Bertschat & Hundertmark Consult Unternehmensberatung GmbH
Data Protection Officer: Torsten Walla
61231 Bad Nauheim
Tel.: +49 (0)6032 92670 0
Types of Data:
- General records (e.g. names, addresses).
- Contact information (e.g. email addresses, telephone numbers).
- Content data (e.g. text, CV’s, photographs, charts, videos etc. held in the closed, password protected B&H career portal).
- Usage data (e.g. websites visited, content interest, login/out times).
- Network/communication data (e.g. device information, IP addresses).
Visitors and users of our online services (hereinafter referred to as „users“ or „data subjects“)
Purpose for Processing
- The provision of online services, features and contents.
- Answering requests and communicating with users.
- Security measures.
Clarification of Terms
„Personal data“ means any information that can be related to an identified or identifiable individual (hereinafter the „data subject“); this person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
„Processing“ means any form of processing whether or not by automated means with reference to personal data. This terminology is extensive and covers virtually all data handling.
„Controller“ means the individual or legal entity, public authority, agency or another body that either alone or jointly with others, determines the purposes and means of the processing of personal data.
Relevant Legal Statutes
We hereby inform you that data is processed in accordance with Article 13, GDPR. The following laws apply unless otherwise declared: the legal basis for obtaining consent is found in Article 6, Paragraph 1(a) and Article 7, GDPR; the legal basis for processing and performing services, the performance of contracts and responses to enquiries is found in Article 6 Paragraph 1(b), GDPR; the legal basis for processing data to fulfill our legal obligations is found in Article 6 Paragraph 1(c), GDPR and the legal basis for processing in order to protect our legitimate interest is found in Article 6 Paragraph 1(f), GDPR. Article 6 Paragraph 1(d), GDPR applies where processing of the data is necessary to protect the vital interests of the data subject or another individual.
Working with Processors and Third Parties
If in the course of data processing, we disclose, transmit or grant access of data to other people and companies (processors or third parties) this will only occur on the basis of legal permission or an obligation, (e.g. a financial service provider in order to fulfill contractual obligations, in accordance with Article 6, Paragraph 1(b), GDPR for the performance of a contract), if the user has consented or on the basis of our legitimate interest (e.g. the use of agents, webhosts etc.).
If third parties are commisioned to process data on the basis of a so-called „Processing Contract“ then Article 28, GDPR will apply.
Data Transfer outside the EU/EEA
If we process data, or transfer and disclose data to a third party service provider in a country outside the EU (Economic Union) or EEA (European Economic Area), this occurs only in the case of fulfilling our contractual duties, on the basis of a legal obligation, consent from the user or on the basis of our legitimate interest. Special legal and contractual conditions apply to our processing or allowing data to be processed in these countries and Article 44, GDPR applies. This means that the processing is carried out under specific guarantees such as the officially recognised EU data protection laws (or, for example, the Privacy Shield Agreement in the USA) or in compliance with other officially recognised contractual obligations (so-called „Standard Contractual Clauses“).
Data Subject Rights
You have the right to obtain confirmation as to whether or not your data is being processed, the nature and to access a copy of said data and further information under Article 15, GDPR.
You have the right under Article 16, GDPR to obtain the rectification of personal inaccurate data and the right to have incomplete personal data completed.
Under Article 17, GDPR, you have the right to obtain the erasure of personal data and you have the right to obtain the restriction of processing personal data under Article 18, GDPR.
You have the right to receive and transmit personal data to another controller under Article 20, GDPR.
Under Article 77, GDPR, you have the right to lodge a complaint with a Regulatory Supervisory Authority.
Right to Withdraw
You have the right under Article 7, Paragraph 3, GDPR to withdraw consent at any time.
Right to Object
Under Article 21, GDPR you have the right to object, at any time, to the processing of personal data when processed for the purposes of direct marketing activity.
Cookies and the Right to block Direct Marketing Activity
„Cookies“ are small files stored on the user’s computer. A range of information can be stored on these cookies. In the main, they are used to store information about the user (e.g. the device the cookies are stored on) during and/or also after the user’s visit to an online service site. Temporary cookies such as „session/transient cookies“ are those that are deleted when the user leaves the online service site and closes the browser. In such a cookie, the contents of a shopping basket in an online shop or login information can be stored. „Permanent/persistent“ cookies remain saved when the browser has been closed. Therefore, login information remains if the user visits the site several days later. In the same way, information about the user’s interest in the site can be stored for audience measurement and marketing purposes. „Third-Party-Cookies“ are those offered by different service providers to the controller (to whom „First-Party Cookies“ refer).
If the user does not wish cookies to be saved then they will be asked to disable the option on the browser settings. Cookies saved can be deleted in the brower settings. However, this may lead to reduced functionalities of online services.
Cookies used for online marketing purposes, especially tracking, can be blocked by a range of methods explained either on the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ Furthermore, cookies can be switched off but this may lead to reduced functionalities of the online service.
According to Articles 17 & 18, GDPR, data stored by us will either be deleted or processing will be restricted. Unless explicitly stated to the contrary, data will be deleted when it is no longer required and as long as there are no legal requirements to keep it. If data is not deleted due to the need to retain it for other and legally permitted purposes, processing will be be restricted. This means that the data will be blocked and not used for other purposes. This relates, for example, to data that has to be kept for commercial or tax purposes.
In order to provide online services, we use hosting providers for the following: infrastructure and platform services, computer capacity, storage and database services, security and technical maintenance services.
Here, we and/or our hosting service provider process a range of inventory, contact, content, usage and statistical communication data from clients, interested parties and visitors. This processing is necessary for the purpose of our legitimate interest in providing a safe and efficent online service according to Article 6, Paragraph 1(f), GDPR in conjunction with Article 28, GDPR.
Collection of Data and Logfiles
We and our hosting provider, for the purpose of our legitimate interest, collect server access information as authorised under Article 6, Paragraph 1(f), GDPR. This information includes the following:
- Browser type/version
- Operating system
- Referrer URL
- Host ID
- Time of request
The information obtained is not person-specific. The data will not be merged with other data sources. However, we reserve the right to check data retrospectively if we have concrete evidence of illegal activities.
Contact with B&H
When making contact with us (e.g by phone, email, social media, contact form), your information will be processed according to Article 6, Paragraph 1(b), GDPR. The data may be stored in the Customer Relationship Management System („CRM System“) or that of a similar service provider.
We will delete the requests when no longer required.
Please find below information about the content of our newsletters as well as registration, dispatch and statistical evaluation procedures together with your rights to opt out. By subscribing to our newsletter you declare yourself in agreement with our terms.
Content: We send newsletters, emails and additional electronic news with advertising information about our area of business – „Conflict free HR Restructuring“ (hereinafter referred to as „newsletter“). This is only sent with the permission of the recipient or with legal permission. The content of the newsletter is available for you to use. In addition, the newsletter contains information about us and our services.
Double-Opt-In and login procedure: subscription to our newsletter works by means of a double-opt-in process. Therefore, following registration, you will receive an email asking you to comfirm your subscription. This confirmation serves to ensure that an individual with another email address cannot register on your behalf and this confirmation will be logged. It verifies that the process has been carried out according to legal requirements. The registration, time of confirmation and the IP address will be stored.
In order to subscribe to our newsletter, we simply require your email address.
Germany: The dispatch of newsletters and related success measurement is based on either the consent of the recipient under Article 6, Paragraph 1(a), GDPR , Article 7, GDPR in conjunction with § 7 (2) Nr. 3 UWG or in the case of legal permission § 7 (3) UWG.
The registration process is logged for the purpose of our legitimate interest, in accordance with Article 6, Paragraph 1(f), GDPR. Thus, the newsletter system is user-friendly, secure and serves the interests of the client. It also serves our business interests whilst fulfilling the user’s expectations – and is sent with the user’s express permission.
Cancellation – you may cancel your subscription to our newsletter at any time. You will find a link at the bottom of each newsletter. We may store email addresses of cancelled subscribers. A request to cancel your subscription will only be successful if that subscription has been previously confirmed.
Newsletter – Success Measurement
The newsletter contains a web beacon – a transparent image file (GIF) that runs when the newsletter is opened. Initially, information of a technical nature – the browser/system, the IP address and time of opening is gathered.
This data is used to make technical improvements to our service based on the information, the audience, their reading habits, location (from the IP address) or time of access. Statistics will also show if the newsletter was opened, when and which links were clicked. Technically this information can identify specific recipients. However, it is not our objective to observe individual users. The results allow us to understand our users‘ reading habits better and thereby to target our contents more specifically to them.
Live Chat Function
Online Social Media Activity
We are actively present online on social networks and platforms in order to keep in contact with clients, interested parties and users and to let them know about our services. Terms, conditions and data processing guidelines of the individual operators apply.
Service Integration and Third Party Contents
Based on our legitimate interest (the analysis, optimisation and provision of an online business service within the meaning of Article 6, Paragraph 1(f), GDPR) we make use of content or services from third party providers including, for example, videos or fonts (hereinafter referred to as „contents”).
This is always based on the assumption that the third party of this content has the IP address as it would not be possible to communicate with the user’s browser without it. We strive to ensure that only these contents are transferred by such third parties. Pixel-tags (invisible files, also known as „web beacons“) may be used by third parties for statistical or marketing purposes. By this means, visitor traffic information can be analysed. This pseudonymous information can also be stored in cookies on the user’s device and may additionally include (but is not limited to) technical information about the browser/system, referrer websites, time of visit, plus additional information relating to the use of our online services and from other sources.