Privacy Policy

Thank you for your interest in the services offered by Business Operation Systems.

Your high expectations regarding the features of our product TopLogic – the automated app engine and our services are our guideline for handling your data. We take a variety of organizational measures to ensure that a trusting business relationship with our customers, partners and interested parties is established and maintained.

The confidentiality and integrity of your personal data is of particular concern to us. Business Operation Systems will process and use your data carefully, for the intended purpose, in accordance with your consent and in compliance with the statutory provisions on data protection.

The following sections describe how Business Operation Systems collects, processes and uses personal data from customers, partners and stakeholders.


Responsibility for the processing of personal data

Business Operation Systems is responsible for processing your personal data in accordance with the EU General Data Protection Regulation (“GDPR”).

Business Operation System is responsible for your data that is transmitted to us via, your personal account on, or your cooperation with us or one of our partners, if and to the extent that the necessary data protection requirements for this are met.

Partners of Business Operation Systems are responsible for the processing of those personal data that you yourself provide to the partners in connection with your requests and your cooperation. Partners of Business Operation Systems also process your data, insofar as these are transmitted to the partners by BOS, if and insofar as the necessary data protection requirements are met.


Collection and processing of personal data

Business Operation Systems collects and processes your personal data in the following cases, among others:

  1. when you contact Business Operation Systems directly, e.g. via the website, via the chats, via conferencing tools, via phone calls, emails or other direct contact options offered by social media platforms, for example.
  2. if you license our TopLogic product or commission other services.
  3. when you enter into a partner agreement with Business Operation Systems.
  4. when you request information about our products and services and these are transmitted electronically, for example.
  5. when you respond to our direct marketing activities, e.g. when you fill out a reply card or when you submit your data online at or on a landing page.
  6. if your personal data are transmitted to us by partners of Business Operation Systems or third parties, if and as far as the necessary data protection legal conditions are fulfilled, e.g. your consent is given or you did not contradict the passing on of your data to Business Operation Systems for the purpose of customer service and written addressing in knowledge of a right to contradict.
  7. if third parties (e.g. certified address providers) permissibly provide us with personal data about you.

We ask you to help us keep your information up to date by informing us of any changes to your personal data, in particular your contact details.

The following categories of personal data, may be collected through the means described in this Privacy Policy:

  1. Data provided by you
    • Contact information: Name, address, telephone number, e-mail address
    • Reason for contacting us: interest in products, services, a partner relationship or an employment relationship
    • Other personal data, such as date of birth, education, professional situation, employer, job title, area of responsibility
  2.     Data that may be collected by Business Operation Systems as part of the business relationship
    • Contract data: Customer number, contract number, services ordered
    • Online account data: Your account ID
    • Use of the website: Information about how you use the website and whether you open or forward communications from us, including data collected via cookies and other tracking technologies. For more information, please see the Cookie Policy
    • Creditworthiness Information: Information about any unpaid payments to us, plus information about fraud, criminal activity, politically exposed persons and sanctions lists in which your information is included
    • Use of TopLogic licenses


Purpose of data collection

The data collected from you in the course of the business relationship may be processed for the following purposes.

  • Fulfillment of contractual obligation in the context of license sales and maintenance (Art 6 para. 1 lit. b, DSGVO).

Business Operation Systems collects, processes and uses personal contact data within the scope of the contractually agreed business relationship.

  • Assurance of product quality, research and development of new products (Art 6 para. 1 lit. f, DSGVO).

Business Operation Systems uses the data received, which is collected through the provision of services by BOS or by partners, in de-personalized form for ensuring the quality of products and services and for research and development purposes. “De-personalized” means that the data is no longer directly attributable to you.

This processing is based on Business Operation Systems’ legitimate interest in meeting our customers’ expectations for high-quality products and services and in responding to customer requests for newly developed, innovative solutions. To protect your interests – in addition to de-personalization – additional safeguards and controls are implemented as needed, such as strict data access restrictions, data use restrictions, security measures, retention periods, as well as data economy principles, such as collecting only relevant data.

  • Customer service (Art 6 para. 1 lit. b, f, DSGVO).

BOS uses your personal data to address you in the context of contract processing or for the processing of a request formulated by you. For all aspects of contract processing or the handling of a request, we will contact you without separate consent, e.g. in writing, by telephone, via messenger services, by e-mail, depending on the contact details you have provided.

We will also contact you in carefully considered cases with promotional communication if and to the extent that the necessary data protection requirements for this are met and you have not objected to the use of your data for the purpose of addressing you in writing, knowing that you have a right to object.

Business Operation Systems also processes your personal data on this basis in order to clearly identify you, for example, when you contact us.

  • Advertising communication as well as market research based on consent (Art 6 para. 1 lit. a, DSGVO).

If you have separately given your consent to further use of your personal data, your personal data may be used by Business Operation Systems in accordance with the scope described in the consent, for example for advertising purposes and, with your separate consent, also with a high degree of personalization based on an individual customer profile and/or market research, and may be passed on to partners of Business Operation Systems. Details of this can be found in the respective declaration of consent, which can be revoked by you at any time.

If you have given the relevant consent to promotional communications, BOS. will collect and process:

  • Contact information, e.g. name, address, e-mail, telephone number
  • Supplementary personal information, preferences, e.g. company, need, concern, interests, status of your data protection consent form and selected or preferred communication channel

  • Identification data, e.g. customer number, account ID

  • History of the business relationship, e.g. contract number, services ordered and used
  • Website and social media data, insofar as you have registered or logged in, e.g. your account ID, your account data
  • Compliance with legal obligations to which Business Operation Systems is subject (Art 6 para. 1 lit. c, f, DSGVO)

Business Operation Systems will also process personal data if there is a legal obligation to do so. This may be the case, for example, if we need to contact you because the product you are using is affected by a technical action.

Collected data is also processed in the context of ensuring the operation of IT systems. Securing is understood to include the following activities:

  • Backup and recovery of data processed in IT systems
  • Logging and monitoring of transactions in order to check the correct functioning of IT systems
  • Detection and prevention of unauthorized access to personal data
  • Incident and problem management to eliminate malfunctions in IT systems

BOS is subject to a variety of other legal obligations. In order to comply with these obligations, we process your data to the extent required and, if necessary, pass it on to the responsible authorities within the scope of legal reporting obligations.

Furthermore, we may process your data in the event of a legal dispute if the legal dispute makes it necessary to process your data.

  • Data transfer to selected third parties
    • To carefully selected and audited partners of Business Operation Systems with whom we cooperate in order to offer you products and services. We do this only within the strict requirements of data processing on behalf of, for the fulfillment of a contractual obligation or on the basis of your explicit consent.
    • to other third parties (e.g. public bodies/authorities) insofar as we are legally obliged to do so.

Protection of personal data

Business Operation Systems uses various security measures, such as encryption and authentication tools according to the current state of the art, to protect and maintain the security, integrity and availability of your data.

One hundred percent protection against unauthorized access cannot be guaranteed for data transmissions via a website. BOS and the service providers and partners we engage use their best efforts to protect your personal data in accordance with applicable data protection regulations using state-of-the-art physical, electronic and procedural security measures. Among other things, we employ the following measures:

  • Strict criteria for authorization to access your data in accordance with the “need-to-know principle” (restriction to as few people as possible) and exclusively for the specified purpose,
  • Firewall protection of IT systems to protect against unauthorized access, e.g. by hackers, and
  • permanent monitoring of access to IT systems to detect and prevent misuse of personal data.

If you receive a password from us or have assigned one yourself that gives you access to certain areas of our website or to other portals or apps operated by us, you are responsible for maintaining the confidentiality of that password and for complying with any other security procedures of which we notify you. In particular, we ask that you not share your password with anyone.


Retention Period

Business Operation Systems will retain your data only for as long as is necessary for the particular relevant purposes for which we process your data. The basic principles by which this deletion policy provides for the deletion of your personal data are set out below.

  • Use for the performance of a contract

To fulfill contractual obligations, data collected from you may be retained for as long as the contract is in effect and beyond to comply with legal retention requirements and to resolve any inquiries or claims after the contract expires.

  • Use for verification of claims

Data that we believe will be necessary to investigate, defend against, or bring criminal prosecutions or claims against you, us or third parties may be retained by us for as long as such proceedings might be brought.

  • Use for customer support and marketing purposes

For customer support and marketing purposes, the data we collect from you may be retained for 3 to 10 years after collection, unless you request that we delete this data and there are no contractual or legal retention obligations that conflict with this deletion request.

Granting access to and protecting your data

Personal data is preferably processed by employees of Business Operation Systems and its partners within the EU.

If data is processed in countries outside the EU, BOS ensures via EU standard contracts including appropriate technical and organizational measures that your personal data is processed in accordance with the European level of data protection.

For some countries outside the EU, such as Canada and Switzerland, the EU has already established a comparable level of data protection. Due to the comparable level of data protection, the transfer of data to these countries does not require any special authorization or agreement.

If necessary, in order to support the services offered, BOS uses business partners who are commissioned by Business Operation Systems within the framework of the strict requirements of data protection data processing or who have concluded a partner agreement with Business Operation Systems.


Data subject rights

To exercise your rights, please contact Business Operation Systems using the contact details provided or also email the Data Protection Officer Your rights include:

  1. AInformation about your data stored by us and its processing (Art. 15 DSGVO)
  2. Correction of incorrect personal data (Art. 16 DSGVO)
  3. Deletion of your data stored by us (Art. 17 DSGVO)
  4. Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO)
  5. Objection to the processing of your data by us (Art. 21 DSGVO)
  6. Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us consent to process personal data, you may revoke this consent at any time with effect for the future.

You may lodge a complaint with a supervisory authority at any time, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller. A list of supervisory authorities for the non-public sector with address can be found at:


E-Mail Disclaimer

E-mails from Business Operation Systems contain confidential and/or legally protected information. If the addressee becomes aware that he/she is not the correct addressee or has received the e-mail in error, please inform the sender and destroy the e-mail. Business Operation Systems points out that unauthorized copying as well as unauthorized forwarding of e-mails is not permitted.



We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The updated data protection declaration will then apply to your next visit.