1. DATA PROTECTION OVERVIEW
DATA COLLECTION ON OUR WEBSITE
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. His contact details can be found in the imprint of this website.
How do we collect your data?
On the one hand, your data is collected when you voluntarily provide us with it. This may, for example, be data that you provide to us in the context of an application.
On the other hand, data is automatically collected by our IT systems when you visit this website. These are mainly technical data, e.g. Internet browser, type and version of operating system, time of access and IP address.
What do we use your data for?
Part of the data is collected in order to ensure the error-free provision of the website and the security of our website.
Another part of the data can be used to analyse your usage behaviour and for statistical evaluation of your interests.
What rights do you have in connection with your data?
You have the right to receive information free of charge at any time about the purpose, the categories of personal data processed, the recipient, the duration of storage and the origin of the data. You also have the right to demand the correction, deletion or restriction of the processing. For this, as well as for further questions regarding data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have the right to complain to the responsible supervisory authority.
2. GENERAL INFORMATION AND COMPULSORY INFORMATION
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
NOTES ON THE RESPONSIBLE AUTHORITY
The responsible authority is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
The person responsible for data processing on this website is
Berylls Strategy Advisors GmbH,
Maximilianstrasse 34, 80539 Munich, Germany,
Commercial Register Number: HRB Munich 190977
Phone: +49 89 710410 40 0
DATA PROTECTION OFFICER
You can reach our data protection officer at the above address:
Dr. Stefan Simon
Spitzweg Partnerschaft mbB
Putzbrunner Strasse 71
Phone: +49 89 6780060
REVOCATION OF CONSENT TO DATA PROCESSING
Many data processing operations are only possible with your explicit consent. You can revoke any consent already given at any time. For this purpose, an informal notification by e-mail to us is sufficient. Your revocation does not affect the lawfulness of the processing that has taken place on the basis of the consent until the revocation.
RIGHT OF COMPLAINT TO THE COMPETENT SUPERVISORY AUTHORITY
If you believe that the processing of your personal data concerning you is in breach of data protection regulations, you have the right to complain to the competent supervisory authority.
As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our office (State Commissioner for Data Protection and Freedom of Information in Bavaria). A list of the state data protection commissioners and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
RIGHT TO DATA PORTABILITY
You also have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a structured, common and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only take place to the extent that this is technically feasible.
SSL OR TLS ENCRYPTION
In compliance with the data protection regulations under Art. 32 GDPR, this site uses the following data for security reasons and to protect the transmission of confidential information, such as requests that you send to us acting as the site operator. You can recognize an encrypted connection on the one hand by the fact that the address line of the browser changes from “http://” to “https://” and on the other hand by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
ANALYSIS TOOLS AND THIRD PARTY TOOLS
TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
If we transfer data to third countries, i.e. countries outside the European Union, the transfer will only take place in compliance with the legal requirements.
If the transfer of the data to a third country does not serve to fulfil our contract with you, if we do not have your consent, if the transfer is not necessary for the assertion, exercise or defence of legal claims and if no other exception according to Art. 49 GDPR applies, we will only transfer your data to a third country if an adequacy decision according to Art. 45 GDPR or suitable guarantees according to Art. 46 GDPR are available.
One of these adequacy decisions is the Commission Decision (EU) 2016/1250 of July 12th, 2016 on the implementation of the so-called “EU-US Privacy Shield” for the USA. For transmissions to companies certified under the EU-US Privacy Shield, the level of data protection is generally considered adequate within the meaning of Art. 45 GDPR.
INFORMATION, CORRECTION, DELETION, RESTRICTION, OBJECTION
You have the right to obtain, at any time and free of charge, information on your personal data processed and stored by us, the purposes of the data processing, the categories of personal data processed, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof. You can contact us at any time at the address given in the imprint for this purpose and for further questions on data protection.
OBJECTION AGAINST ADVERTISING MAILS
The use of the contact data published in the imprint for the transmission of not explicitly requested advertising and information material is hereby objected to. In case of unsolicited sending of advertising information, such as spam e-mails, the operator of the site reserves the right to take legal action.
3. DATA COLLECTION ON OUR WEBSITE IN DETAIL
Our website partly uses so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and saved by your browser.
On the one hand we use so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them yourself. These cookies enable us to recognize your browser the next time you visit us. You can set your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies the functionality of this website may be limited.
Cookies that are required for the electronic communication process, are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of his services. Insofar as other cookies (e.g. cookies for the analysis of your surfing behaviour) are stored, these are integrated separately in this data protection declaration.
SERVER LOG FILES
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically sends to us when you visit the website. These are:
• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Date and time of the server request
• IP address
These files are not merged with other data sources.
The basis for data processing is Art. 6 Para. 1 lit. b, f GDPR, which permits the processing of data for the fulfilment of a contract or a pre-contractual measure, as well as for the protection of legitimate interests. The legitimate interest here lies in the technically faultless and optimised provision of our services for you.
ENQUIRIES BY E-MAIL, TELEPHONE, FAX
If you contact us directly by e-mail, telephone or fax, your inquiry including all personal data (name, contact data, inquiry itself) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing is based on the basis of Art. 6 Paragraph 1 lit. b GDPR in so far as your enquiry is connected with the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent pursuant to Art. 6 Paragraph 1 lit. a GDPR and/or on our legitimate interest pursuant to Art. 6 Paragraph 1 lit. f. GDPR, as we have a legitimate interest in the effective processing of the inquiries addressed to us. You can revoke this consent at any time. An informal notification by e-mail to us is sufficient for this purpose. Your revocation does not affect the lawfulness of the processing that has taken place on the basis of the consent until the revocation.
The data you have sent us by contact request will remain with us until you request us to delete it, revoke your consent to store it or for the purpose for which it was stored ceases to apply, e.g. due to the completed processing of your request. Mandatory legal provisions – in particular retention periods – remain unaffected.
REGISTRATION FOR DOWNLOADS
On our website we provide publications for you to download free of charge. If you want to use this service, registration is sometimes required. This requires the entry of certain personal data (e-mail address, company, industry) in the respective registration form. We use this data for the purpose of providing the requested services and to be able to make you further interesting offers based in your order history.
The legal basis for the processing is your consent (Art. 6 para. 1 lit. a DSGVO, as well as the protection of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The processing of your personal data is necessary in ordert o draw your attention to potentialley interesting products and thus to tailor our offers to you in the best possible way.
If you wish to delete the data provided during registration, you can contact us informally at any time by e-mail. We will then delete your data immediately or store it only to the extent that legal, statutory or contractual retention periods exist or further storage is necessary for the assertion, exercise or defense of legal claims.
You can revoke your consent at any time. For this purpose, an informal notification by e-mail to us is sufficient. Your revocation does not affect the lawfulness of the processing that has taken place on the basis of your consent until revocation.
If you apply to us via our website or send us applications in electronic form, we will store the data you provide (e.g. e-mail address, name, address, telephone number). In the case of an application via our website, we require the entry of certain personal data which is necessary for the application process (first and last name, address, e-mail address, telephone number, if applicable how you became aware of us). In addition, you have the possibility to upload meaningful documents which may contain further personal data (e.g. date of birth).
Your application documents will only be made available to authorized employees who are directly involved in the application process.
The purpose of the data processing is the necessary decision on the establishment of an employment relationship (Art. 88 paragraph 1 GDPR in conjunction with § 26 BDSG).
Your data will be stored by us until the application procedure is completed. If your application is rejected, your application documents will be stored with us for a further 6 months due to the possibility of legal action in accordance with the General Equal Treatment Act (§ 15 Paragraph 4 AGG) and then deleted or anonymised. In the event of anonymisation, the data is then only available to us as so-called metadata without direct personal reference for statistical analysis (e.g. proportion of women or men, number of applications in a specific period of time, etc.).
In addition, your consent allows us to add you to our “talent pool” in order to find any other interesting positions for you. This also applies to the application for a training or internship position.
If an employment relationship with us arises following your application, we will store the personal data collected during the application process at least for the duration of the employment relationship.
The data transmitted in the context of your application will be transferred using TLS encryption and stored in a database. This database is operated by Personio GmbH, which offers personnel administration and applicant management software. In this context Personio GmbH is our contract processor according to Art. 28 GDPR. The basis for the processing is a contract between us as the responsible authority and Personio GmbH, which acts on our behalf.
For more information about this third-party provider, please visit the following address: (https://www.personio.de/impressum/).
4. ANALYSIS TOOLS AND ADVERTISING
This website uses functions of the web analysis service Google Analytics. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. With Google Analytics, we collect information on user behaviour to improve the user-friendliness of the website.
The recipient of the data thus collected is Google. The personal data is transferred to the USA under the EU-US Privacy Shield on the basis of the appropriateness decisions of the European Commission (Art. 45 GDPR).
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
OBJECTION TO DATA COLLECTION
You can revoke your consent to the storage of cookies and prevent their storage by adjusting your browser software accordingly.
An opt-out cookie is set to prevent the collection of your data during future visits to this website. Opt-out cookies prevent the future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across multiple devices, you must opt-out on all systems in use.
To do this, you need to download and install the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
DEMOGRAPHIC CHARACTERISTICS AT GOOGLE ANALYTICS
This website uses the “Demographic Features” function of Google Analytics. This enables us to generate reports that contain information about the age, gender and interests of the site visitors. This data is derived from interest-based advertising by Google as well as from visitor data from third parties. This data cannot be assigned to a specific person. You can disable this feature at any time in the ad settings in your Google Account or generally prohibit Google Analytics from collecting your information as described in the “Opting out of data collection” section.
We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
This site uses the map service “Google Maps” to display interactive maps and to create directions. Google Maps is a map service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using Google Maps, information about the use of this website, including your IP address and the (start) address entered in the route planner function, can be transmitted to Google in the USA and stored there. Therefore, we have no influence on the extent of the data collected by Google in this way. In any case, data is collected from you among other things:
• Date and time of your visit to the respective website,
• Internet address or URL of the website called up,
• IP address, (start) address entering during route planning.
For the purpose and scope of data collection and the further processing and use of data by Google, as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of Google: https://policies.google.com/privacy?hl=de
The legal basis for the use of Google Analytics is your consent according to Art. 6 paragraph 1 lit. a GDPR.
We use the “Facebook pixel” of the provider Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, and Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. With the help of the Facebook pixel, Facebook is on the one hand able to determine you as a visitor to our online offer as a target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use the Facebook Pixel in order to display the Facebook Ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics that we transmit to Facebook (so-called “Custom Audiences”). Such characteristics are, for example, your interests in certain topics or products, which are determined by the websites visited. With the help of the Facebook pixel, we can further track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users have been redirected to our website after clicking on a Facebook advertisement (so-called “conversion tracking”).
The legal basis for the use of the service is their consent in accordance with Art. 6 paragraph. 1 lit. a GDPR. The recipient of the data collected is Facebook.
Further information on data protection at Facebook can be found in the Facebook data use policy: https://www.facebook.com/about/privacy/. You can opt-out of Facebook’s collection of your information by using the following link: https://www.facebook.com/settings?tab=ads
We use the so-called “Retargeting Tool” from LinkedIn as well as the “Conversion Tracking” from LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland. For this purpose, our website incorporates the LinkedIn Insight Tag, which enables LinkedIn to collect statistical, pseudonymous information about your visit and use of our website and to provide us with statistics based on this information. Among other things, the LinkedIn user ID (cookie ID), IP address, browser type, etc. are recorded.
This information is also used to display interest-specific and relevant offers and recommendations to you after you have informed yourself about certain services, information and offers on the website. The relevant information is stored in a cookie.
The legal basis for the use of the service is your consent in accordance with Art. 6 paragraph 1 lit. a GDPR. The recipient of the data collected is LinkedIn.
Our website uses plugins from the Google operated site YouTube. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Breno, CA 94066, USA.
When you visit one of our sites equipped with a YouTube plugin, a connection to the servers of YouTube is established. This tells the YouTube server which of our pages you have visited. If you have a YouTube account and are logged in to it, you allow YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used in the interest of an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 Paragraph 1 lit. f GDPR.
Further information on the handling of user data can be found in the YouTube privacy at: https://www.google.de/intl/de/policies/privacy.
You can object to the collection of your data by Google by giving an opt-out on the following link: https://adssettings.google.com/authenticated
5. PLUGINS AND TOOLS
Further information on data protection at Google can be found here: https://policies.google.com/technologies/ads?hl=de
You may object to the collection of your data by Google here: https://adssettings.google.com/authenticated
GOOGLE TAG MANAGER
Among other things, this website uses the “Google Tag Manager” service. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This service is used to collect data on our website which is then sent to the relevant analysis tool. No data is collected or stored in the process. The Google Tag Manager itself does not process any personal data but is only used to manage other services – e.g. Google Analytics.
Further information about the Google Tag Manager can be found at: https://www.google.com/intl/de/tagmanager/use-policy.html
To receive the newsletter we offer, you can register using our application form. Thereby we use the so-called “Double-Opt-In” procedure: The specified recipient will first receive a confirmation e-mail to his specified e-mail address with the request for confirmation. The registration only becomes effective when you click on the activation link contained in the confirmation mail. We use your data transmitted to us exclusively for sending the newsletter, which may contain information or offers.
The legal basis for this processing is your consent according to Art. 6 paragraph 1 lit. a GDPR. Your data will be stored for the duration of the newsletter subscription.
Your data will be transmitted to the third party provider Rapidmail GmbH, Augustinerplatz 2, in 79098 Freiburg. Rapidmail GmbH is prohibited from using your data for any other purpose other than for sending the newsletter. Rapidmail GmbH is also not permitted to pass on or sell your data. Rapidmail is a German, certified newsletter software provider, which has been carefully selected according to the requirements of the GDPR. You can revoke your consent to the storage of your data and its use for sending the newsletter at any time via the unsubscribe link in the newsletter.