The following information provides an overview of what happens to your personal data when you visit this website. Personal data is all data with which you can be personally identified.

The controller responsible for this website is the

AuthoriseMe GmbH
Austraße 34
35745 Herborn
Deutschland
Phone +49 2772 57 59 100
EMail: info(at)authoriseme.eu
Managing Director:
Raffael A. Fruscio

Contact details of the data protection officer (Art. 13 para. 1 lit. b) GDPR)

We have appointed a Data Protection Officer. You may contact the Data Protection Officer at:

data.de(at)raan-group.com

How do we collect your data and what do we use it for?

Your data is collected when you provide it to us, e.g. when you send us an e-mail or commission our services.

All data transmitted to us, including all resulting personal data (e.g. name, e-mail address, etc.), will be stored and processed by us for the purpose of processing your enquiry or providing our services. If you do not provide us with this data, we will not be able to process your enquiry or provide our services.

This data is processed on the basis of Art. 6 para. 1 lit. b or c GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), if this has been requested. Consent can be revoked at any time.

Further data is automatically collected by our IT systems when you visit the website. This is primarily technical data such as the Internet browser used, operating system or time of the page view, etc. This data is required to ensure that the website is displayed correctly. If we cannot collect this data, we will not be able to display the website. This data is collected on the basis of Art. 6 para. 1 lit. f GDPR.

Data processing within the Raan Group

AuthoriseMe GmbH is part of the Raan Group. The companies within the group work closely together in terms of internal organisation and sales.

Specialised companies or divisions within our Group perform certain data processing tasks centrally for the companies affiliated with the Group. In addition, certain data processing operations are carried out in centralised IT systems. If a contract exists between you or your company and one or more companies in our group, your data may be processed centrally by a company in the group or jointly by the companies, for example for the central administration of customer data, for telephone customer service, for contract processing, for billing purposes, as well as for collection and disbursement or for joint mail processing.

To guarantee your rights and in compliance with the provisions of the EU General Data Protection Regulation (GDPR), we have concluded an agreement that sets out rules on the processing of your personal data. As joint controllers (in accordance with Art. 26 GDPR), we are jointly responsible for the processing of your data.

You can contact each company involved individually with regard to the processing of your data and assert your rights.

Further information on data protection and the handling of personal data can be found in the data protection notices of the respective affiliated companies.

Storage duration

Your data will be stored until the purpose for data storage no longer applies, you revoke your consent to storage or you request us to delete it. Mandatory statutory provisions, in particular statutory retention periods, remain unaffected.

What rights do you have?

On the basis of Articles 15 – 20 GDPR, you have the following rights with regard to the processing of personal data:

• You have the right to receive information free of charge at any time about the origin, recipient and purpose of the data stored about you (Art. 15 GDPR)
• If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).
• If the legal requirements are met, you can request the erasure or restriction of processing and object to processing (Art. 17, 18 and 21 GDPR).
• If you have provided the data and the data processing is carried out using an automated procedure, you have the right to data portability (Section 20 GDPR).
• You also have the right to lodge a complaint with a supervisory authority.

Right to object to the collection of data in special cases and to direct marketing (Art. 21 GDPR)

If the data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection information. If you lodge an objection, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection pursuant to Art. 21 (1) GDPR)

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 para. 2 GDPR).

Profiling

We do not conduct profiling or automated decision-making.

Hosting

This website is hosted by an external service provider (hereinafter referred to as hosters). The commissioning of this service is called order processing. The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website. The hosters are used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). Our hosters will only process your data to the extent necessary to fulfil its performance obligations and follow our instructions with regard to this data. To this end, we have concluded the legally required contract with them for order processing.

We use the following hoster:

Mittwald CM Service GmbH & Co.KG
Mittwald: Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.mittwald.de ; Privacy Policy: https://www.mittwald.de/datenschutz ; Data Processing Agreement: https://www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo . Basis for third-country transfers: Switzerland – Adequacy decision (Germany).

Amazon Web Services (AWS)
Amazon Web Services (AWS): Services in the field of the provision of information technology infrastructure and related services (e.g. storage space and/or computing capacities); Service provider: Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, 1855, Luxembourg; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://aws.amazon.com/ ; Privacy Policy: https://aws.amazon.com/privacy/ ; Data Processing Agreement: https://aws.amazon.com/compliance/gdpr-center/ . Basis for third-country transfers: EEA – Data Privacy Framework (DPF), Switzerland – Adequacy decision (Luxembourg).

Notice regarding the transfer of data to US companies certified under the DPF:
Some companies to which we transfer data are certified under the EU–US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

Notice regarding the transfer of data to third countries that are not considered to provide an adequate level of data protection, as well as transfers to US companies that are not certified under the DPF:
If we use tools provided by companies based in third countries that are not considered to provide an adequate level of data protection, as well as US-based tools whose providers are not certified under the EU–US Data Privacy Framework (DPF), your personal data may be transferred to and processed in those countries.

Please note that in third countries that are not considered to provide an adequate level of data protection, a level of data protection comparable to that of the EU cannot be guaranteed. For the United States, an adequacy decision exists under the DPF, meaning that the US is generally considered to provide a level of data protection comparable to that of the EU. Accordingly, a transfer of data to the United States is permissible if the recipient is certified under the “EU–US Data Privacy Framework” (DPF) or provides appropriate additional safeguards.

Cookies and external services

We use cookies and external services on our websites. Cookies are files that are stored on your end device. They are generally required to ensure smooth electronic communication. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of our website may be restricted.

Borlabs Cookie

In addition to the cookies required for technical purposes, we also use cookies and external services to optimize our website and our offerings.

To do this, we need your consent, which we obtain and store with the help of Borlabs technology in accordance with the legal requirements. When you access our website, a cookie from the provider Borlabs GmbH, Hamburgerstr. 11, 22083 Hamburg, is therefore stored in your browser, in which the consent you have given or the revocation of consent is stored.

Once consent has been given, it can be revoked at any time. The data collected will be stored until you ask us to delete it, or you delete the Borlabs cookie yourself, or the purpose for data processing no longer applies. You can make changes at any time by clicking on the button left sign.

Details on the data processing of Borlabs Cookie can be found at: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

Cookiebot

In addition to the cookies required for technical purposes, we also use cookies and external services to optimize our platform and our offerings.

To do this, we need your consent, which we obtain and store with the help of Cookiebot technology in accordance with the legal requirements. When you access our platform, a cookie from the provider Usercentrics A/S, Havnegade 39, 1058 Copenhagen, is therefore stored in your browser, in which the consent you have given or the revocation of consent is stored.

Once consent has been given, it can be revoked at any time. The data collected will be stored until you ask us to delete it, or you delete the Cookiebot cookie yourself, or the purpose for data processing no longer applies. You can make changes at any time by clicking on the button left sign.

External services and analysis tools

When you visit our website, your user behaviour may be statistically evaluated. This is done using analysis programmes.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

We can also use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the recorded data records and uses machine learning technologies for data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. Consent can be revoked at any time.

IP anonymisation

Google Analytics IP anonymisation is activated. As a result, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

Google

We use various Google services. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google is certified in accordance with the EU-US Data Privacy Framework (DPF).

See “Notice regarding the transfer of data to US companies certified under the DPF”:

Google Tag Manager, Google Ads

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

Google Ads enables us to display adverts in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted adverts can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.

The services are used on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the fast and uncomplicated integration and management of various tools on our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the standardised display of fonts. When you access a page, your browser loads the required fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This informs Google that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time. If your browser does not support Google Fonts, a standard font will be used by your computer. Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website.

The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. The purpose of reCAPTCHA is to check whether data is entered on this website (e.g. in a contact form) by a human or by an automated program.

For this purpose, reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website by the website visitor or mouse movements made by the user).

The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. Website visitors are not informed that an analysis is taking place. The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR.

The website operator has a legitimate interest in protecting its website from abusive automated spying and SPAM. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG.

Further information on this can be found at: https://www.google.com/recaptcha/;
Privacy Policy: https://policies.google.com/privacy;
Data Processing Agreement: https://cloud.google.com/terms/data-processing-addendum (from 2 April 2026).
Basis for transfers to third countries: Data Privacy Framework (DPF), Standard Contractual Clauses https://cloud.google.com/terms/sccs/eu-c2p (from 2 April 2026).

Adobe Fonts

This website uses web fonts from Adobe for the uniform display of certain fonts. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).

When you call up this website, your browser loads the required fonts directly from Adobe in order to be able to display them correctly on your end device. In doing so, your browser establishes a connection to Adobe’s servers in the USA. This enables Adobe to know that your IP address has been used to access this website.

According to Adobe, no cookies are stored when providing the fonts.

The storage and analysis of the data is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website.

If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.adobe.com/de/privacy/eudatatransfers.html

For more information on Adobe Fonts, please visit: https://www.adobe.com/de/privacy/policies/adobe-fonts.html

Beglaubigt

Beglaubigt.de: Service offering for the arrangement of notarial advisory services
Service provider: Openlaw UG (haftungsbeschränkt), Schwanthaler Str. 32, 80336 Munich Legal basis: Legitimate interests (Art. 6(1), first sentence, lit. f GDPR)
Website: https://beglaubigt.de/; Privacy Policy: https://beglaubigt.de/datenschutz

We have concluded the legally required data processing agreement (Data Processing Agreement) with this provider.

Fusion Auth

FusionAuth: Authentication services for user logins, provision of single sign-on functions, management of identity information and application integrations; Service provider: FusionAuth, 11080 Circle Point Rd, Suite 405, Westminster, CO 80020; USA Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR); Website: https://fusionauth.io/ ; Privacy Policy: https://fusionauth.io/privacy-policy – FusionAuth . The service is hosted in the EU.

We have concluded the legally required data processing agreement (Data Processing Agreement) with this provider.

Single Sign-on Authentication

“Single Sign-On” or “Single Sign-On Authentication or LogIn” are procedures that allow users to log in to our online services using a user account with a provider of Single Sign-On services (e.g. a social network). The prerequisite for Single Sign-On Authentication is that users are registered with the respective Single Sign-On provider and enter the required access data in the online form provided for this purpose, or are already logged in with the Single Sign-On provider and confirm the Single Sign-On login via the button.

Authentication takes place directly with the respective single sign-on provider. Within the scope of such authentication, we receive a user ID with the information that the user is logged in with the respective single sign-on provider under this user ID and an ID that cannot be used for other purposes (so-called “user handle”). Whether we receive further data depends solely on the single sign-on procedure used, the data releases selected as part of authentication and also which data users have released in the privacy or other settings of the user account with the single sign-on provider. Depending on the single sign-on provider and the user’s choice, there can be different data, usually the e-mail address and the user name. The password entered by the single sign-on provider as part of the single sign-on procedure is neither visible to us nor is it stored by us.

Users are requested to note that their data stored with us can be automatically compared with their user account with the single sign-on provider, but this is not always possible or actual. If, for example, the e-mail addresses of users change, users must change these manually in their user account with us.

We can use single sign-on authentication, provided that it has been agreed with users in the context of pre-fulfilment or fulfilment of the contract, in the context of consent processing and otherwise use it on the basis of our legitimate interests and the interests of users in an effective and secure authentication system.

Should users decide to no longer want to use the link of their user account with the Single Sign-On provider for the Single Sign-On procedure, they must remove this link within their user account with the Single Sign-On provider. If users wish to delete their data from us, they must cancel their registration with us.

• Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Contact data (e.g. postal and email addresses or phone numbers); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features). Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of processing: Provision of contractual services and fulfilment of contractual obligations; Security measures; Authentication processes. Provision of our online services and usability.
• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

• Apple Single-Sign-On: Authentication services for user logins, provision of single sign-on functionalities, management of identity information and application integrations; Service provider: Apple Inc., Infinite Loop, Cupertino, CA 95014, USA; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.apple.com. Privacy Policy: https://www.apple.com/legal/privacy/en-ww/ .
• Google Single-Sign-On: Authentication services for user logins, provision of single sign-on functionalities, management of identity information and application integrations; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.google.com; Privacy Policy: https://policies.google.com/privacy; Basis for third-country transfers: EEA – Data Privacy Framework (DPF), Switzerland – Adequacy decision (Ireland). Opt-Out: Settings for the Display of Advertisements: https://myadcenter.google.com/personalizationoff.
• LinkedIn: Social network – We are jointly responsible with LinkedIn Ireland Unlimited Company for the collection (but not the further processing) of data from visitors for the purposes of creating “Page-Insights” (statistics) for our LinkedIn profiles. This data includes information about the types of content that users view or interact with, or the actions they take, as well as information about the devices used by the users (e.g., IP addresses, operating system, browser type, language settings, cookie data) and details from the users’ profiles, such as job function, country, industry, seniority, company size, and employment status. Privacy information regarding the processing of user data by LinkedIn can be found in LinkedIn’s privacy notices: https://www.linkedin.com/legal/privacy-policy
  
  We have concluded a special agreement with LinkedIn Irland, the ‘Page Insights Joint Controller Addendum (the ‘Addendum’)’ (https://legal.linkedin.com/pages-joint-controller-addendum), which specifically regulates the security measures that LinkedIn must observe and wherein LinkedIn has agreed to fulfil the rights of the affected parties (i.e., users can, for example, direct requests for information or deletion directly to LinkedIn). The rights of the users (in particular to access to information, erasure, objection, and complaint to the competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint responsibility is limited to the collection of data by and transmission to Ireland Unlimited Company, a company based in the EU. The further processing of the data is the sole responsibility of Ireland Unlimited Company, particularly regarding the transmission of data to the parent company LinkedIn Corporation in the USA; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR); Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy ; Basis for third-country transfers: EEA – Data Privacy Framework (DPF), Switzerland – Adequacy decision (Ireland). Opt-Out: https://www.linkedin.com/psettings/guestcontrols/retargeting-opt-out .

Payment Procedure

Within the framework of contractual and other legal relationships, due to legal obligations or otherwise on the basis of our legitimate interests, we offer data subjects efficient and secure payment options and use other service providers for this purpose in addition to banks and credit institutions (collectively referred to as “payment service providers”).

The data processed by the payment service providers includes inventory data, such as the name and address, bank data, such as account numbers or credit card numbers, passwords, TANs and checksums, as well as the contract, total and recipient-related information. The information is required to carry out the transactions. However, the data entered is only processed by the payment service providers and stored with them. I.e. we do not receive any account or credit card related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service providers to credit agencies. The purpose of this transmission is to check identity and creditworthiness. Please refer to the terms and conditions and data protection information of the payment service providers.

The terms and conditions and data protection information of the respective payment service providers apply to the payment transactions and can be accessed within the respective websites or transaction applications. We also refer to these for further information and the assertion of revocation, information and other data subject rights

• Processed data types: Inventory data (For example, the full name, residential address, contact information, customer number, etc.); Payment Data (e.g. bank details, invoices, payment history); Contract data (e.g. contract object, duration, customer category); Usage data (e.g. page views and duration of visit, click paths, intensity and frequency of use, types of devices and operating systems used, interactions with content and features); Meta, communication and process data (e.g. IP addresses, timestamps, identification numbers, involved parties). Contact data (e.g. postal and email addresses or phone numbers).
• Data subjects: Service recipients and clients; Business and contractual partners. Prospective customers.
• Purposes of processing: Provision of contractual services and fulfillment of contractual obligations; Business processes and management procedures; Conversion tracking (Measurement of the effectiveness of marketing activities); Marketing. Provision of our online services and usability.
• Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR). Legitimate Interests (Article 6 (1) (f) GDPR).

Further information on processing methods, procedures and services used:

Stripe: Payment-Service-Provider (technical integration of online-payment-methods); Service provider: Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA; Legal Basis: Performance of a contract and prior requests (Article 6 (1) (b) GDPR); Website: https://stripe.com/de; Privacy Policy: https://stripe.com/en-de/privacy. Basis for third-country transfers: EEA – Data Privacy Framework (DPF).

Status of the information: March 2026