Processing of (personal) data by the entity in charge of the online application process
I. Overview
In this section of the Privacy Policy, you will find information on the scope of application, the data controller, its data protection officer and data security.
1. scope of application
Data processing by Fürstenberg Institut GmbH can essentially be divided into two categories:
For the purpose of contract processing, all data required for the performance of a contract with Fürstenberg Institut GmbH is processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary in each case.
When you call up the Fürstenberg Institut GmbH website/application, various pieces of information are exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your end device.
This data protection declaration also applies whenever reference is otherwise made to this data protection declaration from one of our offers (e.g. webinars), irrespective of the way in which you access or use it.
All of these offers are also collectively referred to as "Services".
2. person responsible
The person responsible for data processing - i.e. the person who decides on the purposes and means of the processing of personal data - in connection with the Services is
Fürstenberg Institute Ltd.
Gorch-Fock-Wall 3
20354 Hamburg
Telephone: 040-380820-0
E-mail: info@fuerstenberg-institut.de
3. data protection officer
You can contact our data protection officer as follows:
Contact form: https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
4. data security
In order to develop the measures required by Art. 32 DSGVO and thus achieve a level of protection appropriate to the risk, we have established an information security management system in our company.
II. the data processing in detail
In this section of the data protection declaration, we inform you in detail about the processing of personal data within the scope of our services. For better clarity, we structure this information according to specific functionalities of our Services. During the normal use of the Services, different functionalities and thus also different processing operations may come into play one after the other or at the same time.
1 General information on data processing
Unless otherwise specified, the following applies to all processing operations described below:
a. No obligation to provide
There is neither a contractual nor a legal obligation to provide personal data. You are under no obligation to provide data.
b. Consequences of not providing the data
In the case of required data (data that is marked as mandatory when it is entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.
c. Consent
In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (where applicable, for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.
d. Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements. The admissibility requirements are regulated by Art. 44 -49 DSGVO.
e. Hosting with external service providers
Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses.
f. Transfer to government authorities
We transfer personal data to state authorities (including law enforcement authorities) if this is necessary for the fulfillment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) DSGVO) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) DSGVO).
g. Storage period
We do not store your data for longer than we need them for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this may include, for example, the following:
The fulfillment of retention obligations under commercial and tax law.
The preservation of evidence for legal disputes within the framework of the legal statute of limitations.
It is also possible for us to continue to store your data with us if you have given your express consent for this.
h. Data categories
Account data: Login/user ID and password
Personal data: Title, salutation/gender, first name, last name, date of birth, function.
Address data: street, house number, address extensions if applicable, postal code, city, country
Contact data: Telephone number(s), fax number(s), e-mail address(es)
Organizational data (only in the case of organizational consulting projects): Field of activity/location/business unit
Registration data: Information about the service through which you registered; timing and technical information about registration, confirmation, and deregistration; data provided by you at the time of registration
Access data: Date and time of your visit to our Service; the page from which the accessing system arrived at our site; pages accessed during use; session identification data (Session ID); also the following information from the accessing computer system: Internet Protocol (IP) address used, browser type and version, device type, operating system and similar technical information.
Application data: Curriculum vitae, references, proofs, work samples, certificates, pictures.
Data according to Art. 9 DSGVO: Health data
2. call of the website/application
Here we describe how we process your personal data when you call up our services. In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.
a. Information on processing
Data category: Access data
Purpose: connection establishment, display of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis
Legal basis: Art. 6 para. 1 f) DSGVO
If applicable, legitimate interest: proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems
Storage period: 7 days
b. Recipients of personal data
Recipient category: external content providers that provide content (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) that are necessary to display the service
Data Concerned: Access data
Legal basis of the transfer: order processing (Art. 28 DSGVO).
Legitimate interest, if applicable: proper functioning of the services, (accelerated) display of content
Recipient category: IT security service provider
Data concerned: Access data
Legal basis of the transfer: order processing (Art. 28 DSGVO).
Legitimate interest, if applicable: Prevention of attacks by exploiting security gaps / vulnerabilities.
3. newsletter
What happens to your personal data in connection with a subscription to our newsletter, we describe here:
a. Information on processing
Data category: e-mail address
Purpose: Verification of registration (double opt-in procedure), newsletter delivery.
Legal basis: Art. 6 para. 1 lit. b) DSGVO
Storage period: duration of newsletter subscription
Data category: Personal master data
Purpose: Personalization of the newsletter
Legal basis: Art. 6 para. 1 letter b) DSGVO
Storage period: Duration of the newsletter subscription
Data category: Registration data
Purpose: traceability of newsletter registration/confirmation/unsubscription
Legal basis: Art. 6 para. 1 lit. b), f) DSGVO.
If applicable, legitimate interest: Proof of successful newsletter registration/confirmation/unsubscription.
Storage period: duration of newsletter subscription
Data category: user profile data newsletter
Purpose: interest-based design of the newsletter.
Legal basis: Art. 6 para. 1 lit. f) DSGVO
Legitimate interest, if applicable: Improvement of our service, advertising purposes
Storage period: duration of newsletter subscription
b. Recipients of personal data
Recipient category: service provider for newsletter dispatch
Data concerned: all data mentioned under a.
Legal basis of the transfer: order processing (Art. 28 DSGVO)
Recipient category: service provider for postal dispatch
Data concerned: all data mentioned under a.
Legal basis of the transfer: order processing (Art. 28 DSGVO)
If applicable, legitimate interest: for the transmission of printed invitation cards, dispatch of prizes after participation in raffles or similar.
4. application
In an ongoing application process, we process your personal data in the following ways:
a. Information on processing
Data category: address data, contact data
Purpose: identification, contacting, communication for contract initiation.
Legal basis: Art. 6 para. 1 b) DSGVO
Storage period: 6 months
Data category: Personal master data
Purpose: identification, contacting, age verification
Legal basis: Art. 6 para. 1 b) DSGVO
Storage period: 6 months
Data category: Application data
Purpose: selection of applicants
Legal basis: Art. 6 para. 1 b) DSGVO
Storage period: 6 months
b. Recipients of personal data
Recipient category: Responsible body
Data concerned: all data mentioned under a.
Legal basis of the transfer: Art. 6 para. 1 b) DSGVO
5. client service
How we process your personal data when you contact our client service can be found here:
a. Information on processing
Data category: personal master data, contact data, content of inquiries/complaints.
Purpose: Processing of customer inquiries and user complaints.
Legal basis: Art. 6 para. 1 b), f) DSGVO.
Legitimate interest, if applicable: Customer loyalty, improvement of our service
Storage period: processing of the inquiry
b. Recipients of personal data
Recipient category: consultant/law firm
Data concerned: Personnel master data/contact data/contents of the inquiries/complaints.
Legitimate interest, if applicable: Processing of customer inquiries and user complaints.
6. organizational consulting in the context of the implementation of risk assessments of mental stress
The following information describes how your personal data will be processed if you have a GBU Psyche carried out via the Fürstenberg Institute.
a. Information on processing
Data category: Employee lists
Purpose: Implementation of the GBU Psyche in the context of quantitative surveys.
Legal basis: § 4 ff. ArbeiSchG
If applicable, legitimate interest: Sending e-mails to employees in companies, with a link to an employee survey.
Storage period: Duration of the project
Data category: Participation lists for workshops
Purpose: Implementation of the GBU Psyche in the context of qualitative surveys or control group meetings
Legal basis: see above
Storage period: see above
b. Recipients of personal data
Recipient category: Responsible body
Data concerned: all data mentioned in a. above
7. sales and customer management (VKM)
The following information describes how your personal data is processed if you are interested in our services or a customer relationship exists.
a. Information on processing
Data category: Personal master data, address data, contact data
Purpose: Interested parties/acquisition: preparation of offers, scheduling of personal acquisition meetings
Legal basis: Art. 6 para. 1 a), b) DSGVO.
If applicable, legitimate interest: Prerequisite of the establishment of a possible customer relationship.
Storage period: As long as there is an interactive exchange or no objection from the interested party
Data category: Personal master data, address data, contact data
Purpose: Existing customers: Coordination start package, customer concerns, complaints, contract creation and maintenance, appointment arrangements.
Legal basis: Art. 6 para. 1 a), b) DSGVO
If applicable, legitimate interest: Prerequisite for the fulfillment of the contract, good customer care or maintenance customer relationship.
Storage period: For the duration of the customer relationship
b. Recipients of personal data
Recipient category: KabelDruck (service provider for customer-specific flyers)
Data concerned: Address data, personal master data (name, title).
Legal basis of the transfer: Order processing (Art. 28 DSGVO).
Legitimate interest, if applicable: Delivery of start-up package (customer-specific flyers)
8. tracking
In the following, we describe how your personal data is processed using tracking technologies to analyze and optimize our services and for advertising purposes.
The description of the tracking methods also includes information on how you can prevent or object to the data processing. Please note that the so-called "opt-out", i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you will have to declare the rejection again.
The tracking methods presented process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.
a. Tracking to analyze and optimize our services and their use as well as to measure the success of advertising campaigns and optimize the display of advertising
(1) Purposes of the processing
The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users, and to correct errors. It also serves to statistically determine characteristic values about the use of our services (reach, intensity of use, users' surfing behavior) - based on uniform standard procedures - and thus to obtain values that are comparable across the market.
Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and also to enable marketers and advertisers to optimize their ads accordingly. Tracking to optimize the display of advertisements has the purpose of displaying advertisements to users tailored to their interests, to increase the success of the advertisements and thereby also to increase advertising revenues.
(2) Legal basis of the processing
In the case of services that make the behavior of data subjects on the Internet traceable and in the case of the creation of user profiles, it is necessary to have informed consent as defined by the DSGVO.
(3) The tracking methods used in detail
Name of the service: Google Analytics
Mode of operation: Web analysis
Option to prevent processing (opt-out): tools.google.com/dlpage/gaoptout?hl=en
Data transfer to third country? no
Name of the service: Google AdWords
Functionality: Web analysis
Option to prevent processing (opt-out): tools.google.com/dlpage/gaoptout?hl=en
Data transfer to third country? no
Name of the service: Google Remarketing
Functionality: Marketing
Possibility to prevent processing (opt-out): https://support.google.com/ads/answer/7395996?hl=de
Data transfer to third country? no
If you would like to opt out of interest-based advertising, you can also visit the website http://www.youronlinechoices.com/de/, click on "Preference management" and follow the instructions to stop the use of data for interest-based advertising by the service providers listed there, either completely or individually. You will still receive advertising, but it will not be interest-based.
III. data subject rights
1. right of objection
If we process your personal data for the purpose of direct marketing, you have the right to object at any time with future effect to the processing of personal data relating to you for the purpose of such marketing insofar as it is related to such direct marketing.
You also have the right to object, on grounds relating to your particular situation, at any time with effect for the future, to the processing of personal data concerning you which is carried out pursuant to Article 6(1)(e) or (f) DSGVO.
You can exercise the right of objection free of charge.
You can reach us via the contact details mentioned under I.2.
2. right to information
You have the right to know whether personal data concerning you are processed by us, which personal data these are, if any, as well as further information according to Art. 15 DSGVO.
3. right of rectification
You have the right to request that we correct any inaccurate personal data relating to you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
4. right to erasure ("right to be forgotten")
You have the right to request that we delete personal data relating to you without undue delay, provided that one of the grounds set out in Article 17(1) of the GDPR applies and the processing is not necessary for one of the purposes regulated in Article 17(3) of the GDPR.
5. right to restriction of processing
You are entitled to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18(1)(a) to (d) DSGVO applies.
6. right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance by us or to obtain that a direct transfer is made by us, if this is technically possible. This shall always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.
7. right of revocation in case of consent
If the processing is based on your consent, you have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
8. right of complaint
You have a right of appeal to a supervisory authority.
IV. Glossary
Processor: a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.
Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari).
Cookies: the term "cookie" actually originates from the English vocabulary and can be translated into German in its original meaning as "cookie". In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when he or she visits a website. This file stores data about the user's behavior. If the browser is called up and the corresponding web page is visited repeatedly, the cookie is used and, with the help of the stored data, provides the web server with information about the user's surfing behavior.
Cookies in this context are not cookies, but information that a website stores locally on the computer of the site visitor in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (mostly under "Options" or "Settings"). This allows the storage of cookies to be disabled, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.
Third countries: country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).
Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pixel: Pixels are also called tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. This allows the server operator to see if and when an e-mail was opened or a web page was visited. Mostly this function is realized by calling a small program (Javascript). In this way, certain types of information on your computer system can be recognized and passed on, such as the content of cookies, the time and date of the page call, and a description of the page on which the tracking pixel is located.
Profiling: any type of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Services: Our offerings to which this Privacy Policy applies (see Scope).
Tracking: The collection and analysis of data regarding the behavior of visitors to our Services.
Tracking Technologies: Tracking can be done both via the activity logs stored on our web servers (log files) and by means of data collection from your terminal device via pixels, cookies and similar tracking technologies.
Processing: any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure, disclosure to third parties, or transmission to third parties,
retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In this section of the Privacy Policy, you will find information on the scope of application, the data controller, its data protection officer and data security.
1. scope of application
Data processing by Fürstenberg Institut GmbH can essentially be divided into two categories:
For the purpose of contract processing, all data required for the performance of a contract with Fürstenberg Institut GmbH is processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent necessary in each case.
When you call up the Fürstenberg Institut GmbH website/application, various pieces of information are exchanged between your terminal device and our server. This may also involve personal data. The information collected in this way is used, among other things, to optimize our website or to display advertising in the browser of your end device.
This data protection declaration also applies whenever reference is otherwise made to this data protection declaration from one of our offers (e.g. webinars), irrespective of the way in which you access or use it.
All of these offers are also collectively referred to as "Services".
2. person responsible
The person responsible for data processing - i.e. the person who decides on the purposes and means of the processing of personal data - in connection with the Services is
Fürstenberg Institute Ltd.
Gorch-Fock-Wall 3
20354 Hamburg
Telephone: 040-380820-0
E-mail: info@fuerstenberg-institut.de
3. data protection officer
You can contact our data protection officer as follows:
Contact form: https://www.dsextern.de/anfragen
DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus
Frapanweg 22
22589 Hamburg
4. data security
In order to develop the measures required by Art. 32 DSGVO and thus achieve a level of protection appropriate to the risk, we have established an information security management system in our company.
II. the data processing in detail
In this section of the data protection declaration, we inform you in detail about the processing of personal data within the scope of our services. For better clarity, we structure this information according to specific functionalities of our Services. During the normal use of the Services, different functionalities and thus also different processing operations may come into play one after the other or at the same time.
1 General information on data processing
Unless otherwise specified, the following applies to all processing operations described below:
a. No obligation to provide
There is neither a contractual nor a legal obligation to provide personal data. You are under no obligation to provide data.
b. Consequences of not providing the data
In the case of required data (data that is marked as mandatory when it is entered), failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that our services cannot be provided in the same form and quality.
c. Consent
In various cases, you have the option of giving us your consent to further processing in connection with the processing described below (where applicable, for part of the data). In this case, we will inform you separately in connection with the submission of the respective declaration of consent about all modalities and the scope of the consent and about the purposes we pursue with these processing operations.
d. Transfer of personal data to third countries
If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated permissibility requirements. The admissibility requirements are regulated by Art. 44 -49 DSGVO.
e. Hosting with external service providers
Our data processing is carried out to a large extent using so-called hosting service providers, who provide us with storage space and processing capacity in their data centers and also process personal data on our behalf according to our instructions. These service providers either process data exclusively in the EU or we have guaranteed an appropriate level of data protection with the help of the EU standard data protection clauses.
f. Transfer to government authorities
We transfer personal data to state authorities (including law enforcement authorities) if this is necessary for the fulfillment of a legal obligation to which we are subject (legal basis: Art. 6 para. 1 c) DSGVO) or if it is necessary for the assertion, exercise or defense of legal claims (legal basis Art. 6 para. 1 f) DSGVO).
g. Storage period
We do not store your data for longer than we need them for the respective processing purposes. If the data are no longer required for the fulfillment of contractual or legal obligations, they are regularly deleted, unless their temporary storage is still necessary. Reasons for this may include, for example, the following:
The fulfillment of retention obligations under commercial and tax law.
The preservation of evidence for legal disputes within the framework of the legal statute of limitations.
It is also possible for us to continue to store your data with us if you have given your express consent for this.
h. Data categories
Account data: Login/user ID and password
Personal data: Title, salutation/gender, first name, last name, date of birth, function.
Address data: street, house number, address extensions if applicable, postal code, city, country
Contact data: Telephone number(s), fax number(s), e-mail address(es)
Organizational data (only in the case of organizational consulting projects): Field of activity/location/business unit
Registration data: Information about the service through which you registered; timing and technical information about registration, confirmation, and deregistration; data provided by you at the time of registration
Access data: Date and time of your visit to our Service; the page from which the accessing system arrived at our site; pages accessed during use; session identification data (Session ID); also the following information from the accessing computer system: Internet Protocol (IP) address used, browser type and version, device type, operating system and similar technical information.
Application data: Curriculum vitae, references, proofs, work samples, certificates, pictures.
Data according to Art. 9 DSGVO: Health data
2. call of the website/application
Here we describe how we process your personal data when you call up our services. In particular, we point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functioning of information transmission on the Internet.
a. Information on processing
Data category: Access data
Purpose: connection establishment, display of the contents of the service, detection of attacks on our site based on unusual activities, error diagnosis
Legal basis: Art. 6 para. 1 f) DSGVO
If applicable, legitimate interest: proper functioning of the services, security of data and business processes, prevention of misuse, prevention of damage due to interference with information systems
Storage period: 7 days
b. Recipients of personal data
Recipient category: external content providers that provide content (e.g., images, videos, embedded posts from social networks, advertising banners, fonts, update information) that are necessary to display the service
Data Concerned: Access data
Legal basis of the transfer: order processing (Art. 28 DSGVO).
Legitimate interest, if applicable: proper functioning of the services, (accelerated) display of content
Recipient category: IT security service provider
Data concerned: Access data
Legal basis of the transfer: order processing (Art. 28 DSGVO).
Legitimate interest, if applicable: Prevention of attacks by exploiting security gaps / vulnerabilities.
3. newsletter
What happens to your personal data in connection with a subscription to our newsletter, we describe here:
a. Information on processing
Data category: e-mail address
Purpose: Verification of registration (double opt-in procedure), newsletter delivery.
Legal basis: Art. 6 para. 1 lit. b) DSGVO
Storage period: duration of newsletter subscription
Data category: Personal master data
Purpose: Personalization of the newsletter
Legal basis: Art. 6 para. 1 letter b) DSGVO
Storage period: Duration of the newsletter subscription
Data category: Registration data
Purpose: traceability of newsletter registration/confirmation/unsubscription
Legal basis: Art. 6 para. 1 lit. b), f) DSGVO.
If applicable, legitimate interest: Proof of successful newsletter registration/confirmation/unsubscription.
Storage period: duration of newsletter subscription
Data category: user profile data newsletter
Purpose: interest-based design of the newsletter.
Legal basis: Art. 6 para. 1 lit. f) DSGVO
Legitimate interest, if applicable: Improvement of our service, advertising purposes
Storage period: duration of newsletter subscription
b. Recipients of personal data
Recipient category: service provider for newsletter dispatch
Data concerned: all data mentioned under a.
Legal basis of the transfer: order processing (Art. 28 DSGVO)
Recipient category: service provider for postal dispatch
Data concerned: all data mentioned under a.
Legal basis of the transfer: order processing (Art. 28 DSGVO)
If applicable, legitimate interest: for the transmission of printed invitation cards, dispatch of prizes after participation in raffles or similar.
4. application
In an ongoing application process, we process your personal data in the following ways:
a. Information on processing
Data category: address data, contact data
Purpose: identification, contacting, communication for contract initiation.
Legal basis: Art. 6 para. 1 b) DSGVO
Storage period: 6 months
Data category: Personal master data
Purpose: identification, contacting, age verification
Legal basis: Art. 6 para. 1 b) DSGVO
Storage period: 6 months
Data category: Application data
Purpose: selection of applicants
Legal basis: Art. 6 para. 1 b) DSGVO
Storage period: 6 months
b. Recipients of personal data
Recipient category: Responsible body
Data concerned: all data mentioned under a.
Legal basis of the transfer: Art. 6 para. 1 b) DSGVO
5. client service
How we process your personal data when you contact our client service can be found here:
a. Information on processing
Data category: personal master data, contact data, content of inquiries/complaints.
Purpose: Processing of customer inquiries and user complaints.
Legal basis: Art. 6 para. 1 b), f) DSGVO.
Legitimate interest, if applicable: Customer loyalty, improvement of our service
Storage period: processing of the inquiry
b. Recipients of personal data
Recipient category: consultant/law firm
Data concerned: Personnel master data/contact data/contents of the inquiries/complaints.
Legitimate interest, if applicable: Processing of customer inquiries and user complaints.
6. organizational consulting in the context of the implementation of risk assessments of mental stress
The following information describes how your personal data will be processed if you have a GBU Psyche carried out via the Fürstenberg Institute.
a. Information on processing
Data category: Employee lists
Purpose: Implementation of the GBU Psyche in the context of quantitative surveys.
Legal basis: § 4 ff. ArbeiSchG
If applicable, legitimate interest: Sending e-mails to employees in companies, with a link to an employee survey.
Storage period: Duration of the project
Data category: Participation lists for workshops
Purpose: Implementation of the GBU Psyche in the context of qualitative surveys or control group meetings
Legal basis: see above
Storage period: see above
b. Recipients of personal data
Recipient category: Responsible body
Data concerned: all data mentioned in a. above
7. sales and customer management (VKM)
The following information describes how your personal data is processed if you are interested in our services or a customer relationship exists.
a. Information on processing
Data category: Personal master data, address data, contact data
Purpose: Interested parties/acquisition: preparation of offers, scheduling of personal acquisition meetings
Legal basis: Art. 6 para. 1 a), b) DSGVO.
If applicable, legitimate interest: Prerequisite of the establishment of a possible customer relationship.
Storage period: As long as there is an interactive exchange or no objection from the interested party
Data category: Personal master data, address data, contact data
Purpose: Existing customers: Coordination start package, customer concerns, complaints, contract creation and maintenance, appointment arrangements.
Legal basis: Art. 6 para. 1 a), b) DSGVO
If applicable, legitimate interest: Prerequisite for the fulfillment of the contract, good customer care or maintenance customer relationship.
Storage period: For the duration of the customer relationship
b. Recipients of personal data
Recipient category: KabelDruck (service provider for customer-specific flyers)
Data concerned: Address data, personal master data (name, title).
Legal basis of the transfer: Order processing (Art. 28 DSGVO).
Legitimate interest, if applicable: Delivery of start-up package (customer-specific flyers)
8. tracking
In the following, we describe how your personal data is processed using tracking technologies to analyze and optimize our services and for advertising purposes.
The description of the tracking methods also includes information on how you can prevent or object to the data processing. Please note that the so-called "opt-out", i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new terminal device or in a different browser, or if you have deleted the cookies set by your browser, you will have to declare the rejection again.
The tracking methods presented process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.
a. Tracking to analyze and optimize our services and their use as well as to measure the success of advertising campaigns and optimize the display of advertising
(1) Purposes of the processing
The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of users, and to correct errors. It also serves to statistically determine characteristic values about the use of our services (reach, intensity of use, users' surfing behavior) - based on uniform standard procedures - and thus to obtain values that are comparable across the market.
Tracking to measure the success of advertising campaigns serves to optimize our ads for the future and also to enable marketers and advertisers to optimize their ads accordingly. Tracking to optimize the display of advertisements has the purpose of displaying advertisements to users tailored to their interests, to increase the success of the advertisements and thereby also to increase advertising revenues.
(2) Legal basis of the processing
In the case of services that make the behavior of data subjects on the Internet traceable and in the case of the creation of user profiles, it is necessary to have informed consent as defined by the DSGVO.
(3) The tracking methods used in detail
Name of the service: Google Analytics
Mode of operation: Web analysis
Option to prevent processing (opt-out): tools.google.com/dlpage/gaoptout?hl=en
Data transfer to third country? no
Name of the service: Google AdWords
Functionality: Web analysis
Option to prevent processing (opt-out): tools.google.com/dlpage/gaoptout?hl=en
Data transfer to third country? no
Name of the service: Google Remarketing
Functionality: Marketing
Possibility to prevent processing (opt-out): https://support.google.com/ads/answer/7395996?hl=de
Data transfer to third country? no
If you would like to opt out of interest-based advertising, you can also visit the website http://www.youronlinechoices.com/de/, click on "Preference management" and follow the instructions to stop the use of data for interest-based advertising by the service providers listed there, either completely or individually. You will still receive advertising, but it will not be interest-based.
III. data subject rights
1. right of objection
If we process your personal data for the purpose of direct marketing, you have the right to object at any time with future effect to the processing of personal data relating to you for the purpose of such marketing insofar as it is related to such direct marketing.
You also have the right to object, on grounds relating to your particular situation, at any time with effect for the future, to the processing of personal data concerning you which is carried out pursuant to Article 6(1)(e) or (f) DSGVO.
You can exercise the right of objection free of charge.
You can reach us via the contact details mentioned under I.2.
2. right to information
You have the right to know whether personal data concerning you are processed by us, which personal data these are, if any, as well as further information according to Art. 15 DSGVO.
3. right of rectification
You have the right to request that we correct any inaccurate personal data relating to you without undue delay (Art. 16 DSGVO). Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
4. right to erasure ("right to be forgotten")
You have the right to request that we delete personal data relating to you without undue delay, provided that one of the grounds set out in Article 17(1) of the GDPR applies and the processing is not necessary for one of the purposes regulated in Article 17(3) of the GDPR.
5. right to restriction of processing
You are entitled to request a restriction in the processing of your personal data if one of the conditions regulated in Art. 18(1)(a) to (d) DSGVO applies.
6. right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another responsible party without hindrance by us or to obtain that a direct transfer is made by us, if this is technically possible. This shall always apply if the basis of the data processing is consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.
7. right of revocation in case of consent
If the processing is based on your consent, you have the right to revoke your consent at any time. The lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by this.
8. right of complaint
You have a right of appeal to a supervisory authority.
IV. Glossary
Processor: a natural or legal person, authority, institution or other body that processes personal data on behalf of the controller.
Browser: Computer program for displaying web pages (e.g. Chrome, Firefox, Safari).
Cookies: the term "cookie" actually originates from the English vocabulary and can be translated into German in its original meaning as "cookie". In the context of the World Wide Web, however, a cookie describes a small text file that is stored locally on the user's computer when he or she visits a website. This file stores data about the user's behavior. If the browser is called up and the corresponding web page is visited repeatedly, the cookie is used and, with the help of the stored data, provides the web server with information about the user's surfing behavior.
Cookies in this context are not cookies, but information that a website stores locally on the computer of the site visitor in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read by the same web server that created them. Most browsers accept cookies automatically. You can manage cookies using the browser functions (mostly under "Options" or "Settings"). This allows the storage of cookies to be disabled, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time.
Third countries: country that is not bound by the legal requirements of the EU Data Protection Directive (country outside the EEA).
Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Pixel: Pixels are also called tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. This allows the server operator to see if and when an e-mail was opened or a web page was visited. Mostly this function is realized by calling a small program (Javascript). In this way, certain types of information on your computer system can be recognized and passed on, such as the content of cookies, the time and date of the page call, and a description of the page on which the tracking pixel is located.
Profiling: any type of automated processing of personal data consisting of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Services: Our offerings to which this Privacy Policy applies (see Scope).
Tracking: The collection and analysis of data regarding the behavior of visitors to our Services.
Tracking Technologies: Tracking can be done both via the activity logs stored on our web servers (log files) and by means of data collection from your terminal device via pixels, cookies and similar tracking technologies.
Processing: any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure, disclosure to third parties, or transmission to third parties,
retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.