Welcome to consultingheads!

Register as an expert
Request experts now

Privacy policy

Any collection, use, storage, deletion or other use (hereinafter “processing”) of data is solely for the purpose of providing our services. Our services have been designed with the aim of using as little personal data as possible. In this context, “personal data” (hereinafter also referred to as “data”) shall be understood to mean all individual details about personal or factual circumstances of an identified or identifiable natural person (so-called “data subject”).

The following statements on data protection describe what types of personal data are processed when you access our website, what happens to this personal data and how you can object to data processing if necessary.

 

1. general information about data processing on this website

 

1.1 Responsible person

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is

consultingheads GmbH

Address:
Mittelstraße 11
40789 Monheim am Rhein

Phone:
+49 221 572730-0

E-Mail:
[email protected]

Homepage:
https://consultingheads.com/

 

1.2 Data protection officer

The data protection officer is:

Christian Scholtz from WS Datenschutz GmbH

If you have any questions about data protection, you can contact WS Datenschutz GmbH at the following e-mail address: [email protected]

WS Data Protection GmbH

Dircksenstrasse 51

D-10178 Berlin

https://webersohnundscholtz.de

 

1.3 Protection of your data

We have taken technical and organizational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers working for us.

When we work with other companies, such as email and server providers, to deliver our services, we do so only after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in connection with technical and organizational capabilities in data protection. This selection procedure shall be documented in writing and a contract shall be drawn up in accordance with. Art. 28 par. 3 GDPR on the processing of personal data on behalf (AV contract) is concluded only if it complies with the requirements of Art. 28 GDPR.

Your data will be stored on specially protected servers. Access to it is only possible for a few specially authorized persons.

Our website is SSL/TLS encrypted, which you can recognize by the “https://” at the beginning of the URL. Insofar as personal data is involved in e-mail communication, e-mails are sent from our side in encrypted form. We also use the integrated SSL certificate for this.

 

1.4 Deletion of personal data

We process the personal data only as long as it is necessary. As soon as the purpose of the data processing has been fulfilled, blocking and deletion take place in accordance with the standards of the deletion concept here, unless legal regulations prevent deletion.

 

2. data processing on this website and creation of log files

 

2.1 Description and scope of data processing

When you visit our website, our web servers temporarily store each access in a log file. The following personal data is collected and stored until automated deletion:

  • Access and error log data

In addition to this personal data, other personal data may be collected by us and our partners, more on this below.

In order to provide our Internet offer, we use the services of the hosting provider Raidboxes GmbH, Hafenstraße 32, 48153 Münster.

For more information, please refer to the privacy policy of Raidboxes GmbH at https://raidboxes.io/legal/privacy/.

 

2.2 Legal basis for data processing

The processing of this data is based on Art. 6 para. 1 S.1 lit. f) GDPR. Our legitimate interest is based on making our website accessible to you.

2.3 Purpose of the data processing

The data processing is carried out for the purpose of enabling the use of the website (connection establishment). It is used for system security, technical administration of the network infrastructure and optimization of the Internet offering. The IP address is only evaluated in the event of attacks on our network infrastructure or the network infrastructure of our Internet provider.

 

2.4 Duration of data storage

The personal data will be deleted as soon as they are no longer required for the above-mentioned purposes. This is the case when you close the website. Our hosting provider may use the data for statistical surveys. However, the data is anonymized for this purpose. A deletion of the data takes place at our hosting provider after 7 days.

 

2.5 Possibility of elimination by the data subject

The website can only be displayed if the described data is processed. If you object to the further processing of the data, please contact our data protection officer or the hosting provider at [email protected].

 

3. use of cookies

 

3.1 Description and scope of data processing

Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to us or to the entity that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They are used by us to enable you to log in and to analyze the use of our website in anonymized or pseudonymized form and to present you with interesting offers on this website. In this way, various data can be transmitted:

  • Frequency of website visits
  • Which functions of the website are used by you
  • Search terms used
  • Your cookie setting

When you access the website, a cookie banner informs you about the use of cookies and refers you to the privacy policy.

Notice regarding data processing in the USA by Google:

By clicking on “Agree to all”, you agree to the terms and conditions of this agreement. Art. 6 par. 1 p. 1 lit. a) GDPR that your data will be processed in the USA. According to the ECJ, the data protection standard in the U.S. is inadequate and there is a risk that your data will be processed by the U.S. authorities for control and monitoring purposes, possibly also without any legal remedy. If you consent only to the setting of essential cookies, the transfer does not take place. Consent given can be revoked at any time.

 

3.2 Legal basis for data processing

The legal basis for the processing of data through cookies that do not solely serve the functionality of our website is Art. 6 para. 1 p. 1 lit. a) GDPR.

The legal basis for data processing for cookies that serve solely the functionality of this website is Art. 6 para. 1 S.1 lit. f) GDPR.

 

3.3 Purpose of the data processing

Our legitimate interest results from the guarantee of a smooth connection and a comfortable use of our website as well as for reasons of evaluation of system security and stability. The data processing also takes place in order to enable a statistical evaluation of the website usage.

 

3.4 Duration of data storage

There are two types of cookies. Both are used on this website:

  • Transient cookies (for this a)
  • Persistent cookies (for this b)

a) Transient cookies, they are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies, these are automatically deleted after a predefined duration, which may differ depending on the cookie.

The data will only be stored for as long as is necessary for the review, unless statutory provisions require the data to be stored for longer. Borlaps will delete your consent after 6 months.

 

3.5 Possibility of elimination by the data subject

You have the possibility at any time to revoke your consent to data processing by cookies that are not solely used for the functionality of the website. In addition, we only set cookies after you have consented to the setting of cookies when you access the site. In this way, you can prevent data processing via cookies on our website.

You can also delete the cookies in the security settings of your browser at any time. Please note that you may not be able to use all the features of this website. The setting of cookies can also be prevented at any time by making the appropriate settings in your Internet browser.

You can revoke the consent given via our Borlabs consent banner by deleting the corresponding cookie called “borlaps-cookie”.

 

3.6 Borlabs

Borlabs serves the practical implementation of the GDPR and other data protection related law regarding the use of cookies on our website and the integration of analytics tools by means of consent. If you give your consent via the cookie banner, the following data will be processed:

  • Your IP address
  • Details of your consent
  • URL of the consent web page
  • Date and time of consent
  • Date and time of the last page access

The processing of this data is based on Art. 6 para. 1 S.1 lit. c) GDPR.

The data processing is carried out by: Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

For more information about data processing, please visit: https://de.borlabs.io/datenschutz/

 

3.7 CCIM

CCIM is integrated into the website as a cookie consent solution and is used for implementation in compliance with data protection law. CCIM manages your consent, which you enter via the consent banner. The following data is processed for this purpose:

  • Your IP address

The processing of this data is based on Art. 6 para. 1 sentence 1 lit.c) GDPR.

The data is processed locally on the devices. There is no transfer to third countries.

Further information on data processing can be found at: https://www.ccm19.de/datenschutzerklaerung.html

4. contact

 

4.1 Description and scope of data processing

Through our website it is possible to contact us via e-mail to [email protected] or a contact form. For this purpose, various data are required to respond to the request, which are automatically stored for processing. The following data is collected as a minimum (marked as mandatory field) in the contact form:

Find contact form consultinghead:

  • First name
  • Last name
  • Phone
  • E-mail address

You can also voluntarily provide the following information:

  • Company
  • Employment relationship
  • Message

Contact form consultinghead:

  • Search query (dropdown)
  • First name
  • Last name
  • Mobile number
  • Email address
  • Profile Upload/ Project List

You can also voluntarily provide the following information:

  • personal elevator pitch
  • LinkedIn profile address

The data will not be passed on to third parties.

 

4.2 Legal basis for data processing

The legal basis used here is Art. 6 para. 1 S.1 lit. b) GDPR.

 

4.3 Purpose of the data processing

We process your data exclusively to handle your contact request.

 

4.4 Duration of data storage

Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, predominantly immediately after the request has been answered. In rare cases, however, we may retain your data for a longer period of time. This may result from legal, regulatory or contractual obligations.

 

4.5 Possibility of elimination by the data subject

You can contact us at any time and object to further processing of your data. In this case, unfortunately, we can not continue communication with you. All personal data processed by us in the course of contacting you will be deleted in this case, unless this deletion conflicts with legal obligations to retain your data.

 

5. data processing in the context of applications

 

5.1 Description and scope of data processing

It is possible to apply via our website using an application tool Vincere(https://www.vincere.io/?lang=de) and via e-mail to [email protected]. For this purpose, personal data is processed and stored for further processing for the respective application procedure.

 

5.2 Legal basis for data processing

The legal bases for the data processing are Art. 88 DSGVO and § 26 BDSG.

 

5.3 Purpose of the data processing

We process your data exclusively for the purpose of carrying out the application procedure.

 

5.4 Duration of data storage

If the application should lead to the commencement of an employment relationship, the personal data will be stored accordingly in compliance with the statutory provisions. If the application is not considered when selecting a potential candidate, it will be deleted in accordance with the rules of the deletion concept here, taking into account the provisions of the AGG, in particular the existing burden of proof under Section 22 AGG.

This does not apply if legal provisions prevent deletion or if you have given your consent to longer storage. In this case, the further storage of your personal data is based on Art. 6 para. 1 p. 1 lit. c) or lit. a) GDPR.

 

5.5 Possibility of elimination by the data subject

You can contact us at any time and object to further processing of your data. All personal data processed by us in the course of the application process will be deleted in this case, unless deletion is contrary to mandatory statutory provisions

 

5.6 Vincere.io

 

5.6.1 Description and scope of data processing

For our application portal we use the recruiting software “Vincere.io”. The data processing is carried out by: HiringBoss Holdings Pte Ltd, of 120 Robinson Road, #15-01 068193, Singapore. We have integrated this service provider via iframe on our website.

The following data may be collected for us in this context by vincere.io:

  • Username
  • Photo
  • Biographical information, such as your profession, social media profiles, company name, and areas of expertise.

For more information, please see the following link to Vincere.io’s privacy policy: https://www.vincere.io/privacy-archived20jan21?lang=de

 

5.6.2 Legal basis for data processing

The legal basis for the use of Vincere.io is our legitimate interest in providing an application portal pursuant to Art. 6 para. 1 p. 1 lit. f) GDPR.

 

5.6.3 Purpose of data processing

The purpose of data processing is to optimize our application management.

 

5.6.4 Duration of data storage

The data will be deleted as soon as the purpose of the data processing has been achieved and no legal, contractual or official retention periods prevent deletion.

 

5.6.5 Possibility of elimination by the data subject

You have the possibility to object to the data processing at any time by notifying our data protection officer. If you have any questions about Vincere.io’s privacy practices, you may contact Vincere.io at any time at the following email address: [email protected].

If you do not wish to have your data processed by Vincere.io and do not wish to use our application portal, you also have the option of sending your application directly to us by e-mail to [email protected].

5.7 Call recording

5.7.1 Description and scope of data processing

If you contact us by telephone or take part in an online meeting, the conversation will be recorded with your consent and then transcribed. This recording is used to store the meeting notes in our CRM system Vincere.

We use the tool fireflies.ai to record and transcribe online meetings. The data processing is carried out by: Fireflies.AI Corp, 5424 Sunol Blvd , Ste 10-531 Pleasanton, CA 94566, USA.

You can find additional information on data protection at: https://fireflies.ai/privacy_policy.pdf

We also use the Comdesk tool to record and transcribe telephone calls. The data processing is carried out by: Comdesk GmbH, Neuenkampsweg 4, 25337 Kölln-Reisiek, Germany.

You can find additional information on data protection at: https://www.comdesk.de/datenschutz/

5.7.2 Legal basis for data processing

The legal basis for the data processing is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.

5.7.3 Purpose of data processing

We document the content of telephone calls and online meetings as part of our business activities. Recording and automatic transcription are intended to make this easier for our employees. The recording also serves the purpose of quality assurance.

5.7.4 Duration of data processing

The recording of the call is stored in Fireflies or Inopla / Comdesk and automatically deleted after 3 months or immediately if consent is withdrawn. The transcription created is transferred to the Vincere CRM system and stored there (for a specific purpose) in accordance with the applicable deletion periods for call notes.

5.7.5 Possibility of removal by the person concerned

You have the option to withdraw your consent to data processing at any time. To do so, please contact [email protected].

If you have any questions about data protection at Fireflies.ai, you can contact us by e-mail at [email protected].

If you have any questions about data protection at Comdesk GmbH, you can contact us by e-mail at [email protected].

5.8 Microsoft Azure

5.8.1 Description and scope of data processing

We use Azure to host internal AI agents, which contains a full copy of the candidate database (from Vincere.io). These data centers meet various certifications, including ISO 27001, and are operated by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. The following data in particular is processed as part of data processing

  • Your name
  • Curriculum vitae
  • Contact details
  • Professional background

The data centers are located in the European Union and in the United States of America. Only the data centers within the EU are used, whereby the controller can control access himself.

Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

 

5.8.2 Legal basis for data processing

The legal basis for data processing in accordance with the above paragraphs is Art. 6 para. 1 lit. f) GDPR. Our interest in data processing is in particular to ensure the integrity of the applications by providing a copy of the applicant data.

5.8.3 Purpose of data processing

The purpose of data processing is to enable the AI agent to obtain a copy of the candidate database in order to ensure further processing.

5.8.4 Duration of data storage

The data will be deleted if the purpose of the data storage has been fulfilled and no contractual, official or legal regulations prevent deletion. The copies created by the AI agent are strictly accessory to the originals during the deletion period.

5.8.5 Possibility of removal by the data subject

You have the possibility to object to the data processing at any time by notifying our data protection officer. If you have any questions about data protection at Microsoft Azure, you can contact Microsoft at any time.

If you do not wish to have your data processed by Microsoft Azure and do not wish to use our application portal, you also have the option of sending your application directly to us by e-mail to [email protected].

6. registration on the website

 

6.1 Description and scope of data processing

You can register on our website. This requires that you enter personal data in the registration mask. The following minimum data is collected for this purpose:

  • First name
  • Last name
  • E-mail address
  • Password

The data you provide in the registration mask will be used exclusively for processing and will not be passed on to third parties as a matter of principle.

 

6.2 Legal basis for data processing

If you provide personal data that belong to the mandatory field input masks, the data processing is based on Art. 6 para. 1 p.1 lit b) GDPR. If you also enter personal data in the other (optional) input field masks, the data processing is based on Art. 6 para. 1 S.1 lit. a) GDPR.

 

6.3 Purpose of the data processing

We process your data solely for the purpose of completing your registration and maintaining your website account with us.

 

6.4 Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case if you close your account with us and no legal or official retention periods prevent deletion. You also have the option to request deletion by pressing the “Request deletion of data” field in your profile. In this case, we will receive a notice that deletion has been requested and delete your profile.

 

6.5 Possibility of elimination by the data subject

Both during and after registration, you are free to change, correct or delete your personal data.

 

6.6 Social login using social media

 

6.6.1 Description of data processing

We offer you the possibility to register by means of your

  • LinkedIn accounts
  • PrepLounge accounts

register and log in to our website (social login).

In this case, an additional registration on this website is not required. Rather, the user account of your social network used for login is linked to the customer account on our website, so that you can authenticate yourself with your social media user account to the customer account on our website and log in there. The advantage for you is that you do not have to remember a new password for your customer account on our website.

By linking, we automatically receive the following information from LinkedIn Ireland or PrepLounge GmbH:

LinkedIn:

  • E-mail address
  • Social ID
  • Name
  • Profile picture
  • Maiden name
  • Link to your public profile

The enumeration can be found at: https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context

PrepLounge:

  • First name
  • Education level
  • Gender
  • Major
  • Industry interests
  • Study and university

For more information on the respective social media login, the transmitted data and the privacy settings of your social media account, please refer to the respective privacy notices of:

 

6.6.2 Legal basis for data processing

In the case of the transmission of the first and last name as well as the e-mail address, the data processing is based on Art. 6 para. 1 p.1 lit b) GDPR. You voluntarily provide us with any additional information. Therefore, the data processing in this case is based on Art. 6 para. 1 S.1 lit. a) GDPR.

 

6.6.3 Purpose of data processing

The Social Login makes it easier for you to use our registration function. It also provides us with information about the use of our website by social media users. We also use social media logins to make our website better known overall

 

6.6.4 Duration of data storage

The social login data will be stored and used as described until a revocation is declared.

 

6.6.5 Possibility of elimination by the data subject

You can prevent this data processing by using the regular registration process. Both during and after registration, the person concerned is free to change, correct or delete the personal data. In addition, if the data processing is based on consent, you have the option to revoke your consent to the data processing, cf. Art. 7 DSGVO. A revocation takes effect from the time it is issued. It develops an effect for the future. You can revoke the consent at any time. This can be done by telephone, by mail, by e-mail or by other means to us. Further settings may be possible within the profile settings of your social media account.

 

7. newsletter

 

7.1 Description and scope of data processing

We offer on our website the possibility to subscribe to our newsletter. When ordering the newsletter, you will be asked to provide personal data for processing. This is the data that is requested in the newsletter input mask. Input fields marked with a “*” are mandatory fields:

  • First name
  • Last name
  • E-mail address

These mandatory fields are necessary to send you the newsletter.

The newsletter is sent by e-mail. You will receive the newsletter only after registration. In order to meet the requirements of the DSGVO, we use the so-called DOI procedure (“double opt-in”). If you register for our newsletter, you will receive a confirmation e-mail to the electronic mailbox specified in the input field. This email contains a confirmation link that you must click. After this procedure you have successfully registered for the newsletter. To carry out the procedure, the IP address, date and time of registration are stored. This in order to prevent abuses. As a matter of principle, the data is not passed on to third parties.

 

7.2 Legal basis for data processing

The legal basis for the data processing is your consent pursuant to Art. 6 para. 1 S.1 lit. a) GDPR.

 

7.3 Purpose of the data processing

The newsletter has the function of informing you at regular intervals about offers and news from us.

 

7.4 Duration of data storage

We only process your data for as long as this is necessary to fulfill the purpose and no legal or official retention obligations prevent deletion.

7.5 Possibility of elimination by the data subject

The consent to the processing of personal data in the context of the newsletter order can be revoked at any time. To do this, you can click on the unsubscribe link integrated in every newsletter or inform us of your withdrawal of consent in another way.

 

7.6 Shipping service provider Mailchimp

 

7.6.1 Description and scope of data processing

The newsletter is sent using “Mailchimp”, an online marketing platform. The data processing is carried out by: The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Notice regarding data processing in the USA:

By subscribing to the newsletter, you consent acc. Art. 49 par. 1 p. 1 lit. a) in conjunction with. Art. 6 para. 1 p. 1 lit. a) DSGVO that your data will be processed by our shipping service provider in the USA. According to the ECJ, the data protection standard in the U.S. is inadequate and there is a risk that your data will be processed by the U.S. authorities for control and monitoring purposes, possibly also without any legal remedy. Consent given can be revoked at any time.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on Mailchimp’s servers in the USA. Mailchimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, Mailchimp may, according to its own information, use this data to optimize or improve its own services, e.g. for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, Mailchimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties. The newsletters contain a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from the Mailchimp server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is initially collected. The statistical surveys also include determining whether the newsletters are opened, how often they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor Mailchimp’s intention to monitor individual users. We trust in the reliability and IT and data security of Mailchimp. Furthermore, we have concluded a “Data Processing Agreement” with Mailchimp. This is a contract in which Mailchimp undertakes to protect the data of our users, to process it on our behalf in accordance with its privacy policy and, in particular, not to pass it on to third parties. You can view Mailchimp’s privacy policy at https://Mailchimp.com/legal/privacy/ .

 

7.6.2 Legal basis for data processing

The data processing by Mailchimp is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.

 

7.6.3 Purpose of the data processing

We use Mailchimp as our mailing service provider to ensure effective address management and to stay in contact with you via the newsletter.

 

7.6.4 Duration of data storage

According to the provider, it only stores your personal data for as long as we use your personal data to send the newsletter. Mailchimp deletes your data when we delete you from our address file.

 

7.6.5 Possibility of elimination by the data subject

You have the option to withdraw your consent at any time. To do so, please contact our data protection officer. You can also use the “opt-out” link at the end of each email at any time, which will result in us deleting your email address from our address file, which is why Mailchimp will then no longer process your personal data. However, this does not affect address files that Mailchimp manages on behalf of other clients.

 

7.7 Sendgrid

 

7.7.1 Description and scope of data processing

For sending emails (e.g. confirmation emails when booking an event), we use the sending service provider Sendgrid. The data processing is carried out by: Twilio Inc, 101 Spear Street,1st Floor, San Francisco, CA 94105, USA.

The following personal data is processed when emails are sent to you by Sendgrid

  • Name
  • e-mail address
  • Content of the e-mail

Further information on data protection at Twilio, Inc. can be found at the following link: https://www.twilio.com/legal/privacy.

 

 

7.7.2 Legal basis for data processing

Data processing by Sendgrid is based on our legitimate interest in the effective and secure transmission of important emails to you, in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR.

 

7.7.3 Purpose of the data processing

The purpose of data processing is the reliable delivery of e-mails.

 

7.7.4 Duration of data storage

The personal data is stored for as long as it is necessary to provide us with the service and to conduct our business. All data will be deleted or otherwise destroyed no later than 60 days after the user account with Twilio is closed.

7.7.5 Possibility of elimination by the data subject

You have the possibility to exercise your rights against us at any time. For this purpose, please contact us using the contact details provided. You can also contact the service provider directly at the following email address: [email protected].

 

8. social media links

We have integrated social media platforms on our services via links, which may result in the social media providers receiving data from you. If you click on the social media link, the website of the respective social media provider is called up. By accessing the website of the respective social media provider via our services, the respective reference data is transmitted to the respective social media provider. The social media provider thereby receives the information that you have visited us.

Further information on data processing by social media providers can be found here:

Facebook: https: //de-de.facebook.com/help/pages/insights,

https://de-de.facebook.com/about/privacy,

https://de-de.facebook.com/full_data_use_policy

Instagram: https://help.instagram.com/155833707900388

https://www.instagram.com/about/legal/privacy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

 

 

9. trackers and analysis tools

We use the following analysis tools to continuously improve our website offering. You can find out below which data is processed in each case and how you can contact the respective service providers:

 

9.1 Facebook Custom Audience / Facebook Pixel

 

9.1.1 Description and scope of data processing

Our website uses the visitor action pixel from Meta (“Facebook pixel”) for conversion measurement. The data processing is carried out by: Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA.

With the help of the Facebook pixel, the behavior of page visitors can be tracked after they visit our website. This allows the effectiveness of Meta ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. Meta receives the following categories of data: the forwarding URL, browser information and the Facebook user ID of the person if they have a Facebook account and are logged in to Facebook.

The data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes in accordance with the Meta Data Usage Policy. This enables Meta to place advertisements on Meta pages and outside Meta. This use of data cannot be influenced by us as the site operator.

You can find Meta’s privacy policy at https://www.facebook.com/about/privacy/.

 

9.1.2 Legal basis for data processing

The legal basis for the use of the application is your consent, pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.

9.1.3 Purpose of the data processing

We process your data for the purpose of demand-oriented and continuous optimization of our website. This also results in our legitimate interest in data processing.

 

9.1.4 Duration of data storage

The data is deleted as soon as it is no longer required for our recording purposes and no legal, official or contractual regulations prevent deletion.

 

9.1.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose. You can deactivate the remarketing function “Custom Audiences” in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screendeaktivierenif you have a Facebook account. If you do not have a Facebook account, you can deactivate usage-based advertising from Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/

 

 

9.2 Google Analytics

 

9.2.1 Description and scope of data processing

Our website uses Google Analytics. This is a service for analyzing access to websites of Google LLC. (“Google”) and enables us to improve our website. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies enable us to analyze your use of our website. The information collected by means of a cookie are:

  • IP address,
  • time of access,
  • duration of access

and are transmitted to a Google server in the USA and stored there. The analysis of your activities on our website is transmitted to us in the form of reports. Google may pass on the information collected to third parties if this is required by law or if third parties process this data on behalf of Google. The Google tracking codes on our website use the “_anonymizeIp()” function, which means that IP addresses are only processed in abbreviated form in order to prevent them from being directly linked to you. You can find more information on the terms of use and data protection of Google Analytics at https://www.google.de/intl/de/policies/ and http://www.google.com/analytics/terms/de.html .

 

9.2.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 S.1 lit. a) GDPR.

 

9.2.3 Purpose of the data processing

The processing of your personal data enables us to analyze your surfing behavior. By analyzing the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness.

 

9.2.4 Duration of data storage

The data is deleted 14 months after your visit to our website.

 

9.2.5 Possibility of elimination by the data subject

You have the possibility at any time to revoke a given consent to data processing with effect for the future. Please contact our data protection officer for this purpose. You can also prevent the installation of cookies from Google Analytics yourself by setting your browser software accordingly. In this case, however, you may not be able to use all the functions of our website to their full extent. Google Analytics can also be disabled and controlled by browser extensions, e.g. http://tools.google.com/dlpage/gaoptout?hl=de.

 

9.3 Google Tag Manager

 

9.3.1 Description and scope of data processing

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google marketing services into our online offering). The Tag Manager serves as a “manager” of the implemented tags. This allows us to centrally manage integrated Google products or other analysis tools on our website. The tags embedded on the website are referred to as code sections that make it possible to track your activities on our website. By using our website, the Google Tag Manager is downloaded, which automatically results in the user’s IP address being forwarded to Google. With regard to the processing of personal data, reference is made to the information on Google services. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

You can access the Google Tag Manager usage guidelines here: https://www.google.com/intl/de/tagmanager/use-policy.html

 

9.3.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR.

 

9.3.3 Purpose of the data processing

The Google Tag Manger simplifies the management and organization of the analytics tools used for the website. In order to integrate an analysis tool, JavaScript codes must be integrated into the website. By using Google Tag Manger, we are able to manage these integrated codes from one place.

 

9.3.4 Duration of data storage

As the Google Tag Manager does not store data directly, but forwards the data to the tracking tools, you must check how long the data is stored for the individual integrated tracking tools.

9.3.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time with effect for the future. To do so, you must contact the respective data protection officers of the tools. Further information regarding the management of your data can be found in the data protection declarations of the tools used.

 

9.4 Hotjar

 

9.4.1 Description and scope of data processing

We use Hotjar, an analytics software. The data processing is carried out by: Hotjar Ltd (“Hotjar”), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe.

Hotjar makes it possible to measure and analyze user behavior (clicks, mouse movements, scroll heights, etc.) on our website. The information generated by the “tracking code” and “cookie” from your visit to our website is transmitted to the Hotjar servers in Ireland and stored there. The tracking code collects the following information

  • The IP address of your device (collected and stored in an anonymous format)
  • Your email address, including your first and last name, if you have provided it via our website
  • Screen size of your device
  • Device type and browser information
  • Geographical location (country only)
  • The preferred language to represent our website
  • Referring domain
  • Pages visited
  • Geographic location (country only)
  • The preferred language to represent our website
  • Date and time the website was accessed

Hotjar will use this information for the purpose of evaluating your use of our website, compiling reports on website activity and providing other services relating to website activity and internet usage. For more information, click here: https://www.hotjar.com/legal/policies/privacy

 

 

9.4.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR.

 

9.4.3 Purpose of data processing

Our legitimate interest results from enabling the demand-oriented and continuous optimization of our website. The data processing is carried out for this purpose.

 

9.4.4 Duration of data storage

The cookies that Hotjar uses have a different “lifetime”; some remain valid for up to 365 days, some remain valid only during the current visit.

 

9.4.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose. You can prevent the collection of data by Hotjar for the future by clicking on the following link and following the instructions there: https://www.hotjar.com/legal/compliance/opt- out

 

10. advertising and marketing tools

Tools are also integrated on our website that ensure that our website is displayed to you as a relevant search result or marked as advertising in an Internet search. The programs used in connection with our website are broken down for you below:

 

10.1 Google Ad Manager (formerly Double Click)

 

10.1.1 Description and scope of data processing

Our website uses Google Ad Manager. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ad Manager is used to serve ads when you visit our website. Google Ad Manager uses information about your visits to this and other websites to serve ads about products and services that may be of interest to you. If you would like to know more about these methods or what options you have to prevent this information from being used by Google Ad Manager, click here: https://www.google.de/policies/technologies/ads/.

 

10.1.2 Legal basis for data processing

The data processing is based on your consent pursuant to Art. 6 para. 1 S.1 lit. a) GDPR.

 

10.1.3 Purpose of the data processing

Our interest lies in entering into cooperations with other companies in order to participate economically in this.

 

10.1.4 Duration of data storage

The data is deleted as soon as it is no longer required for our recording purposes and no legal, official or contractual regulations prevent deletion.

 

10.1.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose.

The setting of cookies can be prevented at any time by making the appropriate settings in your Internet browser. Cookies that have already been set can also be deleted in the Internet browser settings. Please note that preventing the setting of cookies may mean that not all functions are available without restriction.

 

10.2 Google Ads and Google Conversion Tracking

 

10.2.1 Description and scope of data processing

We have integrated the services of Google Ads (formerly Google AdWords) on this website. Google Ads is a service for internet advertising. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you have reached our website through a Google ad, Google will set a so-called conversion cookie on your system. With regard to the explanations on cookies, please refer to the section on cookies. The conversion cookie is used to create and analyze visit statistics and stores the IP address when the website is visited. This data is stored in the USA. It is possible that Google may also pass this data on to third parties. For further information on data protection from Google, please refer to: https://www.google.de/intl/de/policies/privacy/

 

10.2.2 Legal basis for data processing

The legal basis for data processing is your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO.

 

10.2.3 Purpose of data processing

We use GoogleAds to place targeted advertising for our company in Google’s search engine results.

10.2.4 Duration of data storage

The cookie loses its validity 30 days after the conversion cookie has been set. This means that you can no longer be identified. Within these 30 days, both we and Google can use the conversion cookie to track which subpages have been accessed.

 

10.2.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose.

The setting of cookies can be prevented at any time by making the appropriate settings in your Internet browser. Cookies that have already been set can also be deleted in the Internet browser settings. Please note that preventing the setting of cookies may mean that not all functions are available without restriction.

You can use this link http://www.google.com/settings/ads/plugin to permanently prevent data processing in your browser. As a result, it is possible that functions of our website will no longer be fully available.

It is also possible in the browser settings to object only to cookies for conversation tracking and thus to user-related advertising by Google. To do this, please click on the following link: www.google.de/settings/ads. We would like to point out that a new setting is required if you delete the cookies in your browser.

You can also click on the following link to deactivate those user-related ads that are part of the “About Ads” self-regulation campaign. We would like to point out that a new setting will be required if you delete the cookies in your browser.

 

10.3 Google AdSense

 

10.3.1 Description and scope of data processing

We use Google AdSense on the website. This is an online service that is used for advertising purposes. Google AdSense enables the placement of advertising on third-party websites. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the use of Google AdSense, a cookie is set for the data subject. For information on cookies, please refer to the section on cookies. The information stored in the cookie can be used by Google Inc. or third parties are recorded, collected and evaluated. In addition, Google AdSense also uses so-called “WebBacons” (small invisible graphics) to collect information, through the use of which simple actions such as visitor traffic on the website can be recorded, collected and analyzed.

The information generated by the cookie and/or web beacon about your use of this website is transmitted to a Google server in the USA and stored there. Google uses the information obtained in this way to evaluate your usage behavior with regard to the AdSense ads. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. For further information on Google AdSense, please refer to the following link: https://www.google.de/intl/de/adsense/start/

 

 

10.3.2 Legal basis for data processing

The legal basis for the data processing is your consent pursuant to Art. 6 para. 1 S.1 lit. a) GDPR.

 

10.3.3 Purpose of the data processing

Our interest lies in improving our level of awareness by enabling user-specific advertisements. We open up a larger circle of users and interested parties through advertising. It also increases our level of awareness.

 

10.3.4 Duration of data storage

The data will be deleted as soon as it is no longer required for our recording purposes and no official, legal or contractual regulations prevent deletion

10.3.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose. The setting of cookies and the display of WebBeacons can be prevented at any time by making the appropriate settings in your Internet browser. Cookies that have already been set can also be deleted in the Internet browser settings. Please note that preventing the setting of cookies may mean that not all functions are available without restriction.

 

10.4 Google Remarketing

 

10.4.1 Description and scope of data processing

Our website uses Google Remarketing. The use and application of Google Remarketing enables us to display advertising to you. This is also possible when you visit other websites if you have previously registered on our website. Google Remarketing thus ultimately enables user-related advertising. Data processing for the European Economic Area and for Switzerland is carried out by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The way Google Remarketing works is that a cookie is set. This cookie enables Google to recognize you if you visit a website that also uses Google Remarketing. This has the consequence that Google can track your IP address and your surfing behavior. For further information on the applicable data protection provisions of Google, please refer to: https://www.google.de/intl/de/policies/privacy/

 

10.4.2 Legal basis for data processing

The data processing is based on your consent pursuant to Art. 6 para. 1 S.1 lit. a) GDPR.

 

10.4.3 Purpose of the data processing

Our interest is to increase our visibility through the use of advertising. The purpose of the processing is to enable user-specific advertisements. We open up a larger circle of users and interested parties through advertising. It also increases our level of awareness.

 

10.4.4 Duration of data storage

The data will be deleted as soon as it is no longer required for our recording purposes and no official, legal or contractual regulations prevent deletion.

 

10.4.5 Possibility of elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose.

The setting of cookies can be prevented at any time by making the appropriate settings in your Internet browser. Cookies that have already been set can also be deleted in the Internet browser settings. Please note that preventing the setting of cookies may mean that not all functions are available without restriction.

You can object to user-related advertising by Google at any time. In this regard, we refer to: www.google.de/settings/ads.

10.5 Hubspot

10.5.1 Description and scope of data processing

We use “HubSpot”, a platform for marketing, sales, customer management and customer service. The data processing is carried out by: HubSpot, Inc, 25 First Street Cambridge, MA 02141, USA.

HubSpot collects the data entered in the contact form as well as the day and time the email was opened and stores it in our software. Your data is stored on servers in the USA.

We use the service for analysis purposes and to evaluate the use of our website.

Note on data processing in the USA:

It is possible that your data will be processed by our service provider HubSpot in the USA. According to the ECJ, the data protection standard in the U.S. is inadequate and there is a risk that your data will be processed by the U.S. authorities for control and monitoring purposes, possibly also without any legal remedy.

HubSpot does not use the data and does not pass it on to third parties. We trust in the reliability and IT and data security of HubSpot. Further information on data protection at HubSpot can be found at https://legal.hubspot.com/de/terms-of-service.

10.5.2 Legal basis for data processing

The data processing of your data entered in the contact form by HubSpot is carried out in accordance with Art. 6 para. 1 p. 1 lit. b) GDPR. The data processing of the day and time of e-mail opening is based on our legitimate interest in accordance with Art. 6 para. 1 S.1 lit. f) GDPR on customer-friendly communication and acquisition.

The legal basis for data processing for analysis purposes is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.

10.5.3 Purpose of data processing

We use HubSpot as our service provider to ensure effective address management and to be able to contact you via a contact form.

We use HubSpot to effectively analyze user behavior on our website.

 

10.5.4 Duration of data storage

According to HubSpot, HubSpot only stores your personal data for as long as we use your personal data. HubSpot deletes your data when we delete you from our address file or delete our account with HubSpot after a period of 30 days.

10.5.5 Possibility of removal by the data subject

You have the option to revoke your consent to data processing at any time. You have the option to object to data processing at any time. To do so, please contact our data protection officer

11. other third party tools

We also use third-party providers who help us with the presentation and functionality of the website. These are listed below:

 

11.1 Cloudflare

 

11.1.1 Description and scope of data processing

On our website we use the services of Cloudflare to ensure a secure and error-free use of our website. Cloudflare, as a CDN (“Content Delivery Network”), ensures the security of this website and the optimization of loading times. For this purpose, Cloudflare generates log data, which may include, for example, the number of page views, IP address, system information and information about the pages viewed before and after your visit to our website. With the help of this data, Cloudflare searches for attack patterns, the analysis of which leads to the protection of our website. This analysis usually takes place within a few minutes, so that the security rules of our website can be updated immediately. Responsible for data processing is: Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA.

For more information, please see Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy

 

11.1.2 Legal basis for data processing

The data processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR. One of our interests is to ensure the safe use of our website. By implementing Cloudflare, we will at the same time comply with the principle of integrity and confidentiality of your data within the meaning of Art. 5 para. 1 lit. (f) equitable.

 

11.1.3 Purpose of the data processing

The purpose of the data agreement is to ensure the confidentiality and integrity of our data processing and the full functioning of our website.

 

11.1.4 Duration of data storage

Your data will only be stored as long as this is necessary to fulfill the purpose and no legal obligations to store your data prevent deletion.

11.1.4 Options for elimination by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose. You can prevent Cloudflare from processing your data by disabling the execution of script code in your browser or installing a script blocker, but this may result in our website no longer being displayed correctly.

 

11.2 Self-hosted fonts

 

11.2.1 Description and scope of data processing

We use so-called web fonts as well as icons on the website for the uniform display of fonts. When you call up a page, your browser loads the required web fonts/icons into your browser cache in order to display texts and fonts correctly. We have integrated these locally on our own website so that Google and Font Awesome are not aware that our website has been accessed via your IP address. If your browser does not support web fonts/icons, a standard font from your computer will be used.

 

11.2.2 Legal basis for data processing

The legal basis is based on our legitimate interest according to. Art. 6 par. 1 p. 1 lit. f) GDPR.

 

11.2.3 Purpose of the data processing

The purpose of the data processing is to ensure the consistent presentation of fonts on this website, in order to provide a visually interesting and at the same time user-friendly website.

 

11.2.4 Duration of data storage

No data is stored.

 

11.2.5 Possibility of elimination by the data subject

You can set your browser to not support web fonts/icons. In this case, a default font is used by your computer.

 

11.3 Trustpilot

11.3.1 Description and scope of data processing

We use functions of the Trustpilot rating service on our website to display and obtain customer ratings in order to present our service quality transparently. Trustpilot is a service provided by Trustpilot A/S, Pilestræde 58, 5, 1112 Copenhagen, Denmark.

When loading Trustpilot content, your browser establishes a connection to the Trustpilot servers. The following data may be processed in the process:

  • IP address
  • Your name
  • E-mail address
  • Rating text
  •  

Further information can be found in Trustpilot’s privacy policy at:
https://de.legal.trustpilot.com/for-reviewers/end-user-privacy-terms

11.3.2 Legal basis for data processing

The legal basis for the display of Trustpilot content is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 par. 1 p. 1 lit. f) GDPR.

The legal basis for the collection of the ratings is based on your consent in accordance with. Art. 6 par. 1 sentence 1 lit. a) GDPR.

11.3.3 Purpose of data processing

The purpose of data processing is to display customer reviews on the website to build trust and improve the user experience.

11.3.4 Duration of data storage

The data will be deleted as soon as it is no longer required for our processing purpose and no official, legal or contractual regulations prevent deletion. Furthermore, your rating will be stored until you withdraw it or delete your Trustpilot account.

11.3.5 Possibility of removal by the data subject

You have the option to revoke your consent to data processing at any time. Please contact our data protection officer for this purpose. Furthermore, you can object to the data processing by Trustpilot. To do so, fill out the following form Submit a request – Trustpilot.

 

12. data transfer to a third country

To enable us to provide our services, we use the support of service providers from Europe as well as from third countries. In order to ensure the protection of your personal data even in the event of data transfer to a third country, we conclude special order processing contracts with each of the carefully selected service providers. All of the service providers we use have sufficient evidence that they ensure data security through suitable technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the EU Commission (Art. 45 GDPR) or have provided suitable guarantees (Art. 46 GDPR).

Adequate level of protection: The provider comes from a country whose adequate level of data protection has been recognized by the EU Commission. You can find more information at: Adequacy decisions (europa.eu)

EU standard contractual clauses: Our provider has submitted to the EU standard contractual clauses in order to guarantee secure data transfer. You can find more information on this at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

Binding Corporate Rules: Art. 47 of the GDPR provides for the possibility of ensuring data protection when transferring data to a third country via binding internal data protection regulations. These are reviewed and approved by the competent supervisory authorities as part of the consistency procedure in accordance with Art. 63 GDPR.

Consent: In addition, data will only be transferred to a third country without an adequate level of protection if you have given us your consent in accordance with Art. Art. 49 par. 1 lit. a) GDPR or another exception according to Art. 49 GDPR is relevant for the data transfer.

 

13. your rights

You have the following rights with respect to us regarding personal data concerning you:

 

13.1 Right to withdraw consent (cf. Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data for the future after you have given it to us. It can be made verbally (by telephone) or in writing by post or e-mail to us.

 

13.2 Right of access (cf. Art. 15 GDPR)

In the event of a request for information, you must provide sufficient information about your identity and provide proof that the information is yours. The information concerns the following:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
  • the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

 

13.3 Right to rectification or deletion (cf. Art. 16, 17 DSGVO)

You have a right to rectification and/or completion vis-à-vis us as the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

In addition, you may request the deletion of personal data concerning you if one of the following reasons applies to you:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing is based according to. Art. 6 par. 1 S.1 lit. a) or Art. 9 par. 2 lit. a) GDPR and there is no other legal basis for the processing.
  • They lay out acc. Art. 21 par. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Art. 21 par. 2 DSGVO to object to the processing.
  • The personal data concerning you has been processed unlawfully.
  • The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If we have made the personal data concerning you public and we are obliged pursuant to Art. Art. 17 par. 1 GDPR, we will take all reasonable steps to inform other data controllers that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not exist if the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 6 para. 1 lit. a GDPR. Art. 89 par. 1 GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

for the assertion, exercise or defense of legal claims.

 

13.4 Right to restriction of processing (cf. Art. 18 DSGVO)

Under the following conditions, you can request that we restrict the processing of your personal data:

  • if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

 

13.5 Right to information (cf. Art. 19 GDPR)

If you have asserted your right to rectification, erasure or restriction of data processing against us, we are obliged to notify all recipients of your personal data of the rectification, erasure or restriction of data processing. This shall apply only to the extent that such notification does not prove impossible or would involve disproportionate effort.

You have the right to know which recipients have received your data.

 

13.6 Right to data portability (cf. Art. 20 DSGVO)

You have the right to receive your personal data from us in a common, machine-readable format in order to have it forwarded to another controller, if necessary, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR and
  • the processing is carried out by automated means.

When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

 

13.7 Right to object to processing (cf. Art. 21 GDPR)

Insofar as we base the processing of your personal data on a legitimate interest (acc. Art. 6 par. 1 p. 1 lit. f) DSGVO) on our part, you may object to the processing. The same applies should we base the data processing on Art. 6 para. 1 p. 1 lit. e) GDPR.

When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

 

13.8 Right to complain to the competent supervisory authority (cf. Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been submitted will inform you about the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

14. how you exercise these rights

To exercise these rights, please contact our data protection officer:

Christian Scholtz from WS Datenschutz GmbH

[email protected]

or by post:

WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin

15. reservation of right of modification

We reserve the right to amend this privacy policy in compliance with the statutory provisions.

Status October 2025

Privacy policy for our social media presence

Together with us responsible social media

consultingheads GmbH

Address: Mittelstraße 11
40789 Monheim am Rhein

Phone: +49 221 572730-0

E-Mail: [email protected]

Homepage: https://consultingheads.com

has its own social media presence as follows:

Here we use the services of

  • Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA and Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook“, “Instagram“)
  • LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland or LinkedIn Corporation, 1000 W. Maude Ave, Sunnyvale, California 94085, USA (“LinkedIn“)
  • XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING“)

back.

Due to the judgment of the European Court of Justice of 05.06.2018 (available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=298398 ), operators of social media sites and the operators of the social media themselves are considered joint controllers of data processing.

We would like to point out that you use our social media sites and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information that we make available on social media on our own website.

Data Protection Officer

Our data protection officer is:

Christian Scholtz from WS Datenschutz GmbH

If you have any questions about data protection, please contact him at the following e-mail address:

[email protected] or by mail:

WS Datenschutz GmbH

Dircksenstrasse 51

D-10178 Berlin

https://webersohnundscholtz.de/

You can contact the data protection officers of the respective social media via the respective social media.

The Data Protection Officer of Facebook and Instagram via the following linked contact form: https://www.facebook.com/help/contact/540977946302970

The LinkedIn data protection officer via the following linked contact form: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

The Data Protection Officer of XING via the following e-mail address: [email protected]

Data processed by social media

When you visit our social media pages, the social media operators collect, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the site, with statistical information about the use of the site. The data collected about you in this context is processed by the social media operators and may be transferred to countries outside the European Union. Which information the operator of the respective social network receives and how it is used is described in the privacy policies of the respective social networks. There you will also find information on how to contact us.

You can find more information on this under the following links:

Facebook: https://de-de.facebook.com/help/pages/insights
https://de-de.facebook.com/about/privacy
https://de-de.facebook.com/full_data_use_policy

Instagram: https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

Xing: https://www.xing.com/privacy

The way in which the social media operators use data from visits to our social media presence for their own purposes, the extent to which activities on the social media sites are assigned to individual users, how long the operators store this data and whether data from a visit to the social media sites is passed on to third parties is not conclusively and clearly stated by the social media operators and is not known to us.

When you access our social media pages, the IP address assigned to your end device is transmitted to the operator of the respective social network. The social networks also store information about the user’s end devices (e.g. as part of the “login notification” function); the social media operators may thus be able to assign IP addresses to individual users.

If you are currently logged in to the respective social network as a user, a cookie with your individual identifier is stored on your end device in this social network. This allows the operator of the social network to track that you have visited a particular page and how you have used it. This data can be used to tailor content or advertising to your previous website visits.

If you want to avoid this, you should log out of the respective social network or deactivate the “stay logged in” function, delete the cookies on your device and close and restart your browser. In this way, login information that can be used to directly identify you will be deleted. This allows you to use our social media presence without revealing your user ID. If you access interactive functions on the site (like, comment, share, messages, etc.), a login screen will appear. After logging in, you will once again be recognizable as a specific user for the social network used.

Information on how you can manage or delete existing information within the social network can be found on the above-mentioned support pages of the respective social network.

Data processed by us

Type and scope of data processing

The data you enter on social networks, in particular your user name and the content published under your account, will be processed by us to the extent that we may respond to your messages. We also use LinkedIn to contact potential candidates via LinkedIn Message by providing them with a booking link. We then download and analyze the data publicly available on LinkedIn. Formal consent to data storage is given after initial contact via Vincere, although some applicants send their data themselves beforehand.

In addition, your published posts, ratings and comments refer to your account in the respective social network. If you mention us via an @ or a # or similar, this mention may be published on our site under your user name. The data you freely publish and disseminate on the respective social network may be included by us in our offer and made accessible to other users of the respective social network. If you mark our presence in the social media with “Like” or “Follow” or a similar interaction, we will be informed of this by the respective social network with your user name and link to your account.

As the provider of the information service, we also collect and process the following data from your use of our social media presence:

We use the LinkedIn Recruiter System Connect (RSC) function on the LinkedIn platform to get in touch with suitable candidates for open positions. You can use your LinkedIn profile privacy settings to determine whether Recruiter customers can export profile data packages. We process the following data from your LinkedIn profile to select and subsequently contact potential candidates:

  • First and last name
  • Location
  • Title
  • Information about your qualifications and professional experience
  • Your current employer, if applicable
  • Project information (including pipeline status)
  • Feedback

We only use LinkedIn for initial contact.

Legal basis of the processing

Data processing on our part is based on Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest arises from the advertising function of social media. We use them to increase awareness of our company.

Purpose of the processing

The data you provide in this context and which may be accessible to us (e.g. user name, images, interests, contact details) will be processed by us exclusively for the purpose of communicating with customers and interested parties. Our legitimate interest lies in offering you a platform on which we can display current information and with the help of which you can address your request to us and we can respond to your request as quickly as possible.

Duration of storage

As far as possible, your data will be deleted when we discontinue our presence on social media.

Your rights

You have the following rights under the General Data Protection Regulation:

Right to withdraw consent (see Art. 7 GDPR)

If you have given your consent to the processing of your data, you can withdraw it at any time. Such a revocation affects the permissibility of the processing of your personal data for the future after you have given it to the controller. It can be made verbally (by telephone) or in writing by post or e-mail to us.

Right to information (see Art. 15 GDPR)

In the event of a request for information, you must provide sufficient information about your identity and provide proof that the information is yours. The information concerns the following:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the duration of storage;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
 
Right to rectification or erasure (see Art. 16, 17 GDPR)

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

In addition, you may request the deletion of personal data concerning you if one of the following reasons applies to you:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing is based according to. Art. 6 par. 1 S.1 lit. a) or Art. 9 par. 2 lit. a) GDPR and there is no other legal basis for the processing.
  • They lay out acc. Art. 21 par. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 6(1) GDPR. Art. 21 par. 2 DSGVO to object to the processing.
  • The personal data concerning you has been processed unlawfully.
  • The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
  • The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

If the personal data concerning you have been made public and the controller is obliged to delete them pursuant to Art. Art. 17 par. 1 GDPR, we will take all reasonable steps to inform other data controllers that you have requested the deletion of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not existinsofar as the processing is necessary:

  • to exercise the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with Art. 6 para. 1 lit. a GDPR. Art. 89 par. 1 GDPR, insofar as the aforementioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
  • for the assertion, exercise or defense of legal claims.

Right to restriction of processing (see Art. 18 GDPR)

Under the following conditions, you may request the controller to restrict the processing of your personal data:

  • if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims, or
  • if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether our legitimate reasons outweigh your reasons.

If the processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to information (see Art. 19 GDPR)

If you have asserted your right to rectification, erasure or restriction of data processing against a controller, the controller is obliged to notify all recipients of your personal data of the rectification, erasure or restriction of data processing. This only applies insofar as this notification does not prove to be impossible or would involve a disproportionate effort.

You have the right to know which recipients have received your data.

Right to data portability (see Art. 20 GDPR)

You have the right to receive your personal data from the controller in a commonly used, machine-readable format in order to have it transmitted to another controller, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 S.1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on the basis of a contract pursuant to Art. 6 para. 1 p. 1 lit. b) GDPR is based and
  • the processing is carried out using automated procedures.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to object to the processing (see Art. 21 GDPR)

Insofar as the processing of your personal data is based on a legitimate interest (acc. Art. 6 par. 1 lit. f) GDPR), you can object to the processing. The same applies if the data processing is based on Art. 6 para. 1 p. 1 lit. e) GDPR can be supported.

When exercising such an objection, please explain the reasons why your personal data should not be processed. In the event of your justified objection, the situation will be examined and either the data processing will be discontinued or adapted or you will be shown the compelling reasons worthy of protection on the basis of which the processing will be continued.

Right to lodge a complaint with the competent supervisory authority (see Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

How to exercise these rights

You can assert your rights with the data protection officer of the respective controller, whose contact details can be found under point 2. If you make use of the aforementioned rights, the controller will check whether the legal requirements are met.

If you have any questions about our information services, please contact us using the contact details given under point 1.

Further information on social networks and how you can protect your data can also be found at https://youngdata.de.

Subject to change

We reserve the right to amend this privacy policy in compliance with the statutory provisions.

Status October 2025

Privacy Policy for Our Social Media Presence

Joint Controllers for Social Media

consultingheads GmbH

Address: Mittelstraße 11
40789 Monheim am Rhein, Germany

Telephone: +49 221 572730-0

Email: [email protected]

Website: https://consultingheads.com

operates the following own presences on social media platforms:

Facebook: https://www.facebook.com/consultingheads
Instagram: https://www.instagram.com/consultingheads/
LinkedIn: https://www.linkedin.com/company/consultingheads/
XING: https://www.xing.com/pages/consultingheads

In doing so, we make use of the services of

Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA or Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”, “Instagram”)
LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland or LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA (“LinkedIn”)
XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”).

Due to the ruling of the European Court of Justice of 05 June 2018 (available at http://curia.europa.eu/juris/document/document.jsf?text=&docid=202543&pageIndex=0&doclang=DE&mode=req&dir=&occ=first&part=1&cid=298398), operators of social media presences and the operators of the social media platforms themselves are considered joint controllers for data processing.

We would like to point out that you use our social media presences and their functions at your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information that we provide on social media via our own website.

Data Protection Officer

Our data protection officer is:

Christian Scholtz of WS Datenschutz GmbH

If you have questions regarding data protection, you can contact him at the following email address:

[email protected] or by post at:

WS Datenschutz GmbH

Dircksenstraße 51

D-10178 Berlin

https://webersohnundscholtz.de/

The data protection officers of the respective social media platforms can be contacted via the respective social media services.

You can reach the data protection officer of Facebook and Instagram via the following linked contact form: https://www.facebook.com/help/contact/540977946302970

You can reach the data protection officer of LinkedIn via the following linked contact form: https://www.linkedin.com/help/linkedin/ask/TSO-DPO

You can reach the data protection officer of XING via the following email address: [email protected]

Data Processed by Social Media Platforms

When visiting our social media presences, the operators of the social media platforms collect, among other things, your IP address as well as further information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the presence, with statistical information about the use of the page. The data collected about you in this context is processed by the operators of the social media platforms and may be transferred to countries outside the European Union. How the operator of the respective social network receives and uses this information is described in the privacy policies of the respective social networks. There you will also find information about contact options.

Further information can be found at the following links:

Facebook: https://de-de.facebook.com/help/pages/insights
https://de-de.facebook.com/about/privacy
https://de-de.facebook.com/full_data_use_policy

Instagram: https://help.instagram.com/155833707900388
https://www.instagram.com/about/legal/privacy/

LinkedIn: https://www.linkedin.com/legal/privacy-policy

XING: https://www.xing.com/privacy

The manner in which the operators of the social media platforms use data from visits to our social media presences for their own purposes, the extent to which activities on social media presences are assigned to individual users, how long the operators store this data, and whether data from visits to social media presences is passed on to third parties is not conclusively or clearly stated by the operators of the social media platforms and is not known to us.

When accessing our social media presences, the IP address assigned to your device is transmitted to the operator of the respective social network. The social networks also store information about users’ devices (e.g. as part of the “login notification” function). It may therefore be possible for the operators of the social media platforms to assign IP addresses to individual users.

If you are currently logged in to the respective social network as a user, a cookie with your individual identifier for that social network is stored on your device. This allows the operator of the social network to track that you have visited a specific page and how you have used it. Based on this data, content or advertising can be tailored to your previous website visits.

If you wish to avoid this, you should log out of the respective social network or deactivate the “stay logged in” function, delete the cookies stored on your device, and close and restart your browser. In this way, login information through which you can be directly identified will be deleted. This allows you to use our social media presences without revealing your user identifier. If you access interactive functions of the page (like, comment, share, messages, etc.), a login screen will appear. After logging in, you will again be recognizable to the respective social network as a specific user.

Information on how you can manage or delete existing information within the social network can be found on the above-mentioned support pages of the respective social networks.

Data Processed by Us

Type and Scope of Data Processing

The data you enter on social networks, in particular your username and the content published under your account, is processed by us insofar as we may respond to your messages. In addition, we use LinkedIn to contact potential candidates via LinkedIn messages by providing them with a booking link. The publicly available data on LinkedIn is then downloaded and evaluated by us. Formal consent to data storage is obtained after an initial contact via Vincere, although some applicants send their data themselves beforehand.

In addition, your published posts, ratings, and comments refer to your account on the respective social network. If you mention us via an @ or a # or similar, this mention may be published on our page under your username. The data you freely publish and distribute on the respective social network may therefore be integrated into our offering and made accessible to other users of the respective social network. If you mark our social media presence with “Like”, “Follow”, or a similar interaction, this will be communicated to us by the respective social network together with your username and a link to your account.

As the provider of the information service, we also collect and process the following data from your use of our social media presences:

We use the LinkedIn Recruiter System Connect (RSC) function on the LinkedIn platform to get in touch with suitable candidates for open positions. You can specify in your LinkedIn profile privacy settings whether recruiter customers may export profile data packages. For selection and subsequent contact with potential candidates, we process the following data from your LinkedIn profile:

First and last name
Location
Title
Information about your qualifications and professional experience
If applicable, your current employer
Project information (including pipeline status)
Feedback

We use LinkedIn solely for initial contact.

Legal Basis for Processing

The processing of data on our part is based on Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest arises from the advertising function of social media. We use these platforms to increase awareness of our company.

Purpose of Processing

The data you provide in this context and that may be accessible to us (e.g. username, images, possibly interests, contact details) is processed by us exclusively for the purpose of customer and prospect communication. Our legitimate interest lies in providing you with a platform on which we can present current information to you and through which you can address your concerns to us, enabling us to respond to your request as quickly as possible.

Duration of Storage

Your data will be deleted, insofar as it is possible for us, when we discontinue our social media presence.

Your Rights

Under the General Data Protection Regulation, you have the following rights:

Right to Withdraw Consent (cf. Art. 7 GDPR)

If you have given consent to the processing of your data, you may withdraw this consent at any time. Such a withdrawal affects the permissibility of processing your personal data in the future after you have declared it to the controller. The withdrawal can be made verbally or in writing by post or email.

Right of Access (cf. Art. 15 GDPR)

In the event of a request for access, you must provide sufficient information about your identity and provide proof that the information concerns you. The information includes:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
the planned duration of storage of the personal data concerning you or, if specific information is not possible, criteria for determining the storage period;
all available information about the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making including profiling pursuant to Art. 22 para. 1 and 4 GDPR and, at least in these cases, meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

Right to Rectification or Erasure (cf. Art. 16, 17 GDPR)

You have the right to rectification and/or completion vis-à-vis the controllers if the personal data processed concerning you is inaccurate or incomplete. The controller must carry out the rectification without delay.

You may also request the erasure of personal data concerning you if one of the following reasons applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 sentence 1 lit. a) or Art. 9 para. 2 lit. a) GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.
The personal data concerning you has been unlawfully processed.
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
The personal data concerning you was collected in relation to the offer of information society services pursuant to Art. 8 para. 1 GDPR.

If the personal data concerning you has been made public and the controller is obliged to erase it pursuant to Art. 17 para. 1 GDPR, we shall take reasonable steps to inform other controllers responsible for processing the data that you have requested the erasure of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not apply insofar as processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the above-mentioned right is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
for the establishment, exercise, or defence of legal claims.

Right to Restriction of Processing (cf. Art. 18 GDPR)

Under the following conditions, you may request the restriction of the processing of your personal data:

if you contest the accuracy of the personal data concerning you for a period enabling us to verify the accuracy of your personal data;
the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of its use;
we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise, or defence of legal claims; or
if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether our legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may only be processed, apart from storage, with your consent or for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right to Notification (cf. Art. 19 GDPR)

If you have asserted your right to rectification, erasure, or restriction of processing vis-à-vis a controller, that controller is obliged to notify all recipients to whom your personal data has been disclosed of the rectification, erasure, or restriction of processing. This applies only insofar as such notification does not prove impossible or involves a disproportionate effort.

You have the right to be informed about these recipients.

Right to Data Portability (cf. Art. 20 GDPR)

You have the right to receive your personal data from the controller in a commonly used, machine-readable format in order to transmit it to another controller, provided that

the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) GDPR or Art. 9 para. 2 lit. a) GDPR or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR, and
the processing is carried out by automated means.

When exercising your right to data portability, you also have the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible.

The right to data portability does not apply to processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Right to Object to Processing (cf. Art. 21 GDPR)

If the processing of your personal data is based on a legitimate interest (pursuant to Art. 6 para. 1 lit. f) GDPR), you may object to the processing. The same applies if the data processing is based on Art. 6 para. 1 sentence 1 lit. e) GDPR.

When exercising such an objection, please explain the reasons why your personal data should not be processed. In the event of your justified objection, the situation will be reviewed and either the data processing will be discontinued or adapted, or we will demonstrate compelling legitimate grounds for continuing the processing.

Right to Lodge a Complaint with the Supervisory Authority (cf. Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR.

The supervisory authority with which the complaint has been lodged will inform you of the status and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

How to Exercise These Rights

You may exercise your rights by contacting the data protection officer of the respective controller, whose contact details can be found under section 2. If you exercise any of the above rights, the controller will check whether the legal requirements are met.

If you have questions about our information offering, you can contact us using the contact details listed under section 1.

Further information on social networks and how you can protect your data can also be found at https://youngdata.de.

Right to Amend

We reserve the right to amend this privacy policy in compliance with statutory provisions.

As of October 2024

 

 

 

Als Experte registrieren
Jetzt Experten anfragen
Register as an expert
Request experts now