Privacy Policy

We take the protection of your personal data very seriously. This privacy policy informs you about the type, scope, and purposes of the processing of personal data within this website in accordance with GDPR, BDSG, and TTDSG.

Last updated: November 12, 2025

1. Controller

new work composer GmbH
Alpenstrasse 14, 6300 Zug, Schweiz
Contact: contact@newworkcomposer.com

2. Data Protection Officer

A data protection officer is currently not appointed.

3. Purposes and Legal Bases of Data Processing

We process personal data in accordance with Art. 6 GDPR only where necessary. Possible purposes:

• Provision of the website/IT security (Art. 6 para. 1 lit. f GDPR – legitimate interest)
• Contract fulfillment/order processing/support (Art. 6 para. 1 lit. b GDPR)
• Fulfillment of legal obligations (Art. 6 para. 1 lit. c GDPR)
• Communication/inquiries (Art. 6 para. 1 lit. f or lit. b GDPR)
• Newsletter/marketing (Art. 6 para. 1 lit. a GDPR – consent)
• Reach measurement/statistics/marketing cookies (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG)
• Necessary cookies (Art. 6 para. 1 lit. f GDPR in conjunction with § 25 para. 2 TTDSG)

4. Hosting and Server Log Files

We use hosting services from a service provider with whom we have a data processing agreement (Art. 28 GDPR). When accessing this website, the server automatically processes log data: IP address, date/time, time zone, visited pages/files, amount of data transferred, referrer URL, user agent. Legal basis is Art. 6 para. 1 lit. f GDPR (website operation, IT security). Log files are usually deleted after 7–14 days.

5. Contact (Email, Phone, Forms)

When you contact us, we process the provided data (e.g., name, email, inquiry content) to handle your request (Art. 6 para. 1 lit. b or lit. f GDPR). Data is deleted after completion and expiration of legal retention periods.

6. Newsletter

Registration is done via double opt-in procedure. Legal basis is Art. 6 para. 1 lit. a GDPR. Unsubscription is possible at any time, e.g., via the unsubscribe link. We log registrations, changes, and unsubscriptions for documentation purposes (Art. 6 para. 1 lit. f GDPR).

7. Cookies, Consent Management

We use cookies and similar technologies. Non-technically necessary technologies are only used with your consent (§ 25 para. 1 TTDSG, Art. 6 para. 1 lit. a GDPR). Technically necessary cookies can be set without consent (§ 25 para. 2 TTDSG, Art. 6 para. 1 lit. f GDPR). We manage your consents via a consent management tool. You can change your selection at any time in the "Cookie Settings" and revoke consents with effect for the future.

Manage cookie settings

8. Reach Measurement & Analysis

We only use analytics services with your consent (Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG). Revocation is possible at any time via cookie settings. For transfers to third countries (e.g., USA), this is done on the basis of EU standard contractual clauses (Art. 46 GDPR).

9. Marketing/Tracking Services

Marketing and tracking services are only used with your consent (Art. 6 para. 1 lit. a GDPR; § 25 para. 1 TTDSG). For transfers to third countries, this is done on the basis of EU standard contractual clauses.

10. Embedded Content & Third Parties

When embedding external content (e.g., YouTube videos, maps), the IP address may be transmitted to third-party providers. Non-necessary embeds only occur with consent. For providers in third countries, transfers are made on the basis of Art. 46 GDPR (standard contractual clauses) or exceptions under Art. 49 GDPR.

11. Data Processors & Recipients

We use service providers (e.g., hosting, IT, newsletter, consent management) as data processors according to Art. 28 GDPR. Disclosure to other recipients only occurs where there is a legal basis.

12. Third Country Transfers

If data is transferred to countries outside the EEA, this is done in compliance with Art. 44 ff. GDPR (especially standard contractual clauses) and any additional measures.

13. Retention Period

We delete personal data as soon as the purpose ceases and no legal retention periods apply. Legal periods may arise from HGB, AO (typically 6 or 10 years).

14. Processing Security

We implement appropriate technical and organizational measures (Art. 32 GDPR), e.g., access restrictions, encryption, backup/recovery processes, pseudonymization, confidentiality agreements.

15. Obligation to Provide

Providing certain data may be necessary for contract conclusion/performance. Without this data, service provision may not be possible.

16. Automated Decision-Making/Profiling

Exclusively automated decision-making including profiling does not take place.

17. Minors

Our service is not directed at persons under 16 years of age. Personal data of minors is not knowingly processed without parental consent.

18. Your Rights

You have the following rights:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing based on legitimate interest (Art. 21 GDPR)
• Withdrawal of granted consents (Art. 7 para. 3 GDPR) with effect for the future
• Complaint to a data protection supervisory authority

19. Exercising Your Rights

Please contact us using the contact details provided above.

20. Changes to This Privacy Policy

We adapt this policy as needed, e.g., in case of changes in legal situation, processing, or services. The current version is authoritative.