Privacy Policy

ebp-consulting GmbH Privacy Policy

Thank you for your interest in our website. We take the protection of your personal data very seriously. Below you will find information about how the personal data gathered through your use of the website is used. Your data is processed in accordance with the statutory data protection provisions. In instances where you are forwarded to other websites, we have no influence or control over the content or privacy policies of said websites.

Definitions

Everyone should be able to readily understand our Privacy Policy. The Privacy Policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions of these terms are provided in Art. 4 GDPR.

I. Name and address of the responsible Party

ebp-consulting GmbH
Handwerkstrasse 29
70565 Stuttgart
Germany
 
Tel.:       +49 711 391703 0
Email:     info@ebp-consulting.de
Website: www.ebp-consulting.com

II. Contact details of the Data Protection Officer

PROLIANCE GmbH / www.datenschutzexperte.de
Dominik Fünkner
Leopoldstr. 21
80802 München
Germany
E-Mail: datenschutzbeauftragter@datenschutzexperte.de
 

III. Data processing when visiting the Website

1. Scope of personal data processing

In principle, we only process our users' personal data to the extent required to ensure the functionality of our website as well as its contents and services. Our users' personal data is only processed with their consent. An exception is made for instances in which it has not been possible to obtain prior consent for practical reasons and legal provisions permit the processing of this data.

2. Legal basis for personal data processing

If we have obtained consent from the data subject to process personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as a legal basis for such.

When processing personal data in order to fulfil a contract to which the data subject is a party, Art. 6 para. 1 lit.b GDPR serves as a legal basis for such. This also applies to processing that is required in order to initiate pre-contractual measures.

If personal data needs to be processed in order for our company to fulfil a legal obligation to which it is subject, Art. 6 para. 1 lit. c GDPR serves as a legal basis for such.

In instances where personal data must be processed in order to protect the vital interests of the data subject or another natural person, Art. 6 para. 1 lit. d GDPR serves as a legal basis for such.

If processing is required in order to protect our company's legitimate interests or those of a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the interests of the former, Art. 6 para. 1 lit. f GDPR serves as a legal basis for such.

3. Data deletion and duration of storage

The length of time for which your personal data is stored is determined by the applicable legal retention periods (e.g. under commercial law and fiscal law). The relevant data will be routinely deleted upon expiry of the respective period. If data is required in order to fulfil or initiate a contract or we have a legitimate interest in its continued storage, the data will be deleted when it is no longer required for these purposes or if you exercise your right to withdraw or revoke your consent.

4. Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.

In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG. 

In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

IV. Website availability and creation of log files

1. Description and scope of data processing

Every time you visit our website our system automatically records data and information from the system of the computer from which the website is accessed. This includes the following data:

  • Referrer (previously visited website)
  • Website or file accessed
  • Browser type and browser version
  • Operating system used
  • Type of device used
  • Time of access
  • IP address in anonymised form (only used to determine the location from which the website is being accessed)

The data is also saved in our system's log files. This data is not stored in the same place as other personal data belonging to the user.

2. Legal basis for data processing

The legal basis for the temporary storage of the data and log files is Art. 6 para. 1 lit. f GDPR.

3. Purpose of data processing

The IP address needs to be temporarily stored by the system in order to allow the website to be accessed by the user's computer. For this purpose, the user's IP address must be stored for the duration of the session.

It is stored in log files in order to ensure the website's functionality. The data also helps us to optimise the website and ensure the security of our IT systems. The data gathered in this context is not analysed for marketing purposes.

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR is also subsumed within these purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. Where the data has been collected for the purpose of enabling access to the website, this is when the respective session has ended.

Where the data has been stored in log files, this is within seven days at latest. The data may be stored for longer. In this case, the users' IP addresses are deleted so that the data cannot be attributed to the client accessing the website, provided no statutory storage obligations prevent this. 

5. Option to opt out and option to delete

The collection of data for the provision of the website and the storage of data in log files is necessary for the operation of the website. The user does not have the option to opt out.

V. Use of cookies

Our website uses cookies which are saved to your device by the browser and contain certain settings relating to your use of the website (e.g. the current session). Cookies help to make our services more user-friendly, effective and secure. Cookies are small text files that are downloaded onto your computer and saved by your browser. Most of the cookies we use are so-called session cookies, which are automatically deleted when the browser is closed. Other cookies remain stored on your end device until you delete them or the storage period expires. These cookies allow us to recognise your browser upon your next visit.

Sometimes the cookies help to simplify website processes by saving settings (e.g. remembering previously selected options). If personal data is also processed by individual cookies used by us, this data will be processed either in accordance with Art. 6 para. 1 lit. b GDPR for performance of the contract or in accordance with Art. 6 para. 1 lit. f GDPR in order to protect our legitimate interests in ensuring the website's optimal functionality in addition to ensuring that visits to the website offer a customer-friendly and effective experience.

You can adjust your browser settings so that you are notified when cookies are being used and can approve the use of cookies on an individual basis, forbid the use of cookies in certain situations or completely and activate the automatic deletion of cookies when the browser is closed. You can manage your cookie settings by clicking on the following links for your respective browser.

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

You can also individual manage the cookies used by many companies and functions for marketing purposes. Use the relevant user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices

Most browsers also offer a "Do Not Track" function, which allows you to specify that you do not wish to be "tracked" by websites. If this function is activated, the respective browser informs advertising networks, websites and applications that you do not wish to be tracked for the purposes of behaviour-based advertising and the like. You can find information and instructions on how to use this function, depending on your browser provider, by clicking the following links:

Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de

Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/

Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track

Opera: http://help.opera.com/Windows/12.10/de/notrack.html

Safari: https://support.apple.com/kb/PH21416?locale=de_DE

You can also prevent so-called scripts from being loaded as standard. NoScript only allows JavaScripts, Java and other plugins to run on trustworthy domains of your choosing. You can find information and instructions on how to use this function by referring to your browser provider (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that by deactivating cookies, you may not be able to access all of this website's functions.

VI. Customers and interested parties (contact form and email contact)

We hereby notify you, in accordance with Art. 13, 14 and 21 GDPR, of the processing of your personal data and your rights relating thereto. The data which is processed in each instance and the way in which it is used is determined primarily by the services which have been requested or agreed upon.

1. Purpose and legal basis of data processing

We only process data from the input mask in order to communicate with you. If contact is made via email, there is also considered to be a legitimate interest in data processing.

The other data that is processed during the form submission process is used to prevent misuse of the contact form and ensure the security of our IT systems.

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the purposes of establishing, executing and fulfilling contracts and implementing pre-contractual measures. If personal data must be provided in order to initiate or conduct contractual relationships or in the course of implementing pre-contractual measures, processing as per Art. 6 para. 1 lit. b GDPR is legally permissible.

If you give us your explicit consent to process personal data for specific reasons (e.g. passing on data to third parties, analysing data for marketing purposes, being contacted for promotional reasons), this processing is legally permissible on the basis of your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time (see item XII of the Privacy Policy). Please note that consent can only be withdrawn with future effect. Any processing that took place prior to consent being withdrawn remains unaffected.

If necessary and legally permissible, we process your data beyond the extent required by the actual purposes of the contract in order to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR). In addition, your data is processed in order to protect our own legitimate interests or those of a third party (Art. 6 para. 1 lit. f GDPR); you will be separately notified of this with reference to the legitimate interest if such is required by law.

2. Description and scope of data processing

On our website you can find a contact form, which can be used to contact us electronically. If you choose to use this contact form, the data you enter into the input mask will be transmitted to us and stored. So that this data can be processed, you will be asked to give your consent and referred to this Privacy Policy as part of the form submission process.

Alternatively, you can get in touch using the provided email address. In this case, the user's personal data that is transmitted along with the email will be stored.

We only pass on your personal data within our company to departments that require this data in order to fulfil contractual and legal obligations or enforce our legitimate interest.

Your personal data will be processed on our behalf on the basis of order processing contracts according to Art. 28 GDPR. In such instances, we ensure that personal data is processed in accordance with the General Data Protection Regulation. The recipient categories in this case are customer management systems and software providers.

Data will only be passed on to recipients outside of the company if legal provisions permit or require such, such is necessary in order for contracts to be processed and thus fulfilled or, at your request, for pre-contractual measures to be carried out, you have agreed to such or we are authorised to disclose this data. Under these conditions, recipients of personal data could be:

  • Public bodies and institutions (e.g. public prosecutor's office, police, regulatory authorities, tax office) where there is a legal or official obligation to pass on data.
  • Recipients to whom the data must be passed on in order for a contract to be established or fulfilled, such as freelancers.
  • Personal data may also be passed on to any bodies that you have given us your permission to pass on data to.

No data is passed on to third parties in this context. The data is used solely for the purpose of processing the conversation.

3. Sources and categories of personal data

We process personal data that you share with us when you contact us or during the establishment of a contractual relationship, or in the course of implementing pre-contractual measures.

We process data associated with the establishment of a contract or pre-contractual measures. This could be general information about you or people within your company (such as name, address and contact details) as well as other data that you share with us in the process of establishing a contract.

4. Duration of storage

Where necessary, we process and store your personal data for the duration of our business relationship, which, by way of example, could also include the preparation and performance of a contract or could be until the contractual purposes have been fulfilled.

Furthermore, we are bound to fulfil various obligations relating to storage and documentation in accordance with the provisions of the German Commercial Code (HGB) and the German Tax Code (AO) among others. The periods prescribed therein for the storage and documentation of data range from two to ten years.

The additional personal data gathered during the form submission process is deleted at latest after a period of seven days.

VII. Applicants (– application form and email applications)

In accordance with the provisions of Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR), in the following sections we will describe how the personal data you share with us or that we may collect during the application process is processed and inform you of your rights relating thereto. In order to ensure that you are fully informed regarding the processing of personal data during the application process, please take the time to read the following information.

1. Purpose and legal basis of data processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) in order to process your employment application, to the extent that such is required in order to make a decision regarding whether or not to initiate an employment relationship with you. The legal basis for this is Art. 88 GDPR in conjunction with Sec. 26 BGSG (new) and, where applicable, Art. 6 para. 1 lit. b GDPR relating to the initiation or conducting of contractual relationships.

We can also process your personal data if such is required in order to fulfil legal obligations (Art. 6 para. 1 lit. c GDPR) or to defend legal claims that have been asserted against us. The legal basis for this is Art. 6 para. 1 lit. f GDPR. The legitimate interest is, by way of example, the burden of proof in proceedings pursuant to the German General Equal Treatment Act (AGG). If you give us your explicit consent to process personal data for specific reasons, this processing is legally permissible on the basis of your consent according to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time (see item VII clause 5 and item XII of this Privacy Policy). Please note that consent can only be withdrawn with future effect. Any processing that took place prior to consent being withdrawn remains unaffected.

If an employment relationship is established between us and yourself, we can further process the personal data you have already given us for the purpose of this employment relationship according to Art. 88 GDPR in conjunction with Sec. 26 BDSG (new), to the extent that such is required in order to conduct or terminate the employment relationship or to exercise or fulfil the rights and obligations relating to representation of employees' interests derived from a law or wage agreement, or a works or services agreement (collective agreement).

2. Description and scope of data processing

On our website you can find an application form, which can be used to submit applications electronically. If you choose to use this application form, the data you enter into the input mask and the files you attach will be transmitted to us and stored. So that this data can be processed, you will be asked to give your consent and referred to this Privacy Policy as part of the form submission process.

Please note that for applications we only offer the application form on our website. If you still choose to submit your application via email, we wish to explicitly point out that email attachments will not be encrypted.

Within our company your personal data is only passed on to departments that require this data in order to fulfil contractual and legal obligations or enforce our legitimate interest. The data is used solely to process the application.

No transmission of the data to external third parties or a third country is intended. Data will only be passed on to recipients outside of the company if legal provisions permit or require such, such is necessary in order to fulfil legal obligations or you have agreed to such.

3. Sources and categories of personal data

We process personal data that we receive in the course of communications with you or as part of the application you submit via email or the application form on our website, or which you have shared with us via external recruitment agencies.

We process data associated with your application. This could be general information relating to you (such as name, address and contact details), details of your professional qualifications and education or details of professional development, or other information you have shared with us in connection with your application.

4. Duration of storage

We store your personal data for as long as it is required in order for a decision regarding your application to be made. Your personal data or application documents will be deleted at latest six months following the end of the application process (e.g. after you have been notified that your application was unsuccessful) provided the law does not require or permit us to store it for longer. We also only continue to store your data if required to by law or in specific instances involving the establishment, exercise or defence of legal claims, for the duration of a legal dispute.

If you have agreed to the prolonged storage of your personal data, we store your personal data in accordance with your declaration of consent. You can withdraw your consent for us to store your personal data at any time with future effect by sending a short message to this effect.

If the application process results in an offer of employment or traineeship, the data will first continue to be stored if required and then transferred to your personnel file.

Subsequent to your application, you may be offered the opportunity to be placed in an applicant pool. By doing this, we can include you among our selected candidates should vacancies arise in future. If you agree to this, we will store your application data in our applicant pool in accordance with the particulars of your consent or, where applicable, future consent.

VIII. Web analysis and web tracking

1. Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses so-called "cookies" and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/

https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

2. Google web fonts

This website uses "web fonts" provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland ("Google") to ensure that fonts are displayed in a uniform way. Google web fonts allows us to use external fonts, known as "Google fonts". When our website is accessed, the required Google font is loaded by your web browser in your browser cache, allowing texts and fonts to be displayed correctly. This is necessary in order for your browser to display our texts in a visually appealing way. If your browser does not support this function, it will display a standard font used by your computer. These web fonts are integrated by being downloaded from a server, generally one of Google's servers in the USA. Though this, information about which page of our website you have visited is transmitted to the server. The IP address of the browser used by the user's end device is also stored by Google.

We use Google web fonts for optimisation purposes, particularly to make our website easier for you to use and to make it more user-friendly in its design. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR is also subsumed within these purposes.

Google has subscribed to the Privacy Shield agreement between the European Union and the USA and is certified under the terms of such. This means that Google promises to uphold the standards and provisions of European data protection law. You can find further information by referring to the entry found under the following link: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

You can find further information on data protection by referring to Google's Privacy Policy: http://www.google.de/intl/de/policies/privacy

You can find further information on Google web fonts by visiting http://www.google.com/webfonts/, https://developers.google.com/fonts/faq?hl=de-DE&csw=1 and https://www.google.com/fonts#AboutPlace:about.

IX. Social media plugins

Social networks (Facebook, Twitter, Google Plus, LinkedIn und Xing) are only embedded in our website in the form of a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the website of the respective provider. User information will only be transmitted to the respective provider after the user has been redirected. You can find out how your personal data is handled when you use these websites by referring to the privacy policies of the providers of the websites you use.

X. Social Media Channels

The protection of your personal data is very important to us. In the following, you will find information on how we handle your data, which are recorded through your use of our social media presence on social networks and platforms. The processing of your data is in accordance with the legal regulations.

1. Providers

1.1 Controller

If your personal data is processed by one of the providers listed below, this provider is responsible for data processing within the meaning of the GDPR. For the assertion of your rights, please contact the respective provider. Only they have access to the data collected from you. However, if you need any assistance, please contact us any time.

We are present on social media platforms of the following providers:

  • LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
  • XING SE, Dammtorstraße 29-32, 20354 Hamburg, Germany

1.2 Data protection officer

Information on how to contact the data protection officer of the respective social media providers can be found here:

  • LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
  • XING SE: Datenschutzbeauftragter@xing.com

2. General information on social media platforms given by the ebp-consulting GmbH

2.1 Controller

Insofar as we process the data provided by you via social media, the following body is responsible for data processing within the meaning of GDPR:

ebp-consulting GmbH
Handwerkstrasse 29
70565 Stuttgart
Germany
 
Email:     info@ebp-consulting.de
Website: www.ebp-consulting.com

2.2 Our data protection officer

If you have any concerns about us processing your data, please contact our data protection officer at the following contact details:

PROLIANCE GmbH / www.datenschutzexperte.de
Datenschutzbeauftragter
Leopoldstr. 21
80802 München
Germany
E-Mail: datenschutzbeauftragter@datenschutzexperte.de
 

3. General data processing on social media platforms

3.1 Data processing for market research and advertising

Organisations generally process data for market research and promotional purposes. Therefore, web-site providers use cookies, which load on to your browser and detect your return to the same URL. The recorded data is used to create user profiles. User profiles may be used for targeted advertise-ments within or outside the platform. In addition, user profiles may contain data, that is gathered from memberships on other platforms.

3.2 Data processing through making contact

We collect data when you contact us, for example via contact form or messenger services such as Facebook Messenger. The data collected depends on the details you provide and the contact details you specify. It will be stored for the purpose of processing the inquiry and in the event of follow-up questions. Under no circumstances we will pass on the data to third parties without your consent. The legal basis for the data processing is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR if your request aimed at the con-clusion of a contract. Unless there are compelling reasons, your data will be erased after final pro-cessing. We assume the processing is finalized, when the regarding circumstances are clarified.

3.3 Data processing for the purpose of contract handling

If your request via social media or other platforms is aimed at the conclusion of a contract, regarding the delivery of goods or the provision of services, we process your data in order to perform the contract and the requested services, or pre-contractual measures. In this case, the legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR. Your data will be erased if they are no longer necessary for the fulfilment of the contract or if it is certain, that pre-contractual measures will not lead to the con-clusion of a contract corresponding to the purpose of establishing the contact. Please take into ac-count, that it may be necessary to store personal data of our contractual partners in order to comply with contractual or legal obligations even after the conclusion of contract.

3.4 Data processing by virtue of consent

If the respective platform providers request you to consent to the processing for a particular purpose, the legal basis for the processing is Art. 6 para. 1 lit. a, Art. 7 GDPR. You have the right to withdraw such consent with effect for the future at any time.

4. Data transfer and recipient

Please note, that by using social media platforms, data processing may take place outside the EU and the European Economic Area, wherefore European levels of data protection cannot be guaranteed. The US based social media providers mentioned above are certified by “Privacy Shield “. “Privacy Shield” is an US-European-data protection convention, warranting the compliance with EU data pro-tection levels. We have no influence on the processing and handling of your personal data by the re-spective providers as well as we have no information on this matter. Please consider the privacy policy of the providers for further information:

  • LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
  • XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung, Opt-Out: https://nats.xing.com/optout.html?locale=en_US

5. Your rights

You will find information on which data subject rights the applicable data protection law grants you vis-à-vis the controller in the following. You have the right,

to request information about your personal data processed by us; Art. 15 GDPR. In particular, you may obtain information about the purpose of processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the con-troller rectification or erasure of personal data or restriction of processing, the right to lodge a com-plaint, where the personal data are not collected from us, any available information as to their source, the existence of automated decision-making, including profiling and meaningful information about the logic involved.

To obtain from the controller without undue delay the rectification of inaccurate personal data or have incomplete personal data completed; Art. 16 GDPR.

To obtain from us the erasure of personal data concerning, unless the processing is necessary for, exercising the right of freedom of expression and information, compliance with a legal obligation, rea-sons of public interest, achieving purposes in the public interest and the establishment, exercise or defence of legal claims, Art. 17 GDPR.

To obtain from us restriction of processing where, the accuracy of personal data is contested by you, the processing is unlawful, we no longer need the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21; Art. 18 GDPR.

To receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller; Art. 20 GDPR

to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of alleged infringement; Art. 77 GDPR.

To withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before it’s withdrawal. Prior to giving consent, you shall be informed thereof; Art. 7 para. 3 GDPR. In case of countermand the respective data shall be deleted immediately, unless further processing cannot be based on a legal basis for processing without consent.

Right of object

In line with Art. 21 GDPR, you have the right to object, on grounds relating to your particular situa-tion, at any time to processing of personal data concerning you which is based on processing for the purposes of the legitimate interests (Art. 6 Abs. 1 lit. GDPR) pursued by us. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.

If you wish to make use of your right of objection or withdrawal, send an E-Mail to info@ebp-consulting.com.

6. Duration of storage

The personal data collected and stored by us will be erased from our systems, if the purpose of pro-cessing ceases to exist or if you have made use of your right of withdrawal or objection. Legal retention periods remain unaffected. We have no influence on the storage period of your data being stored by social media providers for their own purposes. For further details, please contact them directly.

XI. Google Maps

We use Google Maps API to display interactive maps directly on the website and enable the convenient use of the map functions. In order to allow you to use Google Maps functions, your full IP address is transferred to a Google server in the United States and stored there (see Clause 3.7.1. regarding "US Privacy Shield"). The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. You can find the terms of use for Google Maps at: https://www.google.com/intl/de_de/help/terms_maps.html. You can find further information in Google's Privacy Policy: https://policies.google.com/privacy?hl=de.p>

Opt-out: https://www.google.com/settings/ads/

XII. Forwarding of data and recipients

Your data is not passed on to third parties unless

  • we have explicitly declared such when describing how your data is processed in any given instance,
  • you have explicitly consented to such according to Art. 6 para. 1 sentence 1 lit. a,
  • such is necessary according to Art. 6 para. 1 sentence 1 lit. f DGPR for the establishment, exercise or defence of legal claims and there is no reason to believe that you have an overriding legitimate interest in your data not being passed on,
  • there exists a legal obligation to do so according to Art. 6 para. 1 sentence 1 lit. c GDPR, and
  • such is necessary for conducting contractual relations with you according to Art. 6 para. 1 sentence 1 lit. b GDPR.

We also use external service providers to deliver our services, who we have carefully selected and commissioned in writing. They are bound by our instructions and regularly monitored by us. These service providers assist us with web hosting, email correspondence and the maintenance and upkeep of our IT systems etc. The service providers do not pass on this data to third parties.

XIII. Rights of the data subject

Below you will find information regarding which data subject rights you are granted under the applicable data protection law in relation to the processing of your personal data vis-a-vis the party responsible for such:

The right, according to Art. 15 GDPR, to request information regarding what personal data we process. You can in particular request information about the purposes for which the data is processed, the categories of personal data held, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, find out if you have the right to amend, delete, limit the processing of or object to the processing of the data, find out if you have the right to appeal, request information about the origin of the data if we did not collect it, and find out if automated decision-making, including profiling, is used, as well as request meaningful information regarding the particulars of such.

The right, according to Art. 16 GDPR, to request the immediate amendment or completion of incorrect or incomplete personal data that we hold on file for you.

The right, according to Art. 17 GDPR to request the deletion of the personal data we hold on file for you, provided it does not need to be processed in order for freedom of expression and information to be exercised, to fulfil a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.

The right, according to Art. 18 GDPR, to place limitations on the processing of your data if you have disputed the accuracy of the data, the processing of such is illegal but you do not wish for it to be deleted and we no longer require the data, however, you require this data to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Art 21 GDPR.

The right, according to Art. 20 GDPR, to request that the personal data we hold on file for you be issued to you in a structured, standard and machine-readable format, or that it be passed on to another responsible party.

The right, according to Art. 77 GDPR, to lodge a complaint with a supervisory authority. Normally you can contact the supervisory authority of the federal state in which we are headquartered (see above) or possibly that of your place of usual residence or work.

Right to withdraw granted consent according to Art. 7 para. 3 GDPR: You have the right to withdraw consent you have given for your data to be processed at any time with future effect. If consent if withdrawn, we will immediately delete the affected data, provided there is no legal basis for further processing without consent. The legality of any processing which has been carried out on the basis of this consent remains unaffected even if consent is withdrawn.

Right of objection

Provided that we have processed your personal data on the basis of legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, according to Art. 21 GDPR, to object to the processing of your personal data, provided that this objection is made for reasons relating to your particular situation. We will then no longer process this personal data, unless we are able to prove that there are compelling, legitimate reasons for such, which outweigh your interests, rights and freedoms, or if the data is processed in order to establish, exercise or defend legal claims. If you have withdrawn your consent for your personal data to be processed for the purpose of direct marketing, you have a general right to object and do not need to provide details of your particular situation.

If you wish to exercise your right to revoke or withdraw consent, please send an email to info@ebp-consulting.de.

XIV. Amendments to and latest version of the Privacy Policy

We reserve the right to make changes to or update this Privacy Policy when necessary with due regard to the applicable data protection regulations. We can thus amend it in order to comply with the latest legal requirements and to reflect changes to our services, e.g. if new services are introduced. The most recent version applies to your visit.

Privacy Policy last updated: 27.05.2019