We thank you for visiting our website and for your interest in our company and our products.
As the operator of this website, we take the protection of your personal data very seriously. We handle your personal data confidentially and in accordance with the statutory data protection regulations and this data privacy statement.
When you visit this website, various personal data is collected. Personal data is data that can be used to identify you personally. This data privacy statement explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
1 Who we are and how you can contact us
2 General information
3 Information on the transfer of personal data to third countries
4 Which of your data is processed when you visit our website
5 Your rights
6 Changes to our data privacy statement
1 Who we are and how you can contact us
Provider and responsible office as defined in the Data Protection Act
VITLAB GmbH
Linus-Pauling-Str. 1
63762 Großostheim
Telefon: +49 6026 977 990
www.vitlab.com
Please send general inquiries about data protection, such as the enforcement of data subject rights, to the following email address, which will redirect your inquiry to the data protection officer and our data protection team:
Confidential data protection inquiries can be sent to our data protection officer by telephone, regular mail, or email:
Ronald Baranowski
SIX DATENSCHUTZ GmbH
Marktplatz 6
61118 Bad Vilbel, Germany
Phone: +49 6101 982 9422
rb@six-datenschutz.de (for confidential inquiries)
This data privacy statement applies to the following offers:
our website, available in particular at www.vitlab.com
whenever reference is made to this data privacy statement from one of our offers (e.g. websites, subdomains, mobile applications, web services, or integrations into third-party sites), regardless of how you access or use it.
All of these offers are also referred to collectively as “services”.
Our website sometimes includes content and services from other providers. In order for this data to be accessed and displayed in the user’s browser, the transmission of the IP address is mandatory. The providers (hereinafter referred to as “third-party providers”) therefore perceive the IP address of the respective user.
Even if we endeavor to only use third-party providers who only need the IP address to be able to deliver content, we have no influence on whether the IP address may be stored for statistical purposes, among other things. Insofar as we are aware that the IP address is being stored, we will inform our users of this.
Your data will not be transferred to unauthorized third parties. Insofar as external service providers receive your personal data, we have ensured that they implement appropriate technical and organizational measures and that they comply with the applicable data protection regulations and laws.
We store personal data in accordance with the principles of data avoidance and data minimization and only for as long as is necessary or prescribed by law (statutory retention period). If the purpose of the data collected no longer applies or the storage period ends, we block or delete the data.
If we transfer data to third countries, i.e. countries outside the European Union, the transfer takes place exclusively in compliance with the legally regulated admissibility requirements.
If the transfer of data to a third country does not serve to fulfill our contract with you, we do not have your consent, the transfer is not necessary for the assertion, exercise or defense of legal claims and no other exception under Art. 49 of the General Data Protection Regulation (GDPR) applies, we will only transfer your data to a third country if an adequacy decision pursuant to Art. 45 GDPR or suitable guarantees pursuant to Art. 46 GDPR exist.
An adequate level of data protection in the USA was last stated by the adequacy decision “Data Privacy Framework (DPF)” adopted in July 2023. US companies must be certified in order to be listed in it. You can find the adequacy decision here: commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.
Alternatively or additionally, the EU standard data protection clauses issued by the European Commission create suitable guarantees with the recipient body in accordance with Art. 46 para. 2(c) GDPR and an adequate level of data protection. Copies of the EU standard data protection clauses are available on the European Commission’s website, available here.
We have agreed EU standard data protection clauses with providers in third countries and in some cases data processing on servers in Germany and the EU. Timely deletion of data reduces the risk of unauthorized access.
In the following, we inform you for what purpose, in what way, and to what extent your personal data may be processed when you visit our website.
If you use the website purely for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis for this is Art. 6 para. 1 sentence 1(f) GDPR, legitimate interest):
IP address, host name, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates (referrer), the specific pages of our website that you have accessed, browser: type, version, and set language, operating system: type and version
If JavaScript is activated, also the screen resolution, color depth, size of the browser window, installed browser plugins.
This website uses “cookies”. These are text files that are stored on your computer by the server. They may contain information about the browser, IP address, operating system, and internet connection. We do not pass this data on to third parties or link it to personal data without your consent.
Cookies fulfill two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or launch programs.
Users have the option of accessing our website without cookies. To do this, the corresponding settings must be changed in the browser. Please use the help function of your browser to find out how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit the ease of use.
The websites www.aboutads.info/choices/ (USA) and www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage interest-based advertising.
4.2.1 Use of essential cookies
Essential cookies do not require your consent and are processed by us in accordance with Art. 6 para. 1(f) GDPR. Our legitimate interest here is the smooth and optimal use and presentation of our website.
4.2.2 Consent to cookies / consent required for the use of services by third-party providers
On our website, we use the cookie consent tool “Cookiebot” from Usercentrics A/S, Danneskiold-Samsøes Allé 41, 1434 Copenhagen, Denmark. The purpose of this processing is to obtain your consent for the technically unnecessary cookies used on our website and to document them in accordance with applicable data protection regulations and laws.
When you visit our website, a cookie is stored in your browser in which the consents you have given or the revocation of these consents are documented.
The legal basis for this data processing is Art. 6 para. 1(c) GDPR – legal obligation, which consists in the fact that consent must be obtained for technically unnecessary cookies before they are used in accordance with the ECJ ruling of October 1, 2019, AZ C-673/17.
The data collected will be stored until you ask us to delete it or delete the cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Further details on data processing by the provider can be found here.
4.2.3 Web analytics service Google Analytics
We only use the Google Analytics service, a web analysis service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (belonging to Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”), once you have given your consent.
Google Analytics uses “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed.
The information generated by the cookie about your use of this website, such as the browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address), and time of the server request, is usually transmitted to a Google server in the USA and stored there.
However, we only use Google Analytics if IP anonymization is activated, i.e. your IP address will be previously abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide us with other services relating to website and internet use.
The IP address transmitted by your browser within the context of Google Analytics is not merged with other Google data.
You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this, you might not be able to use the full functionality of this website.
This analysis tool is used on the basis of Art. 6 para. 1(f) GDPR. The website operator has a legitimate interest in the anonymized analysis of user behavior, in order to optimize its web content and its advertising.
If a corresponding consent has been requested (e.g. consent to store cookies), processing takes place on the basis of Art. 6 para. 1(a) GDPR; consent can be revoked at any time.
The data will be deleted as soon as it is no longer needed for our recording purposes. This is the case after 14 month.
For more information about Google’s terms of use and privacy, please visit
https://marketingplatform.google.com/about/analytics/terms/de/ or https://policies.google.com/?hl=de&gl=de.
Google Analytics Version 4.0
We also use Google Analytics Version 4.0 from Google Ireland Ltd (see above). In doing so, Google processes personal user data insofar as you have not previously objected to this use in your Google account. In this case, Google creates user profiles based on various data, including that of Google Signals, which collects and analyzes cross-device tracking data. Google can use this information to evaluate, for example, whether users first came across our website and how this was done – for example via an advertisement – or whether further interactions followed after the website visit – e.g. the installation of an app or purchases. We only receive statistical, anonymized information from Google in order to optimize our websites and our offer.
You can find more information about Google’s data protection here: https://policies.google.com/privacy?hl=de&gl=de
4.2.4 Google Marketing Platform (formerly DoubleClick by Google)/Campaign Manager
This website uses the online marketing tool Campaign Manager from Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (part of Google Inc., headquartered at 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA, “Google”).
Campaign Manager uses cookies to display ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are displayed in which browser and can thus prevent them from being displayed more than once. In addition, Campaign Manager can use cookie IDs to record “conversions” that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser’s website with the same browser and makes a purchase there. According to Google, Campaign Manager cookies do not contain any personal information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google’s server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: By integrating Campaign Manager, Google receives the information that you have called up the corresponding part of our website or clicked on an advertisement from us. Insofar as you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider will find out your IP address and store it.
The processing is carried out with your consent in accordance with Art. 6 para. 1(a) GDPR. You can revoke your consent at any time in the cookie settings.
In addition, you can prevent participation in this tracking process in various ways:
In addition, you can prevent Google from collecting the data generated by the cookies about your use of the websites and the processing of this data by Google by downloading and installing the browser plug-in available at https://support.google.com/adsense/answer/142293?hl=de under “Display settings”, “Campaign Manager deactivation extension”.
The data sent by us and linked to cookies is automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
Further information on the Google Marketing Platform can be found at https://marketingplatform.google.com/about and on data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at www.networkadvertising.org.
4.2.5 Friendly Captcha
We use Friendly Captcha on our websites. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee (hereinafter referred to as "Friendly Captcha").
We use Friendly Captcha to protect our website and online services from spam and misuse and to check whether data entries on our websites (e.g. in a contact form) are made by a human or by an automated program. For this purpose, Friendly Captcha presents the user's browser with a calculation task that is solved by the user's device in the background. The solution to the calculation task together with connection and interaction data transmitted by the user's browser are analyzed by Friendly Captcha to determine whether it is a human user or a bot.
The analyses run completely in the background. Website visitors are not informed that an analysis is taking place. Friendly Captcha does not use the data obtained to identify individuals or for marketing purposes, but only to identify and deal with possible threats to our website. Data that can identify users (such as IP addresses) is anonymized using one-way hashing.
Data processing is carried out on the basis of Art. 6 para. 1 lit. f) GDPR to ensure the security and functionality of our website.
Further information about Friendly Captcha and how it handles your data can be found here.
4.2.6 Social media
We maintain publicly accessible profiles in social networks, to which we provide links on our website.
As a rule, social networks comprehensively analyze your user behavior when you visit their websites. Visiting social media sites therefore triggers a number of data protection-related processing operations over which we have no influence.
If you are logged into your social media account and visit a social media platform, the operator of the social network can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social network. In this case, data is collected, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data thus collected, the operators of the social networks can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you within and outside the respective social networks. Insofar as you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all of the social networks’ processing operations. Depending on the provider, further processing operations may therefore be carried out. For details, please refer to the terms of use and privacy policy of the respective social network (see below). Please note that when using the following services, personal data may be transferred outside the European Union. Further information can be found under item 3 of this data privacy statement.
The specific social network:
We have a profile on LinkedIn. The provider is LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland)
For details on how they handle your personal data, please refer to LinkedIn’s data privacy statement:
www.linkedin.com/legal/privacy-policy
4.3.1 Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. The disclosure of your data is completely voluntary.
This data is processed on the basis of Art. 6 para. 1 lit. b) GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the request addressed to us (Art. 6 para. 1 lit. f) GDPR). You can object to the processing of your data at any time. The legality of the data processing operations carried out up to the point of objection remains unaffected by the revocation. Your data will remain with us until you ask us to delete it, object to the processing or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular retention periods - remain unaffected.
Data will not be passed on to unauthorized third parties. The data collected in this way is also not compared with data that may be collected by other components of our website. The services offered can - as far as technically possible and reasonable - also be used without providing this data or by providing anonymized data or a pseudonym.
If your request originates from a country in which we do not have our own sales organization, your data may be forwarded to the responsible local sales partner. This may constitute a transfer of data to a third country outside the EU, where a different level of data protection may apply. An overview of our local sales partners can be found on our contact page.
4.3.2 Video conferences and telephony
To conduct virtual appointments, online meetings, and video conferences, we use the Webex service provided by Cisco Systems, Inc., 170 West Tasman Dr., San Jose, CA 95134, USA.
Depending on usage, the following data in particular is processed: name, email address, meeting metadata (e.g., topic, time, duration), communication content (audio/video/chat), and technically necessary connection data (e.g., IP address). Audio and video functions are disabled by default and can be activated by the user as needed. Meetings are generally not recorded. If we intend to record conversations, you will be transparently informed in advance and asked for your consent.
Data processing is carried out pursuant to Art. 6(1)(b) GDPR insofar as the video conference is conducted in the context of (pre-)contractual obligations, and otherwise on the basis of Art. 6(1)(f) GDPR due to our legitimate interest in efficient communication.
For the use of Webex, we have concluded a contractual agreement with Cisco pursuant to Art. 28 GDPR and additionally the EU Standard Contractual Clauses. Your data is generally processed within the EU. Depending on the configuration, processing in third countries cannot be ruled out. The information on transfers to third countries (section 3) applies.
Meeting-related data is stored only as long as required for conducting and following up on the meeting, provided no statutory retention obligations prevent deletion.
Further information on Webex and privacy can be found here: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
4.3.3 Newsletter dispatch and tracking
If you register for our newsletter, we will use the data you enter exclusively for this purpose or to inform you of circumstances relevant to this service or registration. We do not pass this data on to unauthorized third parties.
A valid email address is required in order to receive the newsletter. We also store the IP address you use to register for the newsletter and the date on which you order the newsletter. This data serves as proof in the event of misuse if a third-party email address is registered for the newsletter. In addition, to ensure that an email address is not misused by third parties in our mailing list, we work with the “double opt-in” procedure in accordance with legal requirements. As part of this process, the newsletter order, the sending of the confirmation email, and the receipt of the registration confirmation are recorded. The legal basis for this is your consent in accordance with Art. 6 para. 1(a) GDPR.
You have the option to revoke your consent to the storage of your data, your email address, and its use for sending the newsletter at any time. We provide you with a link to revoke your consent in every newsletter and on the website. You also have the option of informing us of your wish to withdraw your consent via the contact options listed in this document.
4.3.4 Guest Wi-Fi
Guests of our company have the option to use internet access in our business premises via a separate guest Wi Fi. Access is provided via a captive portal (login page).
Processing is carried out to provide Wi Fi access, to ensure network and information security (e.g., error/fault analysis, detection of misuse and attacks), and to prevent or investigate legal violations.
In particular, device and connection data is processed (e.g., internal IP address, time of connection setup/termination, access point/location area used), as well as technical and log data (e.g., technical log files, data volume; where applicable destination IP/domain) and documentation of consent to the terms of use in the captive portal.
Processing is necessary for the performance of a contract (provision of internet access via the guest Wi Fi) pursuant to Art. 6(1)(b) GDPR. The contract is concluded by logging into the guest Wi Fi.
To ensure proper operation and information security, it may be necessary to transmit your personal data to our service providers (IT providers).
Your data will be disclosed or transmitted only insofar as this is necessary for contract processing, we are legally obliged to do so, or you have given your consent to the data transfer in advance. No transfer to a third country takes place.
The data processed when using the guest Wi Fi is stored for up to 90 days after the last use and then automatically deleted.
4.3.5 Data protection for applications and in the application process
The controller collects and processes the personal data of applicants for the purpose of handling the application process and for the decision on the establishment of an employment relationship. This is carried out on the basis of Art. 88 para. 1 GDPR in conjunction with Section 26 of the Federal Data Protection Act (BDSG) and Art. 6 para. 1(b) GDPR – pre-contractual measures. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by email or via a web form on the website. Your data will only be forwarded to the relevant departments responsible for the application process.
If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.
If the controller does not conclude an employment contract with the applicant, the application documents will be stored for the duration of the application process and for a further six months and then deleted, insofar as deletion does not conflict with any contractual, legal, or other legitimate interests of the controller. Other legitimate interest in this sense might include, for example, a burden of proof in defense in proceedings under the General Equal Treatment Act (AGG).
The office responsible for all data arising in connection with the application process is BRAND INTERNATIONAL GMBH (BRAND INTERNATIONAL). BRAND INTERNATIONAL carries out all tasks for BRAND GMBH + CO KG, VACUUBRAND GMBH + CO KG and VITLAB GmbH which concern the services of a personnel department (e.g. personnel recruitment, personnel development and personnel administration).
Information, blocking, deletion, and correction
Within the limits of the applicable legal provisions, you have the right at any time to obtain free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectify, block or delete this data. You can contact us or our data protection officer at any time at the address given in the legal notice if you have further questions on the subject of personal data.
Revoking your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time with effect for the future. All you need to do is send us an informal message by email. The legality of data processing that has already been carried out remains unaffected.
Right to object to data collection and direct advertising (Art. 21 GDPR)
If data processing is based on Art. 6 para. 1(a) or (f) GDPR (consent or legitimate interest), you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data privacy statement. If you file an objection, we will no longer process your personal data unless we can prove compelling reasons that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 para. 1 GDPR).
If you are a customer of ours, your data may also be used for direct advertising if it concerns the same or similar topics in connection with the services commissioned by you. If your personal data is processed for the purpose of direct advertising, you have the right at any time to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is in connection with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).
Right of complaint to the competent supervisory authority
In the event of infringements of the GDPR, those involved have the right to appeal to a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place where the suspected infringement was committed. The right of appeal is without prejudice to other administrative or judicial remedies.
The supervisory authority responsible for us is:
Der Bayerische Landesbeauftragte für den Datenschutz
Postfach 22 12 19
80502 München
T: +49 89 212672 0
E: poststelle(at)datenschutz-bayern.de
Right to data portability
You have the right to have data, which we process automatically on the basis of your consent or in fulfillment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only take place if this is technically feasible.
Right to limitation of processing
You have the right to request limited processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to limitation of processing exists in the following cases:
If you dispute the correctness of your personal data stored by us, we normally need time to review this. For the duration of the review process, you have the right to request limited processing of your personal data.
If your personal data was/is being processed unlawfully, you can request limited processing of your data instead of having the data deleted.
When we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request limited processing of your personal data instead of having the data deleted.
If you file an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request limited processing of your personal data.
When the processing of your personal data is limited, this data – apart from its storage – may only be processed with your consent, or in order to assert, exercise or defend legal claims, or to protect the rights of another natural person or legal entity, or for reasons of substantial public interest of the European Union or a member state.
We reserve the right to make changes at any time to ensure that our data privacy statements always comply with the current legal requirements. This also applies in the event that the data privacy statement has to be adapted due to new or revised services, for example new services. The new data privacy statements will then apply the next time you visit our website.
This data privacy statement is valid as of May 2026.