Privacy Policy

Scope/ Person responsible

Crossinvestics Holding GmbH & Co.KG
Germaniastrasse 137
12099 Berlin

Management: Petra Dökel
Phone: +49 (0)30 — 746 895 00

Register court: District Court of Berlin Charlottenburg
Registration number: HRA 60171 B
VAT identification number according to § 27a UStG: DE352840065

Personally liable partner:
Crossinvestics Management Company Ltd.,
Germaniastrasse 137 12099 Berlin,
District Court Berlin-Charlottenburg,
HRB 240827 B,
Managing Director: Petra Dökel

Contact details of the external data protection officer

Data Protection Officer
Leopoldstr. 21
80802 Munich

Status: April 2024

This privacy policy informs users about the type, scope and purpose of the collection and use of personal data by the responsible provider Cross4Channel — Gesellschaft für digitales Healthcare Marketing mbH (hereinafter “provider”) on this website.

The term "user" includes all categories of persons affected by data processing. These include our business partners, customers, interested parties and other visitors to our online offering. The terms used, such as "user", are to be understood as gender-neutral.

The legal basis for data protection can be found in the Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) and the Telemedia Act (TMG).

Basic information on data processing and legal bases

This privacy policy informs you about the type, scope and purpose of the processing of personal data within our online offering and the associated websites, functions and content (hereinafter referred to jointly as "online offering" or "website"). The privacy policy applies regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) on which the online offering is executed.

For the terms used, such as “personal data” or their “processing”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

The personal data of users processed within the scope of this online offering include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of clerks, payment information), usage data (e.g. the websites visited on our online offering, interest in our products) and content data (e.g. entries in the contact form).

We only process users' personal data in compliance with the relevant data protection regulations. This means that users' data is only processed if there is legal permission. This means, in particular, if the data processing is necessary to provide our contractual services (e.g. processing orders) and online services, or is required by law, if the user has given their consent, and

based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR, in particular in the measurement of reach, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services).

We would like to point out that the legal basis for consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing to fulfill our services and implement contractual measures is Art. 6 (1) (b) GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 (1) (f) GDPR.

Safety measures

We take organizational, contractual and technical security measures in line with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

To increase the security of our website and to prevent automated abuse by bots, we use so-called honeypot technologies. A honeypot is a method used to detect automated access by setting a trap that is invisible to human users but can be triggered by automatic scripts. The purpose of this technology is solely to keep our website secure. Honeypot technology helps us identify and block spam, fraud attempts, and other types of automated abuse. The use of this technology is based on our legitimate interest in the security of our website in accordance with Article 6 (1) (f) of the GDPR. The information collected by honeypots is only stored for as long as is necessary for the purpose for which it was collected and is then deleted. No personal data is collected.


When you contact us (via contact form or email), the user's details will be processed to handle the contact request and its processing in accordance with Art. 6 (1) (b) GDPR.

User information may be stored in our customer relationship management system (“CRM system”) or comparable inquiry organization.

Collection of access data and log files

Based on our legitimate interests in accordance with Art. 6 (1) (f) GDPR, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to investigate misuse or fraud) for a maximum of seven days and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.

Cookies & reach measurement

Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

The following cookies are used on our website:

  • _pk_id – Stores some details about the user such as the unique visitor ID (13 months)
  • _pk_ref – Stores the attribution information, the referrer that was originally used to visit the website (6 months)
  • _pk_ses, _pk_cvar, _pk_hsr – Short-lived cookies used to temporarily store data for the visit (30 minutes)
  • borlabs-cookie –Saves settings made in the cookie banner (essential)

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online service.

You can object to the use of cookies that are used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative ( and additionally via the US website ( or the European website (

In some cases, cookies are used to simplify website processes by storing settings (e.g. by retaining options that have already been selected). If personal data is also processed by individual cookies implemented by us, the processing takes place in accordance with Art. 6 Para. 1 lit. b GDPR either to execute the contract or in accordance with Art. 6 Para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can adjust your cookie settings for this website by clicking on this link: Cookie settings

Integration of third-party services and content

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR), we use content or service offers from third parties in order to integrate their content and services such as videos or fonts (hereinafter referred to uniformly as "content"). This always presupposes that the third-party providers of this content perceive the IP address of the users, since without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavor to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.

Matomo Analytics

We use the analysis tool Matomo. This is an open source tool from the provider InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. We only use this tool if the user has given their consent. 

With Matomo, the data is only transmitted to servers operated by us (AWS) and the information generated is not passed on to third parties. A shortened IP address is stored in the log files for a maximum of 6 months, but the IP address is stored there. Personal data is processed in an anonymized form.  

We collect this data in order to improve the website and analyze usage behavior. 

In particular, the following data is collected: shortened IP address, IP address in the log files, visit to the website, time spent on the website

The legal basis for the aforementioned data processing is Art. 6 (1) lit. a GDPR.

Further details on the privacy policy can be found at                                                               

Google Maps

On our website we use Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying maps.
When used, personal data (such as your IP address or, if applicable, your location) is transferred to Google servers and stored there. We cannot rule out that this data will also be transmitted to Google LLC servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. The collection, storage and evaluation are carried out in accordance with Art. 6 Paragraph 1 Letter f of GDPR on the basis of Google's legitimate interest in displaying personalized advertising, market research and/or the needs-based design of Google websites. You have the right to object to the creation of these user profiles; you must contact Google to exercise this right. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of deactivating the Google Maps web service completely. Google Maps and thus also the map display on this website cannot then be used.
To the extent legally required, we have obtained your consent in accordance with Art. 6 (1) lit. a GDPR for the processing of your data as described above, which you can revoke at any time with effect for the future. Further information can be found at, and

Users’ rights

Users have the right to request information free of charge about the personal data we have stored about them.

In addition, users have the right to rectify inaccurate data, restrict processing and delete their personal data, where applicable, exercise their rights to data portability and, in the event of suspected unlawful data processing, lodge a complaint with the competent supervisory authority.

Users can also revoke their consent, generally with effect for the future.

Deletion of data

The data stored by us is deleted as soon as it is no longer required for its intended purpose and there are no statutory retention periods that prevent deletion. If the user data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

According to legal requirements, the storage period is 6 years in accordance with Section 257 Para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 Para. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

Right to object

Users can object to the future processing of their personal data at any time in accordance with the statutory provisions. The objection can be made in particular against processing for direct marketing purposes.

Changes to the privacy policy

We reserve the right to change the privacy policy in order to adapt it to changes in the legal situation or in the event of changes to the service or data processing. However, this only applies to statements on data processing. If the consent of the users is required or if parts of the privacy policy contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are asked to regularly inform themselves about the content of the privacy policy.