Privacy Policy
Information on the processing of personal data pursuant to Art. 13 GDPR
This privacy policy informs you about the nature, scope and purpose of the processing of personal data when you visit this website. The most important point first: this website does not set any cookies, does not use any analytics or tracking services, and does not embed any third-party content (such as external fonts, maps or social media plugins). For this reason, this website does not require a cookie banner. Personal data is only processed to the technically necessary extent described below, and when you contact us of your own accord.
1. Controller
Zerbach & Company Corporate Finance GmbH
Gut Maarhausen
Eiler Straße 3Y
51107 Cologne, Germany
Phone: +49 (0)221 9851524-0
E-Mail: office@zerbach-company.de
Represented by the managing directors Georg Leander Zerbach and Marc Bollinger.
2. Hosting and server log files
This website is hosted by ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. We have concluded a data processing agreement with the hosting provider pursuant to Art. 28 GDPR; processing takes place exclusively on servers located in Germany.
When you access this website, the hosting provider automatically collects data in so-called server log files, which your browser transmits. These are: the page or file accessed, date and time of access, volume of data transferred, notification of successful retrieval, browser type and version, operating system, referrer URL (the previously visited page) and the IP address. This data is not combined with other data sources.
The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the technically error-free presentation and the security of this website (e.g. detection and defence against attacks and misuse). Log files are stored for as long as required for these purposes and are then deleted. Data whose further retention is required for evidentiary purposes is exempt from deletion until the respective incident has been finally resolved.
3. No cookies, no tracking
This website does not set any first-party or third-party cookies and does not store any information on your device within the meaning of Section 25 of the German TDDDG. No analytics, statistics or marketing tools are used. All content (including fonts and images) is delivered from our own web space; visiting this website does not establish any connection to third-party servers.
4. Contacting us (contact form, e-mail, telephone)
We provide a contact form on this website. If you use it, the details you enter (name, e-mail address, optionally company and telephone number, and your message) are transmitted to our server in encrypted form and forwarded from there directly to us by e-mail. The form data is not stored on the web server beyond this. To prevent automated spam submissions, the form uses an invisible control field and a minimum completion time; no external services (e.g. reCAPTCHA) are used and no cookies are set.
If you contact us via the contact form, by e-mail or by telephone, we process the data you provide (e.g. name, contact details, content of your enquiry) in order to handle your request. The legal basis is Art. 6 (1) (b) GDPR where your enquiry relates to the initiation or performance of a contract, and otherwise Art. 6 (1) (f) GDPR based on our legitimate interest in responding to enquiries. We delete this data as soon as it is no longer required for processing your request and no statutory retention obligations (in particular under German commercial and tax law, Sections 147 AO, 257 HGB) apply.
5. Job applications
Applications submitted to us by e-mail are processed exclusively for the purpose of conducting the application procedure. The legal basis is Art. 6 (1) (b) GDPR in conjunction with Section 26 of the German Federal Data Protection Act (BDSG). Application documents are deleted no later than six months after completion of the application procedure, unless you are hired or have consented to longer retention.
6. External links and our LinkedIn presence
This website contains links to external websites (e.g. to our company profile on LinkedIn). When you click on such a link, you leave our website; the privacy policies of the respective provider then apply. Simply visiting our website does not transfer any data to these providers.
We maintain a company profile on LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) in order to provide information about our services and communicate with interested parties. If you contact us via LinkedIn, we process the information you provide there in order to handle your enquiry (Art. 6 (1) (f) GDPR). For data processing by LinkedIn itself, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
7. SSL/TLS encryption
This website uses SSL/TLS encryption to secure data transmission. You can recognise an encrypted connection by the "https://" prefix and the lock symbol in your browser's address bar.
8. Your rights
With regard to your personal data, you have the following rights: the right of access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data portability (Art. 20 GDPR).
You also have the right to object at any time, on grounds relating to your particular situation, to the processing of data concerning you that is carried out on the basis of Art. 6 (1) (f) GDPR (Art. 21 GDPR). You may withdraw any consent given at any time with effect for the future (Art. 7 (3) GDPR).
To exercise your rights, an informal message to the contact details given above is sufficient.
9. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (LDI NRW), Kavalleriestraße 2–4, 40213 Düsseldorf, Germany, www.ldi.nrw.de.
10. Updates to this privacy policy
We will update this privacy policy whenever changes to our data processing activities or to the legal situation make this necessary.
Last updated: July 2026