Privacy Policy

The following information provides a brief overview of what happens to your personal data when you visit this website. Personal data refers to any information that can be used to personally identify you. For detailed information on data protection, please refer to our Privacy Policy listed below.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact information in the “Information on the Data Controller” section of this Privacy Policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us. This may include, for example, data you enter into a contact form. Other data is collected automatically or with your consent by our IT systems when you visit the website. This consists primarily of technical data (e.g., internet browser, operating system, or time of page view). This data is collected automatically as soon as you access this website.

What do we use your data for?

Some of the data is collected to ensure the website functions properly. Other data may be used to analyze your user behavior. If contracts can be concluded or initiated through the website, the data provided will also be processed for contract offers, orders, or other order inquiries.

What rights do you have regarding your data?

You have the right at any time to obtain, free of charge, information about the source, recipients, and purpose of your stored personal data. You also have the right to request the correction or deletion of this data. If you have given consent to the processing of your data, you may revoke this consent at any time with future effect. In addition, you have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the competent supervisory authority. You may contact us at any time regarding this matter or any other questions about data protection.

The provider is Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin (hereinafter “Strato”). When you visit our website, Strato collects various log files, including your IP addresses. For more information, please refer to Strato’s privacy policy: https://www.strato.de/datenschutz/

The use of Strato is based on Article 6 Paragraph 1 Letter f GDPR. We have a legitimate interest in ensuring that our website is presented as reliably as possible. If appropriate consent has been requested, processing is carried out exclusively on the basis of Article 6 Paragraph 1 Letter a GDPR and Section 25 Paragraph 1 TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's end device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Order Processing

We have entered into a Data Processing Agreement (DPA) for the use of the aforementioned service. This is a contract required under data protection law that ensures the service provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Privacy Policy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with applicable data protection laws and this Privacy Policy. When you use this website, various types of personal data are collected. Personal data is data that can be used to personally identify you. This privacy policy explains what data we collect and how we use it. It also explains how and for what purpose this is done. Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

Information about the data controller

The entity responsible for data processing on this website is: 

Evolution Security GmbH
Dresdener Straße 1
34125 Kassel
Acting Management: Benjamin Mejri & Christian Gerlach 

Phone: +49 (0) 561 400 85 396
Email: Contact us directly via our contact form

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g., names, email addresses, etc.).

Data Protection Officer

Evolution Security GmbH has appointed a Data Protection Officer. You can contact our Data Protection Officer via our contact form.

Retention period

Unless a more specific retention period is stated in this Privacy Policy, we will retain your personal data until the purpose for which it was collected no longer applies. If you submit a valid request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible grounds for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, the data will be deleted once these grounds no longer apply.

General Information on the Legal Basis for Data Processing on This Website

If you have consented to the processing of your data, we process your personal data on the basis of Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, provided that special categories of data as defined in Article 9(1) of the GDPR are being processed. In the event of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Article 49(1)(a) of the GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g., via device fingerprinting), data processing is additionally based on Section 25(1) of the German Telemedia Act (TDDG). Consent may be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Article 6(1)(b) of the GDPR. Furthermore, we process your data if it is necessary to comply with a legal obligation on the basis of Article 6(1)(c) of the GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Article 6(1)(f) of the GDPR. The legal bases applicable in each individual case are described in the following sections of this Privacy Policy.

Recipients of personal data

As part of our business operations, we collaborate with various external parties. In some cases, this requires the transfer of personal data to these external parties. We only disclose personal data to external parties if this is necessary for the performance of a contract, if we are legally obligated to do so (e.g., disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Article 6(1)(f) of the GDPR, or if another legal basis permits the disclosure of data. When using data processors, we only transfer our customers’ personal data on the basis of a valid data processing agreement. In the case of joint processing, a joint processing agreement is concluded.

Withdrawal of Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation. Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR) If data processing is carried out on the basis of Art. 6 Para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from its specific nature; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (objection according to Art. 21 Para. 1 GDPR). If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).

Right to lodge a complaint with the responsible supervisory authority

In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies. You can contact the supervisory authority responsible for us at

The Hessian Commissioner for Data Protection and Freedom of Information
Gustav Stresemann Ring 1
65189 Wiesbaden

Right to data portability

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Information, correction and deletion

Within the framework of the applicable legal provisions, you have the right to free information at any time about your stored personal data, its origin and recipient and the purpose of data processing and, if necessary, a right to correction or deletion of this data. You can contact us at any time about this or if you have any further questions on the subject of personal data.

Right to restriction of processing

You have the right to request that the processing of your personal data be restricted. You can contact us at any time about this. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
• If the processing of your personal data was/is happening lawfully, you can request that data processing be restricted instead of deletion.
• If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
• If you have lodged an objection in accordance with Article 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, these data, apart from their storage, may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the browser address line changing from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact details published as part of the imprint obligation to send unsolicited advertising and information materials is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of unsolicited advertising information being sent, such as spam emails.

§ 5 Integration of YouTube videos

(1) We have integrated YouTube videos into our website as a link to www.youtube.com/user/vulnerability0lab. To play the videos, leave the Evolution Security GmbH website. The data mentioned in paragraph 2 will be transferred. We have no influence on this data transfer.

(2) By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in Section 3 of this declaration will be transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not want it to be associated with your YouTube profile, you must log out before activating the button. YouTube saves your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide tailored advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise this you must contact YouTube.

(3) The legal basis for the processing of the data is your consent given by playing the video in accordance with Art. 6 Para. 1 lit. a GDPR, Art. 6 Para. 1 lit. At the same time, this consent also sets an optional cookie. The legal basis for this storage of information or access to information already available on your device is Section 25 Paragraph 1 TDDDG (according to Article 6 Paragraph 1 Letter a) GDPR). In the event that personal data is transmitted to Google LLC. based in the USA, Google guarantees the conclusion of EU standard contractual clauses. Further information on the purpose and scope of data collection and processing by YouTube can be found in the data protection declaration, where you can also find further information on your rights and setting options to protect your privacy: www.google.de/intl/de/policies/privacy.

Server-Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser & Browserversion
• Operating System
• Referrer URL
• Hostname of Request
• Time of Server Request
• IP-Address

This data will not be merged with other data sources. This data is collected on the basis of Article 6 Paragraph 1 Letter f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of his website. For this purpose, the server log files must be recorded.

Contact Form

If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us in order to process the inquiry and in case of follow-up questions. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions, in particular retention periods, remain unaffected.

Inquiry by email or telephone

If you contact us by email, telephone or fax, your request, including all resulting personal data (name, request), will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent. This data is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided your request is related to the fulfillment of a contract or is necessary to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this has been requested; consent can be revoked at any time. The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions, in particular statutory retention periods, remain unaffected.