Welcome to consultingheads!

Privacy Policy

Any collection, use, storage, deletion or other use (hereinafter “processing”) of data is solely for the purpose of providing our services. Our services have been designed with the aim of using as little personal data as possible. In this context, “personal data” (hereinafter also referred to as “data”) is understood to mean all individual information about personal or factual circumstances of an identified or identifiable natural person (so-called “data subject”).

The following statements on data protection describe what types of personal data are processed when you access our website, what happens to this personal data and how you can object to data processing if necessary.

 

1. General information about data processing on this website

 

1.1 Person responsible

The responsible party within the meaning of the EU General Data Protection Regulation (DSGVO) is:

consultingheads GmbH

Address:
Venloer Straße 310-316,
50823 Cologne, Germany

Phone:
+49 221 572730-0

Email:
[email protected]

Homepage:
https://consultingheads.com/

 

1.2 Data protection officer

The data protection officer is:

Christian Scholtz from WS Datenschutz GmbH

If you have any questions regarding data protection, you can contact WS Datenschutz GmbH at the following e-mail address: [email protected]

WS Data Protection GmbH,
Dircksenstrasse 51,
D-10178 Berlin
https://webersohnundscholtz.de

 

1.3 Protection of your data

We have taken technical and organizational measures to ensure that the provisions of the GDPR are observed both by us and by external service providers working for us.

If we work with other companies, such as E-Mail and server providers, to provide our services, this is only done after an extensive selection process. In this selection process, each individual service provider is carefully selected for its suitability in connection with technical and organizational capabilities in data protection. This selection procedure is documented in writing and a contract pursuant to Art. 28 (3) DSGVO on the processing of personal data on behalf (AV contract) is only concluded if it meets the requirements of Art. 28 DSGVO.

Your data will be stored on specially protected servers. Access to it is only possible for a few specially authorized persons.

Our website is SSL/TLS encrypted, which you can recognize by the “https://” at the beginning of the URL. If personal data is involved in e-mail communication, e-mails are sent from our site in encrypted form. We also use the integrated SSL certificate for this purpose.

 

1.4 Deletion of personal data

We process personal data only as long as it is necessary. As soon as the purpose of the data processing has been fulfilled, blocking and deletion takes place in accordance with the standards of the deletion concept here, unless legal regulations prevent deletion.

 

2. Data processing on this website and creation of log files

 

2.1 Description and scope of data processing

When you visit our website, our web servers temporarily store each access in a log file. In the process, the following personal data is collected and stored until automated deletion:

  • Access and error log data

In addition to this personal data, further personal data may be collected by us and our partners, more on this below.

In order to provide our Internet offer, we use the services of the hosting provider Raidboxes GmbH, Hafenstraße 32, 48153 Münster.

For more information, please refer to the privacy policy of Raidboxes GmbH at https://raidboxes.io/legal/privacy/.

 

2.2 Legal basis for data processing

The processing of this data is based on Art. 6 para. 1 p.1 lit. f) DSGVO. Our legitimate interest is based on making our website accessible to you.

 

2.3 Purpose of the data processing

Data processing is carried out for the purpose of enabling the use of the website (connection establishment). It is used for system security, technical administration of the network infrastructure and optimization of the Internet offer. The IP address is only evaluated in the event of attacks on our network infrastructure or the network infrastructure of our Internet provider.

 

2.4 Duration of data storage

The personal data will be deleted as soon as they are no longer required for the above-mentioned purposes. This is the case when you close the website. Our hosting provider may use the data for statistical surveys. However, the data is anonymized for this purpose. A deletion of the data takes place at our hosting provider after 7 days.

 

2.5 Possibility of elimination by the data subject

The website can only be displayed if the described data is processed. If you object to the further processing of the data, please contact our data protection officer or the hosting provider at [email protected].

 

3. Application of cookies

 

3.1 Description and scope of data processing

Our website uses cookies. These are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, assigned to the browser you are using, and through which certain information flows to us or to the entity that sets the cookie. Cookies cannot execute programs or transmit viruses to your computer. They are used by us to enable you to log in and to analyze the use of our website in anonymous or pseudonymous form and to present you with interesting offers on this website. In this way, various data can be transmitted:

  • frequency of website visits
  • which functions of the website are used by you
  • search terms used
  • your cookie setting

When you call up the website, a cookie banner informs you about the use of cookies and refers you to the data protection declaration.

Note on data processing in the USA by Google:

By clicking on “Agree to all”, you consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO to your data being processed in the USA. According to the ECJ, the data protection standard in the USA is insufficient and there is a risk that your data will be processed by the US authorities for control and monitoring purposes, possibly also without any legal remedy. If you only consent to the setting of essential cookies, the transfer will not take place. Consent given can be revoked at any time.

Notice regarding data processing in the USA by Google:

By clicking on “Agree to all”, you agree to the terms and conditions of this agreement. Art. 6 par. 1 p. 1 lit. a) GDPR that your data will be processed in the USA. According to the ECJ, the data protection standard in the U.S. is inadequate and there is a risk that your data will be processed by the U.S. authorities for control and monitoring purposes, possibly also without any legal remedy. If you consent only to the setting of essential cookies, the transfer does not take place. Consent given can be revoked at any time.

 

3.2 Legal basis for data processing

The legal basis for the processing of data through cookies that do not solely serve the functionality of our website is Art. 6 para. 1 p. 1 lit. a) DSGVO.

The legal basis for data processing for cookies that solely serve the functionality of this website is Art. 6 para. 1 S.1 lit. f) DSGVO.

 

3.3 Purpose of data processing

Our legitimate interest results from the guarantee of a smooth connection setup and a comfortable use of our website as well as for reasons of evaluation of system security and stability. The data processing also takes place in order to enable a statistical evaluation of the website usage.

 

3.4 Duration of data storage

There are two types of cookies. Both are used on this website:

  • Transient cookies (for this purpose a)
  • Persistent cookies (in addition b)

a) Transient cookies, they are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

b) Consecutive cookies, these are automatically deleted after a specified period of time, which may vary depending on the cookie.

 

3.5 Elimination option by the data subject

You have the option at any time to revoke your consent to data processing by cookies that do not solely serve the functionality of the website. In addition, we set cookies only after you have consented to the setting of cookies when accessing the site. In this way, you can prevent data processing via cookies on our website.

You can also delete the cookies in the security settings of your browser at any time. We would like to point out that you may not be able to use all the functions of this website. You can also prevent cookies from being set at any time by making the appropriate settings in your Internet browser.

 

3.6 Borlabs

Borlabs is used for the practical implementation of the GDPR and other data protection-related law regarding the use of cookies on our website and the integration of analysis tools by means of consent. If you give your consent via the cookie banner, the following data will be processed:

  • Your IP address
  • Details of your consent
  • URL of the consent website
  • Date and time of consent
  • Date and time of the last page access

The processing of this data is based on Art. 6 para. 1 p.1 lit. c) DSGVO.

The data processing is carried out by: Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany.

You can find more information about the data processing at: https://de.borlabs.io/datenschutz/

[borlabs-cookie type=”btn-cookie-preference” title=”Change my cookie selection” /]

 

4. Contact

 

4.1 Description and scope of data processing

Through our website, it is possible to contact us via e-mail to [email protected] or a contact form. For this purpose, various data are required to respond to the request, which are automatically stored for processing. The following data is collected as a minimum (marked as mandatory field) within the contact form:

Contact form consultinghead find:

  • First name
  • Last name
  • Telephone
  • E-mail address

You can voluntarily provide the following information:

  • Company
  • Employment relationship
  • Message

Contact form consultinghead:

  • Search query (dropdown)
  • First name
  • Last name
  • Mobile number
  • Email address
  • Profile upload/ project list

You can also voluntarily provide the following information:

  • LinkedIn profile address
  • personal elevator pitch

The data will not be passed on to third parties.

 

4.2 Legal basis for data processing

The legal basis used here is Art. 6 para. 1 p.1 lit. b) DSGVO.

 

4.3 Purpose of the data processing

We process your data exclusively in order to process your contact request.

 

4.4 Duration of data storage

Your data will be deleted by us as soon as the purpose of the data processing has been fulfilled, predominantly immediately after the request has been answered. In rare cases, however, we may retain your data for a longer period of time. This may result from legal, regulatory or contractual obligations.

 

4.5 Possibility of elimination by the data subject

You can contact us at any time and object to further processing of your data. In this case, we will unfortunately not be able to continue communication with you. All personal data processed by us in the course of contacting you will be deleted in this case, unless the deletion conflicts with legal obligations to retain your data.

 

5. Data processing in the context of applications

 

5.1 Description and scope of data processing

Via our website it is possible to apply by means of an application tool Vincere (https://www.vincere.io/?lang=de) and via e-mail to [email protected]. For this purpose, personal data is processed and stored for further processing for the respective application procedure.

 

5.2 Legal basis for data processing

The legal bases for data processing are Art. 88 DSGVO and § 26 BDSG.

 

5.3 Purpose of the data processing

We process your data solely for the purpose of carrying out the application procedure.

 

5.4 Duration of data storage

If the application should lead to the commencement of an employment relationship, the personal data will be stored accordingly in compliance with the statutory provisions. Should the application not be considered in the selection of a potential candidate, it will be deleted in accordance with the rules of the deletion concept here, taking into account the provisions of the AGG, in particular the existing obligation to provide evidence in accordance with § 22 AGG.

This does not apply if legal provisions prevent deletion or if you have given your consent to longer storage. In this case, the further storage of your personal data is based on Art. 6 para. 1 p. 1 lit. c) or lit. a) DSGVO.

 

5.5 Possibility of elimination by the data subject

You can contact us at any time and object to further processing of your data. All personal data processed by us in the course of the application process will be deleted in this case, unless mandatory legal provisions prevent deletion.

 

5.6 Vincere.io

 

5.6.1 Description and scope of data processing

For our application portal, we use the recruiting software “Vincere.io”. The data processing is carried out by: HiringBoss Holdings Pte Ltd, of 120 Robinson Road, #15-01 068193, Singapore. We have integrated this service provider via iframe on our website.

The following data may be collected for us in this context by vincere.io:

  • Username
  • photo
  • Biographical information, such as your profession, social media profiles, company name, and areas of expertise.

For more information, please see the following link to Vincere.io’s privacy policy: https://www.vincere.io/privacy-archived20jan21?lang=de

 

5.6.2 Legal basis for data processing

The legal basis for the use of Vincere.io is our legitimate interest in providing an application portal according to Art. 6 para. 1 p. 1 lit. f) DSGVO.

 

5.6.3 Purpose of data processing

The purpose of data processing is to optimize our application management.

 

5.6.4 Duration of data storage

The data will be deleted as soon as the purpose of the data processing has been achieved and no legal, contractual or official retention periods prevent deletion.

 

5.6.5 Possibility of elimination by the data subject

You have the option to object to data processing at any time by notifying our data protection officer. If you have any queries regarding data protection at Vincere.io, you can contact Vincere.io at any time at the following e-mail address: [email protected].

If you do not wish to have your data processed by Vincere.io and do not wish to use our application portal, you also have the possibility to send your application directly to us by e-mail to [email protected].

 

6. Registration on the website

 

6.1 Description and scope of data processing

You can register on our website. This requires that you enter personal data in the registration mask. The following data is collected for this purpose at least:

  • First name
  • Last name
  • E-mail address
  • Password

The data you provide in the registration mask will be used exclusively for processing and will not be passed on to third parties as a matter of principle.

 

6.2 Legal basis for data processing

If you enter personal data that belong to the mandatory field input masks, the data processing is based on Art. 6 para. 1 p.1 lit b) DSGVO. If you also enter personal data in the other (optional) input field masks, the data processing is based on Art. 6 para. 1 p.1 lit. a) DSGVO.

 

6.3 Purpose of the data processing

We process your data solely for the purpose of completing your registration and managing your website account with us.

 

6.4 Duration of data storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when you close your account with us and no legal or official retention periods prevent deletion. You also have the option to request deletion by pressing the “Request deletion of data” field in your profile. In this case, we will receive a notice that the deletion has been requested and will delete your profile.

 

6.5 Possibility of removal by the data subject

Both during and after the registration has taken place, you are free to change, correct or delete the personal data provided.

 

6.6 Social login using social media

 

6.6.1 Description of data processing

We offer you the opportunity to log in using your

  • LinkedIn account
  • PrepLounge accounts

to register and log in on our website (social login).

In this case, an additional registration on this website is not required. Rather, the user account of your social network used for login is linked to the customer account on our website so that you can authenticate yourself with your social media user account to the customer account on our website and log in there. The advantage for you is that you do not have to remember a new password for your customer account on our website.

By linking, we automatically receive the following information from LinkedIn Ireland or PrepLounge GmbH:

LinkedIn:

  • Email address
  • Social ID
  • Name
  • Profile picture
  • Maiden name
  • Link to your public profile

 

The enumeration can be found at: https://docs.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin?context=linkedin/consumer/context

 

PrepLounge:

  • First Name
  • Education level
  • Gender
  • Major
  • Industry interests
  • Study and university

For more information on the respective social media login, the data transmitted and the privacy settings of your social media account, please refer to the respective privacy notices of:

 

6.6.2 Legal basis for data processing

In the case of the transmission of the first and last name as well as the e-mail address, the data processing is based on Art. 6 para. 1 p.1 lit b) DSGVO. All information passed on to us beyond this is provided by you voluntarily. Therefore, the data processing in this case is based on Art. 6 para. 1 S.1 lit. a) DSGVO.

 

6.6.3 Purpose of data processing

The social login makes it easier for you to use our registration function. It also provides us with information about the use of our website by social media users. We also use social media logins to raise awareness of our website as a whole.

 

6.6.4 Duration of data storage

The social login data is stored until a revocation is declared and used as described.

 

6.6.5 Possibility of elimination by the data subject

You can prevent this data processing by using the regular registration process. Both during and after the registration process, the data subject is free to change, correct or delete the personal data provided. In addition, if the data processing is based on consent, you have the option to revoke your consent to the data processing, cf. Art. 7 DSGVO. A revocation takes effect from the time at which it is expressed. It has effect for the future. You can revoke your consent at any time. This can be done by telephone, by mail, by e-mail or by other means to us. Further settings may be possible within the profile settings of your social media account.

 

7. Newsletter

 

7.1 Description and scope of data processing

We offer on our website the possibility to subscribe to our newsletter. When ordering the newsletter, you will be asked to provide personal data for processing. This is the data that is requested in the newsletter input mask. Input fields marked with an “*” are mandatory fields:

 

  • First name
  • Last name
  • E-mail address
  • These mandatory fields are necessary to send you the newsletter.

The newsletter will be sent by e-mail. You will only receive the newsletter after registering for it. To meet the requirements of the DSGVO, we use the so-called DOI procedure (“double opt-in”). If you register for our newsletter, you will receive a confirmation e-mail to the electronic mailbox named to you in the input field. This e-mail contains a confirmation link that you must click on. After this procedure, you have successfully registered for the newsletter. To carry out the procedure, the IP address, date and time of registration are stored. This in order to prevent misuse. In principle, the data will not be passed on to third parties.

 

7.2 Legal basis for data processing

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 p.1 lit. a) DSGVO.

 

7.3 Purpose of data processing

The newsletter has the function of informing you at regular intervals about offers and news from us.

 

7.4 Duration of data storage

We only process your data for as long as is necessary to fulfill the purpose and no legal or official retention obligations prevent deletion.

 

7.5 Possibility of elimination by the data subject

Consent to the processing of personal data within the scope of the newsletter order can be revoked at any time. To do so, you can click on the unsubscribe link integrated in each newsletter or notify us of the withdrawal of consent in another way.

 

7.6 Shipping service provider Mailchimp

 

7.6.1 Description and scope of data processing

The dispatch of the newsletter is carried out by means of “Mailchimp”, an online marketing platform. The data processing is carried out by: The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

Note on data processing in the USA:

By subscribing to the newsletter, you consent pursuant to Art. 49 para. 1 p. 1 lit. a) in conjunction with. Art. 6 para. 1 p. 1 lit. a) DSGVO that your data will be processed by our shipping service provider in the USA. According to the ECJ, the data protection standard in the USA is inadequate and there is a risk that your data will be processed by the US authorities for control and monitoring purposes, possibly also without any legal remedy. Any consent given can be revoked at any time.

The email addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on Mailchimp’s servers in the USA. Mailchimp uses this information to send and evaluate the newsletters on our behalf. Furthermore, according to its own information, Mailchimp may use this data to optimize or improve its own services, e.g. to technically optimize the dispatch and display of the newsletters or for economic purposes to determine from which countries the recipients come. Mailchimp does not, however, use the data of our newsletter recipients in order to address them itself or to pass them on to third parties. The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from Mailchimp’s server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. The statistical surveys also include the determination of whether the newsletters are opened, how often they are opened and which links are clicked. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our nor Mailchimp’s intention to observe individual users. We trust in the reliability and IT and data security of Mailchimp. Furthermore, we have concluded a “Data Processing Agreement” with Mailchimp. This is a contract in which Mailchimp undertakes to protect the data of our users, to process it on our behalf in accordance with its data protection provisions and, in particular, not to pass it on to third parties. You can view Mailchimp’s privacy policy at https://Mailchimp.com/legal/privacy/.

 

7.6.2 Legal basis for data processing

Data processing by Mailchimp is based on your consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO.

 

7.6.3 Purpose of the data processing

We use Mailchimp as our dispatch service provider to ensure effective address management and to keep in touch with you via the newsletter.

 

7.6.4 Duration of data storage

According to the provider, it only stores personal data for as long as we use your personal data for the newsletter dispatch. Mailchimp deletes your data when we delete you from our address file.

 

7.6.5 Possibility of removal by the data subject

You have the option to revoke a granted consent at any time. For this purpose, please contact our data protection officer. In addition, you are free at any time to use the “opt-out” link at the end of each email, which will result in us deleting your email address from our address file, which is why Mailchimp will then also not further process your personal data. However, this does not affect address files that Mailchimp manages on behalf of other clients.

 

7.7 Sendgrid

 

7.7.1 Description and scope of data processing

For the dispatch of emails (e.g. confirmation emails when booking an event) we use the dispatch service provider Sendgrid. The data processing is carried out by: Twilio Inc, 101 Spear Street, 1st Floor, San Francisco, CA 94105, USA.

By sending emails to you through Sendgrid, the following personal data is processed:

  • Name
  • E-mail address
  • Content of the e-mail

For more information about Twilio, Inc. privacy practices, please visit the following link:

 

7.7.2 Legal basis for data processing

Data processing by Sendgrid is carried out on the basis of a legitimate interest on our part in the effective and secure transmission of important e-mails to you, in accordance with Art. 6 (1) p. 1 lit. f) DSGVO.

 

7.7.3 Purpose of the data processing

The purpose of data processing is the reliable delivery of e-mails.

 

7.7.4 Duration of data storage

Personal data is stored for as long as it is necessary to provide us with the service and to operate our business. No later than 60 days after closing the user account with Twilio, all data will be deleted or otherwise destroyed.

 

7.7.5 Possibility of elimination by the data subject

You have the possibility to exercise your rights against us at any time. For this purpose, please contact us using the contact details provided. You can also contact the service provider directly at the following email address: [email protected].

 

8. Social media links

We have included social media platforms on our services via links that may result in the social media providers receiving data from you. If you click on the social media link, the website of the respective social media provider is called up. By calling up the website of the respective social media provider via our services, the respective reference data is transmitted to the respective social media provider. The social media provider thereby receives the information that you have visited us.

Note on data processing in the USA:

If you click on a social media link, data about you may be processed by the respective provider in the USA. According to the ECJ, the data protection standard in the USA is inadequate and there is a risk that your data will be processed by the US authorities for control and monitoring purposes, possibly also without any legal remedy. Unless you click on the links of the social media providers, no data transfer takes place.

Further information on data processing by social media providers can be found here:

 

9. Trackers and analysis tools

We use the following analysis tools to continuously improve our website offering. What data is processed in each case and how you can reach the respective service providers, you will learn below:

 

9.1 Facebook Custom Audience / Facebook Pixel

 

9.1.1 Description and scope of data processing

Our website uses the visitor action pixel from Meta (“Facebook Pixel”) for conversion measurement. The data processing is carried out by: Meta Platforms Ireland Limited, 1 Hacker Way, Menlo Park, CA 94025, USA

With the help of the Facebook pixel, the behavior of site visitors can be tracked after they visit our website. This allows us to evaluate the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising efforts. Meta receives the following categories of data: the forwarding URL, browser information and the Facebook user ID of the person if he or she has a Facebook account and is logged in on Facebook.

The data is stored and processed by Meta so that a connection to the respective user profile is possible and Meta can use the data for its own advertising purposes, in accordance with the Meta Data Usage Policy. This allows Meta to enable the placement of advertisements on pages of Meta as well as outside of Meta. This use of the data cannot be influenced by us as site operator.

You can find Meta’s data protection information at

https://www.facebook.com/about/privacy/.

 

9.1.2 Legal basis for data processing

The legal basis for the use of the application is your consent, according to Art. 6 para. 1 p. 1 lit. a) DSGVO.

 

9.1.3 Purpose of the data processing

We process your data for the purpose of demand-oriented and ongoing optimization of our website. This also results in our legitimate interest in data processing.

 

9.1.4 Duration of data storage

The data will be deleted as soon as it is no longer required for our recording purposes and no legal, official or contractual regulations prevent deletion.

 

9.1.5 Possibility of elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose. You can deactivate the “Custom Audiences” remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen, provided you have a Facebook account. If you do not have a Facebook account, you can deactivate Meta’s usage-based advertising on the website of the European Interactive Digital Advertising Alliance website:

 

9.2 Google Analytics

 

9.2.1 Description and scope of data processing

Our website uses Google Analytics. This is a service for analyzing access to websites of Google LLC. (“Google”) and enables us to improve our Internet offer. The data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Cookies enable us to analyze your use of our website. The information collected by means of a cookie are:

  • IP address,
  • time of access,
  • access duration

and is transferred to a Google server in the USA and stored there. The evaluation of your activities on our website is transmitted to us in the form of reports. Google may pass on the information collected to third parties if this is required by law or if third parties process this data on behalf of Google. The Google tracking codes on our website use the “_anonymizeIp()” function, which means that IP addresses are only processed in abbreviated form in order to exclude any possible direct personal connection with you.

At https://www.google.de/intl/de/policies/ and at http://www.google.com/analytics/terms/de.html you will find more detailed information on the terms of use and data protection of Google Analytics.

 

9.2.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO.

 

9.2.3 Purpose of the data processing

The processing of your personal data enables us to analyze your surfing behavior. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness.

 

9.2.4 Duration of data storage

The data will be deleted 14 months after your visit to our website.

 

9.2.5 Possibility of elimination by the data subject

You have the possibility at any time to revoke a given consent to data processing with effect for the future. Please contact our data protection officer for this purpose. You can also prevent the installation of cookies from Google Analytics yourself by setting your browser software accordingly. In this case, however, you may not be able to use all the functions of our website to their full extent. Google Analytics can also be deactivated and controlled by browser extensions, e.g. http://tools.google.com/dlpage/gaoptout?hl=de.

 

9.3 Google Tag Manager

 

9.3.1 Description and scope of data processing

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google marketing services into our online offering). The Tag Manager serves as a “manager” of the implemented tags. This allows us to centrally manage integrated Google products or other analysis tools on our website. The tags embedded on the website are referred to as code sections, which make it possible to track your activities on our website. By using our website, Google Tag Manager is downloaded, which automatically results in the user’s IP address being forwarded to Google. With regard to the processing of personal data, please refer to the information on Google services. The data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager usage guidelines can be accessed here:

https://www.google.com/intl/de/tagmanager/use-policy.html

 

9.3.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO.

 

9.3.3 Purpose of the data processing

Google Tag Manger simplifies the management and organization of the analysis tools used for the website. In order to integrate an analysis tool, JavaScript codes must be integrated into the website. By using Google Tag Manger, it is possible for us to manage these embedded codes from one place.

 

9.3.4 Duration of data storage

Since data storage is not carried out directly by Google Tag Manager, but the data is forwarded to the tracking tools, it is necessary to check with the individual embedded tracking tools how long the data is stored.

 

9.3.5 Possibility of elimination by the data subject

You have the option at any time to revoke a given consent to data processing with effect for the future. For this purpose, you would have to contact the respective data protection officers of the tools. Further information regarding the management of your data can be found in the data protection statements of the tools used.

 

9.4 Hotjar

 

9.4.1 Description and scope of data processing

We use Hotjar, an analytics software. The data processing is carried out by: Hotjar Ltd (“Hotjar”), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe.

Hotjar makes it possible to measure and analyze usage behavior (clicks, mouse movements, scroll heights, etc.) on our website. The information generated by the “tracking code” and “cookie” from your visit to our website is transmitted to the Hotjar servers in Ireland and stored there. The tracking code collects the following information

  • The IP address of your device (collected and stored in an anonymous format)
  • Your email address, including your first and last name, if you provided it through our website
  • Screen size of your device
  • Device type and browser information
  • Geographic location (country only)
  • The preferred language to represent our website
  • Referring domain
  • Pages visited
  • Geographic location (country only)
  • The preferred language to represent our website
  • Date and time of access to the website

Hotjar will use this information to evaluate your use of our website, to generate reports on usage, and to provide other services related to the use of the website and internet presence. You can find more information here: https://www.hotjar.com/legal/policies/privacy

 

9.4.2 Legal basis for data processing

The legal basis for the processing of personal data is your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO.

 

9.4.3 Purpose of data processing

Our legitimate interest results from enabling the needs-based and ongoing optimization of our website. The data processing is carried out for this purpose.

 

9.4.4 Duration of data storage

The cookies that Hotjar uses have a different “lifetime”; some remain valid for up to 365 days, some remain valid only during the current visit.

 

9.4.5 Possibility of elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose. You can prevent the collection of data by Hotjar for the future by clicking on the following link and following the instructions there: https://www.hotjar.com/legal/compliance/opt- out

 

10. Advertising and marketing tools

Our website also includes tools that ensure that our website is displayed to you in an Internet search, as a relevant search result or marked as advertising. In the following, we have broken down the programs used in connection with our website for you:

 

10.1 Google Ad Manager (formerly Double Click)

 

10.1.1 Description and scope of data processing

Our website uses Google Ad Manager. The data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ad Manager is used to serve ads when you visit our website. Google Ad Manager uses information about your visits to this and other websites to serve ads about products and services that interest you. If you would like to learn more about these practices or to know your choices about not having this information used by Google Ad Manager, click here: https://www.google.de/policies/technologies/ads/.

 

10.1.2 Legal basis for data processing

The data processing is based on your consent in accordance with Art. 6 para. 1 p.1 lit. a) DSGVO.

 

10.1.3 Purpose of the data processing

It is in our interest to enter into cooperations with other companies in order to participate economically in this.

 

10.1.4 Duration of data storage

The data will be deleted as soon as they are no longer required for our recording purposes and no legal, official or contractual regulations prevent deletion.

 

10.1.5 Possibility of elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose.

The setting of cookies can be prevented at any time by making the appropriate settings in your Internet browser. The cookies already set can also be deleted in the settings of the Internet browser. We would like to point out that preventing the setting of cookies may mean that not all functions are available without restriction.

 

10.2 Google Ads and Google Conversion Tracking

 

10.2.1 Description and scope of data processing

We have integrated the services of Google Ads (formerly Google AdWords) on this website. Google Ads is a service for internet advertising. Data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

If you have reached our website through a Google ad, Google will set a so-called conversion cookie on your system. With regard to the explanations on cookies, please refer to the passage on cookies. The conversion cookie is used to create and analyze visit statistics. The conversion cookie stores the IP address when you visit the website. This data is stored in the USA. It is possible that Google also passes this data on to third parties. Regarding the further data protection information of Google, please refer to: https://www.google.de/intl/de/policies/privacy/

 

10.2.2 Legal basis for data processing

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 p.1 lit. a) DSGVO.

 

10.2.3 Purpose of the data processing

We use Google Ads to be able to place targeted advertising of our company in the search engine results of Google.

 

10.2.4 Duration of data storage

30 days after setting the conversion cookie, the cookie loses its validity. This means that you can no longer be identified. Within these 30 days, both we and Google can trace which subpages have been called up on the basis of the conversion cookie.

 

10.2.5 Possibility of elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose.

The setting of cookies can be prevented at any time by making the appropriate settings in your Internet browser. The cookies already set can also be deleted in the settings of the Internet browser. We would like to point out that preventing the setting of cookies may mean that not all functions are available without restriction.

You can use this link http://www.google.com/settings/ads/plugin

to permanently prevent data processing in your browser. As a result, it is possible that functions of our website will no longer be fully available.

It is also possible in the browser settings to object only to the cookies for conversation tracking and thus user-related advertising by Google. To do so, please click on the following link: www.google.de/settings/ads. We would like to point out that a new setting will be required if you delete the cookies in your browser.

In addition, by clicking on the following link, you can disable those user-related ads that are part of the self-regulatory campaign “About Ads”. Please note that a new setting will be required if you delete the cookies from your browser.

 

10.3 Google AdSense

 

10.3.1 Description and scope of data processing

We use Google AdSense on the website. This is an online service that is used for advertising purposes. Google AdSense enables the placement of advertisements on third-party websites. The data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the use of Google AdSense, a cookie is set on the data subject. With regard to the clarifications on cookies, reference is made to the passage on cookies. The information stored in the cookie can be recorded, collected and evaluated by Google Inc. or third parties. In addition, Google AdSense also uses so-called “WebBacons” (small invisible graphics) to collect information, through the use of which simple actions such as visitor traffic on the website can be recorded, collected and analyzed.

The information generated by the cookie and/or WebBeacon about your use of this website will be transmitted to and stored by Google on servers in the United States. Google uses the information thus obtained to carry out an evaluation of your usage behavior with regard to the AdSense ads. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. For further information on Google AdSense, please refer to the following link: https://www.google.de/intl/de/adsense/start/

 

10.3.2 Legal basis for data processing

The legal basis for data processing is your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO.

 

10.3.3 Purpose of the data processing

Our interest lies in improving our level of awareness by enabling user-specific advertisements. We open up a larger circle of users and interested parties through advertising. In addition, we increase our level of awareness in this way.

 

10.3.4 Duration of data storage

The data is deleted as soon as it is no longer required for our recording purposes and no official, legal or contractual regulations prevent deletion.

10.3.5 Possibility of elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose. The setting of cookies and the display of WebBeacons can be prevented at any time by making the appropriate settings in your Internet browser. The cookies already set can also be deleted in the settings of the Internet browser. We would like to point out that preventing the setting of cookies may mean that not all functions are available without restriction.

 

10.4 Google Remarketing

 

10.4.1 Description and scope of data processing

Our website uses Google Remarketing. With the deployment and use of Google Remarketing, it is possible for us to display advertisements to you. This is also possible when visiting other websites if you have previously registered on our website. Google Remarketing thus ultimately enables user-related advertising. The data processing for the European Economic Area and for Switzerland is carried out by: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The functionality of Google Remarketing is such that a cookie is set. This cookie enables Google to recognize you if you visit a website that also uses Google Remarketing. This has the consequence that Google can track your IP address and your surfing behavior. For more information on the applicable data protection provisions of Google, please refer to: https://www.google.de/intl/de/policies/privacy/

 

10.4.2 Legal basis for data processing

The data processing is based on your consent pursuant to Art. 6 para. 1 p.1 lit. a) DSGVO.

 

10.4.3 Purpose of the data processing

Our interest is to increase our level of awareness through the use of advertising. The purpose of the processing is to enable user-specific advertisements. We open up a larger circle of users and interested parties through advertising. In addition, we increase our level of awareness in this way.

 

10.4.4 Duration of data storage

The data is deleted as soon as it is no longer required for our recording purposes and no official, legal or contractual regulations prevent deletion.

 

10.4.5 Possibility of elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose.

The setting of cookies can be prevented at any time by making the appropriate settings in your Internet browser. The cookies already set can also be deleted in the settings of the Internet browser. We would like to point out that preventing the setting of cookies may mean that not all functions are available without restriction.

You can object to user-related advertising by Google at any time. For this, we refer to: www.google.de/settings/ads.

 

11. Further tools from third party providers

Furthermore, we use third-party providers that help us with page display and website functionality. These are listed below:

 

11.1 Cloudflare

 

11.1.1 Description and scope of data processing

On our website, we use the services of Cloudflare to ensure secure and error-free use of our website. As a CDN (“Content Delivery Network”), Cloudflare ensures the security of this website and the optimization of loading times. For this purpose, Cloudflare generates log data, which may include, for example, the number of page views, IP address, system information and information about the pages viewed before and after your visit to our website. With the help of this data, Cloudflare searches for attack patterns, the analysis of which leads to the protection of our website. This analysis usually takes place within a few minutes, so that the security rules of our website can be updated immediately. Responsible for data processing is: Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107 USA.

For more information, please see Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy

 

11.1.2 Legal basis for data processing

Data processing is based on your consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO. An interest on our part lies in ensuring the safe use of our website. By implementing Cloudflare, we also comply with the principle of integrity and confidentiality of your data within the meaning of Art. 5 (1) (f).

 

11.1.3 Purpose of the data processing

The purpose of the data agreement is to ensure the confidentiality and integrity of our data processing and the full functioning of our website.

 

11.1.4 Duration of data storage

Your data will only be stored as long as this is necessary to fulfill the purpose and no legal obligations to store your data prevent deletion.

11.1.4 Options for elimination by the data subject

You have the option to revoke your granted consent to data processing at any time. Please contact our data protection officer for this purpose. You can prevent the processing of your data by Cloudflare by disabling the execution of script code in your browser or installing a script blocker, but this may result in our website no longer being displayed correctly.

 

11.2 Self-hosted fonts

 

11.2.1 Description and scope of data processing

We use so-called web fonts as well as icons on the website for the uniform display of fonts. When you call up a page, your browser loads the required web fonts/icons into your browser cache in order to display texts and fonts correctly. We have embedded these locally on our own website so that Google and Font Awesome do not become aware that our website has been accessed via your IP address. If your browser does not support web fonts/icons, a standard font from your computer will be used.

 

11.2.2 Legal basis for data processing

The legal basis is based on our legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO.

 

11.2.3 Purpose of the data processing

The purpose of the data processing is the uniform presentation of fonts on this website in order to offer a visually interesting and at the same time user-friendly website.

 

11.2.4 Duration of data storage

No data will be stored.

 

11.2.5 Possibility of elimination by the data subject

You can set your browser to not support web fonts/icons. In this case, a standard font will be used by your computer.

 

12. Data transfer to a third country

In order for us to be able to provide our services, we use the support of service providers from the European area as well as from third countries. In order to ensure the protection of your personal data even in the case of data transfer to a third country, we conclude special order processing agreements with each of the carefully selected service providers. All of the service providers we use have sufficient evidence that they ensure data security through appropriate technical and organizational measures. Our service providers from third countries are either located in countries that have an adequate level of data protection recognized by the EU Commission (Art. 45 GDPR) or have provided appropriate safeguards (Art. 46 GDPR).

Adequate level of protection: The provider originates from a country whose adequate level of data protection has been recognized by the EU Commission. More information can be found at: Adequacy decisions (europa.eu).

EU standard contractual clauses: Our provider has submitted to the EU standard contractual clauses to ensure secure data transfer. For more information, please visit https://eur- lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en

 

Binding Corporate Rules: With Art. 47, the GDPR provides for the possibility of ensuring data protection when transferring data to a third country via binding internal data protection rules. These are reviewed and accepted by the competent supervisory authorities as part of the consistency procedure under Art. 63 GDPR.

Consent: In addition, a data transfer to a third country without an adequate level of protection will only take place if you have given us your consent for this pursuant to Art. 49 (1) a) DSGVO or if another exception pursuant to Art. 49 DSGVO is relevant for the data transfer.

 

13. Your rights

You have the following rights vis-à-vis us with regard to the personal data concerning you:

 

13.1 Right to withdraw consent (cf. Art. 7 GDPR)

If you have given your consent to the processing of your data, you can revoke this consent at any time. Such revocation affects the permissibility of processing your personal data for the future after you have expressed it to us. It can be made (remotely) verbally or in writing by mail or e-mail to us.

 

13.2 Right to information (cf. Art. 15 DSGVO)

In the event of a request for information, you must provide sufficient information about your identity and proof that the information is yours. The information concerns the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been
  • personal data concerning you have been or will be disclosed; the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed.
  • the data to be disclosed;
  • the planned duration of the storage of the personal data concerning you
  • or, if specific information on this is not possible, criteria for the determination of the
  • storage period;
  • the existence of a right to rectification or erasure of the personal data relating to you
  • personal data concerning you, a right to restriction of processing by the
  • the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information about the origin of the data, if the
  • personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject

 

13.3 Right to rectification or deletion (cf. Art. 16, 17 DSGVO)

You have a right to rectification and/or completion vis-à-vis us as the controller, insofar as the processed personal data concerning you are inaccurate or incomplete. The controller shall make the correction without undue delay.

In addition, you may request the erasure of the personal data concerning you, provided that one of the following reasons applies to you:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing was based pursuant to Art. 6 (1) sentence 1 a) or Art. 9 (2) a) DSGVO and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
  • The personal data concerning you has been processed unlawfully.

If we have made the personal data concerning you public and we are obliged to erase it pursuant to Art. 17 (1) DSGVO, we shall also take all reasonable measures to inform other data controllers that you have requested the erasure of all links to this personal data or of copies or replications of this personal data.

The right to erasure does not exist to the extent that the processing is necessary:

  • For the exercise of the right to freedom of expression and information;
  • for compliance with a legal obligation which requires processing under the law of
  • of the Union or the Member States to which the controller is subject; or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9 (3) DSGVO;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) DSGVO, insofar as the aforementioned right is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  • for the assertion, exercise or defense of legal claims.

 

13.4 Right to restriction of processing (cf. Art. 18 DSGVO)

Under the following conditions, you may request the restriction of the processing of personal data concerning you from us:

  • if you dispute the accuracy, of the personal data concerning you for a period that allows us to verify the accuracy of your personal data;
  • the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of the use of the personal data;
  • we no longer need the personal data for the purposes of processing, but you need them for the assertion, exercise or defense of legal claims; or
  • if you have objected to the processing pursuant to Article 21 (1) DSGVO and it has not yet been determined whether our legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction is lifted.

 

13.5 Right to information (cf. Art. 19 GDPR)

If you have asserted your right to rectification, erasure or restriction of data processing to us, we are obliged to inform all recipients of your personal data of the rectification, erasure or restriction of data processing. This applies only to the extent that such notification does not prove impossible or would involve a disproportionate effort.

You have the right to know which recipients have received your data

 

13.6 Right to data portability (cf. Art. 20 DSGVO)

You have the right to receive your personal data from us in a common, machine-readable format in order to have it forwarded to another responsible party, if necessary, provided that

  • the processing is based on consent pursuant to Art. 6 para. 1 sentence 1 lit. a) DSGVO or Art. 9 para. 2 lit. a) DSGVO or on a contract pursuant to Art. 6 para. 1 sentence 1 lit. b) DSGVO and
  • the processing is carried out with the help of automated procedures.

 

When exercising your right to data portability, you have the right to obtain that the personal data be transferred directly from us to another controller, insofar as this is technically feasible.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

 

13.7 Right to object to processing (cf. Art. 21 DSGVO)

Insofar as we base the processing of your personal data on a legitimate interest (pursuant to Art. 6 (1) sentence 1 lit. f) DSGVO) on our part, you may object to the processing. The same applies should we base the data processing on Art. 6 (1) p. 1 lit. e) DSGVO.

When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and either discontinue or adjust the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

 

13.8 Right to complain to the competent supervisory authority (cf. Art. 77 DSGVO)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

 

14. How you exercise these rights

To exercise these rights, please contact our Data Protection Officer:

Christian Scholtz of WS Datenschutz GmbH

[email protected]

or by mail:

WS Datenschutz GmbH
Dircksenstraße 51
D-10178 Berlin

 

15. Reservation of right of modification

We reserve the right to amend this data protection declaration in compliance with the statutory provisions.

Status February 2023