Privacy Policy

 

With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter also briefly referred to as "data") that we process, for what purposes and to what extent. The privacy notices apply to all processing of personal data carried out by us, both in the context of providing our services and in particular on our websites, in mobile applications and within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering"). We provide our applicants with additional separate privacy notices.

The terms used are not gender-specific.

CONTENT

  • Introduction
  • Controller
  • Contact data protection team and data protection officer
  • Overview of processing
  • Relevant legal bases
  • Security measures
  • Transfer of personal data
  • Data processing in third countries
  • Deletion of data
  • Use of cookies
  • Business services
  • Provision of the online offering and web hosting
  • Blogs and publication media
  • Contact and inquiry management
  • Communication via messenger
  • Chatbots and chat functions
  • Video conferences, online meetings, webinars and screen sharing
  • Audio content (e.g. podcasts)
  • Cloud services
  • Newsletter and electronic notifications
  • Promotional communication via email, post, fax or telephone
  • Surveys and questionnaires
  • Web analysis, monitoring and optimization
  • Online marketing
  • Presences in social networks (social media)
  • Plugins and embedded functions and content
  • Management, organization and auxiliary tools
  • Amendment and updating of the privacy notices
  • Rights of data subjects
  • Definitions

 

CONTROLLER

OPITZ CONSULTING Deutschland GmbH
Kirchstraße 6
51647 Gummersbach (Nochen)

Authorized representatives: Dr. Sarah Opitz, Tom Gansor

Email address: info@opitz-consulting.com
Telephone: +49 2261 6001-0

 

CONTACT DATA PROTECTION TEAM AND DATA PROTECTION OFFICER

Data protection team:

OPITZ CONSULTING Deutschland GmbH
Data Protection Team  
Kirchstraße 6
51647 Gummersbach
Tel: 02261/6001-0
Email address: datenschutz@opitz-consulting.com

Data protection officer:

OPITZ CONSULTING Deutschland GmbH
Data Protection Officer
Kirchstraße 6
51647 Gummersbach
Email address: datenschutzbeauftragter@opitz-consulting.com
Telephone: 02261/6001-0

 

OVERVIEW OF PROCESSING

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed:

  • Master data.
  • Payment data.
  • Contact data.
  • Content data.
  • Contract data.
  • Usage data.
  • Meta/communication data.
  • Applicant data.
  • Event data (Facebook).

 

Categories of data subjects:

  • Customers.
  • Employees.
  • Prospective customers.
  • Communication partners.
  • Users.
  • Applicants.
  • Business and contractual partners.
  • Participants.

 

Purposes of processing:

  • Provision of contractual services and customer service.
  • Contact inquiries and communication.
  • Security measures.
  • Direct marketing.
  • Reach measurement.
  • Tracking.
  • Office and organizational procedures.
  • Conversion measurement.
  • Click tracking.
  • Target group formation.
  • A/B tests.
  • Management and response to inquiries.
  • Application procedures.
  • Feedback.
  • Heatmaps.
  • Surveys and questionnaires.
  • Marketing.
  • Profiles with user-related information.
  • Target group formation.
  • Provision of our online offering and user-friendliness.
  • Establishment and execution of employment relationships.
  • Information technology infrastructure.

 

RELEVANT LEGAL BASES

Below you will find an overview of the legal bases of the GDPR on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our country of residence or establishment. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of these in the privacy notices.

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR)

The data subject has given consent to the processing of personal data concerning them for one or more specific purposes.

Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR)

The processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.

Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR)

 The processing is necessary for compliance with a legal obligation to which the controller is subject.

Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR)

The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). The BDSG contains, in particular, special provisions on the right of access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for purposes of the employment relationship (§ 26 BDSG), in particular with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, state data protection laws of the individual federal states may apply.

 

SECURITY MEASURES

We take appropriate technical and organizational measures in accordance with legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.

These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input, disclosure, safeguarding of availability and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data and responses to data breaches. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default.

IP address truncation

If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is truncated (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a dot are removed or replaced by placeholders. The truncation of the IP address is intended to prevent or significantly hinder the identification of a person based on their IP address.

SSL encryption (https)

To protect your data transmitted via our online offering, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser’s address bar.

Chatbot

Hello, how can I help you?