Data Privacy

1. Introduction:

We appreciate your interest in our website. The protection of your personal data is very important to us. Below you will find information on the handling of your data, that is recorded during your visit of our website. Your data is processed in accordance with the legal regulations on data protection.

2. Responsible body according to data protection regulations:

Frontastic GmbH Eichenaue 14, 48157 Münster

Contact of our ‘Data Privacy Officer’:
Bitkom Servicegesellschaft mbH, Albrechtstr. 11, 10117 Berlin /

3. Definitions

Our privacy policy aims to be simple and understandable for everyone. The official terms of the General Data Protection Regulation (GDPR) are generally used in this data protection declaration. You can read the official definitions in Art. 4 GDPR.

4. Data processing during your visit on this website

For technical reasons, Frontastic processes a limited number of data for every access to the website (so-called connection data). These data are technically required in order to establish and execute a connection between your end device and our servers. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. In doing so, the following data or data categories can be collected:

  • Name of the website or file accessed
  • Date and time of access
  • Volume of data transferred
  • Access status (file transferred, file not found)
  • Browser type and version
  • The user’s operating system
  • Referrer URL (the website visited previously)
  • IP address.

After the connection has ended, these data are erased or made anonymous and shall therefore not be used to generate user profiles.

Personal data will only be stored for as long as is necessary to fulfill the purposes mentioned in this declaration, or as long as retention periods stipulated by law oblige Frontastic to store the respective data. After the respective purpose ceases to exist or after the retention periods have expired, the data will be deleted in accordance with the statutory provisions. Frontastic also puts a great emphasis on the legally required, technical and organizational measures to protect personal data from loss, destruction, manipulation and unauthorized access.

5. Cookies

Our website uses cookies that are stored on your device by the browser and that contain certain settings for using the website (e.g. for the current session). Cookies are used to make the website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted when the browser is closed. Other cookies remain on your device until you delete them or the storage period expires. These cookies enable us to recognize your browser the next time you visit. Cookies also help to simplify website processes by saving settings (e.g. keeping options that have already been selected). If personal data is also processed by specific cookies implemented by us, the processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to bring into effect a contract or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the page visit.

6. Analytics – & Advertising Tools

6.1. Google Analytics
For the needs-based design of our website, we create pseudonymous user profiles with the aid of Google Analytics. Google Analytics uses cookies, text files stored on your computer that enable analysis of your use of the website. Normally, the information generated by the cookie about your use of this website is transmitted to a Google server in the United States and stored there. Since we have activated IP anonymization on this website, your IP address will however be abbreviated beforehand within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address conveyed to a Google server in the United States and only abbreviated there. Google uses this information to evaluate your use of our website for us, to compile reports on the activities of website operators and to provide us with other services in conjunction with the use of websites and the Internet. The processing is carried out on the basis of Sections 13 (1) and 15 (3) TMG [the German law pertaining to telemedia]. If you have given us your consent pursuant to Art. 6 para. 1 sentence 1 lit. a DSGVO, processing on this website will be for the purpose of website analysis. You may object to the creation of user profiles using a pseudonym at any time.

6.2. Google Tag Manager
This website uses the Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through one interface. The tool itself (which implements the tags) is a cookie-free domain and does not collect any personal data. The tool triggers other tags, which may collect data. Google Tag Manager does not access this data. If a deactivation has been carried out at the domain or cookie level, this deactivation remains in place for all tracking tags that are implemented with Google Tag Manager.

6.3. Google Ads
6.3.1. Google Ads Conversion
We use the services of Google Ads to draw attention to our attractive offers with the help of advertising materials (so-called Google Ads) on external websites. We can determine in relation to the data of the advertising campaigns how successful the individual advertising measures are. We are interested in showing you advertisements that are of interest to you, to make our website more interesting for you and to achieve a fair calculation of advertising costs.

The advertising materials are delivered by Google via so-called “Ad Servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as the insertion of ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads stores a cookie on your device. These cookies usually expire after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (mark that the user no longer wishes to be addressed) are usually stored as analysis values.

These cookies enable Google to recognize your Internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their device has not expired, Google and the customer can recognize that the user has clicked on the ad and has been redirected to this page. Each Ads customer is assigned a different cookie. Cookies cannot therefore be traced via the websites of Ads customers. We do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations we can recognize which of the used advertising measures are particularly effective. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically starts a direct connection to the Google server. We have no influence on the extent and the further use of the data which are raised by the use of this tool by Google and inform you therefore according to our knowledge: By the integration of Ads conversion Google receives the information that you called the appropriate part of our Internet appearance or clicked an announcement of us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the providers may obtain and store your IP address.

6.3.2. Google Ads Remarketing
We use the remarketing function within the Google Ads service. The remarketing function allows us to present to users of our website advertisements based on their interests on other websites within the Google advertising network (in Google search or on YouTube, so-called “Google ads” or on other websites). For this purpose, the interaction of users on our website is analyzed, e.g. which offers the user was interested in, in order to be able to display targeted advertising to users even after visiting our website on other pages. To do this, Google stores cookies in the browsers of users who visit certain Google services or websites in the Google Display Network. This cookie is used to record the visits of these users. The number is used to uniquely identify a web browser on a particular device.

You can prevent participation in this tracking process in a number of ways: a) by adjusting your browser software accordingly, in particular by suppressing third-party cookies; b) by installing the plug-in provided by Google under the following link: https:/ ; c) by deactivating the interest-based ads of the providers that are part of the self-regulation campaign “About Ads” via the link, whereby this setting is deleted if you delete your cookies; d) by permanently deactivating it in your Firefox, Internet Explorer or Google Chrome browsers under the link http:/, e) by means of the respective cookie setting. We would like to point out that in this case you may not be able to use all functions of this offer to their full extent.

Cookie lifetime: up to 180 days (this applies only for cookies which have been set by this website).

Legal basis: Art. 6 (1) a GDPR (consent)

For more information on the purpose and scope of data collection and processing by Google, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:; Google has submitted itself to the EU-US Privacy Shield, Alternatively, you will also find more information on the website of the Network Advertising Initiative (NAI) at

6.4. Google Optimize
Our website uses the web analysis and optimization service “Google Optimize”, also a service of Google (see also section 6.1.). We use the Google Optimize service to increase the attractiveness, content and functionality of our website by playing new functions and content to a percentage of our users and statistically evaluating the change in usage. Google Optimize is a sub-service of Google Analytics (see subsection 6.1. on Google Analytics).

Google Optimize uses cookies that allow us to optimize and analyze your use of our website. The information generated by these cookies about your use of our website is usually transferred to a Google server in the USA and stored there. You can find out more about this in the section of this privacy policy on Google Analytics.

The legal basis for the data processing is the same as the description in 6.1. because Google Optimize is a sub-service of Google Analytics.

6.5. Hotjar
This website uses Hotjar, an analysis software of Hotjar Ltd. (“Hotjar”) ( , 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). With Hotjar it is possible to measure and evaluate the usage behavior on the Websites in the form of clicks, mouse movements, scroll heights, etc. The information generated by the tracking code and the cookie is transmitted to and stored by the Hotjar servers in Ireland.

The following information is collected:

The IP address of your device (IP addresses of visitors are always anonymized before being stored)

  • Your e-mail address including your name and surname, if you have made it available to us through our website
  • Screen size of your device
  • Device type and browser information
  • Geographic point of view (only the country)
  • The preferred language to use on the Websites

Hotjar will use this information to evaluate your use of the Websites, to generate reports, as well as other services related to use of the Websites and internet evaluation of the Websites. Hotjar also uses third-party services such as Google Analytics and Optimizely to provide services. If an IP address is identified, the respective processing is carried out in accordance with Art. 6 para. 1 letter a DSGVO on the basis of the consent given by you for the purpose of statistical analysis of user behaviour for optimisation and marketing purposes.

These third parties may store information that your browser sends during your visit to the Websites, such as cookies or IP requests. For more information on how to store and use Google Analytics and Optimizely data, please refer to their respective privacy policies – and

The cookies that Hotjar uses have a different “lifespan”; some stay up to 365 days, some remain valid only during the current visit.

You can prevent the collection of data by Hotjar by clicking on the following link and follow the instructions there: .

7. Newsletter

On our website as well as in the web applications offered by us, you have the option to subscribe to our newsletter at various places. The newsletter informs of current commercetools events, new products and new clients and partners. You can find the data required to subscribe as well as other details in the subscription form linked in the data privacy statement. You can revoke the consent to the newsletter at any time and without stating reasons with effect for the future. Please send your objections to the responsible body mentioned in Section 1 or use the unsubscribe function in the newsletter email. If you revoke your consent, you will no longer receive any newsletters from us in future. Frontastic’s Newsletter-Service runs on Mailchimp.

8. Contacting us

When contacting us (e.g. via contact form, e-mail, telephone or via social media), the data of the inquiring persons will be processed to the extent necessary to answer the contact inquiries and any requested measures.

The answering of contact inquiries within the scope of contractual or pre-contractual relations is carried out in order to fulfil our contractual obligations or to answer (pre)contractual inquiries and otherwise on the basis of the legitimate interest in answering the inquiries.

In the course of the processing of the contact request and other forms of contact (e.g. whitepaper mailing, etc.) personal data may be processed in different software. More information:

9. Youtube-Videos

We have integrated YouTube videos into our website, which are stored on and can be played directly from our website. These are all integrated in the “extended data protection mode”, i.e. no data about you as a user will be transmitted to YouTube, if you do not click on the videos to start playing them. Only when you play the videos the data referred to in the next paragraph will be transferred to YouTube. We have no influence on this data transfer.

By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data specified in Section 2 of this privacy policy will be transmitted. This is independent of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right.

For more information on the purpose and scope of data collection and processing by YouTube, please refer to the privacy policy. There you will also find further information about your rights and setting options to protect your privacy:; Google has submitted itself to the EU-US Privacy Shield,

10. Zapier

Zur Integration unterschiedlicher Datenbanken und Tools nutzen wir Zapier, einen Dienst der Zapier Inc., 548 Market St #62411, San Francisco, California 94104, USA. Dabei können Kundendaten übermittelt werden. Weitere Informationen zum Datenschutz bei Zapier finden Sie unter

11. Social Media Plug-Ins

Social plug-ins (“plug-ins”) of social networks are used on our websites, in particular the “Share” or “Share with friends” button of Facebook, whose website is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland, is responsible for in Europe. The plug-ins are usually marked with a Facebook logo.

Besides Facebook, we use plug-ins from “Twitter” (Provider: Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103) and „LinkedIn” (Provider: operated by LinkedIn Corporation, Sunnyvale (HQ), CA. 1000 W Maude Ave. and in Europa operated by: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.)

For data protection reasons, we have deliberately decided against utilising direct plug-ins of social networks on our websites. Instead, we use the “Shariff” solution. With the aid of Shariff, we can determine for ourselves when and whether data is transmitted to the operator of the respective social network. For this reason, there is no automatic data transmission to social networks such as Facebook, Twitter or Pinterest once you access our website. Data will be transmitted to social networks only if you actively click on the respective social network button. In this case, your web browser starts a connection to the respective social network’s servers. By clicking on the respective button (e.g. “Pass on”, “Share” or “Share with friends”) you agree that your browser will produce a link to the respective social network’s servers and transmit usage data to the respective operator of the social network and vice versa. We have no influence upon the nature and extent of the data that is then gathered by the social networks.

The social network providers stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (also for not logged in users) for the representation of demand-fair advertisement and in order to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in providers to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user.

The data is transferred regardless of whether you have an account with the plug-in providers and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in providers also stores this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this way you can avoid being assigned to your profile with the plug-in provider.

For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the data protection declarations of these providers as notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy.

a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; more information on the data collection: as well as Facebook has submitted itself to the EU-US Privacy Shield,

b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; Twitter has submitted itself to the EU-US Privacy Shield,

c) LinkedIn Corporation, Sunnyvale (HQ), CA. 1000 W Maude Ave., USA; LinkedIn has submitted itself to the EU-US Privacy Shield,

12. Your rights

Following you can find an overview of the rights the current data protection legislation grants you towards the responsible body with regard to the processing of personal data:

Right for Information – Art. 15 GDPR und § 57 BDSG-neu

Correction – Art. 16 GDPR und § 58 Abs. 1 BDSG-neu

Deletion – Art. 17 GDPR und § 58 Abs. 2 BDSG-neu

Restriction of processing – Art. 18 GDPR und § 58 Abs. 3 BDSG-neu

Data portability – Art. 20 GDPR

Objection – Art. 21 GDPR

Right to withdrawal Art. 7 Abs. 3 GDPR und § 51 Abs. 3 BDSG-neu

Right to lodge a complaint Art. 77 Abs. 1 GDPR, vgl. § 19 Abs. 2 BDSG-neu

13. Your right to object

If we process your personal data on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, insofar as this occurs for reasons that arise from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct advertising, you have a general right to object without the need to specify a special situation.

You can exercise your right of objection or cancellation if you write to the following e-mail address or if you sent a letter by post to the address given in point 2. In accordance with Art. 77 DSGVO and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place of the suspected infringement. The address of the supervisory authority responsible for us is: Berliner Beauftragter für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin. You can obtain further information from your local supervisory authority.