Data Privacy Policy

Data protection is a top priority at Mertus. We make every effort to ensure that the data of our website visitors, customers and freelancers is secure and only used for the purposes for which it was submitted to us. We strive to implement all legal data protection regulations as transparently as possible and have summarized everything for you in the following privacy policy.
If you have any questions or comments about the data privacy policy, please do not hesitate to contact us at any time. Please feel free to send us an e-mail to privacy@mertus-consulting.com.

Table of Content

General

Responsibility for data privacy protection

Responsible for data processing is:

Mertus Consulting GmbH
Simon-von-Utrecht-Str. 85A
D-20359 Hamburg

Phone: +49 (0)40 571 99 133
E-Mail: info@mertus-consulting.com
Website: www.mertus-consulting.vom

– in the following called “responsible person“–

Data protection officer

Data protection officer of the responsible person is:

Hans-Justus Daase
Neumühlen 42
D-22763 Hamburg

Telefon: +49 (0)40 571 99 133
E-Mail: justus.daase@mertus-consulting.com

Data protection supervisory authority

The responsible data protection supervisory authority is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22
D-20459 Hamburg
Website: https://www.datenschutz-hamburg.de/

Scope of & changes to the privacy policy

The content of this privacy policy relates to data processing by the responsible person, in particular in the context of the use of the website of the responsible person „www.mertus-consulting.com“ (in the following referred to as „Website“). Purely as a precautionary measure, it is pointed out that this privacy policy only applies to the contents of the Website. External websites are not covered by this declaration.

If and insofar as it should become necessary, the responsible party reserves the right to update and amend the data protection declaration. The responsible person will inform the data subjects of any significant changes. The processing of personal data by the controller is always based on the most current version of the privacy policy, which is always published on the Website at http://www.mertus-consulting.com/datenschutz. If a data subject uses the website after a change to the privacy policy has come into effect, he or she thereby declares his or her consent to the currently applicable privacy policy.

Data processing in the context of the general use of the Website

Log-Files

The responsible person makes the Website available to anyone without a prior login or registration. However, when calling up the Website, the internet browser or the respective mobile device of the data subject automatically transmits some data and information to the server of the responsible person for technical reasons. This data and information is stored in the log files of the server. The stored data and information include:

  • the browser type as well as the browser version,
  • the operating system of the accessing system
  • the URL of the website from which an accessing system arrives at our Website (so-called referrer),
  • the (sub)pages that are accessed on our Website by an accessing system,
  • the IP address of the accessing device,
  • the date and time of access to the Website,
  • the service provider of the accessing system,
  • http-response-Code,
  • other similar data and information that serve to avert danger in the event of attacks on our IT systems.

This data and information is stored separately from other personal data. The legal basis for data collection and storage is Art.6 para.1 lit.f General Data Protection Regulation (GDPR). The legitimate interest in data processing follows from the fact that the responsible person must enable and optimize the use of its Website, enable technical administration and ensure the security of the IT systems. In addition, the misuse of the Website is prevented.

The deletion of the collected data takes place after the purpose of their collection has ceased to exist. The data stored in log files is deleted after seven days at the latest. However, further storage of the log files is possible, provided that the IP address of the device of the data subject is deleted or alienated in such a way that an assignment of the IP address to the data subject is no longer possible.

Cookies

The responsible person uses cookies on the Website. Cookies are files that are stored on the hard drive of the end device of the data subject at the instigation of the web server of the responsible person. Cookies enable the identification of the computer system of the data subject in the event of a repeated visit to the website. The controller uses cookies to analyze the use of the Website (so-called technically unnecessary cookies). The legal basis for the processing of data using cookies is Art.6 para.1 lit.f GDPR. The purpose of the data processing justifying the legitimate interest of the controller is the demand-oriented design and continuous optimization of the Website.

When the data subject accesses the Website, he or she is shown a banner that informs him or her about the use of technically unnecessary cookies and refers to this privacy policy.

The data subject can also set their browser so that the browser informs them about the placement of cookies. In this way, the use of cookies becomes transparent for the data subject. Cookies can also be deleted at any time via the corresponding browser setting and the setting of new cookies can be prevented. Deleting or preventing cookies may, however, result in some Website content not being displayed and some functions no longer being technically available.

You can access your personal cookie settings here:

Cookies-Einstellungen

For more information on the use of cookies, please see the Cookies-Policy

General contact forms on the website

On the website, the responsible person provides the possibility to contact him via contact forms. In the corresponding input masks, the data subject must fill in mandatory fields with information on

  • first name,
  • surname, and
  • e-mail address.

The legal basis for the processing of data that a data subject provides to the responsible person in the context of contacting the responsible person is Art.6 para.1 lit.f GDPR or Art.6 para.1 lit.b GDPR if the contact is aimed at concluding a contract with the responsible person. For other data voluntarily provided by the data subject, the legal basis for processing is Art.6 para.1 lit.a GDPR.

The data transmitted by a data subject via a contact form are used exclusively for processing the request communicated by the data subject, if necessary the processing of a contract and for contacting the data subject. From these purposes follows the legitimate interest in the data processing of the responsible person in the sense of Art.6 Abs.1 lit.f GDPR.

The data transmitted by the data subject will be deleted by the responsible person as soon as the purpose of the collection has ceased to apply and no contractual or legal obligations prevent the deletion. In particular, the purpose of the data collection has ceased to exist when the request of the data subject has been answered. If, as a result of contacting the data subject, a contract is concluded between the responsible person and the data subject, the data will only be deleted when it is no longer required for the performance of the contract or the implementation of pre-contractual measures. Storage of the data beyond the fulfillment of the contract may be necessary in order to comply with contractual or legal obligations.

The data subject may object to the use of his/her personal data at any time. This will not incur any costs for the data subject other than the costs of transmission. In the event of an objection, the data stored in the course of contacting us will be deleted. In this case, processing of the request cannot take place or be continued. If and insofar as the data of the data subject is required for the performance of a contract or for the implementation of pre-contractual measures, a deletion of the data is only possible if and insofar as contractual or legal obligations do not prevent a deletion.

Contacting Mertus via E-Mail

As an alternative to the contact form, interested parties can also contact us via the e-mail address
info@mertus-consulting.com.

The personal data transmitted by the data subject via e-mail will be stored by the responsible person. The legal basis for the processing of personal data transmitted by a data subject to the responsible person in the context of contacting the responsible person by e-mail is Art.6 para.1 lit.f GDPR, or Art.6 para.2 lit.b GDPR, if the purpose of contacting the responsible person by e-mail is to conclude a contract with the responsible person.

The personal data transmitted by e-mail are used exclusively for processing the request communicated by the data subject, if necessary, the execution of a contract and for contacting the data subject. From these purposes follows the legitimate interest of the responsible person in the data processing in the sense of Art.6 Abs.1 lit.f GDPR.

The data transmitted by the data subject will be deleted by the responsible person as soon as the purpose of the processing has ceased to apply and no contractual or legal obligations prevent the deletion. In particular, the purpose of the data collection has ceased to exist when the request has been answered. If the responsible person concludes a contract with the data subject as a result of the contact, the personal data of the data subject will only be deleted when they are no longer required for the performance of the contract or the implementation of pre-contractual measures. Storage of personal data beyond the fulfillment of the contract may be necessary to comply with contractual or legal obligations.

The data subject may object to the use of his/her personal data at any time. This will not incur any costs for the data subject other than the costs of transmission. In the event of an objection, the data stored by the data subject in the course of contacting us will be deleted. In this case, processing of the request cannot take place or be continued. If and insofar as the data of the data subject is required for the performance of a contract or for the implementation of pre-contractual measures, a deletion of the data is only possible if and insofar as contractual or legal obligations do not prevent a deletion.

Newslettermailing & -Tracking

Subscription and Unsubscription

The responsible person informs customers and business partners at regular intervals by means of a newsletter about offers and news. On the website, the responsible person offers interested parties the opportunity to subscribe to the newsletter. To order the newsletter, the responsible person processes the following personal data :

  • first name,
  • surname, and
  • e-mail address.

A reception of the newsletter is in principle only possible for persons who

  • have a valid e-mail address, and
  • have registered as recipients of the newsletter.

The registration for the newsletter takes place by means of a so-called “double opt-in” procedure. A confirmation e-mail will be sent to the e-mail address specified in the newsletter registration in order to check whether the owner of the e-mail address has authorized the receipt of the newsletter. The newsletter will only be sent after this authorization.

Within the scope of the newsletter registration

  • the IP address assigned by the Internet service provider (ISP) of the computer system used by the data subject during registration, as well as
  • the date and time of the registration

are stored by the responsible party.

The processing of this data is necessary in order to be able to trace a possible misuse of e-mail addresses of a data subject at a later point in time. The data processing thus serves the legal protection of the person responsible.

The person responsible uses the personal data collected in the context of the newsletter registration only for sending the newsletter. In addition, the newsletter subscribers will be informed by e-mail if this is necessary for the operation of the newsletter or a registration in this regard. This may be the case, in particular, if the person responsible changes the newsletter service or the technical circumstances on which it is based. Personal data processed as part of the newsletter service will not be passed on to third parties. Subscribers to the newsletter can unsubscribe at any time. The consent to the storage of personal data given by the data subject for the sending of the newsletter can be revoked at any time. This revocation can be declared via a link contained in each newsletter. Unsubscribing from the newsletter is also possible by other means, for example by e-mail. Unsubscribing from the newsletter is automatically interpreted as a revocation of the data subject’s consent to data processing.

Newsletter-Tracking

The newsletter of the responsible person contains so-called tracking pixels. Tracking pixels are embedded as thumbnail graphics in an e-mail sent in HTML format and enable the recording and analysis of a log file. This serves the statistical evaluation of the success of online marketing campaigns by enabling the responsible person  to evaluate whether and when an e-mail was opened by the recipient and which content and links were called up.

The personal data collected through tracking pixels is used to adapt and optimize the newsletter dispatch. The personal data collected in this way is not passed on to third parties. Data subjects can revoke their declaration of consent given in the “double opt-in” process at any time. After revocation, the personal data will be deleted by the person responsible. Unsubscribing from the newsletter is automatically interpreted as a revocation of the data subject’s consent to data processing.

Social Media

The responsible person maintains company pages on several social media platforms. This is intended to provide further opportunities for information about the company of the responsible person as well as the opportunity for exchange. The responsible person has company pages on the following social media platforms:

  • LinkedIn,
  • Xing, and
  • Instagram.

When a data subject visits a profile on a social media platform or interacts with the responsible person via it, processing of personal data about the data subject may occur. The information associated with a social media profile used also regularly constitutes personal data. This also covers messages and statements made while using the profile. In addition, during a visit to a social media profile, certain information is often automatically collected about it, which may also constitute personal data.

LinkedIn

Components on the website of the responsible person

The responsible party has integrated components of the LinkedIn Corporation on the website. LinkedIn is a digital social network that allows users to network with existing as well as new contacts. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For data protection issues outside the USA, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Each time the website that is equipped with a LinkedIn component (LinkedIn plug-in) is called up, this component causes the browser used by the data subject to download a corresponding representation of the component from LinkedIn. Further information on LinkedIn plug-ins can be found at https://developer.linkedin.com/plugins . As part of this technical procedure, LinkedIn receives knowledge of which specific sub-page of the website of the responsible person is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognizes which specific sub-page of the website the data subject is visiting with each call-up of the website by the data subject and for the entire duration of the respective stay on the website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject activates a LinkedIn button integrated on the website of the responsible person, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited the website of the responsible person if the data subject is simultaneously logged in to LinkedIn at the time the website is called up; this takes place regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, he or she can prevent the transmission by logging out of his or her LinkedIn account before calling up the website of the responsible person.

LinkedIn offers the possibility to unsubscribe from email messages, SMS messages and targeted ads as well as to manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. LinkedIn’s applicable privacy policy is available at https://www.linkedin.com/legal/privacy-policy. LinkedIn’s cookie policy is available at  https://www.linkedin.com/legal/cookie-policy.

Visiting the company page of the responsible person

LinkedIn Ireland Unlimited Company (Ireland/EU – hereinafter “LinkedIn“) is the sole controller for the processing of personal data when visiting the LinkedIn company page of the responsible person. Further information about the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.

When data subjects visit the LinkedIn company page of the responsible person, follow this page or engage with the page, LinkedIn processes personal data in order to provide the responsible person with statistics and information in anonymized form. This provides the responsible person with knowledge about the way in which his company page is used. For this purpose, LinkedIn processes in particular such data that data subjects have already provided to LinkedIn via the information in their profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how the data subject interacts with the LinkedIn company page of the responsible person. In doing so, LinkedIn does not provide the responsible person with any personal data of the data subject, but only a summary of the usage behavior of LinkedIn users on the company page of the responsible person. It is not possible for the responsible person to draw conclusions about individual users via the page usage information. The processing of personal data in the context of page insights is carried out by LinkedIn and the responsible person as joint responsible parties. The processing serves the legitimate interest of the responsible person to evaluate the types of actions taken on the LinkedIn company page of the responsible person and to optimize its company page based on these insights. The legal basis for the processing is Art.6 para.1 lit.f GDPR. The responsible person has entered into a joint controller agreement with LinkedIn, which specifies the distribution of data protection obligations between the controller and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. It stipulates the following:

  • LinkedIn and the responsible person have agreed that LinkedIn is responsible for enabling Data Subjects to exercise their rights under the GDPR. Data subjects can contact LinkedIn to do so online via the following link (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or reach LinkedIn via the contact details in the Privacy Policy. The Data Protection Officer at LinkedIn Ireland can be contacted via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. Data subjects may also contact the responsible person at the contact details provided by the responsible person regarding the exercise of their rights in connection with the processing of personal data in the context of page inserts. In such a case, the responsible person will forward the data subject’s request to LinkedIn.
  • LinkedIn and and the responsible person have agreed that the Irish Data Protection Commission is the lead supervisory authority monitoring the processing for Page Insights. The data subject always has the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or with any other supervisory authority.

The responsible person points out that, in accordance with the LinkedIn Privacy Policy, personal data is also processed by LinkedIn in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision of the European Commission according to Art. 45 GDPR exists or on the basis of appropriate guarantees according to Art. 46 DSGVO.

XING
Components on the website of the responsible person

The responsible party uses components of Xing on the website. Xing is a digital social network that enables its users to network with existing and new contacts. The operating company of Xing is New Work SE, Am Strandkai 1 20457 Hamburg, Germany. By each call of one of the individual pages of the website of the responsible party and on which a Xing component (Xing plug-in) has been integrated, the internet browser on the IT system of the data subject is automatically caused by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. Within the scope of this technical procedure, Xing receives knowledge of which specific sub-page of the website of the responsible party is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognizes which specific subpage of the website the data subject is visiting each time the data subject calls up the website of the responsible party and for the entire duration of the respective stay on the website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject activates one of the Xing buttons integrated on the website of the responsible party, for example the “Share” button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited the website of the responsible party if the data subject is simultaneously logged in to Xing at the time the website is called up; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing, he or she can prevent the transmission by logging out of his or her Xing account before calling up the website of the responsible party.

The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published privacy notices for the XING Share button at https://www.xing.com/app/share?op=data_protection.

Visiting the company page of the responsible person

New Work SE (Germany/EU) is the sole responsible party for the processing of personal data when visiting our XING profile. Further information about the processing of personal data by New Work SE can be found at https://privacy.xing.com/de/datenschutzerklaerung.

Instagram
Components on the website of the responsible person

The responsible person uses components of Instagram on the website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos and also to redistribute such data in other social networks. The operating company of the Instagram services is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Each time one of the individual pages of this website operated by the responsible person is called up and on which an Instagram component (Insta button) has been integrated, the internet browser on the IT system of the data subject is automatically prompted by the respective Instagram component to download a representation of the corresponding component from Instagram. Within the scope of this technical procedure, Instagram receives knowledge about which specific subpage of the website of the responsible person is visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognizes which specific subpage the data subject is visiting with each call of the website of the responsible person by the data subject and for the entire duration of the respective stay on the website of the responsible person. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject activates one of the Instagram buttons integrated on the website of the responsible person, the data and information thus transmitted are assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is simultaneously logged into Instagram at the time of calling up the website of the responsible person. This takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram, he or she can prevent the transmission by logging out of his or her Instagram account before calling up the website of the person responsible.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Visiting the company page of the responsible person

When visiting the Instagram company page of the person responsible, certain information about the data subject is processed. The sole responsible party of this processing of personal data is Facebook Ireland Ltd (Ireland/EU – hereinafter referred to as “Facebook“). Data subjects can obtain further information about the processing of personal data by Facebook at https://www.facebook.com/privacy/explanation. Facebook offers the possibility to object to certain data processing; related information and opt-out options can be found at https://www.facebook.com/settings?tab=ads.

Facebook provides the Instagram company page with statistics and insights in an anonymized form, with the help of which the responsible person obtains insights into the types of actions that people take on the Instagram company page of the responsible person (so-called “page insights”). These Page Insights are created on the basis of certain information about individuals who have visited the Company Page. This processing of personal data is carried out by Facebook and us as joint responsible parties. The processing serves the legitimate interest of the responsible person to evaluate the way the company page is used and to optimize its page based on these insights. The legal basis for the processing is Art.6 para.1 lit.f GDPR. The responsible party cannot assign the information obtained via the page insights to individual user profiles that interact with the company page of the responsible person. The responsible person has entered into a joint controller agreement with Instagram, which specifies the distribution of data protection obligations between the controller and Facebook. Details about the processing of personal data for the creation of page insights and the agreement concluded between the responsible person and Facebook are available to data subjects at https://www.facebook.com/legal/terms/information_about_page_insights_data.

With regard to these data processing operations, data subjects also have the option of asserting their data subject rights (see below) against Facebook. Further information on this can be found in Facebook’s privacy policy at  https://www.facebook.com/privacy/explanation.

The responsible person points out that, in accordance with the Facebook privacy policy, personal data is also processed by Facebook in the USA or other third countries. Facebook transfers personal data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate guarantees in accordance with Art. 46 GDPR.

Processing of data provided by data subjects to the controller via social media pages

The responsible person processes information that the data subject has provided to him via his company page on the respective social media platform. Such information may be the username used, contact details or a message to the responsible person. The responsible person regularly processes this personal data only if he has previously expressly requested the data subject to provide him with this data. This processing by the responsible person is carried out as the sole responsible party. He processes this data on the basis of his legitimate interest in contacting inquiring persons. The legal basis for the data processing is Art.6 para.1 lit.f GDPR.

In addition, the responsible person processes such communicated data for evaluation and marketing purposes, if applicable. This processing is based on Art.6 Abs.1 lit.f GDPR  and serves the interest of the responsible person to further develop its offer and to inform customers specifically about its offers. Further data processing may take place if the data subjects have consented (cf. Art.6 para.1 lit.a GDPR) or if this serves the fulfillment of a legal obligation (cf. Art.6 para.1 lit.c GDPR).

Google Analytics

Insofar as the data subject has given consent, the website of the responsible person uses Google Analytics, a web analytics service provided by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google“).
Google Analytics uses cookies that enable an analysis of the use of the website of the responsible person by the data subject. For the explanation regarding cookies, see already above. The information collected by means of the cookies about the use of the website of the responsible person by the data subject is usually transferred to a Google server in the USA and stored there.

The responsible person uses the function ‘anonymizeIP’ (so-called IP masking): Due to the activation of IP anonymization on the website of the responsible person, the IP address of the data subject will be truncated by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the browser of the data subject within the scope of Google Analytics is not merged with other data from Google.

During a visit to the website of the responsible person by the data subject, the following data, among other things, are recorded:

  • the pages called up by the data subject as well as a so-called “click path”,
  • achievement of “website goals” (conversions, e.g. newsletter registrations, downloads),
  • the user behavior of the data subject (for example, clicks, dwell time, bounce rates),
  • the approximate location of the data subject (region),
  • the IP address of the data subject (in abbreviated form),
  • technical information about the browser of the data subject and the terminal devices used by the data subject (e.g., language setting, screen resolution),
  • the internet service provider of the data subject, and
  • the referrer URL (via which website / via which advertising medium the data subject came to the website of the responsible person).

On behalf of the responsible person, Google will use this information for the purpose of evaluating the data subject’s pseudonymous use of the website and compiling reports on the activities. The reports provided by Google Analytics are used to analyze the performance of the website and the success of marketing campaigns. The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as a processor. For this purpose, the data controller has concluded an order processing agreement with Google. Google LLC, based in California, USA, and, if applicable, US authorities may access the data stored by Google. A transfer of data to the USA cannot be ruled out. The data sent by the responsible person and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached takes place automatically once a month.
In addition, the data subject may prevent the collection of data generated by the cookie and related to the use of the website (including the IP address) by Google and the processing of such data by Google by

  • not giving consent to the setting of the cookie, or
  • downloading and installing the browser add-on to deactivate Google Analytics at this link (https://policies.google.com/?hl=de).

The data subject may also prevent the storage of cookies by selecting the appropriate settings on their browser software. However, if the data subject configures his or her browser to reject all cookies, this may result in a restriction of functionalities on the website of the responsible person and other internet pages. The legal basis for this data processing is the consent of the data subject, cf. Art.6 para.1 lit.a GDPR. The data subject may revoke his or her consent at any time with effect for the future by calling up the cookie settings and changing his or her selection there.

Cookies-Einstellungen

For more information on Google Analytics terms of use and data protection at Google, please visit  https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.

Google AdWords

The responsible person has integrated Google AdWords on the website. Google AdWords is an Internet advertising service that allows advertisers to place ads both in Google’s search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google’s search engine results exclusively when the user retrieves a keyword-relevant search result using the search engine. In the Google advertising network, the ads are distributed on topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords. The operating company of the Google AdWords services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of Google AdWords is to advertise the website of the responsible person by displaying interest-relevant advertisements on the websites of third-party companies and in the search engine results of the Google search engine and to display third-party advertisements on the website of the responsible person.

If a data subject accesses the website of the responsible person via a Google ad, a so-called conversion cookie is stored on the IT system of the data subject by Google. For the meaning of “cookies”, see already above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages on the website of the responsible person have been called up. Through the conversion cookie, both the responsible person and Google can track whether a data subject who has accessed the website of the responsible party via an AdWords ad has registered or cancelled a transaction.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for the website of the responsible person. These visit statistics are in turn used by the responsible person to determine the total number of users who were referred to him via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize his AdWords ads for the future. Neither the responsible person nor other advertisers of Google AdWords receive information from Google by means of which the data subject could be identified.

By means of the conversion cookie, personal information, for example the websites visited by the data subject, is stored. Each time the website of the responsible person is visited, personal data, including the IP address of the internet connection used by the data subject, is therefore transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by the website of the responsible person, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the IT system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must click on the link www.google.de/settings/ads from any of the internet browsers used by him/her and adjust the desired settings accordingly.

For further information and the applicable privacy policy of Google please visit https://www.google.de/intl/de/policies/privacy/.

Further data processing regarding freelancers / applicants

Personal data of freelancers will only be processed by the responsible person if and insofar as this is necessary for the purpose of deciding on the establishment of a project-related cooperation or an employment relationship with the responsible person or our customers or insofar as a freelancer agrees to be included in the applicant database of the responsible person.
The provision of personal data is neither legally nor contractually required, nor are freelancers obligated to provide the responsible person with their personal data. However, the provision of personal data is required for the conclusion of a contract for employment or any other contractual relationship with the responsible person or its customers. This means that if a freelancer does not provide the above-mentioned personal data, the responsible person or its customers cannot and will not enter into an employment relationship or other contractual relationship with the freelancer.

Registration for & Application via the database

Freelancers can apply without obligation for specific project or job offers via the website of the responsible person. With the consent given by the data subject, the responsible person may include the personal data of the data subject in its applicant database in order to be able to take them into account in the context of the activities of the responsible person for the purpose of deciding on the establishment of a project-related cooperation or an employment relationship with the responsible person or its customers.

The data for the purpose of inclusion in the applicant database will only be transmitted to the responsible person if the data subject has declared by clicking on the corresponding checkbox (Opt-in) that he or she consents to the processing of his or her personal data, cf. Art.6 para.1 lit.a GDPR. Only the information required for the purpose of deciding on the specific vacancy is processed by the responsible person on the basis of Art.6 para.1 lit.b GDPR or § 26 para.1 BDSG.

The following categories of personal data are collected as part of the application or registration process:

  • company name,
  • name,
  • date of birth,
  • nationality,
  • language skills,
  • address,
  • contact data,
  • Homepage/other online-profiles,
  • Information on the desired employment relationship or project preference,
  • education, certificates and qualifications,
  • IP-address and
  • time of consent of the data subject.

The responsible person draws particular attention to the fact that, in particular, resumes, references, cover letters or other data provided by the data subject for the purpose of the interview may also regularly contain information that is to be regarded as “special categories of personal data” within the meaning of Article 9 (1) of the GDPR (e.g. photos from which an ethnic origin is identifiable, information on severely disabled status, etc.). The responsible person endeavors to evaluate all applicants solely on the basis of their qualifications and therefore requests that information which is to be classified as “special categories of personal data” not be transmitted. If data subjects nevertheless provide this type of data to the data controller, the data subject agrees that the responsible person may process this information as described herein, cf. Art.9 para.2 lit.a GDPR. Information that the data subject voluntarily provides to the responsible person, in particular information that can be classified as “special categories of personal data” within the meaning of Article 9 (1) of the GDPR, will be taken into account in a non-discriminatory manner when deciding whether to establish a project-related cooperation or an employment relationship with the responsible person or its customers.

Application via E-Mail & the special contact form for applicants

The responsible person offers the possibility via its website for interested parties to apply for a job posting or to send an unsolicited application. In this case, the responsible person stores the personal data transmitted by email. The legal basis for the processing of the personal data that data subjects transmit to the responsible person as part of their (unsolicited) application by email is Art.6 para.1 lit.f GDPR.

Insofar as interested parties submit their personal data via the special contact form for job applications integrated on the website of the responsible person, the legal basis for the processing of the personal data is the consent of the data subject pursuant to Art.5 para.1 lit.a GDPR. The data for the purpose of applying for job offers will only be transmitted to the responsible person if the data subject has declared by clicking on the corresponding checkbox (opt-in) that he or she consents to the processing of his or her personal data, cf. Art.6 para.1 lit.a GDPR. Only the information required for the purpose of deciding on the specific vacancy will be processed by the responsible person on the basis of Art.6 para.1 lit.b GDPR or § 26 para.1 BDSG.

If the (unsolicited) application by e-mail or via the special contact form leads to the establishment of an employment relationship or other contractual relationship with the responsible person or its customers, the legal basis for the processing of the personal data of the data subject is Art.6 para.1 lit.b GDPR (for the establishment of other contractual relationships) and Section 26 para. 1 BDSG (for the establishment of employment relationships). The responsible person uses the personal data of the data subject to conduct the application process, to review and process the (unsolicited) application, to decide on the establishment of an employment relationship or other contractual relationship, as well as to respond to inquiries from the data subject and to contact him. These purposes are at the same time the legitimate interests pursued by the responsible person with the data processing pursuant to Art.6 para.1 lit.f GDPR.

The responsible person draws particular attention to the fact that, in particular, resumes, references, cover letters or other data provided by the data subject for the purpose of the interview may also regularly contain information that is to be regarded as “special categories of personal data” within the meaning of Article 9 (1) of the GDPR (e.g. photos from which an ethnic origin is identifiable, information on severely disabled status, etc.). The responsible person endeavors to evaluate all applicants solely on the basis of their qualifications and therefore requests that information which is to be classified as “special categories of personal data” not be transmitted to. If data subjects nevertheless provide this type of data to the responsible person, the data subject agrees that the responsible person may process this information as described herein, cf. Art.9 para.2 lit.a GDPR. Information that the data subject voluntarily provides to the responsible person, in particular information that can be classified as “special categories of personal data” within the meaning of Article 9 (1) of the GDPR, will be taken into account in a non-discriminatory manner when deciding whether to establish a project-related cooperation or an employment relationship with the responsible person or its customers.

Application documents

The legal basis for the processing of application documents is Art.88 GDPR in conjunction with Section 26 (1) Sentence 1 BDSG, insofar as it concerns information that the resposible person requests from the data subject as part of the application procedure for the establishment of an employment relationship with the resposible person or its customers. This information includes:

  • name,
  • contact data,
  • date of birth,
  • Information on professional qualifications and school education or information on further professional training.

If the data subject voluntarily provides the resposible person with further information in his/her application documents (e.g. an application photo, details of social or voluntary commitment), the resposible person processes this on the basis of the data subject’s consent (Art. 6 para.1 lit.a GDPR).

Insofar as it concerns information that the responsible person processes from the data subject for the purpose of a project-related placement with a customer of the responsible person, without an employment relationship being established, the legal basis for the processing of the personal data is Art.6 para.1 lit.b GDPR.

The responsible person draws particular attention to the fact that, in particular, resumes, references, cover letters or other data provided by the data subject for the purpose of the interview may also regularly contain information that is to be regarded as “special categories of personal data” within the meaning of Article 9 (1) of the GDPR (e.g. photos from which an ethnic origin is identifiable, information on severely disabled status, etc.). The responsible person endeavors to evaluate all applicants solely on the basis of their qualifications and therefore requests that information which is to be classified as “special categories of personal data” not be transmitted to. If data subjects nevertheless provide this type of data to the responsible person, the data subject agrees that the responsible person may process this information as described herein, cf. Art.9 para.2 lit.a GDPR. Information that the data subject voluntarily provides to the responsible person, in particular information that can be classified as “special categories of personal data” within the meaning of Article 9 (1) of the GDPR, will be taken into account in a non-discriminatory manner when deciding whether to establish a project-related cooperation or an employment relationship with the responsible person or its customers.

Research in Social Media & Recommendations

The responsible person is a human resources and IT-service provider for the placement of freelancers. He either places freelancers in temporary project assignments or as a candidate in a direct permanent position with his customers. Therefore, the responsible person actively researches information on interesting candidates and their professional background, on previous employers or on further qualifications. External sources such as job portals (e.g. StepStone, monster.de) and professional social media networks (e.g. LinkedIn, Xing) are also used for this purpose, provided profiles have been created there. Other networks or profiles (e.g. on Facebook, Twitter, Instagram) are not viewed and/or evaluated by the responsible person as part of its searches.

Insofar as the responsible person receives contacts to qualified freelancers from their colleagues or his clients, only a minimum set of personal data is initially stored. This consists of:

  • first name and surname,
  • Email-address,
  • place of residence or zip code,
  • qualification focus and skills.

This processing is based on Art. 6 para.1 lit.f GDPR. The legitimate interest of the responsible person in the processing is to offer him and his customers, but also the data subjects personally, the best possible career prospects.

The responsible person shall inform the data subject without undue delay about the storage of the minimum set of data and at the same time request the data subject’s consent to further process his/her personal data for the purposes stated herein, in particular for the purpose of referral to job offers from customers, cf. Art. 6 para.1 lit.a GDPR. If the data subject gives this consent, the data of the data subject will be further processed as described in this Privacy Policy.

Matching

There is no automated decision in individual cases within the meaning of Art.22 GDPR, i.e. the responsible person will evaluate all applications and information personally and decisions will not be based on automated processing. tions personally and decisions are not based on automated processing.

Staff selection interviews

Within the framework of personnel selection interviews, the responsible person invites those persons who appear to be best suited for the position to be filled on the basis of their application documents. In these interviews, the responsible person would like to get to know the person and his/her qualifications better. The legal basis for the information thus provided in addition to the application documents is Article 88 GDPR in conjunction with Section 26 (1) sentence 1 BDSG (for the establishment of employment relationships) or Article 6 (1) lit. b GDPR (for the establishment of other contractual relationships), insofar as the information involves more specific details and explanations of the professional career of the data subject. If the responsible person also requests information from the data subject (e.g. soft skills, expectations and ideas regarding a possible job), this information is processed on the basis of Art. 6 Para. 1 lit. f GDPR. The legitimate interest of the responsible person is to be able to assess potential future employees or business partners well before a decision is made on the establishment of a contractual relationship and to be able to ideally fill an advertised position or to offer customers the best possible candidates to fill a position.

Establishment of an employment relationship

If an employment relationship or other contractual relationship arises between the responsible person or one of its customers and a data subject, personal data may be further processed for the purposes of the employment relationship or other contractual relationship in accordance with Section 26 (1) sentence 1 BDSG (for the establishment of employment relationships) or Art. 6 (1) lit. lit.b GDPR (for the establishment of other contractual relationships), the personal data already received from the data subject may be further processed for the purposes of the employment relationship or other contractual relationship if this is necessary for the implementation or termination of the employment relationship or other contractual relationship or for the exercise or fulfillment of rights and obligations arising from a law or a collective agreement.

Defense in legal disputes

Furthermore, the responsible person may process personal data about the data subject insofar as this is necessary to defend asserted legal claims arising from the application process against the responsible person or its customers. The legal basis for this is Art. 6 para.1 lit.f GDPR. The legitimate interest of the responsible person results, for example, from a potential obligation to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Recipients of personal date

Personal data will not be transferred to third parties for purposes other than those listed below. The responsible person will only disclose personal data collected as part of the application process to third parties if:

  • the data subject has given his or her express consent to this, cf. Art.6 para.1 lit.a GDPR and/or § 26 para.2 BDSG and/or Art. 9 para.2 lit.a GDPR;
  • this is necessary for the assertion, exercise or defense of legal claims (cf. Art. 6 para.1 lit.f GDPR) and there is no reason to assume that the data subject, for its part, has an overriding legitimate interest in the non-disclosure of their data;
  • .

  • there is a legal obligation to do so, cf. Art. 6 para.1 lit.c GDPR and/or Art.9 para.2 lit.b GDPR;
  • this is legally permissible and required under Art. 6 para.1 lit.b GDPR and / or § 26 para.1 p.1 BDSG for the establishment or execution of contractual relationships with the data subject.
  • .

Personal data of the data subject will be forwarded by the responsible person in particular to its customers if and to the extent that the profile of the data subject is of interest for a project-related position to be filled by the customer or a permanent appointment in an employment relationship. The responsible person initially only makes anonymized profiles available to its customers. Personal data is only made available at a later stage of the decision-making process. However, if customers request the transfer of personal candidate profiles from the outset, the responsible person will ask for the data subject’s consent before transferring the data. Only after consent has been granted, will the personal data be sent to the customer in question.

Furthermore, personal data of the data subject will be forwarded to technical service providers on the basis of Art. 28 DSGVO, who will use the data exclusively on our behalf and in no case for their own business purposes. These are our IT service providers.

Transfers of personal data to third countries outside the European Union or the European Economic Area are not provided for. As a precaution, we would like to point out once again the possibility of a potential transfer of data by Google (see above under Google Analytics).

Duration of the storage of applicant data

The personal data will be deleted as soon as the purpose of storage ceases to apply.

The responsible person stores the personal data of the data subject for as long as this is necessary for the decision on the application. Insofar as an employment relationship does not come about, data about may be stored further insofar as this is necessary for the defense against possible legal claims. In this case, the application documents are deleted six months after notification of the rejection decision, unless longer storage is necessary due to legal disputes, cf. Art.17 para.3 lit.e GDPR.

Except in the aforementioned cases, the responsible person will only store applications beyond this period if the data subject has expressly consented to this. In these cases, the responsible person stores the application in its applicant database in order to be able to take it into account for further job advertisements under certain circumstances (Art. 6 para.1 lit.a GDPR). However, the responsible person will delete the data from the database no later than two years after the last contact relevant for the purposes of deciding whether to establish a project-related cooperation or employment relationship with the responsible person or its customers.

Data that a data subject has stored himself/herself as a registered user in the responsible person’s applicant database will remain stored there until the data subject deletes this data or unsubscribes from using the applicant database.

Data researched from external sources will be deleted by the responsible person after one month, unless a separate consent to permanent processing has been given by the data subject.

Longer storage periods may also result from statutory retention periods, if these are prescribed by the European or national legislator in regulations, laws or other provisions, see Art.17 para.1 lit.e GDPR.

Further data processing regarding companies

The responsible person collects company data for the purposes of the

    • customer service, in particular contacting information as well as planning and controlling
      of projects;
    • fulfillment of contracts;
    • invoicing of services used;
    • transmission of information on opportunities for cooperation with the responsible person and industry-specific information;

.

In this context, the following categories of personal data are processed:

    • name and title,
    • address data,
    • contact data,
    • profession, industry or business name,
    • the history of the business relationship and correspondence,
    • contract documents and

.

  • comparable data.

These data are collected directly from the data subject or they are obtained from publicly available sources, the publication purpose of which is compatible with the above processing.

The personal data of the data subject are processed by the responsible person and its processors within the meaning of Art.28 GDPR. Processors include, in particular, providers of IT services.

The data of the data subject will only be stored for as long as is necessary to achieve the purpose of their processing. Deviating from this, longer data storage may take place if this is necessary to comply with legal or contractual obligations.

The legal basis for data processing with regard to customer support is Art.6 para.1 lit.f GDPR, whereby the legitimate interest of the responsible party stems from the interest of customer-specific and best possible customer support. With regard to contract fulfillment and billing of services, the legal basis for data processing is Art.6 para.1 lit.b GDPR. The transmission of information is exclusively based on the consent of the data subject pursuant to Art.6 para.1 lit.a GDPR.

Automated decisions in individual cases including profiling

There is no automated decision in individual cases within the meaning of Art.22 GDPR, i.e. the responsible person will evaluate all applications and information personally and decisions are not based on automated processing.

Rights of data subjects

Data subjects have the following rights:

Right of access, Art.15 GDPR

.
The data subject has the right to obtain confirmation from the responsible person as to whether personal data concerning him or her are being processed; if this is the case, he or she has a right of access to such personal data and to the following information:

  • the purposes of processing;
  • the categories of personal data that are processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organizations;
  • .

  • if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
  • the existence of a right to obtain the rectification or erasure of personal data concerning them, or to obtain the restriction of processing by the responsible person, or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • .

  • if the personal data are not collected from the data subject, any available information on the origin of the data;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject;
  • .

The data subject may also request information on whether his or her personal data are transferred to a third country or to an international organization, as well as on appropriate safeguards within the meaning of Art.46 of the GDPR.

Right of rectification, Art.16 GDPR

.
The data subject has the right to obtain from the responsible person the rectification without delay of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration.

Right to erasure, Art.17 GDPR

.
You may request the responsible person to erase the personal data concerning you without undue delay, and the responsible person is obliged to erase such data without undue delay, if one of the following reasons applies:

  1. The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. .

  3. You withdraw your consent on which the processing was based pursuant to Art. 6 (1) a or Art. 9 (2) a GDPR and there is no other legal basis for the processing.
  4. .

  5. You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
  6. The personal data concerning you have been processed unlawfully.
  7. .

  8. The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the responsible person is subject.
  9. .

  10. The personal data concerning you has been collected in relation to information society services offered pursuant to Article 8(1) of the GDPR.

If the responsible person has made the personal data concerning you public and is obliged to erase it pursuant to Article 17(1) of the GDPR, it shall take reasonable steps, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested that they erase all links to or copies or replications of such personal data.

The right to erasure does not exist according to Art.17 Abs.3 GDPR, as far as the processing is necessary

  1. to exercise the right to freedom of expression and information;
  2. .

  3. for compliance with a legal obligation which requires processing under Union or Member State law to which the responsible person is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person;
  4. .

  5. for reasons of public interest in the field of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  6. .

  7. for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, insofar as the right referred to in Section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
  8. .

  9. for the assertion, exercise or defense of legal claims.
Right to restriction of processing, Art.18 GDPR

.
The data subject may, pursuant to Art.18 GDPR, request the restriction of the processing of his or her personal data to the extent .

  • the accuracy of the data is contested by the data subject,
  • .

  • the processing is unlawful and the data subject objects to the erasure and instead the restriction of the use of the personal data is requested by the data subject,
  • the responsible person no longer needs the personal data for the purposes of processing, but the data subject needs them for the assertion, exercise or defense of legal claims,
  • .

  • opposition to processing pursuant to Art.21 GDPR has been lodged by the data subject and it is not yet determined whether the legitimate interests of the responsible person or the interests of the data subject override.
  • .

In the event of a restriction of the processing of the personal data of the data subject, such data shall continue to be stored. Any other processing will only take place,

  • with the consent of the data subject , or
  • .

  • for the assertion, exercise or defense of legal claims, or
  • .

  • to protect the rights of another natural or legal person, or
  • .

  • when there is an important public interest of the European Union or a Member State.
  • .

Where a restriction on processing has been limited on the basis of one of the grounds listed, the responsible person will inform the data subject before limiting the restriction.

Duty of notification of the responsible person, Art.19 GDPR

.
The responsible person shall notify all recipients to whom personal data have been disclosed of any rectification or erasure of the personal data or restriction of processing pursuant to Art.16 GDPR, Art.17(1) GDPR and Art.18 GDPR, unless this proves impossible or involves a disproportionate effort.

At the request of the data subject, the responsible person is obliged to inform the data subject about these recipients.

Right to data portability, Art.20 GDPR

.
The data subject has the right to receive the personal data concerning him or her that he or she has provided to the responsible person in a structured, commonly used and machine-readable format and he or she has the right to transmit this data to another controller without hindrance from the responsible person to whom the personal data has been provided, provided that

  1. the processing is based on consent pursuant to Art.6 para.1 lit.a GDPR or Art.9 para.2 lit.a GDPR or on a contract pursuant to Art.6 para.1 lit.b GDPR and
  2. .

  3. the processing is carried out with the help of automated procedures.

In exercising this right, the data subject also has the right to obtain that the personal data be transferred directly from one responsible person to another responsible person, where this is technically feasible.

The right to data portability shall not affect the rights and freedoms of other persons. The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person.

Right of objection, Art.21 GDPR

.

The data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out on the basis of Art.6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The responsible person shall no longer process the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

.

If personal data are processed for the purposes of direct marketing, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing; this also applies to profiling insofar as it is related to such direct marketing.

.

If the data subject objects to the processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

.

Notwithstanding Directive 2002/58/EC, in the context of the use of information society services, the data subject may exercise his or her right to object by means of automated procedures using technical specifications.

.

The data subject shall have the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her which is carried out for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

.

Right to revoke a declaration of consent under data protection law

.
The data subject has the right to revoke a declaration of consent under data protection law made to the responsible person at any time, cf. Art. 7 para.3 GDPR. The revocation has the consequence that the responsible person may no longer continue the data processing carried out on the basis of the consent in the future. The lawfulness of the processing carried out on the basis of consent up to the time of revocation remains unaffected.

Right to lodge a complaint with a supervisory authority

.
Notwithstanding any other administrative or judicial remedy, the data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her residence, place of work or the place of the alleged infringement, if he or she considers that the processing of personal data relating to him or her infringes the GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.

[Status: 01.08.2021]

Sign in

Sign Up

Forgotten Password


Subscribe to the newsletter

Data Privacy*
 

I have read the Privacy Policy and agree to the data processing.