Data protection according to GDPR
privacy policy
§ 1 Information about the collection of personal data
(1) In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior.
(2) The person responsible according to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Hans-Jürgen Brandt (see our legal notice). You can reach our data protection officer at datenschutz@hjbconsulting.de or our postal address with the addition “the data protection officer”.
(3) When you contact us by email or via a contact form, the data you provide (your email address, if applicable your name and your telephone number) will be stored by us in order to answer your questions. We delete the data collected in this context once storage is no longer required or restrict processing if there are statutory retention periods.
(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also state the specified criteria for the storage period.
§ 2 Your Rights
(1) You have the following rights with regard to the personal data concerning you:
– Right to information,
– Right to rectification or erasure,
– Right to restriction of processing,
– Right to object to processing,
– Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
§ 3 Collection of personal data when visiting our website
(1) If you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 Para. 1 Clause 1 Letter f of GDPR):
– IP address
– Date and time of the request
– Time zone difference to Greenwich Mean Time (GMT)
– Content of the request (specific page)
– Access status/HTTP status code
– amount of data transferred in each case
– Website from which the request comes
– Browser
– Operating system and its interface
– Language and version of the browser software.
(2) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard disk and associated with the browser you use. They allow certain information to be sent to the location that placed the cookies (here, this is us). Cookies cannot run programs or transmit viruses to your computer. They are designed to make the Internet more user-friendly and effective.
(3) Use of cookies:
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
d) You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.
§ 4 Additional functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you must usually provide additional personal data that we use to provide the respective service and to which the aforementioned data processing principles apply.
(2) We sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
(3) We may also pass on your personal data to third parties, conclude contracts or offer similar services together with partners. You will receive further information about this when you provide your personal data or in the description of the offer below.
(4) Data will only be transferred to countries outside the EU or EEA if this is necessary to perform the service owed or is required by law (e.g. tax reporting obligations), if you have given us your consent or if it is carried out as part of order data processing. If service providers are used in a third country, they are obliged to comply with the data protection level in Europe by agreeing to the EU standard contractual clauses in addition to written instructions.
§ 5 Online Contract Conclusion
(1) If you wish to conclude a contract via our website, you must provide your personal data, which we require for processing. The mandatory information required for processing the contracts is marked separately; further information is voluntary. We process the data you provide to process the contract. As part of the application processing or policy, we may pass your data on to the respective product partner. The legal basis for this is Art. 6 Para. 1 Clause 1 Letter b of GDPR.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
(2) Due to commercial and tax law requirements, we are obliged to store your address, payment and order data for a period of ten years. However, after three years we restrict processing, i.e. your data will only be used to comply with legal obligations.
(3) To prevent unauthorized access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology / SSL technology.
§ 6 Newsletter
(1) With your consent, you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised products and services are named in the declaration of consent.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after you register, we will send you an email to the email address you provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information required to send the newsletter is your email address. [The provision of additional, separately marked data is voluntary and will be used to address you personally. After your confirmation, we will save your email address for the purpose of sending you the newsletter. The legal basis is Art. 6 Para. 1 Clause 1 Letter a of GDPR.
(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in each newsletter email, by email to newsletter@hjbconsulting.de or by sending a message to the contact details provided in the imprint.
§ 7 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the legality of the processing of your personal data after you have expressed it to us.
(2) If we base the processing of your personal data on a balance of interests between your interest in anonymity and our interest in using the data you have provided, you can object to this processing. This is the case if the processing is not necessary to fulfill a contract with you, which we will explain in the description of the functions below. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we do. If your objection is justified, we will examine the situation and either stop or adapt the data processing or show you our compelling legitimate reasons on the basis of which we continue the processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: newsletter@hjbconsulting.de or by sending a message to the contact details provided in the imprint.
§ 8 Web Analytics
1. Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.
(3) You can prevent cookies from being saved by selecting the appropriate settings on your browser software; however, please note that if you do this, you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
(4) This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, which means that they cannot be linked to a person. If the data collected about you is personally identifiable, this will be excluded immediately and the personal data will be deleted immediately.
(5) We use Google Analytics to analyze the use of our website and to regularly improve it. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Clause 1 Letter f of GDPR.
(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: 353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.
[(7) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal data".]
2. Use of Jetpack/formerly Wordpress.com-Stats
(1) This website uses the web analysis service Jetpack (formerly: WordPress.com-Stats) to analyze the use of our website and to regularly improve it. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. We also use the system for measures to protect the security of the website, e.g. detecting attacks or viruses. For the exceptional cases in which personal data is transferred to the USA, Automattic Inc. has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov. The legal basis for the use of Jetpack is Art. 6 Para. 1 Clause 1 Letter f of GDPR.
(2) Cookies are stored on your computer for this evaluation (see § 3 for more details). The information collected in this way is stored on a server in the USA. If you prevent cookies from being saved, we would like to point out that you may not be able to use this website to its full extent. You can prevent cookies from being saved by selecting the appropriate settings in your browser or by clicking the "Click here to Opt-out" button at http://www.quantcast.com/opt-out.
(3) This website uses Jetpack with an extension that shortens IP addresses immediately after they are collected in order to exclude any personal reference.
(4) Information from the third-party provider: Automattic Inc., 60 29 th Street #343, San Francisco, CA 94110–4929, USA, https://automattic.com/privacy, and the third-party provider of the tracking technology: Quantcast Inc., 201 3 rd St, Floor 2, San Francisco, CA 94103–3153, USA, https://www.quantcast.com/privacy.
3. Use of the Scalable Central Measurement Method (SZM)
(1) Our website uses the measurement method (“SZMnG”) of INFOnline GmbH (https://www.infonline.de) to determine statistical parameters on the use of our offers. The aim of the reach measurement is to statistically determine the intensity of use, the number of users of a website and the surfing behavior - based on a uniform standard procedure - and thus to obtain comparable values across the market.
For websites that are members of the Information Association for the Determination of the Distribution of Advertising Media (IVW – http://www.ivw.eu) or that participate in the studies of the Association for Online Research (AGOF – http://www.agof.de), the usage statistics are regularly published by the AGOF and the Association for Media Analysis (agma – http://www.agma-mmc.de), as well as the IVW, and can be viewed on the respective websites.
a) Data processing
INFOnline GmbH collects and processes data in accordance with German data protection law. Technical and organizational measures ensure that individual users cannot be identified at any time. Data that may be related to a specific, identifiable person is anonymized as soon as possible.
anonymization of the IP address
On the Internet, every device needs a unique address to transmit data, the so-called IP address. The at least short-term storage of the IP address is technically necessary due to the way the Internet works. The IP addresses are shortened before any processing and only processed anonymously. The unabridged IP addresses are neither stored nor processed.
Geolocation down to the federal state/regional level
So-called geolocation, i.e. the assignment of a website visit to the location of the visit, is carried out exclusively on the basis of the anonymized IP address and only up to the geographical level of the federal states/regions. Under no circumstances can a conclusion be drawn about the specific place of residence of a user from the geographical information obtained in this way.
identification number of the device
To recognize computer systems, the reach measurement uses either a cookie with the identifier "ioam.de", a "local storage object" or an anonymous signature that is created from various automatically transmitted information from your browser. The validity of the cookie is limited to a maximum of 1 year.
login ID
To measure distributed usage (use of a service from different devices), the user ID at login, if available, can be transferred to INFOnline as an anonymized checksum.
b) Deletion
The stored usage processes are deleted after 7 months at the latest.
c) objection
If you do not wish to participate in the measurement, you can object using the following link: http://optout.ioam.de. Further information on data protection in the measurement process can be found on the website of INFOnline GmbH (https://www.infonline.de), which operates the measurement process, the data protection website of AGOF (http://www.agof.de/datenschutz) and the data protection website of IVW (http://www.ivw.eu).
(2) We use the SZM procedure to analyze the use of our website and to be able to improve it regularly. Using the statistics obtained, we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the SZM procedure is Art. 6 Para. 1 Clause 1 Letter f of GDPR.
§ 9 Social Media
1. Use of social media plug-ins
(1) We currently do not use social media plug-ins: [Facebook, Xing, LinkedIn]. We use the so-called two-click solution. This means that when you visit our site, no personal data is initially passed on to the plug-in providers. You can recognize the plug-in provider by the marking on the box above its initial letter or logo. We give you the opportunity to communicate directly with the plug-in provider using the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offering. In addition, the data mentioned under Section 3 of this declaration is transmitted. In the case of Facebook and Xing, according to the respective providers in Germany, the IP address is anonymized immediately after collection. By activating the plug-in, personal data about you is transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data primarily via cookies, we recommend that you delete all cookies via the security settings of your browser before clicking on the grayed-out box.
(2) We have no influence on the data collected and data processing procedures, nor are we aware of the full extent of the data collection, the purposes of the processing, or the storage periods. We also have no information on the deletion of the data collected by the plug-in provider.
(3) The plug-in provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you must contact the respective plug-in provider to exercise this right. We use the plug-ins to offer you the opportunity to interact with social networks and other users so that we can improve our offering and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Paragraph 1 Clause 1 Letter f of GDPR.
(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect will be assigned directly to your existing account with the plug-in provider. If you click the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent your data from being assigned to your profile with the plug-in provider.
(5) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information on your rights in this regard and setting options for protecting your privacy.
(6) Addresses of the respective plug-in providers and URL with their data protection notices:
a) [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
c) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
e) T3N, yeebase media GmbH, Kriegerstr. 40, 30161 Hannover, Germany; https://t3n.de/store/page/datenschutz.
f) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
g) Flattr Network Ltd. with registered office at 2nd Floor, White bear yard 114A, Clerkenwell Road, London, Middlesex, England, EC1R 5DF, Great Britain; https://flattr. com/privacy.]
