This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as „data“) within our online offering and the websites, functions and content associated with it as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as the „Online Offering“). With regard to the terms used, such as „personal data“ or their „processing“, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Person in charge:

Name/Company: SKC Beratungsgesellschaft mbH

Street No.: Pelikanplatz 21

Postcode, City, Country: 30177 Hannover, Germany

Commercial Register/No.: Hanover District Court HRB 206524

Managing Director: Dipl.-Kauffrau Heike Kielhorn-Schönermark, Univ.-Prof. Dr. med. Matthias P. Schönermark

Phone number: +49 511 64 68 14 – 0

E-mail address: kontakt@skc-beratung.de

Data protection supervisor:

Name: Andreas Welllmann

E-mail address: wellmann@skc-beratung.de

Types of data processed:

• Inventory data
• Contact details
• Applicant data
• Content Data
• Usage
• Meta/communication data

Processing of special categories of data (Art. 9 para. 1 GDPR):

• As a matter of principle, no special categories of data are processed, unless they are processed by the users, e.g. in online forms or when sending them directly by e-mail.

Categories of data subjects:

Clients / Prospects / Suppliers.

• Applicant
• Visitors and users of the online offer.

In the following, we also refer to the data subjects collectively as „Users“.

Purpose of processing:

• Provision of the online offer, its contents and functions.
• Responding to contact requests and communicating with users.
• Acquisition of new employees/submission of application documents
• Marketing, advertising and market research.

Last update: 01.02.2019

1. Relevant legal bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing for the performance of our services and the implementation of contractual measures as well as answering inquiries is Art. 6 (1) (b) GDPR, the legal basis for processing to comply with our legal obligations is Art. 6 (1) (c) GDPR,  and the legal basis for processing for the purposes of our legitimate interests is Art. 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.

2. Changes and updates to the Privacy Policy

We ask you to regularly inform yourself about the content of our privacy policy. We will amend the Privacy Policy as soon as the changes to the data processing we carry out make it necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or another individual notification.

3. Security Measures

1.    In accordance with Art. 32 GDPR, we take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons. The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transfer, availability and segregation. In addition, we have put in place procedures to ensure that data subject rights are exercised, that data is deleted and that data is compromised. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

2.    Security measures include, in particular, the encrypted transmission of data between your browser and our server.

4. Cooperation with processors and third parties

1.    If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is necessary for the fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR),  You have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

2.    If we commission third parties to process data on the basis of a so-called „order processing agreement“, this is done on the basis of Art. 28 GDPR.

5. Transfers to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is necessary to fulfil our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection equivalent to that of the EU (e.g. for the USA through the „Data Privacy Framework“) or compliance with officially recognised special contractual obligations (so-called „standard contractual clauses“).

6. Rights of data subjects

1.    You have the right to request confirmation as to whether the data in question is being processed and to request access to this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

2.    You have accordingly. Art. 16 GDPR gives you the right to request the completion of the data concerning you or the correction of the inaccurate data concerning you.

3.    In accordance with Art. 17 GDPR, you have the right to demand that the data in question be erased without undue delay or, alternatively, to demand a restriction of the processing of the data in accordance with Art. 18 GDPR.

4.    You have the right to request that the data concerning you, which you have provided to us, be received in accordance with Art. 20 GDPR and to request that it be transmitted to other controllers.

5.    In accordance with Art. 77 GDPR, you also have the right to lodge a complaint with the competent supervisory authority.

7. Right of revocation

You have the right to revoke your consent in accordance with Art. 7 (3) GDPR with effect for the future.

8. Right to object

You can object to the future processing of your data at any time in accordance with Art. 21 GDPR. In particular, the objection may be made to the processing for direct marketing purposes.

9. Cookies and right to object to direct marketing

We use temporary and permanent cookies, i.e. small files that are stored on users‘ devices (for an explanation of the term and function, see the last section of this Privacy Policy). In some cases, the cookies are used for security purposes or are necessary for the operation of our online offer (e.g., for the presentation of the website) or to store the user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, which users will be informed about in the course of the privacy policy.

A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU side http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by disabling them in the settings of the browser. Please note that it may not be possible to use all the functions of this online offer.

10. Deletion of data

1.    The data processed by us will be deleted or restricted in its processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. Unless the data is erased because it is necessary for other purposes permitted by law, its processing will be restricted. This means that the data will be blocked and will not be processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

2.    In accordance with legal requirements, storage is carried out in particular for 6 years in accordance with Section 257 (1) of the German Commercial Code (HGB) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with Section 147 (1) of the German Fiscal Code (books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation, etc.).

11. Contact and applications

1.    When contacting us (via contact form or e-mail), the user’s details will be processed for the purpose of processing the contact request and its processing in accordance with Art. 6 (1) (b) GDPR.

2.    The information provided by users may be stored in our Customer Relationship Management System („CRM System“) or comparable enquiry organisation.

3.    We delete the requests if they are no longer necessary. We review the necessity every two years; In the case of the statutory archiving obligations, the deletion takes place after their expiry (end of the retention period under commercial law (6 years) and tax law (10 years)).

4.    Applications are stored centrally on our file server. Only the management and the person responsible for the specific position to be filled have access there. The data will be deleted from the server and from the local recipient mailbox of the e-mail program after the end of the probationary period of the occupied position.

12. Collection of access data and log files

1.    On the basis of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider

2.    For security reasons (e.g. to investigate acts of abuse or fraud), log file information is stored for the duration of the last full calendar year and then anonymized. Data whose further retention is necessary for evidentiary purposes are excluded from deletion until the respective incident has been finally clarified.

13. Online presence on social media

1.    We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users who are active there and to inform them about our services.

2.    We would like to point out that user data may be processed outside the area of the European Union. This may result in risks for users, e.g. because it could make it more difficult to enforce users‘ rights. With regard to U.S. providers who are certified under the Privacy Shield, we would like to point out that they are thereby committing themselves to comply with the data protection standards of the EU.

3.    Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from the user’s usage behavior and resulting interests. In turn, the user profiles can be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on users‘ computers, in which the user’s usage behaviour and interests are stored. Furthermore, data may also be stored in the usage profiles, regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

4.    The processing of users‘ personal data is carried out on the basis of our legitimate interests in effectively informing users and communicating with users in accordance with Art. 6 (1) (f) GDPR. If users are asked by the respective providers for consent to data processing (i.e. declare their consent, e.g. by ticking a checkbox or confirming a button), the legal basis for the processing is Art. 6 (1) (a), Art. 7 GDPR.

5.    For a detailed description of the respective processing and the options for objection (opt-out), we refer to the information provided by the providers linked below.

6.    Also in the case of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted with the providers. Only the providers have access to the user’s data and can directly take appropriate measures and provide information. If you still need help, you can contact us.

7.    – Facebook (Facebook Ireland Ltd., 4 Grand Canal  Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
– Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.-  Instagram  (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy Policy/   Opt-Out: http://instagram.com/about/legal/privacy/.
– Twitter  (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)  – Privacy Policy: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
– LinkedIn  (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy ,  Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.  

14. Cookies & Reach Measurement

1.    Cookies are pieces of information that are transmitted from our web server or third-party web servers to users‘ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.

2.    We use „session cookies“, which are only stored for the duration of the current visit to our website (this is necessary to ensure the secure storage of variables during use). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. In addition, a cookie contains information about its origin and storage period. These cookies cannot store any other data. Session cookies are deleted when you have stopped using our online offer and, for example, log out or close your browser.

3.    Users are informed about the use of cookies in the context of pseudonymous reach measurement within the framework of this privacy policy.

4.    If users do not want cookies to be stored on their computer, they are asked to disable this option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies may lead to functional limitations of this online offer.

5.    You can object to the use of cookies used for reach measurement and advertising purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

15. Newsletter

1.    With the following information, we inform you about the content of our newsletter as well as the registration, dispatch and statistical evaluation procedure as well as your rights to object. By subscribing to our newsletter, you agree to receive it and to the procedures described.

2.    Content of the newsletter: We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as „newsletters“) only with the consent of the recipients or a legal permission. Insofar as the contents of the newsletter are specifically described as part of a subscription, they are decisive for the consent of the user. In addition, our newsletters contain information about our products, offers, promotions and our company.

3.    Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. Specifically. After registration, you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with someone else’s e-mail address. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the time of registration and confirmation, as well as the IP address. Changes to your data stored by the shipping service provider will also be logged.

4.    Registration data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a salutation, a title and a surname for personal address in the newsletter.

5.    Performance measurement: The newsletters contain a so-called „web beacon“, i.e. a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval, is first collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our ambition to observe individual users. The evaluations are much more useful for us to recognize the reading habits of our users in a cumulative form and to adapt our content to them or to send different content according to the interests of our users.

6.    The sending of the newsletter and the measurement of success are based on the consent of the recipients in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with § 7 (2) No. 3 UWG or on the basis of legal permission in accordance with § 7 (3) UWG.

7.    The registration process is logged on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR and serves as proof of consent to receive the newsletter.

8.    Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. Withdraw your consents. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If users have only subscribed to the newsletter and have cancelled this subscription, their personal data will be deleted.

16. Integration of third-party services and content

1.    On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we use content or services offered by third-party providers within our online offering in order to integrate their content and services, such as videos or fonts (hereinafter referred to as „content“). This always assumes that the third-party providers of this content are aware of the IP address of the users, as without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content. We only make every effort to use content whose respective providers only use the IP address to deliver the content. Third parties may also use pixel tags (invisible graphics, also known as „web beacons“) for statistical or marketing purposes. The „pixel tags“ can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offering, as well as can be combined with such information from other sources.