Skip to main content Skip to footer content
optimal media

Privacy Policy

This Privacy Policy explains how we process personal data collected when you visit and use our website in accordance with the General Data Protection Regulation (“GDPR”). Should you have any further questions regarding the handling of your personal data, please feel free to contact our Data Protection Officer.

1. Introduction

Below, we provide information on the collection of personal data when you use our website. Personal data means any information relating to an identified or identifiable natural person, such as your name, address or email address.

2. Name and contact data of the person/ body responsible for the processing (“controller”) and the data protection officer of the company

This Privacy Policy governs the processing of data by:

Controller:
optimal media GmbH
Glienholzweg 7
17207 Röbel / Müritz
Germany

Telephone: +49 (0) 39931 56 500
Fax: +49 (0) 39931 56 796
Email address: info@optimal-media.com

The internal data protection officer of optimal media GmbH is available under datenschutz@optimal-media.com.

3. Collection and storage of personal data and nature and purpose of its processing

a. When you visit our website:

When you access our website, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a  log files. The following information is collected without any action on your part and stored for a limited period and automatically deleted thereafter:

    • Pages visited
    • Date and time of access
    • Amount of data sent in bytes
    • Referring website or source from which you accessed our websiteBrowser used
    • Operating system used
    • IP address used

The data collected is used solely for the purpose of compiling visitor statistics on the use of our website and for improving our website.

The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data processing listed above.

b. When you contact us by email

When you contact us by email or via the contact form provided on our website, the data you provide (your email address, your name and telephone number if applicable) will be stored by us in order to process your enquiry or answer your questions.

To use the contact form, you must provide a valid email address, contact and address details and telephone number so that we can process and respond to your enquiry. and can respond to it. Additional information may be provided voluntarily..

Data processing for the purpose of contacting us is carried out pursuant to Article 6(1)(a) of the GDPR on the basis of consent given voluntarily.

We will delete the data collected in this context once storage is no longer necessary, for example because the enquiry

c. In the case of online applications

If you apply to us online using the application form provided on our website, we process the personal data you submit (“application data”), in particular:

    • Surname, first name
    • Address
    • Telephone number
    • Email address
    • Application documents, e.g. cover letter, CV, references and other supporting documents

For applicant management, we use software provided by rexx systems GmbH, Süderstraße 75–79, 20097 Hamburg, Germany. rexx systems processes your application data on our behalf on the basis of a data processing agreement in accordance with Article 28 of the GDPR. Processing by rexx systems is carried out exclusively in accordance with our instructions and for the purpose of the technical provision and support of the application process.

Further information on data protection at rexx systems can be found at: https://www.rexx-systems.com/data-protection/

We use your application data exclusively for the purpose of conducting the application process and making decisions regarding the recruitment process and the filling of vacancies within our companyYour application data will not be used for any other purpose.

We generally store your complete application data for a period of six months following the conclusion of the application process. After this period, your application documents will be deleted, provided your application was unsuccessful and there are no legal retention obligations to the contrary. Only essential core data will be retained, in particular:

    • Title, first name, surname
    • Type of application
    • Vacancy
    • Date of birth
    • Postcode, town

may be retained for the purpose of comparing them with previous applications.

Data will only be stored for a longer period if required by law, if storage is necessary for the establishment, exercise or defence of legal claims, or if you have expressly consented to longer storage, e.g. by joining our talent pool.

The legal basis for the processing of your application data is Article 6(1)(b) of the GDPR in conjunction with Section 26 of the BDSG. Where you have consented to longer-term storage, the legal basis is Article 6(1)(a) of the GDPR. Where processing is necessary for the establishment, exercise or defence of legal claims, it is carried out on the basis of Article 6(1)(f) of the GDPR.

If you have created an applicant profile on the finest jobs job portal, you can apply to us using the data and documents stored there. In this case, your application data stored with finest jobs will be transferred to us. The provider of finest jobs is also rexx systems GmbH. The privacy policy of finest jobs also applies: https://www.finest-jobs.com/datenschutz/

We do not use any automated or computer-assisted decision-making models or analyses (e.g. profiling) within the meaning of Article 22 of the GDPR in our selection processes.

4. Disclosure/ transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:

    • You have given your explicit consent under Article 6(1)(a) of the GDPR,
    • The disclosure is necessary pursuant to Article 6(1)(f) of the GDPR for the establishment, exercise or defence of legal claims and there is no overriding legitimate interest preventing such disclosure
    • In the event that there is a legal obligation to disclose data in accordance with Article 6(1)(c) of the GDPR, and
    • This is permitted by law and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.

The personal data you have provided to us as part of your online application will, as a rule, only be passed on to the internal departments and specialist divisions of our company responsible for the specific application process.

5. Cookies, consent via Borlabs GmbH

a. General information, cookie banner

We use cookies and similar technologies on our website. Cookies are small text files that your browser creates automatically and which are stored on your device (e.g. laptop, tablet or smartphone) when you visit our website. Information relating to the device used is stored in the cookie. However, cookies do not generally allow us to directly identify you personally.

Some cookies are technically necessary for our website to function properly. These include, in particular, cookies required for the display of the website, security or the storage of your cookie settings. Processing is carried out on the basis of Article 6(1)(f) of the GDPR and Section 25(2) of the TTDSG.

Furthermore, we use cookies and similar technologies for analysis, statistical and marketing purposes only if you have given your express prior consent. The legal basis for this is Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG.

On our website, we use the consent management tool “Borlabs Cookie” from Borlabs GmbH, Hamburger Str. 11, 22083 Hamburg, Germany.

Borlabs Cookie stores your chosen cookie settings and consents so that these can be taken into account when you visit the site in future. A technically necessary cookie is set for this purpose.

The processing is carried out to fulfil our legal obligations in accordance with Article 6(1)(c) of the GDPR in conjunction with Section 25(2)(2) of the TTDSG and Article 6(1)(f) of the GDPR. Our legitimate interest lies in the legally compliant documentation and management of consents for the use of cookies and comparable technologies.

Consent data (consents given and withdrawals) is stored in order to fulfil our legal record-keeping obligations based on Article 7(1) of the GDPR.

You may withdraw your consent at any time with future effect or change your cookie settings.

Session cookies are automatically deleted at the end of your visit. Other cookies remain stored on your device for a specific period or until you delete them yourself.

In addition, some third-party services integrated by us may use cookies. Please refer to the websites of the relevant providers for information on how these services work and the associated data processing. You can find the services used in the relevant sections of this privacy policy.

Further information on data processing by Borlabs can be found at: https://borlabs.io/privacy

b. Multilingual display via Polylang

To display our website in multiple languages, we use the WordPress plugin “Polylang” from WP SYNTEX, 28 rue Jean Sébastien Bach, 38090 Villefontaine, France. Polylang is a WordPress plugin for providing multilingual content. It enables content, pages, menus and other elements of the website to be displayed in different languages and allows the language selected by the user to be saved. Polylang may store a technically necessary cookie to save the language selected by the user. Personal data is processed only to the extent technically necessary.

Use is based on Article 6(1)(f) of the GDPR and Section 25(2) of the TTDSG. Our legitimate interest lies in the user-friendly multilingual presentation of our online offering.

Further information: Polylang privacy policy

6. Google Analytics

We use the web analytics service Google Analytics 4 (“GA4”) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

GA4 is used to analyse user behaviour on our website, e.g. page views, time spent on the site, geographic origin, devices used, browsers and operating systems. We use the information obtained to improve our online offering, improve the functionality and user experience of our website and to generate statistical analyses.

Data processing takes place solely on the basis of your voluntary consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG, provided that cookies or similar technologies are used. You may withdraw or amend your consent at any time with future effect via our cookie banner.

We have concluded a data processing agreement with Google in accordance with Article 28 of the GDPR. Google states that it generally truncates IP addresses within the EU or the EEA prior to any potential transfer to the USA.

When using Google Analytics 4, personal data may be transferred to Google LLC in the USA or to other Google companies outside the European Economic Area. Google LLC is certified under the EU-US Data Privacy Framework. In addition, the European Commission’s standard contractual clauses provided by Google may be used. Despite these safeguards, it cannot be ruled out that authorities in third countries, in particular US authorities, may access personal data. Furthermore, it may be difficult to enforce your data subject rights in third countries.

You can also prevent data collection by Google Analytics by installing the Google browser add-on: https://tools.google.com/dlpage/gaoptout

6.2 Matomo

We use the Matomo web analytics service on our website to analyze visitor behavior statistically and to continuously improve our online services.

Matomo is an open-source web analytics platform. If we operate Matomo on our own infrastructure, the collected data is processed exclusively on our own servers and is not shared with third parties.

The following information may be processed:

    • anonymized IP address (the last two bytes are removed)
    • pages visited and user interactions (e.g. clicks or scrolling behavior)
    • browser type and browser version
    • operating system used
    • referrer URL (previously visited page)
    • date and time of access
    • screen resolution and language settings

IP addresses are anonymized before storage so that they cannot be linked to individual users.

Depending on the configuration, Matomo may use cookies to recognize your browser. Cookies are stored only with your consent in accordance with Article 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG. You may withdraw your consent at any time through our consent management platform or adjust your cookie preferences.

Alternatively, Matomo can be operated without cookies (cookieless tracking). In this case, no unique identifiers are stored on your device, and statistical analysis is based solely on anonymized data.

Depending on the configuration, data processing is carried out:

    • when cookies are used: on the basis of your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TTDSG;
    • when cookieless tracking is used: on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in the statistical analysis and optimization of our website.

The collected data is deleted as soon as it is no longer required for the purposes for which it was collected.

You may object to the collection and analysis of your usage data at any time or withdraw your consent with effect for the future by using our Matomo opt-out:

6.3 Google Tag Manager

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, on our website.

Google Tag Manager is a management tool that allows website tags to be centrally integrated and controlled. According to Google, no personal user profiles are created via Google Tag Manager itself, nor are any cookies set for analysis or marketing purposes. However, Google Tag Manager may transmit technical information, in particular the IP address, to Google.

Additional services can be integrated via Google Tag Manager, in particular Google Analytics 4. Such services are only activated if you have previously given your consent via our cookie banner, insofar as consent is required.

The legal basis for the use of Google Tag Manager is Article 6(1)(f) of the GDPR. Our legitimate interest lies in the technical administration and efficient integration of website services. Where services requiring consent are loaded via Google Tag Manager, this is done solely on the basis of your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG.

In the context of using Google Tag Manager, personal data may be transferred to Google LLC in the USA or other Google companies outside the European Economic Area. Google LLC is certified under the EU-US Data Privacy Framework. In addition, the European Commission’s Standard Contractual Clauses may be used. Despite these safeguards, it cannot be ruled out that authorities in third countries, in particular US authorities, may access personal data. Furthermore, it may be difficult to enforce your data subject rights in third countries.

Further information can be found at: https://policies.google.com/privacy

6.4 Cloudflare Turnstile

We use Cloudflare Turnstile, a service provided by Cloudflare, Inc., 101 Townsend Street, San Francisco, CA 94107, USA, to protect our website against abusive automated access (e.g. bots).

Cloudflare Turnstile verifies whether actions on our website are performed by a human user. For this purpose, the service processes various technical information, including the IP address, browser and device information, HTTP headers, browser characteristics, the date and time of access, and other technical information required to detect abusive or automated activity. In this context, personal data may also be processed.

The processing is carried out for the purpose of ensuring the security, integrity, and proper operation of our website and to protect it against automated attacks and misuse.

The legal basis for the processing of personal data is Article 6(1)(f) GDPR. Our legitimate interest is to ensure the secure operation of our website and to protect it against abusive automated access.

Where personal data is transferred to the United States in connection with the use of Cloudflare Turnstile, such transfer is based on the European Commission’s adequacy decision pursuant to Article 45 GDPR and, where required, on additional appropriate safeguards.

Further information about Cloudflare’s processing of personal data is available at:
https://www.cloudflare.com/privacypolicy/

7. Social media

We maintain an online presence on social media platforms to provide information about our company and to communicate with users.

Our social media profiles:

website contains links to our social media profiles..A connection to the respective social networks is only established once you actively click on the relevant link. After clicking on the link, personal data, in particular your IP address and technical information about your browser and device, may be transmitted to the respective provider.

If you are logged in to the respective social network, the provider may associate your visit to our social media page with your user account. Furthermore, the providers may process additional personal data, in particular information regarding your usage behaviour, interactions, comments, likes, messages or other activities on the respective platform.

For certain processing operations in connection with our social media presence, we may be jointly responsible with the respective platform operator, in particular when compiling statistics and so-called insights. However, we have only limited influence over any further data processing carried out by the respective platform operators.

Personal data may also be processed outside the European Union or the European Economic Area.. This may give rise to risks; in particular, it may make it more difficult to enforce your data subject rights.

Further information on data processing and your options for objecting can be found in the privacy policies of the respective providers:

We process the content you enter on our social media pages, e.g. comments, images, videos, likes or public messages, only to the extent necessary for communicating with you, presenting our online presence or safeguarding legitimate interests. We reserve the right to delete unlawful or inappropriate content where necessary.

The legal basis for processing is Article 6(1)(f) of the GDPR. Our legitimate interest lies in our public relations work, corporate communications and providing information to prospective customers, customers and business partners.

8. Other tools

8.1 hCaptcha

We use the hCaptcha service provided by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA (“hCaptcha”) on our website.

hCaptcha is used to verify whether entries on our website, e.g. in the contact form, are made by a natural person or by automated programmes (“bots”). This helps us protect our website from misuse, automated spying and spam.

To this end, hCaptcha analyses various technical details and behavioural characteristics of the website visitor. These may include, in particular, the IP address, time spent on the website, mouse movements, browser and operating system information, as well as other technical data. This analysis may begin automatically as soon as a page with active hCaptcha is accessed. The data collected in this process is transmitted to hCaptcha and processed there.

The use of hCaptcha is based on Article 6(1)(f) of the GDPR. Our legitimate interest lies in protecting our website against misuse, spam and automated attacks. Where consent for the use of hCaptcha is obtained via our cookie banner, processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG. You may withdraw your consent at any time with future effect.

The use of hCaptcha may involve the transfer of personal data to Intuition Machines, Inc. in the USA. Intuition Machines, Inc. is certified under the EU-US Data Privacy Framework. In addition, the European Commission’s Standard Contractual Clauses may be used. Despite these safeguards, it cannot be ruled out that authorities in third countries, in particular US authorities, may access personal data. Furthermore, it may be difficult to enforce your data subject rights in third countries.

Further information on hCaptcha and the privacy policy of Intuition Machines, Inc. can be found at: https://www.hcaptcha.com/privacy

8.2. Newsletter (via Brevo)

Electronic Newsletter and Information (via Brevo)
We use Brevo (Brevo SAS, 106 boulevard Haussmann, 75008 Paris, France) as our technical email service provider for sending newsletters and other promotional information, for example to existing customers and prospective business contacts, under a data processing agreement pursuant to Article 28 GDPR. In particular, we process electronic contact details such as name and email address, objection information where applicable, and technical information required for email delivery.

No subscription via our website, double opt-in procedure, or performance tracking through open or click rates takes place. Only the data required for the technical transmission of emails, successful delivery, processing of unsubscribe requests, and compliance with objections is processed.

Personal data is not disclosed to unauthorized third parties. Where service providers are engaged, this is done exclusively in accordance with the applicable data protection laws.

The legal basis for the processing of personal data in connection with the sending of newsletters is Article 6(1)(f) GDPR. Our legitimate interest lies in direct marketing to existing business contacts and in providing information about our own products, services, offers, and company news in the B2B sector. In addition, newsletters sent to existing customers are based on the applicable legal provisions governing direct marketing to existing customers.

Personal data is processed for the purpose of informing customers about our company and our own products, services, offers, and news.

Objection data is processed for the purpose of recording and respecting any objection to receiving future newsletters and ensuring that no further newsletters are sent to the respective data subject. The right to object is governed by Article 21 GDPR.

We retain personal data used for newsletter distribution only for as long as it is necessary to carry out the mailing or until the recipient objects to receiving newsletters.

Following an objection, the relevant data will no longer be used for newsletter distribution. Where necessary, certain information will continue to be stored in a suppression list to ensure that the objection is permanently respected.

Recipients may object to receiving newsletters at any time with effect for the future. Each newsletter contains a corresponding unsubscribe link. Alternatively, recipients may exercise their right to object by contacting us through other available means.

Where the processing is based on Article 6(1)(f) GDPR, data subjects have the right to object, pursuant to Article 21 GDPR, to the processing of their personal data for the purposes of direct marketing. Where personal data is processed for direct marketing purposes, the right to object may be exercised at any time.

Further information on how Brevo processes personal data is available at:
https://www.brevo.com/legal/privacypolicy/

8.3 Technically necessary services/ local integrations

Our website uses various locally integrated JavaScript libraries and fonts (e.g. jQuery, Bootstrap, Owl Carousel, Magnific Popup, Lazysizes and locally hosted web fonts) for display and functionality.

These components are hosted exclusively on our own servers and do not transfer any personal data to third parties.

The processing is carried out on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest lies in ensuring that our website is technically sound and user-friendly.

9. Your rights

a. Right of access, rectification, erasure, restriction of processing, data portability, withdrawal of consent, and right to lodge a complaint

You have the right:

  • To obtain information about the personal data processed by us in accordance with Article 15 of the GDPR. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data where it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, where applicable, meaningful information regarding its details;
  • pursuant to Article 16 of the GDPR, to request the immediate rectification of inaccurate personal data or the completion of your personal data stored by us;
  • pursuant to Article 17 of the GDPR, to request the erasure of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • pursuant to Article 18 of the GDPR, to request the restriction of the processing of your personal data, provided that you contest the accuracy of the data, the processing is unlawful but you oppose its erasure and we no longer require the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Article 21 of the GDPR;
  • in accordance with Article 20 of the GDPR, to receive the personal data you have provided in a structured, commonly used and machine-readable format, or to request that it be transferred to another controller;
  • pursuant to Article 7(3) of the GDPR, to withdraw your consent at any time. This means that we may no longer continue the data processing based on this consent in the future; and
  • pursuant to Article 77 of the GDPR, to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority for your usual place of residence or workplace, or for our branch office.

The competent supervisory authority for our company is:

The State Commissioner for Data Protection and Freedom of Information, Mecklenburg-Western Pomerania

Schwerin Castle
Lennéstraße 1
19053 Schwerin

Telephone: +49 (0) 385 59494-0
Email: info@datenschutz-mv.de

Website: https://www.datenschutz-mv.de/

b. Right to object

  • Where your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) of the GDPR, you have the right, under Article 21 of the GDPR, to object to the processing of your personal data, provided there are grounds for doing so arising from your particular situation or where the objection relates to direct marketing. In the latter case, you have a general right to object, which we will comply with without you needing to specify a particular situation.

If you wish to exercise your right to object, simply send an email to: info@optimal-media.com

10. Data security

During your visit to the website, we use the industry-standard TLS/SSL encryptionin conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether a particular page of our website is being transmitted in encrypted form by the closed key or padlock symbol in the status bar at the bottom of your browser.

Your online application is transmitted in encrypted form in accordance with the latest state of the art.

We also employ appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

11. Validity and amendments to this privacy policy

This privacy policy is currently valid and is dated April 2026

Due to the further development of our website and the services offered on it, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. You can access and print the current version of the privacy policy at any time on the website at https://www.optimal-media.com/en/privacy-policy.

Contact Write to us and we would be happy to advise you.

Do you have any questions, or would you like to speak directly with a representative?

Find your contact now