Data protection

Privacy policy

Personal data (hereinafter referred to as “data”) are processed by us only to the extent necessary and for the purpose of providing a functional and user-friendly Internet presence, including its contents and the services offered there.

According to Article 4(1) of Regulation (EU) 2016/679, i.e. the Basic Data Protection Regulation (hereinafter referred to only as “DPA”), “processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

With the following data protection declaration, we inform you in particular about the type, scope, purpose, duration and legal basis of the processing of personal data, insofar as we either alone or together with others decide on the purposes and means of processing. In addition, we inform you in the following about the third-party components we use for optimisation purposes and to increase the quality of use, insofar as third parties process data on their own responsibility.

Our privacy policy is structured as follows:

I. Information about us as responsible persons
II Rights of users and data subjects
III. Information on data processing

I. Information about us as responsible persons

Responsible provider of this Internet presence in the data protection sense is:

HFT Consulting – Denise Tennie-Oliwa
Guggenweg 12
83071 Stephanskirchen
Germany

Phone: +49 8036 943319 0
E-Mail: datenschutz@hft-consulting.com

is the data protection officer of the provider:

HFT Consulting;

II Rights of users and data subjects

With regard to the data processing described in more detail below, users and data subjects have the right

  • to obtain confirmation as to whether or not data concerning him/her are being processed, information on the data processed, further information on the data processing and copies of the data (see also Art. 15 DSGVO)
  • the correction or completion of incorrect or incomplete data (see also Art. 16 DSGVO)
  • to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary pursuant to Art. 17 para. 3 DSGVO, to restriction of processing in accordance with Art. 18 DSGVO;
  • to receive the data concerning them and provided by them and to transmit this data to other providers/responsible parties (see also Art. 20 DSGVO);
  • on complaint to the supervisory authority if they consider that the data concerning them are being processed by the provider in breach of data protection provisions (see also Art. 77 DSGVO)

In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any correction or deletion of data or the restriction of processing that is carried out on the basis of Articles 16, 17 (1), 18 DSGVO. However, this obligation shall not apply if such notification is impossible or involves a disproportionate effort. Irrespective of this, the user has a right to information about these recipients.

Likewise, under Art. 21 DPA, users and data subjects have the right to object to the future processing of data concerning them, provided that the data are processed by the provider in accordance with Art. 6 para. 1 letter f) DPA. In particular, an objection to data processing for the purpose of direct marketing is permitted.

III. Information on data processing

Your data processed when using our website will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any legal storage obligations and no other information on individual processing methods is provided below.

Server data

For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted to us or to our web space provider by your Internet browser. These so-called server log files are used to record, among other things, the type and version of your Internet browser, the operating system, the website from which you switched to our Internet presence (referrer URL), the website(s) of our Internet presence that you visit, the date and time of the respective access, and the IP address of the Internet connection from which our Internet presence is used.

The data collected in this way is stored temporarily, but not together with other data about you.

This storage takes place on the legal basis of Art. 6 paragraph. 1 lit. f) DSGVO. Our legitimate interest lies in the improvement, stability, functionality and security of our Internet presence.

The data will be deleted after seven days at the latest, unless further storage for evidential purposes is required. Otherwise, the data are completely or partially excluded from deletion until the final clarification of an incident.

Cookies

a) Session cookies/session cookies

We use so-called cookies with our Internet presence. Cookies are small text files or other storage technologies that are placed and stored on your end device by the Internet browser you use. Through these cookies, certain information from you, such as your browser or location data or your IP address, is processed to an individual extent.  

This processing makes our Internet presence more user-friendly, effective and secure, as the processing enables, for example, the reproduction of our Internet presence in different languages or the offer of a shopping basket function.

The legal basis for this processing is Art. 6 para. 1 lit. b.) DSGVO, insofar as these cookies process data for contract initiation or contract execution.

If the processing does not serve the purpose of contract initiation or contract implementation, our legitimate interest lies in the improvement of the functionality of our Internet presence. The legal basis is then Article 6(1)(f) DSGVO.

These session cookies are deleted when you close your Internet browser.

b) Third party cookies

Where appropriate, our website may also use cookies from partner companies with whom we cooperate for the purposes of advertising, analysis or the functionality of our website.

The details, in particular the purposes and legal basis for the processing of such third-party cookies, can be found in the following information.

(c) Disposal option

You can prevent or restrict the installation of cookies by adjusting your Internet browser settings. You can also delete already stored cookies at any time. However, the steps and measures required for this depend on the Internet browser you are actually using. If you have questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support. With so-called Flash cookies, however, processing cannot be prevented by the browser settings. Instead, you have to change the settings of your Flash Player. The steps and measures required for this also depend on the Flash Player you are actually using. If you have any questions, please also use the help function or documentation of your Flash Player or contact the manufacturer or user support.

If you prevent or restrict the installation of cookies, however, this may mean that not all functions of our website can be used to their full extent.

Customer account / registration function

If you create a customer account with us via our website, we will collect and store the data you enter during registration (e.g. your name, your address or your e-mail address) exclusively for pre-contractual services, for contract fulfilment or for the purpose of customer care (e.g. to provide you with an overview of your previous orders with us or to offer you the so-called notepad function). At the same time, we then save the IP address and the date of your registration together with the time. These data will of course not be passed on to third parties.

Within the scope of the further registration process, your consent to this processing will be obtained and reference will be made to this data protection declaration. The data collected by us in the process is used exclusively for the provision of the customer account. 

If you consent to this processing, Art. 6 para. 1 lit. a) DPA is the legal basis for the processing.

If the opening of the customer account additionally serves pre-contractual measures or the fulfilment of the contract, the legal basis for this processing is also Art. 6 para. 1 letter b) DSGVO.

You can revoke the consent given to us to open and maintain the customer account at any time with effect for the future in accordance with Art. 7 para. 3 DSGVO. All you have to do is inform us of your revocation.

The data collected in this respect will be deleted as soon as the processing is no longer necessary. Here, however, we must observe tax and commercial law retention periods.

Contact enquiries / Contact possibility

If you contact us via contact form or e-mail, the data provided by you will be used to process your request. The provision of the data is necessary to process and answer your enquiry – without the provision of this data, we cannot answer your enquiry or can only answer it to a limited extent.

The legal basis for this processing is Article 6(1)(b) DPA.

Your data will be deleted, provided that your inquiry has been finally answered and the deletion does not conflict with any legal storage obligations, such as, for example, in the case of any subsequent contract processing.

Online job applications / publication of job advertisements

We offer you the opportunity to apply to us via our website. With these digital applications, your applicant and job application data is collected and processed electronically by us for the purpose of handling the application procedure.

The legal basis for this processing is § 26 para. 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 DSGVO.

If an employment contract is concluded after the application procedure, we will store the data you provide during the application process in your personnel file for the purpose of the usual organisational and administrative process – this, of course, in compliance with the more extensive legal obligations.

The legal basis for this processing is also § 26 paragraph 1 sentence 1 BDSG in conjunction with Art. 88 para. 1 DSGVO.

If an application is rejected, we automatically delete the data submitted to us two months after notification of the rejection. However, the data will not be deleted if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to statutory provisions, e.g. due to the duty of proof under the AGG.

The legal basis in this case is Article 6(1)(f) DSGVO and Article 24(1)(2) BDSG. Our legitimate interest lies in legal defence or enforcement.

If you expressly agree to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be further processed based on your consent. The legal basis is then Article 6(1)(a) DSGVO. However, you can of course withdraw your consent at any time in accordance with Art. 7 Para. 3 DSGVO by making a declaration to us with effect for the future.

LinkedIn

We maintain an online presence at LinkedIn to present our company and our services and to communicate with customers/interested parties. LinkedIn is a Service from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, ein Tochterunternehmen der LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA.

In this respect, we point out that there is a possibility that user data may be processed outside the European Union, especially in the USA. This can lead to increased risks for users in that, for example, subsequent access to user data can be made more difficult. We also have no access to this user data. The access possibility lies exclusively with LinkedIn. LinkedIn Corporation is certified under the Privacy Shield and is thus committed to comply with European data protection standards

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

The privacy policy of LinkedIn can be found at

https://www.linkedin.com/legal/privacy-policy

Facebook

To promote our products and services and to communicate with interested parties or customers, we operate a company presence on the Facebook platform.

On this social media platform we are jointly responsible with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland

The data protection officer of Facebook can be reached via a contact form:

https://www.facebook.com/help/contact/540977946302970

We have regulated the joint responsibility in an agreement regarding the respective obligations in terms of the DSGVO. This agreement, from which the mutual obligations arise, is available at the following link

https://www.facebook.com/legal/terms/page_controller_addendum

The legal basis for the resulting processing of personal data, which is reproduced below, is Article 6 paragraph 1 letter f DSGVO. We have a legitimate interest in the analysis, communication, sales and promotion of our products and services.

The legal basis may also be the user’s consent to the platform operator in accordance with Art. 6 para. 1 letter a DSGVO. In accordance with Art. 7 Para. 3 DSGVO, the user can revoke this consent for the future at any time by notifying the platform operator.

When our online presence is called up on the Facebook platform, user data (e.g. personal information, IP address, etc.) are processed by Facebook Ireland Ltd. as operator of the platform in the EU.

This user data is used for statistical information about the use of our company presence on Facebook. Facebook Ireland Ltd. uses this data for market research and advertising purposes and to create user profiles. These profiles enable Facebook Ireland Ltd., for example, to promote the interests of users inside and outside Facebook. If the user is logged into his or her account on Facebook at the time of access, Facebook Ireland Ltd. can also link the data to the respective user account.

If the user contacts us via Facebook, the user’s personal data entered on this occasion will be used to process the request. The user’s data will be deleted by us, provided that the user’s enquiry has been conclusively answered and there are no legal storage obligations, such as in the case of subsequent contract processing, to the contrary.

Facebook Ireland Ltd. may also use cookies to process the data.

If the user does not agree with this processing, it is possible to prevent the installation of cookies by adjusting the browser settings accordingly. Already stored cookies can also be deleted at any time. The settings for this depend on the respective browser. In the case of Flash cookies, processing cannot be prevented by the browser settings, but by the appropriate setting of the Flash player. If the user prevents or restricts the installation of cookies, this may mean that not all Facebook functions can be used to their full extent.

Details of the processing activities, their prevention and the deletion of data processed by Facebook can be found in the Facebook Data Policy:

https://www.facebook.com/privacy/explanation

It is not excluded that the processing by Facebook Ireland Ltd. also takes place via Facebook Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

The Facebook Inc. has subjected itself to the “EU-US Privacy Shield” and thereby declares compliance with EU data protection regulations when processing data in the USA.

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

Linking Social-Media via graphic or text link

We also advertise on our website presences on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection to the respective server of the social network being automatically established when a website with a social media application is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic is the user redirected to the service of the respective social network.

After forwarding the user, information about the user is collected by the respective network. Es kann hierbei nicht ausgeschlossen werden, dass eine Verarbeitung der so erhobenen  Daten in den USA stattfindet.

These are initially data such as IP address, date, time and visited page. If, in the meantime, the user is logged into his user account for the respective network, the network operator may be able to assign the information collected on the user’s specific visit to the user’s personal account. If the user interacts via a “share” button of the respective network, this information can be stored in the user’s personal user account and published if necessary. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. It is also possible to configure the respective user account accordingly.

The following social networks are integrated into our site by linking:

facebook

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA.

Privacy policy: https://www.facebook.com/policy.php

EU-US data protection certification („EU-US Privacy Shield“) https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy policy: https://www.linkedin.com/legal/privacy-policy

EU-US data protection certification („EU-US Privacy Shield“) https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

„Facebook“-Social-Plug-in

In our Internet presence we use the plugin of the social network Facebook. Facebook is an internet service of facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. In the EU, this service is in turn operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, hereinafter both referred to as “Facebook” only.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

guarantees Facebook that the data protection regulations of the EU will also be observed when processing data in the USA.

The legal basis is Article 6(1)(f) DSGVO. Our legitimate interest lies in the quality improvement of our Internet presence.

Facebook provides further information about the possible plug-ins and their respective functions at

https://developers.facebook.com/docs/plugins/

ready for you.

If the plug-in is stored on one of the pages of our website that you visit, your Internet browser will download a representation of the plug-in from the Facebook servers in the USA. For technical reasons it is necessary that Facebook processes your IP address. In addition, the date and time of the visit to our website are also recorded.

If you are logged in to Facebook while visiting one of our websites equipped with the plugin, the information collected by the plugin during your specific visit will be recognized by Facebook. Facebook may assign the information collected in this way to your personal user account there. For example, if you use the “Like” button on Facebook, this information is stored in your Facebook user account and may be published on the Facebook platform. If you wish to prevent this, you must either log out of Facebook before visiting our website or prevent the loading of the Facebook plug-in from being blocked by using an add-on for your Internet browser.

Further information on the collection and use of data and your rights and protection options in this regard is provided by Facebook in the sections on

https://www.facebook.com/policy.php

accessible data protection information.

Google Analytics

In our Internet presence we use Google Analytics. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only referred to as “Google”.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis is Article 6(1)(f) DSGVO. Our legitimate interest lies in the analysis, optimization and economic operation of our Internet presence.

Use and user-related information, such as IP address, place, time or frequency of the visit to our website are transmitted to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. Through this function, Google shortens the IP address already within the EU or EEA.

The data collected in this way are in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data can also be used to provide other services related to the use of our website and the use of the Internet.

Google indicates not to connect your IP address with other data. In addition, Google maintains a database under

https://www.google.com/intl/de/policies/privacy/partners

further data protection information for you, for example also on the possibilities for preventing the use of data.

In addition, Google offers under

https://tools.google.com/dlpage/gaoptout?hl=de

a so-called deactivation add-on together with further information on this. This add-on can be installed with all common Internet browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs the JavaScript (ga.js) of Google Analytics that information about visits to our website should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analysis services. Whether and which other web analysis services are used by us, you will of course also find out in this privacy policy.

Google-Maps

In our internet presence we use Google Maps to show our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to only as “Google”.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.

If you call up the Google Maps component integrated into our website, Google stores a cookie on your end device via your Internet browser. Your user settings and data are processed in order to display our location and provide you with directions. Here we cannot exclude the possibility that Google uses servers in the USA.

The legal basis is Article 6(1)(f) DSGVO. Our legitimate interest lies in optimizing the functionality of our Internet presence.

Through the connection to Google established in this way, Google can determine from which website your request has been sent and to which IP address the directions are to be sent.

If you do not agree with this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. You will find details on this above under the item “Cookies”.

In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of  https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

In addition, Google offers under

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

further information.

Google reCAPTCHA

On our website we use Google reCAPTCHA to check and avoid interactions on our website through automated accesses, e.g. to our website. through so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to only as “Google”.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

This service enables Google to determine from which website a request is sent and from which IP address you use the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary to offer and guarantee this service.   

The legal basis is Article 6(1)(f) DSGVO. Our legitimate interest lies in the security of our Internet presence as well as in the prevention of unwanted, automated access in the form of spam or similar.

Google offers under

https://policies.google.com/privacy

further information on the general handling of your user data.

Google Fonts

In our internet presence we use Google Fonts to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to only as “Google”.

Through certification according to the EU-US Privacy Shield

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

guarantees Google that the data protection requirements of the EU will also be observed when processing data in the USA.

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.

The legal basis is Article 6(1)(f) DSGVO. Our legitimate interest lies in the optimization and economic operation of our Internet presence.

Through the connection to Google established when you access our website, Google can determine from which website your request has been sent and to which IP address the font is to be sent.

Google offers under

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

further information, in particular on how to prevent the use of data.

Model data protection declaration of the law firm Weiß & Partner