Privacy Policy

General introduction:

We take the protection of your personal data very seriously and want you to feel secure when visiting our website. Our data protection practice follows in particular the requirements of the EU General Data Protection Regulation, the Federal Data Protection Act (BDSG) and the Telecommunications and Telemedia Data Protection Act (TTDSG). At this point we would like to inform you about the nature, scope and purpose of the processing of your personal data. We would like to point out in advance that this data protection declaration only refers to our websites and does not apply to third-party websites to which we refer in the form of links. 

Subject of protection: 

The object of protection is personal data. This is any information relating to an identified or identifiable natural person (hereinafter “data subject”). This includes, in particular, information that allows conclusions to be drawn about your identity (e.g. information such as name, postal address, e-mail address and telephone number).

Technical requirements:

In order for you to establish a connection to our website, your browser transmits certain data to our website’s web server. This is a technical necessity so that the information you have called up can be made available by the website. To make this possible, your IP address, the date and time of your request and the type of operating system you are using are stored and used for a maximum of 7 days. We reserve the right to store this data for a limited period of time to protect our legitimate interests, in order to be able to derive personal data in the event of unauthorised access or an attempt to intentionally harm us via this route (Art. 6 para. 1 f GDPR). The data will only be stored or forwarded by us for these purposes and for no other purpose without us informing you in advance and asking for your permission.

Further general information:

Changes to this privacy policy

We review this Privacy Policy at regular intervals to ensure that it complies with legal requirements, case law, the statements of the supervisory authorities and to align it with emerging trends and developments in technical standards. In this respect, we reserve the right to make changes to the data protection declaration in order to adapt it to new legal provisions on data protection and other changes in the factual or legal situation. Therefore, please always inform yourself at the beginning of the use of our website about the data protection declaration valid at that time.

Who is responsible for data processing? (Art. 13 para.. 1 a, b GDPR) 

Swash Group GmbH is responsible for data processing on our website. You can find the contact details in the imprint at

You can reach our data protection officer at:

Swash Group GmbH
To the data protection officer

Heisenbergstr. 19a
50169 Kerpen

Who receives your personal data? (Art. 13 para. 1 e, f GDPR)

We treat your personal data confidentially and do not pass it on to third parties unless you have given your consent, the provision is based on a legal or contractual obligation, or the transfer is necessary to carry out pre-contractual measures or to fulfil a contract. In individual cases, we commission processors (e.g. IT service providers) to process your personal data. This is done in accordance with Art. 28 GDPR and on the basis of an order processing contract.

How long is the data stored?  (Art. 13 para. 2 a GDPR)

The legislator has enacted a variety of storage obligations and periods.

In principle, we only store your data for as long as it is legally required.

After these periods have expired, the corresponding data is routinely deleted if it is no longer required for the fulfilment of the contract. We store data that we process on the basis of your consent until you revoke it or for as long as the data is required. We store data that we process on the basis of a legitimate interest for as long as the legitimate interest exists.

Commercial or financial data from a completed financial year will be deleted in accordance with legal regulations after a further ten years, unless longer retention periods are prescribed or required for legitimate reasons. If data is not subject to specific retention periods, it will be deleted when the purposes for which it was processed cease to apply.

For what purposes and on what legal basis do we process your personal data? (Art. 13 para. 1 c, d GDPR)

We have already explained the purposes and legal bases for data processing. In addition, the following generally applies: Where necessary, we process your data to protect the legitimate interests of us or third parties pursuant to Art. 6 (1f) GDPR, for example, for the assertion of legal claims and defence in legal disputes or for ensuring IT operations and security. 

If we have a legitimate interest or have received written consent from you to process your personal data, we will process your data for external communication and marketing purposes based on Art. 6 para. 1 a or f GDPR. You have the right to revoke your consent at any time. 

For the fulfilment of legal requirements, we may or must, if necessary, process your data and pass it on to third parties (pursuant to Art. 6 para. 1c). 

We do not use your data in any way for automated decision-making or profiling.

We also use cookies to provide you with an improved service when using our website and to make it easier for you to use this website (Art. 6 para. 1 f GDPR). 

What rights and obligations do you have?  (Art. 13 para. 2 b, c, d, e GDPR)

Every data subject has the following rights:

  • Acc. Art. 15 GDPR you have the right to information. This means that you can request confirmation from us as to whether personal data relating to you is being processed by us.
  • Acc. Art. 16 GDPRyou have the right to rectification. This means that you can demand that we correct any inaccurate personal data relating to you.
  • Acc. Art. 17 GDPR you have the right to erasure (“right to be forgotten”). This means that you can demand that we delete personal data relating to you without delay – unless we cannot delete your data because, for example, we have to comply with statutory retention obligations. 
  • Acc. Art. 18 GDPR you have the right to restriction of processing. This means that we are practically no longer allowed to process your personal data – apart from storing it.
  • Acc. Art. 20 GDPR you have the right to data portability. This means that you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
  • Acc. Art. 7 Abs.3 GDPR you have the right to revoke your consent for the future at any time.  
  • Acc. Art. 77 GDPR you have the right to lodge a complaint with the competent supervisory authority.  

In addition, you have the right to object, which we explain in more detail at the end of this data protection information.

If you wish to exercise your rights, please contact the Data Protection Officer (see above for contact details).

Competent supervisory authority

Landesbeauftragte für Datenschutz


Address: Kavalleriestr. 2-4, 40213 Düsseldorf

Postal address: Postfach 200444, 40102 Düsseldorf 

Tel.: +49 (0) 211 38424 -0

E-Mail address: