making pursuant to Art. 22 of the GDPR. If we use these procedures in individual cases, we will inform you about this separately, as far as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. Is there an obligation for me to provide data?

Within the scope of our website, you must provide those personal data that are required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise, we will not be able to process your request.

10. Cookies and similar technologies

10.1 General information

Cookies are stored in the browser on the user's end device. They contain information that is stored about a visited page. The cookie is either sent to the browser by the web server or generated in the browser by a script (JavaScript). The web server can read this cookie information directly on subsequent visits to this page or transmit the cookie information to the server via a script on the website. If cookies are set, they generally collect and process certain user information such as browser and location data and IP address values to an individual extent. Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by providing us with insights into how you use the website.

With web storage, information is stored locally in your browser's cache. The stored information is either automatically deleted again after the browser window is closed ("session storage") or remains there so that it can be read again when you visit the website again ("local storage"), unless you delete your browser cache ("browser data").

Web beacons are 1×1 pixel-sized graphics that are integrated into websites or emails (newsletters) in various ways and are also used to collect and analyze user data.

You can refuse the storage of cookies individually via the settings of your browser (you can find out how to set the cookie handling on the browser's help page). You can find help on cookie management in the most common browsers at the following addresses:

Mozilla Firefox:
Internet Explorer:

Google Chrome:
Microsoft Edge:

Please note that disabling cookies may limit the functionality of this website.

In addition, you can deactivate cookies that are used for reach measurement and advertising purposes via the deactivation page for consumers from the EU We will inform you about the specific use of cookies and similar technologies, as well as the scope of the information collected in each case, in the following paragraphs.

10.2 Service information and settings

10.3 Integration of services

We use the Google Tag Manager from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Tag Manager enables us to integrate other third-party services, such as Google Analytics. The Google Tag Manager itself does not set any cookies, but Google does receive your IP address. Google's servers are generally located in the USA.

Data processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your express consent. You can withdraw your consent at any time with effect for the future via the cookie notice in the footer of our website.

You can find more information about Google Tag Manager in Google's privacy notice at

11. Our social media presence

You can find us on social networks and platforms so that we can also communicate with you there and inform you about our services. We would like to point out that your data may be processed outside the European Union and that the data is generally processed there for market research and advertising purposes. Usage profiles can be created from the usage behavior and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users' computers, in which the usage behavior and interests of the users are stored. Other data may also be stored in these user profiles, especially if the users are members of the respective platforms and are logged in to them.

In principle, we have no significant influence on the data processing of social networks. However, we receive statistics from the providers about the use of and visits to our company profiles in the social networks (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). You can find more information on the data used by the providers in the providers' privacy notices linked below.

If we receive your personal data as part of our social media presence (e.g. as part of a message), you are entitled to the rights set out above in this privacy notice. You can address your inquiries regarding data processing in the context of our company profiles to us using the contact details above.

If you also wish to assert rights against the provider of the social network, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notices linked below. We are also happy to support you in asserting your rights, insofar as this is possible for us.

The processing of users' personal data is generally based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. The legal basis is also Art. 6 para. 1 lit. b GDPR if we receive and process your data as part of a contract-related request via our social media presence. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para. 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.

For information on the respective processing and the respective objection options, please refer to the providers' privacy notices linked below:

In the case of requests for information and the assertion of user rights, we recommend that these are asserted directly with the providers, as the providers have direct access to the data. Should you nevertheless require support, you are welcome to contact us using the contact details above.