Data protection information

In this Privacy Policy we inform you about the processing of personal data when you use our website. Personal data in the meaning of Article 4 No. 1 of the EU General Data Protection Regulation (GDPR) is any information that can be personally associated with you as a so-called “data subject”, for example name, address, e-mail addresses or user behaviour.

1. Name and contact details of the responsible body

coeo Group GmbH, Kieler Straße 16, 41540 Dormagen, Germany, tel. 02133 2463-0
If you have any questions regarding data protection, please contact us at the aforementioned address (Data Protection Department) or at

2. Collection and storage of personal data and the purpose of its use

a) When you visit the website

When you access our website, the browser used on your end device automatically sends information to our website’s server. That information is temporarily stored in a so-called “log file”. The following data is recorded and stored until it is automatically erased, without any action on your part:

  • IP address of the requesting computer
  • Date and time of the access
  • Name and URL of the accessed file
  • The website from which the access occurred (referrer URL)
  • The browser used and where applicable the operating system of your computer

The above data is processed by us for the following purposes:

  • To ensure problem-free establishment of a connection with the website
  • To ensure convenient use of our website
  • To evaluate system security and stability; and
  • For further administrative purposes

The legal basis for data processing is Article 6 (1) (1) lit. f) GDPR. Our legitimate interest arises from the aforementioned purposes of data collection. On no account do we use the collected data to draw inferences regarding your person.
We also use analysis services when you visit our website. You can find more detailed clarifications on this in section 7 of this Privacy Policy.

b) When you use our contact form

If you have questions of any kind, we offer you the possibility of contacting us via a contact form provided on our website. For this purpose it is necessary to provide a valid e-mail address and/or telephone number, so that we know who has submitted the enquiry and can respond to it.
Data processing for the purpose of making contact with us occurs in accordance with Article 6 (1) (1) lit. a) GDPR on the basis of your voluntarily granted consent.

c) When you log in via one of our service portals

If you would like to use our service portals (for debtors as well as for clients) on a personalised basis you must log in. You can do this, for example, by scanning the QR code contained in one of our letters or using a link. Upon such logging in we collect usage data for the purpose of adjusting the presentation of the content for you and enabling you to take advantage of a user-friendly, appropriate and secure option for the repayment of the outstanding claim. The use-related data is not transmitted either to our principal or to other third parties.
On the respective portal you can view your data and contact us. In this context the following information is stored:

  • Login data, contact details, debtor data
  • Your concern
  • Documents provided by you that contain personal data
  • Further information such as the booking of new claims
  • Further voluntary information
  • Information on use: operating system, the settings of your end device (e.g. screen resolution), browser type and version, language settings

A legitimate interest in processing arises from the optimisation of the communication channels and the resulting effective and user-friendly processing of payments, under Article 6 (1) lit. f) GDPR.
When you visit our website we use the analysis service Matomo. You can find clarifications on this in section 7 of this Privacy Policy

d) When you pay by credit card

When you pay by credit card you declare that you agree to the transfer of the data you have entered via the service provider to the credit company (Visa, Master Card, American Express).
Your data is transferred on the basis of Article 6 (1) lit. a) GDPR (consent) and Article 6 (1) lit. b) GDPR (processing for the fulfilment of a contract). Collection and processing occur on the basis of your contractual obligation to pay the due remuneration for the performance that the principal has rendered; the payment method can be freely selected by you. You have the possibility of withdrawing your consent to data processing at any time. Such withdrawal does not affect data processing operations that occurred in the past.
We store your data for this purpose as long as you or the principal can assert claims against us, for example due to incorrect processing of a payment, for the duration of the standard time limitation period of three years. This time period begins at the end of the year in which the payment was processed or the processing thereof was discontinued. The legal basis for this is our legitimate interest in defending against legal claims, under Article 6 (1) lit. f) GDPR. We then check whether we still need your data or whether erasure is prevented due to commercial and tax law retention requirements.

3. Recipients of personal data:

  • Internal bodies of coeo Inkasso GmbH
  • Creditors
  • Contract processors in the meaning of Article 28 GDPR, particularly the providers of the analysis tools that we use.


4. Storage period

Personal data will be processed until the aforementioned purposes have been completely achieved. Once those purposes have been completely achieved the data is erased, insofar as this is not contrary to statutory retention requirements. Furthermore, the controller has a concept in place which ensures regular checking of the erasure obligations. Visitor data is erased within no more than six months from your visit to our website.

5. Rights of data subjects

You are entitled to the following rights in accordance with Articles 15 to 22 GDPR provided that the statutory requirements are fulfilled: Right to information, rectification, erasure, restriction of processing and data portability.

6. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Article 6 (1) (1) lit. f) GDPR, you have the right under Article 21 GDPR to object to the processing of personal data, provided that there are grounds for this relating to your particular situation. These grounds must be specified when you exercise your right of objection.


7. Right to lodge a complaint with the supervisory authority, Article 77 GDPR

You have the right to lodge a complaint with our supervisory authority if you consider that the processing of your data is unlawful. The address of the supervisory authority competent for our company is: Landesbeauftragte für Datenschutz und Informationsfreiheit, Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf.


8. Web analysis by Matomo 

It is important for any website operator to know how its service is used by visitors. For this purpose we use the open source web analysis service Matomo. In this process the data is first anonymised upon its collection and is then analysed in aggregated form. Matomo runs on our servers; the data is not passed on to any third parties. Your web browser automatically transmits data to our server as soon as you access our website. The date and time of the access, the URL (address) of the referring website, the file accessed, the volume of data sent, the http response code, the browser type and version, any existing browser extensions, the operating system and your IP address (in abbreviated and anonymised form) are transmitted in this context. As the website operator we have a legitimate interest under Article 6 (1) lit. f) GDPR in the analysis of user behaviour so that we can optimise our Internet service. The information generated by the cookie is not used to personally identify the visitor to this website and is not combined with other data on the visitor. When you register on our service portal (you can also find more detailed information in section 2 c) of this Privacy Policy) the usage data transmitted to us by the cookie is analysed by us, without any disclosure to third parties, and used with other data on your claim to enable us to offer you optimum service and suitable payment options. Matomo supports the “do not track” procedure of current web browsers. If you wish to generally prevent the analysis of your web behaviour we recommend that you activate this option in your browser. Alternatively you can prevent Matomo web analysis on our website with the following button: You can find more detailed information on the privacy settings of the Matomo software via the following link:

9. Social links 

Our website contains links to the services LinkedIn, Xing, kununu and YouTube, with which we have our own web presences. By clicking on the embedded graphic you will be directed to the website of the respective provider.

If you click on a link on our website to relevant services, your browser will create a direct connection to the servers of the respective provider. By clicking on the link the provider receives the information that your browser has accessed the relevant page of our website, even if you have no user account of your own with the respective provider or are logged in there at that time. That information is transferred by your browser directly to a server of the relevant provider and stored there.

If you are logged into the provider, it can directly associate the visit with our website to your user account. The respective provider may use this information for the purposes of advertising, market research and needs-based designing of its service. For this purpose the provider will create usage, interest and relationship profiles, for example in order to evaluate your use of our website with respect to the advertisements displayed to you at the provider, inform other users about your activities on our website and provide other services related to the use of the provider.

If you do not want the provider to associate the data collected via our website with your user account, you must log out of the respective provider before you visit our website.

We use our website on the basis of Article 6 (1) (1) lit. f) GDPR so that we can externally present our company in a variety of ways and provide the user with additional information. 

Consent to data processing in accordance with Article 6 (1) lit. a) GDPR can also be a legal basis if you have granted it with respect to the platform operator. 

You can find detailed information on the data processing by the platform operators and on the respective objection options and information rights, as well as specific information on the respective platforms, in the following privacy policies of the respective operators:

a. LinkedIn

Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland

Privacy Policy


Specific information on LinkedIn corporate pages: When you visit our LinkedIn corporate page LinkedIn processes your personal data. That data is transmitted to us by LinkedIn in anonymised form as part of LinkedIn Analytics. This anonymised data is statistical data of our subscribers. LinkedIn also discloses your profile name to us if you interact with us/our page, for example “like” or comment on contributions or follow our pages.


Provider: XING SE, Dammtorstraße 30, 20354 Hamburg, Germany

Privacy Policy  

Specific information on our Xing corporate profile: When you visit our Xing corporate profile Xing processes your personal data. Xing also discloses your profile name to us if you interact with us/our page, for example “like” or comment on contributions or follow our profile.

c. kununu

Provider: kununu GmbH, Neutorgasse 4-8, Top 3.02, 1010 Vienna, Austria

Privacy Policy

Specific information on our kununu corporate profile: When you visit our kununu corporate profile kununu processes your personal data. kununu also discloses your profile name to us if you interact with us/our page, for example “like” or comment on contributions or follow our profile. We also use the kununu Reputations Manager and therefore receive a direct notification by e-mail when a rating concerning us is submitted.

d. YouTube

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland 

Privacy Policy  


Specific information on YouTube accounts or channels: By visiting our website and playing the videos, YouTube/Google are notified that you have accessed the specific page on our website. If you are logged in with Google, that data will be directly associated with your account. If you do not wish the association to your profile with YouTube, you must log out before activating the button. The data recorded by YouTube is transmitted to the USA, which according to the GDPR is deemed a third country with a level of data protection rated insecure. We have no information on the further processing or the duration of the storage by YouTube.


10. Live chat

On our service portal we offer you the possibility of using a live chat function to directly contact our employees. When you initialise the chat, the date, time and duration of the access as well as the IP address and the content the communication conducted are transferred and associated with the claim file maintained by us.
The legal basis for this data processing is Article 6 (1) lit. f) GDPR. Our legitimate interests lies in the processing of your concern, analysis of continual quality improvement and monitoring instances of misuse.

The chat protocol is stored in the claim file, so that we can access it in the event of queries. After the outstanding claim has been paid or the collection procedure has been ended we check, after the lapse of three years, whether we still need your data or if statutory retention requirements preclude erasure. We reserve the right to perform statistical analyses of anonymised data records.

11. Data security

In the course of the website visit we use the widespread SSL protocol (Secure Sockets Layer) in conjunction with the highest encryption level supported by your browser. As a rule this is 256 bit encryption. If your browser does not support 256 bit encryption, you will not be able to access our website. You can tell whether an individual page of our website is transferred in encrypted form from the locked key or padlock icon in the lower status bar of your browser.
We also use appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss or destruction or unauthorised access by third parties. Our security measures are improved on an ongoing basis in line with technological development.

12. Current status and changes to this Privacy Policy

This Privacy Policy is currently valid and is dated January 2021. Due to the further development of our website or due to changed statutory or official requirements it may become necessary to change this Privacy Policy. The Privacy Policy will therefore be regularly updated.

13. Right to lodge a complaint with the supervisory authority, Article 77 GDPR

You have the right to lodge a complaint with our supervisory authority if you consider that the processing of your data is unlawful. The address of the supervisory authority competent for our company is: Die Landesbeauftragte für den Datenschutz Nordrhein-Westfalen, Kavalleriestrasse 2-4, 40213 Düsseldorf.