You are here::

Privacy Statement

General and obligatory information

The data controller under data protection legislation, in particular the EU General Data Protection Regulation (GDPR), is:

Alfred-Kühne-Straße 3
85416 Langenbach

Phone: +49 (0) 8761 7206-0
Fax: +49 (0) 8761 7206-121


Management Board: Helge Schöngarth

The data controller is responsible for deciding alone or together with others about the purposes and means of processing personal data (e.g. names, contact details).

Data protection officer

If you have any questions about data protection, please send us an email or directly contact the person responsible for data protection in our organisation:

Data protection officer at Optimal AG & Co. KG


c/o activeMind AG
Potsdamer Straße 3
80802 Munich

Phone: +49 (0) 89 418 560 170


1.                     Data subject rights

You can exercise the following rights at any time by contacting our data protection officer using the details provided:

·         Withdraw your consent to data processing

Some data processing activities are only possible with your express consent. Once you have consented to data processing, you may withdraw your consent at any time in accordance with Article 7(3) GDPR. A simple email will suffice. The withdrawal of consent will not affect the lawfulness of data processing which took place before consent was withdrawn.

·         Right to lodge a complaint with the competent supervisory authority

As a data subject, you have the right in accordance with Article 77 GDPR to lodge a complaint with the competent supervisory authority in the event of a breach of data protection legislation. The competent supervisory authority for matters relating to data protection is the Bavarian Data Protection Commissioner (Bayerischer Landesbeauftragte für Datenschutz).

The following link takes you to the official website of the Federal Commissioner for Data Protection and Freedom of Information. You can find the required contact details here:

·         Right to data portability

In accordance with Article 20 GDPR, you have the right to receive or have transmitted to a third party the data which we process by automated means on the basis of your consent or on the basis of performing a contract. The data will be provided in a machine-readable format. If you request that the data be transferred directly to another controller, this will only be done where technically feasible.

·         Right of access and right to rectification, erasure and restriction of processing

In accordance with the applicable legal provisions under Article 15 GDPR, you have the right at any time to obtain access free of charge to the personal data concerning you which we have processed. In particular, you can request information about the following: the purposes of the processing; the categories of personal data concerned; the categories of recipient to whom your data has been or will be disclosed; the envisaged duration of storage; the existence of the right to rectification, erasure or restriction of processing or to object to such processing; the existence of the right to lodge a complaint; the source of the data if it was not collected by us; the existence of automated decision-making, including profiling and, if applicable, meaningful information on the details concerning this.

In accordance with Article 16 GDPR, you have the right to request the rectification without undue delay of inaccurate personal data we have stored about you.

Furthermore, pursuant to Article 17 GDPR, you are entitled to request the erasure of the personal data we have stored about you, provided that processing thereof is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

In accordance with Article 18 GDPR, you have the right to request that the processing of your personal data be restricted in any of the following cases: you do not believe the data to be accurate; the processing is unlawful, but you are opposed to the data being erased; we no longer need the personal data, but you require it for the establishment, exercise or defence of legal claims; you have objected to the processing pursuant to Article 21 GDPR.

If you have any questions about your rights or any other matters relating to your personal data, please do not hesitate to contact us using the details provided on the legal notice on our website.


2.                     SSL or TLS encryption

For security reasons and to secure the transmission of confidential information which you send to us in our capacity as the site operator, our website uses SSL or TLS encryption. This prevents third parties from being able to access the data you transfer through our website. A connection is encrypted whenever “https://” or a lock symbol appears in your browser’s address bar.


3.                     Server log files

When you visit our website, information of a general nature is automatically recorded using a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and similar. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the website content you have requested and is mandatory when using the Internet. In particular, they are processed for the following purposes:

·         The page you visited on our domain

·         Date and time of the server request

·         Browser type and browser version

·         Operating system

·         Referrer URL

·         Host name of the computer accessing the website

·         IP address


This data is not merged with data from any other sources. The legal basis for the data processing is Article 6(1)(b) GDPR, as it is within our legitimate interest to improve our website’s stability and functionality. The data is stored for seven days and is automatically deleted after this period.

The provision of the aforementioned personal data is neither required by law nor by contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed.


4.                     Contact form

Data transmitted using our contact form, including your contact details, is stored so that we can process your enquiry and contact you in the event of follow-up questions. This data will not be disclosed to third parties without your consent.

The data entered into the contact form is processed on the basis of a legitimate interest (Article 6(1)(f) GDPR) and for the purpose of initiating, performing or ending a contractual relationship (Article 6(1)(b) GDPR). 

We will store data transmitted via our contact form until you ask us to delete it or you withdraw your consent to its storage or until we no longer need to store it. Mandatory legal provisions, in particular statutory retention periods, will not be affected by this.

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name, your e-mail address and the reason for the request.


5.                     Social media plugins

Our website uses social medial plugins from the providers listed below. These plugins can be identified from the providers’ respective logos.

In certain circumstances, information, which may include personal data, is sent to the service providers through these plugins and possibly used by them. We use a two-click solution to prevent data from being collected and transferred to the service providers without your knowledge or consent. To activate a social media plugin, users first need to click on the button in question. Data can only be collected and transferred to the respective service provider once the plugin has been activated in this way. We do not collect any personal data through the social media plugins or about their use.

We have no influence over which data an activated plugin collects and how this data is used by the provider. At present, we have to assume that a direct connection to the provider’s services is established and at least the user’s IP address and data about their device are collected and used. The service providers may also attempt to store cookies on your device. Please see the providers’ privacy policies for specific information about which data is collected and how it is used. Please note: If you are logged into Facebook at the same time as visiting our website, Facebook may be able to identify which webpages you have visited.

·         Facebook

Our website uses plugins from the social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When you visit a page on our website which includes a Facebook plugin, a connection to Facebook’s servers is established which instructs your browser to display the plugin on that webpage. Information about which of our webpages you have visited is then transferred to Facebook’s server. If you are logged into Facebook at the same time, Facebook will link this information to your personal Facebook account. If you use the plugin’s features (e.g. by clicking the “Like” button or posting a comment), this information will also be linked to your Facebook account. You can only prevent this by logging out of your account before using the plugin. If you do not want Facebook to link the data it collects through our website to your Facebook account, you need to log out of Facebook before visiting our website. Please see Facebook’s Data Policy ( for information about which data Facebook collects, the purposes for which it collects this data, how it processes and uses data, your rights and how you can change your settings to protect your privacy.

·         Instagram

Our website uses functions from the social network Instagram. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the contents of this website to your Instagram profile by clicking the Instagram button. This enables Instagram to assign your visit to this website to your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Instagram. The data are stored and analyzed on the basis of Article 6(1)(f) GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, processing takes place exclusively on the basis of Article 6(1)(a) GDPR; the consent can be revoked at any time. You can find more information on this in Instagram's data protection declaration:

·         Twitter

Our website uses features from the service provider Twitter. These services are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

When you use Twitter and the “Retweet” feature, the websites you visit are linked to your Twitter account and published on your Twitter feed. This results in data being transferred to Twitter. We have no knowledge of which data is transferred or of how Twitter uses this data. Please see Twitter’s Privacy Policy for more information:

·         YouTube

We use YouTube plugins to integrate and display video content on our website. The provider of this video portal is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit a webpage with an integrated YouTube plugin, a connection is made with YouTube’s servers. This provides YouTube with information about which of our webpages you have visited.

If you are logged into your YouTube account, YouTube can link your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.

We use YouTube to make our website more appealing. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

Please see YouTube’s Privacy Policy for more information about the processing of user data:

·         XING

Our website uses features from the network XING, which is provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

When you visit a webpage with integrated features from XING, a connection to XING’s servers is established. As far as we are aware, this does not result in any personal data being stored. XING does not store any IP addresses or analyse your browsing behaviour.

Please see XING’s Privacy Policy for information about data protection and the XING share button:

·         LinkedIn

Our website uses features from the network LinkedIn, which is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

When you visit a webpage with integrated features from LinkedIn, a connection to LinkedIn’s servers is established. This informs LinkedIn of the IP address you have used to visit our webpages. If you click on the LinkedIn “Recommend” button while you are logged into your LinkedIn account, LinkedIn can link your visit to our webpage to you and your user account. As the provider of this website, we do not have any knowledge of which data is transferred or how it is used by LinkedIn.

Please see LinkedIn’s Privacy Policy for more information:


6.                     Cookies

Our website uses cookies. Cookies are small text files which your web browser stores on your end device. They help us to make our website more user-friendly, efficient and secure.

While session cookies are automatically deleted at the end of your browser session, other cookies remain on your end device until you delete them yourself. These cookies help us to identify you if you visit our website again.

Up-to-date web browsers are able to monitor, restrict and block cookies. Many web browsers can be configured to delete cookies automatically when the program is closed. Deactivating cookies may, however, reduce the functionality of our website.

If other cookies are set (e.g. for analysis functions), the legal basis for this processing is your consent, Article 6(1)(f) GDPR. They serve to tailor the offer on a website better to the interests of the visitors or to generally improve them on the basis of statistical evaluations.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via the settings of your browser (see revocation of consent). Please note that individual functions of our website may not work if you have deactivated the use of cookies.

The data may be transferred to technical service providers responsible for operating and maintaining our website as processors contracted by us. We have concluded appropriate processing agreements with these service providers.

We use the following cookies:









Stores the user’s cookie consent status for the current domain.

1 year





Used to send data about the device and the user’s behaviour to Google Analytics. Tracks the user across devices and marketing channels.






Creates a unique ID which is used to generate statistical data about user behaviour on the website.

2 years





Used by Google Analytics to throttle the request rate.

1 day





Creates a unique ID which is used to generate statistical data about user behaviour on the website.

1 day



7.                     Google Analytics

Our website uses features from the web analytics service Google Analytics, which is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses cookies. Cookies are small text files which your web browser stores on your end device and which analyse how you use our website. Information generated by cookies about how you use our website is transferred to and stored on a Google server. This server is generally located in the USA.

Google Analytics cookies are only placed on your device if you consent to this in our cookie banner.

a.       IP anonymisation

We use Google Analytics together with IP anonymisation. In member states of the European Union or in other states party to the Agreement on the European Economic Area, this ensures that Google shortens your IP address before transferring it to the USA. There may be exceptions where Google transfers your full IP address to a server in the USA before shortening it there. Google uses this information on our behalf to analyse how you use our website in order to compile reports about website activities and to provide further services to us relating to the use of our website and the internet. The IP address transferred by Google Analytics is not merged with other data from Google.

b.      Browser plugin

You can prevent cookies from being placed on your device by changing your browser settings. Please note, however, that this may reduce the functionality of some of the features of our website. You can also prevent Google from collecting and processing data about how you use the website (including your IP address). To do this, you need to download and install the browser plugin available at

c.       Preventing the collection of data

You can prevent Google Analytics from collecting your data by clicking on the following link. This will place an opt-out cookie on your device, which will prevent your data from being captured on future visits to our website: Disable Google Analytics.

Please see Google’s Privacy Policy for more information on how Google Analytics processes your data:

d.      Processing agreement

To ensure that we fully meet statutory data protection requirements, we have concluded a processing agreement with Google.

Google processes your data in the USA and is subject to the EU-US Privacy Shield

e.      Google Analytics and demographics

Our website uses the “Demographics” feature provided by Google Analytics. This is used to compile reports containing statements about the age, gender and interests of visitors to our website. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. It is not possible to link the data to specific individuals. You can disable this feature at any time by adjusting the ad settings in your Google account or by preventing data from being captured by Google Analytics in general by following the instructions under “Preventing the collection of data” above.


8.                     Recruitment management

We collect various pieces of personal data during the recruitment process. Personal data includes any information which allows conclusions to be drawn about your personal or factual circumstances or which allows you to be identified. The following data is collected and processed to allow us to process your application automatically:

  • First name, surname, address, email address, date of birth, title, telephone number, country of residence and nationality
  • Additional questions specific to the advertised position (e.g. driving licence)
  • CV, in particular information on professional experience and education
  • Skills and competencies relating to the advertised position
  • Photo
  • Qualifications, awards and language skills
  • Files and documents which you send to us or upload to support your application


When you transfer your application data to us, you automatically consent to the processing of your personal data for the purposes outlined in this Privacy Policy.

When processing your application, we do not require any information which is not permitted to be processed under the German General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz), including data on race, ethnic origin, gender, disability, religion or belief, and age. Please do not send us any information which is irrelevant to the processing of your application in accordance with the General Act on Equal Treatment (e.g. information on medical conditions, pregnancy, membership of a trade union or your sexual orientation).

Furthermore, please do not send us any content which could violate copyright or the rights of third parties under press laws. 

a.       Processing and use of personal data

The data you transfer to us is only collected, processed and used in connection with the processing of your application to OPTIMAL AG & Co. KG.

If you are hired by our company, we will use the information you have transferred to us for administrative purposes relating to payroll, financial accounting and HR management.

Your personal data will only be collected or processed by individuals who are responsible for processing applications. All staff involved in this process have been obligated to treat your data confidentially. In particular, they are not permitted to transfer data to unauthorised parties.

If you submit your application in writing, your personal data will be entered into our applicant management system. Hard copies will be returned to you after your data has been entered into our system.

If you submit your application by email, we will also enter your data into our applicant management system. Your email will then be stored for two weeks, before being automatically deleted at the end of this two-week period.

Please note that emails are not generally encrypted by default. Applicants should therefore take their own steps to encrypt their emails. This is why we recommend either applying online or sending in your application by post.

b.      We process your data for the following purposes and on the following legal basis:

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG):

To fulfil pre-contractual obligations (Article 6(1)(b) in conjunction with Article 88 GDPR and Section 26 BDSG)

We will only use the data you send to us to evaluate your suitability for the role and to get in contact with you.

Processing takes place for the purpose of establishing an employment relationship with you and involves taking steps at your request prior to entering into a contract.

To fulfil contractual obligations (Section 26 BDSG)

Data processing takes place for the purpose of maintaining or terminating an employment relationship on the basis of a contract concluded with you or involves taking steps at your request prior to entering into a contract. If you claim additional benefits (e.g. a childcare subsidy), your data will, wherever necessary, be processed to provide these additional benefits.

After weighing up interests (Article 6(1)(f) GDPR)

If necessary, we will process your data for reasons beyond the performance of a contract if doing so is required for the purposes of our legitimate interests or those of a third party. Examples of such cases include the following:

  • Measures relating to building and system security (e.g. the operation of video cameras, access controls, locking systems)
  • The establishment of legal claims and the provision of a defence in the case of legal disputes

c.       Storage

If we are unable to offer you a position, we will keep your data for a maximum of six months following this decision so that we can answer any questions relating to our decision not to employ you.

Please contact us if you want us to delete your data or if you would like to make a request for information in accordance with Article 15 GDPR. You can reach us on 08761 72060 from Monday to Friday between 8:00am and 4:30pm. If you are calling from outside Germany, please dial 0049 8761 72060. Alternatively, please send an email to or to our data protection officer at


d.      Data security

We place immense value on keeping your personal data secure, which is why we protect it from access by unauthorised parties. We do this using a range of measures, including antivirus software, a firewall and encrypted connections to our applicant management system. We also regularly update our security systems to ensure that they provide protection against the latest threats.

e.      Encryption

You are also welcome to send us your application in an encrypted form. Please send us the password needed to decrypt the file separately or communicate it to us over the phone.


9.                     Changes to our Privacy Policy

We reserve the right to change this Privacy Policy to ensure that it always complies with current legal requirements or to ensure that it takes into account any changes to our services, e.g. if we introduce new services. In such cases, the new Privacy Policy will apply when you next visit our website.