Privacy Policy

Data protection declaration of Gateway Zero, Inc. (01)

Gateway Zero, Inc. is pleased that you are visiting our website. We take the protection of your personal data during processing in accordance with the statutory data protection regulations very seriously.

The following declaration gives you (hereinafter also referred to as"customer", "data subject" or "user") an overview of how we ensure this protection and what type of data is collected for what purpose.


I.Name and address of the person responsible

The responsible party within the meaning of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") and other national data protection laws (in Germany: Federal Data Protection Act hereinafter referred to as "BDSG") of the member states as well as other data protection provisions is:


Gateway Zero, Inc.
1420 Kettner Blv, Suite 100

92101 SanDiego, CA

Phone: +1 713 412 7714


II. Contactdetails of our data protection officer

You can reach our data protection officer at our mailing address (section I.) with the addition "data protection officer".


III.Terms and definitions

The definitions and terms are based on the GDPR, the BDSG and other data protection regulations. Particularly the definitions of Art. 4 and Art. 9 GDPR shall apply.


IV.General principles and data subject rights

1. Scope of the processing of personal data

We process your personal data only to the following extent, as far as this is necessary for the provision of our web and online services, including a functioning website:

  • Users of our website, customers, interested parties and applicants
  • Newsletter and contact requests

2. Legal framework

Where personal data is processed on the basis of the data subject's consent, the legal basis for the processing is Article 6(1)(a) of the GDPR.

Where personal data are processed for the performance of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) of the GDPR; this also applies to processing necessary for the performance of pre-contractual measures.

If personal data are processed for compliance with a legal obligation to which we are subject, the legal basis is Article 6(1)(c) of the GDPR.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, the legal basis is Article 6(1)(d) of the GDPR.

If processing is carried out to protect our legitimate interests or those of a third party and the interests, fundamental rights and freedoms of the data subjects are not overridden; Article 6(1)(f) of the GDPR is the legal basis for the processing.

3. Possible recipients of personal data

In order to provide our web and online services as well as for the general provision of our services, we sometimes use IT service providers, IT developers, external consultants, cloud or archiving service providers who may act on our behalf and according to instructions in the context of the provision of services (so-called order processors). These service providers may receive personal data or come into contact with personal data in the course of providing the service and constitute third parties or recipients within the meaning of the GDPR.

In such a case, we ensure that our service providers take sufficient security measures, that appropriate technical and organisational measures are in place and that processing operations are carried out in such a way that they comply with the relevant data protection provisions and ensure the protection of the rights of data subjects (cf. Art. 28 GDPR).

In addition, we may process your personal data within various specialist departments of Gateway Zero that are involved in the execution of the respective business processes; to the extent permitted. We may also be obliged by law to make our collected data available to public authorities (e.g. tax authorities, state criminal investigation authorities, social security authorities). As far as legally permissible, we process personal data with cooperation partners, sponsors and business conference participants.

4. Processing of personal data in third countries

Your personal data is generally processed within the European Union (hereinafter referred to as "EU") or the European Economic Area (hereinafter referred to as "EEA"). Only in exceptional cases (e.g. in connection with the transfer of personal data within Gateway Zero) may information be transferred to third countries. Third countries are countries outside the EU and/or EEA in which an adequate level of data protection in accordance with European requirements cannot be assumed without further ado.

Insofar as the information transmitted also includes personal data and is not transmitted pseudonymised or anonymised, we ensure before such a transmission that an adequate level of data protection is guaranteed in the respective third country or at the respective recipient in the third country. This can result from a so-called "adequacy decision" of the European Commission or been sured by using the so-called "EU standard contractual clauses"

5. Data deletion and storage time

Personal data of the data subjects shall be deleted if the data is no longer required for the respective processing purposes or if the legal basis for the storage no longer applies. Instead of deletion, the data may be stored under restriction of processing if this is provided for by the European or national legislator inUnion regulations, laws or other provisions, in particular, e.g.

  • to comply with statutory retention obligations (e.g. the German Fiscal Code (§ 147 AO) or the German Commercial Code (§ 257 HGB), currently between 6 and 10 years), and/or
  • if there are legitimate interests     in storing data (e.g. during the course of limitation periods for the purpose of a possible legal defence (§§ 195 ff. BGB – German Civil Code,     currently between 3 and 30 years).

The data will be deleted at the latest when a storage period prescribed by the aforementioned standards expires, unless further storage by us is necessary and there is a legal basis for this.

6. Data categories

With regard to the type of personal data concerned, we essentially distinguish between the following categories:

a) Master data: Master data is data about your company and / or your person that you provide to us. This includes in particular company, first name, last name, e-mail address and telephone number.

b) Event and marketing data: This is data that we receive from you in the context of, for example, webinars, (online) events, trade fair events, newsletter registrations, conferences and specialist events. This includes meta and log files, IP addresses and session IDs.

c) Meta and log files: Meta and log files include IP addresses, session IDs, browser types, operating system details and time of request.

d) Applicant data: This is data that you provide to us as part of the application process. This includes, in particular, qualifications, certificates, proof of qualifications, curriculum vitae and cover letters.Further information on data protection regarding the use of personal data in the application process can be found here.

7. Data subjects' rights

The GDPR grants certain rights to persons affected by the processing of personal data (so-called data subject rights, in particular Art. 12 to 22 GDPR). If you would like to make use of one or more of these rights listed below, you can contact us at any time under As a data subject, you have the following rights in particular:

a) Right to information pursuant to Art. 15 GDPR.

You may request information from the controller as to whether and to what extent personal data concerning you has been or is being processed.

b) Right to rectification pursuant to Art. 16 GDPR

You have a right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you are inaccurate or incomplete. The controller shall carry out the rectification without undue delay.

c) Right of deletion according to Art. 17 GDPR

You may request the controller to delete the personal data concerning you without un due delay and the controller is obliged to delete such data without undue delay, unless one of the exceptions provided for in the GDPR applies or other legal retention obligations require the controller to retain the data in question.

d) Right to restriction of processing pursuant to Art. 18 GDPR

Under the conditions regulated in the GDPR, you may request the restriction of the processing of personal data concerning you.

e) Right to data portability pursuant to Art. 20 GDPR

You have the right to obtain the personal data concerning you, which you have provided to the controller and the processing of, which is based on consent oron a contract (e.g. also the requested preparation of a contract, Art. 6 para.1 lit. b Alt. 2 GDPR) with you, in a structured, common and machine-readable format. In addition, you have the right, under the conditions regulated by theGDPR, to transfer this data to another controller without hindrance from the controller to whom the personal data was provided. In exercising this right, you also have the right to have the personal data relating to you transferred directly from one controller to another controller, where this is technically feasible. The freedoms and rights of other persons must not be affected by this.

f) Right of objection pursuant to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR; this also applies to profiling based on these provisions. If the personal data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. In the event of an objection, the personal data concerning you will no longer be processed for these purposes.

g) Right to revoke consent pursuant to Art. 7 (3) GDPR you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. You can revoke your consent at any time with an email to ( Right of complaint pursuant to Art. 77 GDPRIn the event of suspected and committed violations of data protection regulations, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the suspected violation. The right of appeal is without prejudice to other administrative or judicial remedies.The contact details of data protection supervisory authorities can be found under the following link:

8. No obligation to provide personal data

We do not make the conclusion of contracts or the fulfilment of our online offers with us dependent on you providing us with personal data beforehand. As a customer, interested party, website visitor, applicant or other participant, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data.

V. Data collection through the informative use of our website

1. Description and scope of data processing

Each time our website is accessed, our systems automatically record data and information from the computer system of the accessing computer. In particular, the following log files are processed:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the server request
  • IP Address

This data is not merged with other data sources.

2. Purpose and legal basis of data processing

The temporary storage of the IP address and possibly other log files by the systems each time our website is called up is necessary to enable the website to be made available to your computer. This is required for addressing the communication traffic between the user and our web and/or online offer or is necessary for the use of our web and/or online offer. The legal basis for this data processing - i.e. for the duration of your website visit - is Art. 6Para. 1 (b) or f of the GDPR and § 96 TKG (Telecommunications Act). The processing and storage of the IP address and log files beyond the communication process is carried out for the purpose of ensuring the functionality of our we band online offers, for the purpose of optimising these offers and for ensuring the security of our information technology systems. The legal basis for storing the IP address for these purposes beyond the communication process is Art. 6para. 1 (f) GDPR or § 109 TKG.

3. Length of storage

The data is stored for as long as it is necessary to achieve the aforementioned processing purposes. In the case of the collection of data for the provision of the website, this is the case when the respective session - i.e. the website visit - has ended. Any additional storage of log files including the IP address for the purpose of system security and optimisation of our web and online offers is carried out for an appropriate period of time; thereafter, the log and meta data are automatically deleted.

4. Option to object

The collection of log files for the provision of our website, including their storage within the aforementioned limits, is absolutely necessary for the operation of the website and the individual functions stored there. There is therefore no possibility for the user of the website to object. This does not apply to the processing of log files for analysis purposes. Here, the possibility of objection - depending on the web analysis tools used and the type of data analysis (personal / anonymous / pseudonymous) - is governed by section IV. 7. (f) of this data protection declaration.

VI. Contact us

1. Description and scope of data processing

To contact us, you can use the e-mail addresses provided on our website. If you make use of these options, personal data will be processed and stored by us for the purpose of answering the enquiry. In this context, we process in particular first name, last name and e-mail address. We do not pass on this data without your consent.

2. Purpose and legal basis of data processing

The processing of this data is based on. Art. 6 para. 1 (b) GDPR and / or on our legitimate interests, according to Art. 6 para. 1 (f) GDPR. The processing of data transmitted in the course of an enquiry is based on Art. 6 (1) (a) GDPR.

3. Length of storage

The data is generally deleted as soon as it is no longer required to achieve the purpose for which it was collected. Insofar as data is no longer required for the fulfilment of contractual or statutory obligations, including commercial and tax retention obligations, as well as for the pursuit of legitimate interests, i.e. for the preservation of evidence within the framework of the statutory limitation provisions, it is regularly deleted.

IX.Social Media

1. Social Media (direct links)

We have integrated buttons of social networks on our website. These buttons provide you with various functions by means of which you can share information with your contacts on the respective third-party portal. The operators of the social networks determine their subject and scope.

This data is processed on the basis of Article 6 (1) (a) and (f) of the GDPR so that we can offer you the opportunity to interact with the social networks and other users, improve our services and make them more interesting for you as a user.

Please note that we are not the provider of the social networks and have no influence on the data processing by the respective providers. Furthermore, we have no knowledge of the content of the transmitted data or its use by the respective provider. You can find more information on the handling of your data in the respective data protection notices of the providers of the social networks:


The function of the social network LinkedIn is integrated on our website. This function is offered by LinkedIn Ireland Limited, 77 Sir John Rogerson's Quay,Dublin 2, Ireland. In the process, data is also transferred to LinkedIn. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn. If you are logged in to LinkedIn, LinkedIn can assign the visit to your LinkedIn account. The purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your rights in this regard and setting options for protecting your privacy, can be found inLinkedIn's privacy policy. You can find further information on this inLinkedIn's data protection declaration at


1. Description and scope of data processing

We don’t currently use so-called "cookies" on our website. Cookies are small text files that your internet browser places and stores on your computer and through which certain information flows to the body that sets the cookie. They serve to optimise our Internet presence and our offers. In the future we will notify you with a pop-up banner when we do.

2. Length of storage

Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a set period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

You can find an overview and additional information on the cookies we use, including details on the provider, data processing purpose, technology used, data collected, legal basis, place of processing, retention period, data recipient, data protection officer and transfer to third countries.

XI.Further information

Your trust is important to us. Therefore, we would like to answer any questions you may have regarding the processing of your personal data. If you have queries that have not been answered by this data protection declaration or if you would like more detailed information on a particular matter, please contact us at anytime using the following e-mail address:

We reserve the right to change the data protection declaration at irregular intervals in the context of the further development of data protection law and technological or organisational changes and will inform you of all significant changes, which have an effect on the use of your personal data. This privacy notice is up-to-date as of January2024.