Responsible for this website

Corporate-Headshots Deutschland GmbH
Augustusplatz 9
04109 Leipzig


Eric Groessig
Managing Director


Leipzig District Court, HRB 36430
Managing Director: Eric Groessig





This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.

Data protection officer:

Corporate-Headshots Deutschland GmbH
Augustusplatz 9
04109 Leipzig
registration court (Registergericht): Amtsgericht Leipzig, HRB 36430
managing director (Geschäftsführer): Eric Größig

Types of data, purposes of processing and categories of data subjects

Below we inform you about the nature, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process

Usage data (access times, websites visited, etc.),

2. Purposes of processing according to Art. 13, para. 1 c) EU-GDPR

Optimize website technically and economically,

3. Categories of data subjects according to Art. 13 para. 1 e) EU-GDPR

Visitors / users of the website,

The persons concerned are collectively referred to as "users". 

Legal basis for the processing of personal data

Below we inform you about the legal bases of the processing of personal data:

If we have obtained your consent to the processing of personal data, EU-GDPR is the legal basis.

If the processing is necessary to fulfill a contract or to carry out pre-contractual measures, which are carried out at your request, then EU-GDPR is the legal basis.

If the processing is necessary to fulfill a legal obligation that we are subject to (eg statutory retention requirements), EU-GDPR is the legal basis.

If processing is necessary to protect the vital interests of the data subject or of another natural person, EU-GDPR is the legal basis.

If the processing is necessary to safeguard our or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not predominate in this regard, EU-GDPR is the legal basis.

Disclosure of personal data to third parties and processors

Without your consent, we generally do not pass on data to third parties. If this is the case, then the transfer takes place on the basis of the aforementioned legal basis, e.g. when passing on data to online payment providers for performance of a contract or by court order or for a legal obligation to disclose the data for the purpose of prosecution, security or enforcement of intellectual property rights.

We also use processors (external service providers, for example, to host our websites and databases) to process your data. If data are passed on to the processor by order processing, this is always done in accordance with the GDPR. We select our processors carefully, monitor them regularly and have given us the right to give instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and the data protection rules in accordance with EU-GDPRs

Data transmission to third countries

The adoption of the basic European data protection regulation (EU-GDPR) has created a uniform basis for data protection in Europe. Your data will therefore be processed primarily by companies for which EU-GDPR applies. If the processing takes place through services of third parties outside the European Union or the European Economic Area, they must fulfill the special requirements of EU-GDPR. This means that the processing takes place on the basis of special guarantees, such as the official recognition by the EU Commission of a data protection level corresponding to the EU, or the observance of officially recognized special contractual obligations, the so-called "standard contractual clauses". In US companies, submission to the so-called Privacy Shield, the EU-US data protection agreement, meets these requirements.

Deletion of data and storage duration

Unless explicitly stated in this privacy policy, your personal data will be deleted or blocked as soon as the purpose of the storage is omitted, unless their further storage is required for evidence or contrary to legal storage requirements. These include, for example, commercial requirements for the storage of business letters pursuant to Section 257 (1) HGB (6 years) and tax-related retention obligations pursuant to Section 147 (1) AO von Beleg (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless storage is still required for a contract or fulfillment.

Existence of automated decision-making

We do not use automatic decision making or profiling.

Provision of our website and creation of log files

If you only use our website for informational purposes (ie no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data: 

  • IP address;
  • Internet service provider of the user;
  • Date and time of the call;
  • browser type;
  • Language and browser version;
  • Content of the call;
  • time zone;
  • access status / HTTP status code;
  • amount of data;
  • Websites from which the request comes;
  • Operating system.

A storage of this data together with other personal data of you does not take place.


This data is for the purpose of the user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.


The legal basis for this is our justifiable interest in the processing of data according to Art. 6 para. 1 p. 1 lit. f) EU-GDPR.


For security reasons, we store this data in server log files for the retention period of 70 days. After this period, they will be automatically deleted, unless we need their storage for evidence in attacks on the server infrastructure or other violations.



We use so-called cookies when you visit our website. Cookies are small text files that your Internet browser stores and saves on your computer. When you visit our website again, these cookies provide information to automatically recognize you. The information obtained in this way serves the purpose of optimizing our web offers technically and economically and to allow you easier and safe access to our website. We inform you about this when you visit our website by means of a reference to our privacy policy on the use of cookies for the purposes mentioned above and how you can object to them or prevent their storage ("opt-out"). Our website uses session cookies, persistent cookies and third-party cookies:

• Session Cookies: We use so-called "cookies" to recognize multiple uses of an offer by the same user (for example, if you have logged in to determine your login status). When you visit our site again, these cookies provide information to automatically recognize you. The information obtained in this way serves to optimize our offers and to give you easier access to our site. If you close the browser or log out, the session cookies will be deleted.

• Persistent cookies: These are automatically deleted after a specified period, which may differ depending on the cookie. In the security settings of your browser, you can delete the cookies at any time.

• Third party cookies (third party cookies): You can configure your browser settings to meet your needs. B. Reject the acceptance of third-party cookies or all cookies. However, we would like to point out that you may not be able to use all features of this website. Read more about these cookies in the respective third-party privacy policies.

The legal basis for this processing is Art. 6 para. 1 p. Lit. b) DS-GVO, if the cookies are used to initiate a contract, e.g. otherwise we have a legitimate interest in the effective functionality of the website, so that in the case of Art. 6 para. 1 sentence 1 lit. f) DS-GVO is the legal basis.

Opposition and opt-out: You can generally prevent the storage of cookies on your hard disk by selecting "Do not accept cookies" in your browser settings. However, this can result in a functional restriction of our offers. You may opt-out of third-party cookies for advertising purposes through this American website ( or this European website ( / praferenzmanagement /) contradict.

Contact by E-Mail / Mail

When contacting us via contact form, fax, mail or e-mail your details will be processed for the purpose of processing the contact request.

Legal basis for the processing of the data is in the presence of a consent of you EU-GDPR. The legal basis for the processing of data transmitted in the course of a contact request or e-mail, letter or fax is EU-GDPR. The person in charge has a legitimate interest in the processing and storage of the data in order to be able to answer inquiries from users, to secure evidence for liability reasons and, if necessary, to fulfill his statutory retention requirements for business letters. If the contact is aimed at concluding a contract, then additional legal basis for the processing is EU-GDPR.

 We can store your details and contact requests in our Customer Relationship Management System ("CRM System") or a comparable system.

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For the personal data from the input form of the contact form and those sent by e-mail, this is the case when the conversation with you has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified. Requests from users who have an account or contract with us, we save until the expiration of two years after the contract termination. In the case of legal archiving obligations, the deletion takes place after its expiry: end of commercial law (6 years) and tax law (10 years) retention obligation.

At any time, you have the option of obtaining consent in accordance to revoke the GDPR for the processing of personal data. If you contact us by e-mail, you can object to the storage of personal data at any time.

Presence in social media

We use social media profiles or fanpages to communicate with users who are affiliated and registered there and to provide information about our products, offers and services. The US providers are certified according to the so-called privacy shield and thus obliged to comply with European data protection. When you use and access our profile in the respective network through you, the respective privacy policy and terms of use of the respective network apply.

We process your information that you send to us through these networks in order to communicate with you and to respond to your messages there.

The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external presentation for the purpose of advertising pursuant to EU-GDPR. Insofar as you have given consent to the person responsible for the social network in the processing of your personal data, the legal basis is EU-GDPR.

The privacy policy, information possibilities and possibilities of contradiction (opt-out) of the respective networks can be found here:

  • XING (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) - Privacy Policy / Opt-Out:
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) - Privacy Policy:, Cookie Policy and Opt-Out: https: //www.linkedin .com / legal / cookie-policy, Privacy Shield of the US company LinkedIn Inc .:

Rights of the data subject

Opposition or revocation against the processing of your data

Insofar as the processing is based on your consent pursuant to EU-GDPR, you have the right to revoke your consent at any time. The lawfulness of the processing on the basis of the consent until the revocation is not affected.

As far as we have the processing of your personal data on the balance of interests in accordance with support EU-GDPR, you can object to the processing. This is the case if, in particular, the processing is not required to fulfill a contract with you, which we present in the following description of the functions. In the event of any such disagreement, we ask you to explain the reasons why we should not process your personal data as we have done. In the case of your justified objection, we examine the situation and will either discontinue or adapt the data processing or point out to you our compelling legitimate reasons on which we continue the processing.

You may object to the processing of your personal data for advertising and data analysis purposes at any time. The right to object can be exercised free of charge. About your advertising conflict you can inform us under the following contact details:

Corporate-Headshots Deutschland GmbH
Augustusplatz 9
04019 Leipzig
Managing Director Eric Groessig
Commercial Register / No .: HRB 36430
Register court: district court Leipzig

Right to information

You have the right to ask us for confirmation of your processing of personal information. If this is the case, you have a right to information about your personal data stored by us according to EU-GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data was or is being disclosed, the planned storage period, the source of their data, if these were not collected directly from you.

Right to rectification

You have the right to correct inaccurate or complete data according to EU-GDPR.

Right to delete

You have a right to deletion of your stored data according to EU-GDPR, unless statutory or contractual retention periods or other legal obligations or rights to further storage are contrary to this.

Right to restriction

You have the right to demand a restriction on the processing of your personal data if one of the conditions set out in EU-GDPR is fulfilled:

  • If you deny the accuracy of your personal information for a period of time that enables the controller to verify the accuracy of your personal information;
  •  the processing is unlawful and you refuse to delete the personal data and instead request the restriction of the use of personal data;
  • the controller no longer needs personal information for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
  • if you have objected to the processing pursuant to EU-GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

Right to data portability

You have the right of data transferability according to EU-GDPR, which means that you can receive the personal data stored about us in a structured, common and machine-readable format or you can request the transfer to another person responsible.

Right to appeal

You have a right to complain to a regulator. As a rule, you can contact the supervisory authority for this purpose, in particular in the Member State of your place of residence, your job or the location of the alleged infringement.

Data Security

In order to protect all personally identifiable information transmitted to us and to ensure compliance with our privacy practices, as well as our external service providers, we have taken appropriate technical and organizational security measures. Therefore, among other things, all data between your browser and our server encrypted over a secure SSL connection.