Cookie Policy
This policy describes which cookies and comparable storage technologies are used on silverfriend.de, on what legal basis, and how you can give or withdraw consent. Legal framework: §25 TTDSG (German implementation of the ePrivacy Directive), Art. 6(1) GDPR, CJEU Planet49 (C-673/17), Federal Court of Justice "Cookie II" (I ZR 7/16). The German Cookie-Richtlinie is the binding original.
As of: 13 April 2026
Version: 1.0
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. Comparable technologies (local storage, session storage, pixel tags, SDK-based device storage) are treated like cookies in this policy. Under §25(1) TTDSG, any storage of information on, or access to information already stored on, your device requires consent, unless the storage is strictly necessary to provide the telemedia service you expressly requested (§25(2)(2) TTDSG).
2. Our principle
We use cookies as sparingly as possible and as transparently as the law requires. Before any non-strictly-necessary storage, we ask for your consent through our cookie banner.
- Strictly necessary cookies: set without consent (§25(2)(2) TTDSG).
- All other cookies: set only after active consent.
- "Reject all" is available on the first level of the banner with equal prominence as "Accept all" (consistent with the DSK resolution of 2023 on "dark patterns").
3. Cookie categories in use
3.1 Strictly necessary (no consent required, §25(2)(2) TTDSG)
| Name | Provider | Purpose | Lifetime |
|---|---|---|---|
__hs_opt_out | HubSpot (EU1) | Stores your consent decision | 13 months |
__cf_bm | Cloudflare (via HubSpot) | Bot mitigation, security protection | 30 min |
JSESSIONID | HubSpot (EU1) | Session identification, load balancing | session |
csrf-token | silverfriend.de | Cross-Site-Request-Forgery protection | session |
Legal basis: §25(2)(2) TTDSG (strictly necessary). The corresponding processing of personal data is based on Art. 6(1)(f) GDPR (legitimate interest in operation and security).
3.2 Reach analytics (consent required, §25(1) TTDSG)
| Name | Provider | Purpose | Lifetime |
|---|---|---|---|
_pk_id.* | Matomo (self-hosted, eu-central-1) | Pseudonymous visitor recognition | 13 months |
_pk_ses.* | Matomo (self-hosted) | Pseudonymous session recognition | 30 min |
Configuration: IP anonymisation (last octet removed), no data transfer to third parties, no cookies without consent, respects Do-Not-Track. Legal basis: Art. 6(1)(a) GDPR + §25(1) TTDSG.
3.3 Marketing and CRM (consent required)
| Name | Provider | Purpose | Lifetime |
|---|---|---|---|
hubspotutk | HubSpot (EU1) | CRM linkage for form submissions | 13 months |
__hstc, __hssc, __hssrc | HubSpot (EU1) | Session and campaign attribution | up to 13 months |
These cookies are set only with consent. They relate to data of caregivers (contracting parties or prospects) — see main Privacy Policy §7. Legal basis: Art. 6(1)(a) GDPR + §25(1) TTDSG.
3.4 Advertising / tracking
We use no advertising cookies. There is no transfer to ad networks, ad exchanges, or social-media pixels. No advertising identifiers (IDFA, GAID) are collected.
4. Managing your consent
4.1 First visit
A banner appears with the equivalent options:
- Accept all
- Reject all
- Customise (granular by category)
The banner does not block essential site functionality. Consents are versioned (date, time, banner text version, selected categories) and recorded as evidence under Art. 7(1) GDPR.
4.2 Withdrawal
You may withdraw consent at any time, with effect for the future:
- Click the "Cookie settings" link in the footer of every page,
- Update your selection in the banner,
- Or email datenschutz@silverfriend.de.
Withdrawal is as easy as giving consent (Art. 7(3) GDPR).
4.3 Browser settings
You can also manage and delete cookies via your browser settings:
- Chrome: Settings → Privacy and security → Cookies
- Firefox: Settings → Privacy & Security → Cookies
- Safari: Settings → Privacy → Website data
Note that blocking strictly necessary cookies may impair site functionality.
5. Third-country transfers
- HubSpot Ireland Ltd. hosts our CMS and CRM in the EU1 data centre (Frankfurt). The US parent HubSpot Inc. may access data as part of operations. This is covered by EU Standard Contractual Clauses (Module 2) and supplementary technical measures; HubSpot Inc. is also DPF-certified. See SUBPROCESSOR_REGISTER.
- Matomo runs self-hosted in eu-central-1 with no data sent to third parties.
- Cloudflare is used only as part of HubSpot's infrastructure for bot mitigation and is bound by contract as HubSpot's sub-processor.
6. Your rights
You have the right to access, rectification, erasure, restriction, objection, data portability, and to lodge a complaint with a supervisory authority — see the main Privacy Policy §10.
For cookie questions: datenschutz@silverfriend.de.
7. Changes to this cookie policy
We update this policy on material changes to the technologies used. Where the changes require new consent, the banner is re-displayed.
8. Change history
| Date | Version | Material changes |
|---|---|---|
| 2026-04-13 | 1.0 | Initial publication (pre-launch) |
As of 13 April 2026 · Silverfriend GmbH · Döringstraße 6, 10245 Berlin, Germany · datenschutz@silverfriend.de
Silverfriend GmbH · Döringstraße 6, 10245 Berlin · HRB 277280 B · USt-IdNr. DE457343045 · Legal Notice · Privacy · Terms