Privacy Policy

ebp-consulting GmbH Privacy Policy

Thank you for your interest in our website. We take the protection of your personal data very seriously. Below you will find information about how the personal data gathered through your use of the website is used. Your data is processed in accordance with the statutory data protection provisions. In instances where you are forwarded to other websites, we have no influence or control over the content or privacy policies of said websites.

Definitions

Everyone should be able to readily understand our Privacy Policy. The Privacy Policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions of these terms are provided in Art. 4 GDPR.

I. Name and address of the responsible Party

ebp-consulting GmbH
Handwerkstrasse 29
70565 Stuttgart
Germany
 
Tel.:       +49 711 391703 0
Email:     info@ebp-consulting.de
Website: www.ebp-consulting.com

II. Contact details of the Data Protection Officer

PROLIANCE GmbH / www.datenschutzexperte.de
Dominik Fünkner
Leopoldstr. 21
80802 München
Germany
E-Mail: datenschutzbeauftragter@datenschutzexperte.de
 

III. Data processing when visiting the Website

1. Scope of personal data processing

In principle, we only process our users' personal data to the extent required to ensure the functionality of our website as well as its contents and services. Our users' personal data is only processed with their consent. An exception is made for instances in which it has not been possible to obtain prior consent for practical reasons and legal provisions permit the processing of this data.

2. Legal basis for personal data processing

If we have obtained consent from the data subject to process personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as a legal basis for such.

When processing personal data in order to fulfil a contract to which the data subject is a party, Art. 6 para. 1 lit.b GDPR serves as a legal basis for such. This also applies to processing that is required in order to initiate pre-contractual measures.

If personal data needs to be processed in order for our company to fulfil a legal obligation to which it is subject, Art. 6 para. 1 lit. c GDPR serves as a legal basis for such.

In instances where personal data must be processed in order to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR serves as a legal basis for such.

If processing is required in order to protect our company's legitimate interests or those of a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the interests of the former, Art. 6 para. 1 lit. f GDPR serves as a legal basis for such.

3. Data deletion and duration of storage

The length of time for which your personal data is stored is determined by the applicable legal retention periods (e.g. under commercial law and fiscal law). The relevant data will be routinely deleted upon expiry of the respective period. If data is required in order to fulfil or initiate a contract or we have a legitimate interest in its continued storage, the data will be deleted when it is no longer required for these purposes or if you exercise your right to withdraw or revoke your consent.

IV. Website availability and creation of log files

1. Description and scope of data processing

Every time you visit our website our system automatically records data and information from the system of the computer from which the website is accessed. This includes the following data:

  • Referrer (previously visited website)
  • Website or file accessed
  • Browser type and browser version
  • Operating system used
  • Type of device used
  • Time of access
  • IP address in anonymised form (only used to determine the location from which the website is being accessed)

The data is also saved in our system's log files. This data is not stored in the same place as other personal data belonging to the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The IP address needs to be temporarily stored by the system in order to allow the website to be accessed by the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

It is stored in log files in order to ensure the website's functionality. The data also helps us to optimise the website and ensure the security of our IT systems. The data gathered in this context is not analysed for marketing purposes.

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR is also subsumed within these purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where the data has been collected for the purpose of enabling access to the website, this is when the respective session has ended.

Where the data has been stored in log files, this is within seven days at latest. The data may be stored for longer. In this case, the users' IP addresses are deleted so that the data cannot be attributed to the client accessing the website, provided no statutory storage obligations prevent this. 

5. Option to opt out and option to delete

The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. The user does not have the option to opt out.

V. Use of cookies

Our website uses cookies which are saved to your device by the browser and contain certain settings relating to your use of the website (e.g. the current session). Cookies help to make our services more user-friendly, effective and secure. Cookies are small text files that are downloaded onto your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted when the browser is closed. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies allow us to recognise your browser upon your next visit.

Sometimes the cookies help to simplify website processes by saving settings (e.g. remembering previously selected options). If personal data is also processed by individual cookies used by us, this data will be processed either in accordance with Art. 6 para. 1 lit. b GDPR for performance of the contract or in accordance with Art. 6 para. 1 lit. f GDPR in order to protect our legitimate interests in ensuring the website's optimal functionality in addition to ensuring that visits to the website offer a customer-friendly and effective experience.

You can adjust your browser settings so that you are notified when cookies are being used and can approve the use of cookies on an individual basis, forbid the use of cookies in certain situations or completely and activate the automatic deletion of cookies when the browser is closed. You can manage your cookie settings by clicking on the following links for your respective browser.

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

You can also individual manage the cookies used by many companies and functions for marketing purposes. Use the relevant user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices

Most browsers also offer a "Do Not Track" function, which allows you to specify that you do not wish to be "tracked" by websites. If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be tracked for the purposes of behaviour-based advertising and the like. You can find information and instructions on how to use this function, depending on your browser provider, by clicking the following links:

Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de

Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/

Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track

Opera: http://help.opera.com/Windows/12.10/de/notrack.html

Safari: https://support.apple.com/kb/PH21416?locale=de_DE

You can also prevent so-called scripts from being loaded as standard. NoScript only allows JavaScripts, Java and other plugins to run on trustworthy domains of your choosing. You can find information and instructions on how to use this function by referring to your browser provider (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that by deactivating cookies, you may not be able to access all of this website's functions.

VI. Customers and interested parties (contact form and email contact)

We hereby notify you, in accordance with Art. 13, 14 and 21 GDPR, of the processing of your personal data and your rights relating thereto. The data which is processed in each instance and the way in which it is used is determined primarily by the services which have been requested or agreed upon.

1. Purpose and legal basis of data processing

 

We only process data from the input mask in order to communicate with you. If contact is made via email, there is also considered to be a legitimate interest in data processing.

The other data that is processed during the form submission process is used to prevent misuse of the contact form and ensure the security of our IT systems.

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the purposes of establishing, executing and fulfilling contracts and implementing pre-contractual measures. If personal data must be provided in order to initiate or conduct contractual relationships or in the course of implementing pre-contractual measures, processing as per Art. 6 para. 1 lit. b GDPR is legally permissible.

If you give us your explicit consent to process personal data for specific reasons (e.g. passing on data to third parties, analysing data for marketing purposes, being contacted for promotional reasons), this processing is legally permissible on the basis of your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time (see item XII of the Privacy Policy). Please note that consent can only be withdrawn with future effect. Any processing that took place prior to consent being withdrawn remains unaffected.

If necessary and legally permissible, we process your data beyond the extent required by the actual purposes of the contract in order to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR). In addition, your data is processed in order to protect our own legitimate interests or those of a third party (Art. 6 para. 1 lit. f GDPR); you will be separately notified of this with reference to the legitimate interest if such is required by law.

2. Description and scope of data processing

On our website you can find a contact form, which can be used to contact us electronically. If you choose to use this contact form, the data you enter into the input mask will be transmitted to us and stored. So that this data can be processed, you will be asked to give your consent and referred to this Privacy Policy as part of the form submission process.

Alternatively, you can get in touch using the provided email address. In this case, the user's personal data that is transmitted along with the email will be stored.

We only pass on your personal data within our company to departments that require this data in order to fulfil contractual and legal obligations or enforce our legitimate interest.

Your personal data will be processed on our behalf on the basis of order processing contracts according to Art. 28 GDPR. In such instances, we ensure that personal data is processed in accordance with the General Data Protection Regulation. The recipient categories in this case are customer management systems and software providers.

Data will only be passed on to recipients outside of the company if legal provisions permit or require such, such is necessary in order for contracts to be processed and thus fulfilled or, at your request, for pre-contractual measures to be carried out, you have agreed to such or we are authorised to disclose this data. Under these conditions, recipients of personal data could be:

  • Public bodies and institutions (e.g. public prosecutor's office, police, regulatory authorities, tax office) where there is a legal or official obligation to pass on data.
  • Recipients to whom the data must be passed on in order for a contract to be established or fulfilled, such as freelancers.
  • Personal data may also be passed on to any bodies that you have given us your permission to pass on data to.

No data is passed on to third parties in this context. The data is used solely for the purpose of processing the conversation.

3. Sources and categories of personal data

We process personal data that you share with us when you contact us or during the establishment of a contractual relationship, or in the course of implementing pre-contractual measures.

We process data associated with the establishment of a contract or pre-contractual measures. This could be general information about you or people within your company (such as name, address and contact details) as well as other data that you share with us in the process of establishing a contract.

4. Duration of storage

Where necessary, we process and store your personal data for the duration of our business relationship, which, by way of example, could also include the preparation and performance of a contract or could be until the contractual purposes have been fulfilled.

Furthermore, we are bound to fulfil various obligations relating to storage and documentation in accordance with the provisions of the German Commercial Code (HGB) and the German Tax Code (AO) among others. The periods prescribed therein for the storage and documentation of data range from two to ten years.

The additional personal data gathered during the form submission process is deleted at latest after a period of seven days.

VII. Applicants (– application form and email applications)

In accordance with the provisions of Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR), in the following sections we will describe how the personal data you share with us or that we may collect during the application process is processed and inform you of your rights relating thereto. In order to ensure that you are fully informed regarding the processing of personal data during the application process, please take the time to read the following information.

1. Purpose and legal basis of data processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in order to process your employment application, to the extent that such is required in order to make a decision regarding whether or not to initiate an employment relationship with you. The legal basis for this is Art. 88 GDPR in conjunction with Sec. 26 BGSG (new) and, where applicable, Art. 6 para. 1 lit. b GDPR relating to the initiation or conducting of contractual relationships.

We can also process your personal data if such is required in order to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or to defend legal claims that have been asserted against us. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The legitimate interest is, by way of example, the burden of proof in proceedings pursuant to the German General Equal Treatment Act (AGG). If you give us your explicit consent to process personal data for specific reasons, this processing is legally permissible on the basis of your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time (see item VII clause 5 and item XII of this Privacy Policy). Please note that consent can only be withdrawn with future effect. Any processing that took place prior to consent being withdrawn remains unaffected.

If an employment relationship is established between us and yourself, we can further process the personal data you have already given us for the purpose of this employment relationship according to Art. 88 GDPR in conjunction with Sec. 26 BDSG (new), to the extent that such is required in order to conduct or terminate the employment relationship or to exercise or fulfil the rights and obligations relating to representation of employees' interests derived from a law or wage agreement, or a works or services agreement (collective agreement).

2. Description and scope of data processing

On our website you can find an application form, which can be used to submit applications electronically. If you choose to use this application form, the data you enter into the input mask and the files you attach will be transmitted to us and stored. So that this data can be processed, you will be asked to give your consent and referred to this Privacy Policy as part of the form submission process.

Please note that for applications we only offer the application form on our website. If you still choose to submit your application via email, we wish to explicitly point out that email attachments will not be encrypted.

Within our company your personal data is only passed on to departments that require this data in order to fulfil contractual and legal obligations or enforce our legitimate interest. The data is used solely to process the application.

No transmission of the data to external third parties or a third country is intended. Data will only be passed on to recipients outside of the company if legal provisions permit or require such, such is necessary in order to fulfil legal obligations or you have agreed to such.

3. Sources and categories of personal data

We process personal data that we receive in the course of communications with you or as part of the application you submit via email or the application form on our website, or which you have shared with us via external recruitment agencies.

We process data associated with your application. This could be general information relating to you (such as name, address and contact details), details of your professional qualifications and education or details of professional development, or other information you have shared with us in connection with your application.

4. Duration of storage

We store your personal data for as long as it is required in order for a decision regarding your application to be made. Your personal data or application documents will be deleted at latest six months following the end of the application process (e.g. after you have been notified that your application was unsuccessful) provided the law does not require or permit us to store it for longer. We also only continue to store your data if required to by law or in specific instances involving the establishment, exercise or defence of legal claims, for the duration of a legal dispute.

If you have agreed to the prolonged storage of your personal data, we store your personal data in accordance with your declaration of consent. You can withdraw your consent for us to store your personal data at any time with future effect by sending a short message to this effect.

If the application process results in an offer of employment or traineeship, the data will first continue to be stored if required and then transferred to your personnel file.

Subsequent to your application, you may be offered the opportunity to be placed in an applicant pool. By doing this, we can include you among our selected candidates should vacancies arise in future. If you agree to this, we will store your application data in our applicant pool in accordance with the particulars of your consent or, where applicable, future consent.

VIII. Web analysis and web tracking

1. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how you use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. We only use Google Analytics with activated IP anonymisation. This means that the user's IP address is truncated by Google within the Member States of the European Union or other countries which are party to the Agreement on the European Economic Area, which prevents it from being linked to a specific individual. Google Inc., which is headquartered in the USA, is certified under the US-European "Privacy Shield" data protection agreement, which ensures that the level of data protection that applies in the EU is upheld. The data is processed in accordance with Art. 6 para. 1 lit. f GDPR or Sec. 15 para. 3 German Telemedia Act on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.

Google will use this information on behalf of the operator of this website in order to analyse your use of the website, compiling reports on website activity and providing website operators with other services relating to website use and internet use. The IP address transferred by your browser during the use of Google Analytics will not be amalgamated with any other data held by Google. You can find the terms of use for Google Analytics and information on data protection at: http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.

You may refuse the use of cookies by selecting the appropriate settings in your browser software. However, please note that if you do this, you may not be able to access the full functionality of this website. Furthermore, you can prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin, available under the following link: (http://tools.google.com/dlpage/gaoptout?hl=en).

One click on the following link prevents Google Analytics from collecting data by using an "opt-out cookie": Deactivation of Google Analytics

You can find information about how user data is handled in the context of Google Analytics in Google's Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=de

 

2. Google web fonts

This website uses "web fonts" provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland ("Google") to ensure that fonts are displayed in a uniform way. Google web fonts allows us to use external fonts, known as "Google fonts". When our website is accessed, the required Google font is loaded by your web browser in your browser cache, allowing texts and fonts to be displayed correctly. This is necessary in order for your browser to display our texts in a visually appealing way. If your browser does not support this function, it will display a standard font used by your computer. These web fonts are integrated by being downloaded from a server, generally one of Google's servers in the USA. Though this, information about which page of our website you have visited is transmitted to the server. The IP address of the browser used by the user's end device is also stored by Google.

We use Google web fonts for optimisation purposes, particularly to make our website easier for you to use and to make it more user-friendly in its design. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR is also subsumed within these purposes.

Google has subscribed to the Privacy Shield agreement between the European Union and the USA and is certified under the terms of such. This means that Google promises to uphold the standards and provisions of European data protection law. You can find further information by referring to the entry found under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can find further information on data protection by referring to Google's Privacy Policy: http://www.google.de/intl/de/policies/privacy

You can find further information on Google web fonts by visiting http://www.google.com/webfonts/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.

IX. Social media plugins

Social networks (Facebook, Twitter, Google Plus, LinkedIn und Xing) are only embedded in our website in the form of a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the website of the respective provider. User information will only be transmitted to the respective provider after the user has been redirected. You can find out how your personal data is handled when you use these websites by referring to the privacy policies of the providers of the websites you use.

X. Google Maps

We use Google Maps API to display interactive maps directly on the website and enable the convenient use of the map functions. In order to allow you to use Google Maps functions, your full IP address is transferred to a Google server in the United States and stored there (see Clause 3.7.1. regarding "US Privacy Shield"). The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. You can find the terms of use for Google Maps at: https://www.google.com/intl/de_de/help/terms_maps.html. You can find further information in Google's Privacy Policy: https://policies.google.com/privacy?hl=de.p>

Opt-out: https://www.google.com/settings/ads/

XI. Forwarding of data and recipients

Your data is not passed on to third parties unless

  • we have explicitly declared such when describing how your data is processed in any given instance,
  • you have explicitly consented to such according to Art. 6 para. 1 sentence 1 lit. a,
  • such is necessary according to Art. 6 para. 1 sentence 1 lit. f DGPR for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being passed on,
  • there exists a legal obligation to do so according to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • such is necessary for conducting contractual relations with you according to Art. 6 para. 1 sentence 1 lit. b GDPR.

We also use external service providers to deliver our services, who we have carefully selected and commissioned in writing. They are bound by our instructions and regularly monitored by us. These service providers assist us with web hosting, email correspondence and the maintenance and upkeep of our IT systems etc. The service providers do not pass on this data to third parties.

XII. Rights of the data subject

Below you will find information regarding which data subject rights you are granted under the applicable data protection law in relation to the processing of your personal data vis-a-vis the party responsible for such:

The right, according to Art. 15 GDPR, to request information regarding what personal data we process. You can in particular request information about the purposes for which the data is processed, the categories of personal data held, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, find out if you have the right to amend, delete, limit the processing of or object to the processing of the data, find out if you have the right to appeal, request information about the origin of the data if we did not collect it, and find out if automated decision-making, including profiling, is used, as well as request meaningful information regarding the particulars of such.

The right, according to Art. 16 GDPR, to request the immediate amendment or completion of incorrect or incomplete personal data that we hold on file for you.

The right, according to Art. 17 GDPR to request the deletion of the personal data we hold on file for you, provided it does not need to be processed in order for freedom of expression and information to be exercised, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.

The right, according to Art. 18 GDPR, to place limitations on the processing of your data if you have disputed the accuracy of the data, the processing of such is illegal but you do not wish for it to be deleted and we no longer require the data, however, you require this data to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Art 21 GDPR.

The right, according to Art. 20 GDPR, to request that the personal data we hold on file for you be issued to you in a structured, standard and machine-readable format, or that it be passed on to another responsible party.

The right, according to Art. 77 GDPR, to lodge a complaint with a supervisory authority. Normally you can contact the supervisory authority of the federal state in which we are headquartered (see above) or possibly that of your place of usual residence or work.

Right to withdraw granted consent according to Art. 7 para. 3 GDPR: You have the right to withdraw consent you have given for your data to be processed at any time with future effect. If consent if withdrawn, we will immediately delete the affected data, provided there is no legal basis for further processing without consent. The legality of any processing which has been carried out on the basis of this consent remains unaffected even if consent is withdrawn.

Right of objection

Provided that we have processed your personal data on the basis of legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, according to Art. 21 GDPR, to object to the processing of your personal data, provided that this objection is made for reasons relating to your particular situation. We will then no longer process this personal data, unless we are able to prove that there are compelling, legitimate reasons for such, which outweigh your interests, rights and freedoms, or if the data is processed in order to establish, exercise or defend legal claims. If you have withdrawn your consent for your personal data to be processed for the purpose of direct marketing, you have a general right to object and do not need to provide details of your particular situation.

If you wish to exercise your right to revoke or withdraw consent, please send an email to info@ebp-consulting.de.

XIII. Amendments to and latest version of the Privacy Policy

We reserve the right to make changes to or update this Privacy Policy when necessary with due regard to the applicable data protection regulations. We can thus amend it in order to comply with the latest legal requirements and to reflect changes to our services, e.g. if new services are introduced. The most recent version applies to your visit.

Privacy Policy last updated: 16.08.2018