This privacy notice informs you about the processing of personal data within our website. The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).
We inform you about the processing of your personal data and the rights to which you are entitled under the data protection laws, in particular the European General Data Protection Regulation (GDPR). Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (‘data subject’), e.g., name, address, e-mail, order data.
In our privacy notice, we use various other terms as defined by the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.
1. Who is responsible for data processing and whom can I contact?
The entity responsible for the processing of personal data is:
mip Consult GmbH
Tel: +49 (0) 30 – 20 88 999 – 00
Fax: +49 (0) 30 – 20 88 999 – 88
You can contact our company data protection officer at:
2. What sources and data do we use?
We process personal data that we receive from you while using our website and, if applicable, our business relationship.
In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.
Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, company, e-mail, telephone number, subject and, if applicable, the data that you send us as a message (hereinafter referred to as “contact data”).
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:
|If you have given us consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by e-mail for processing and handling the enquiry, advertising by telephone, e-mail, SMS, etc.), this processing is lawful on the basis of your permission. A given consent can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is therefore not affected by the revocation. The revocation can be sent to the above contact details or to email@example.com.||Consent, Art. 6 para 1 sentence 1 lit. a) GDPR|
|When contacting us (via contact form or e-mail), your data will be processed for the purpose of handling the contact request and its processing.||Performance of a contract or execution of pre-contractual measures upon request of the person, Art. 6 para 1 lit b GDPR|
|When you visit our website for the first time, you will be asked whether you also wish to accept non-essential cookies. If you consent to the use of non-essential cookies, this will allow us to analyze the use of our website. Furthermore, we may carry out various marketing activities based on your interactions with the website, other marketing channels and other third parties, such as social networks. To find out more about the cookies we use, including in particular how to manage and delete cookies, see the Cookies section below. To find out more about cookies, including how to manage and delete them, see the Cookies section below.||Consent, Art. 6 para. 1 sentence 1 lit. a) GDPR|
|When you contact us (via contact form or e-mail) in connection with your application, we process your data in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your application data will be screened by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. There a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application procedure.||Establishment of an employment relationship, § 26 BDSG and after completion of the application procedure in case of rejection to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR (defence against claims), if applicable, if consent has been given, Art. 6 para. 1 sentence 1 lit. a) GDPR|
We process your access data (see data specified under item 2 above) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests::
||As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f) GDPR|
4. Who can access my data?
Within the organization, entities that need to know your data to fulfill our contractual and regulatory obligations can access your data.
In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services and sales. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.
Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose user data to third parties only if this is required, for example, under Art. 6 para. 1 Sentence 1 lit. b) GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 Para. 1 Sentence 1 lit. f) GDPR in the economic and effective operation of our business operations or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.
5. How long will my data be retained?
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of 4 weeks and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.
As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.
Applicant data will be deleted after 6 months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.
In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.
If you assert your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 (2) No. 1 OWiG, Section 41 (1) BDSG, Article 83 (5) lit b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).
6. Is data transferred to a third country or to an international organisation?
The data provided will be processed within the European Union and in the USA. For countries without an adequacy decision by the Commission according to Article 45 GDPR, as is the case with the USA, we generally agree on EU standard data protection clauses with the recipients of your data or obtain your consent for the data transfer.
Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.
7. What are my data protection rights?
Each data subject has
- the right to information according to Art. 15 GDPR (i.e., you have the right to request information about your personal data stored by us at any time).,
- the right to rectification in accordance with Art. 16 GDPR (i.e., in the event that your personal data are inaccurate or incomplete, you may request that these data be rectified),
- the right to erasure according to Art. 17 GDPR and the right to restriction of processing according to Art. 18 GDPR (i.e., you may have the right to request the erasure or restriction of processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing and legal retention obligations do not require the continued storage),
- the right to data portability under Art. 20 GDPR (i.e., you may have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transmit this data to another controller without hindrance).
Furthermore, you can revoke your consent, in principle with effect for the future.
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You can find the supervisory authority responsible for you at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
In addition, we would like to point out your right of objection according to Art. 21 GDPR:
Information about your right to object according to Art. 21 GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1), first sentence, point (e) of the GDPR (data processing in the public interest) and Article 6(1), first sentence, point (f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made without any formalities and no costs other than the transmission costs according to the basic rates are incurred.
If you wish to exercise your right of objection, it is sufficient to send an informal message, e.g. to the contact details given above.
8. To what extent do you apply automated individual decision-making, including profiling?
In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
Within the framework of our website, you must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.
When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise, we will not be able to process your request.
Some of these cookies are essential for our website to function, while other cookies help us improve our website by giving us insight into how you use the website.
By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.
Click here for the information about the cookies we use.
If you do not want cookies to be stored on your computer, you can either
- refuse the consent in our cookie banner when accessing our site or – if you have already given your consent – make changes in the cookie settings, or
- use the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser.
Please note that disabling cookies may limit the functionality of this website.
11. Processing of personal data in the context of the use of external online services
11.1 Google Ads
We use the Google Ads service of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter “Google”.
The processing of data within the scope of this service also takes place in the USA. The processing of your data in the USA is associated with corresponding risks. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 (1) p. 1 lit. a GDPR.
Google Ads is an internet banner advertising service that allows us to display ads in both Google search engine results and the Google advertising network. Google Ads allows us to pre-define certain keywords that will display an ad in Google’s search engine results only when the user performs a keyword-relevant search. In the Google advertising network, our ads are displayed on topic-relevant websites by means of an automatic algorithm and in compliance with the keywords we have previously defined.
The purpose of our use of Google Ads is to advertise our website by displaying advertisements on the websites of third-party companies and in the search engine results of Google and, if applicable, to display third-party advertisements on our website.
If you access our website via a Google ad, a so-called conversion cookie is stored on your computer by Google. A conversion cookie loses its validity after thirty days and is not used for your identification, but it is tracked whether certain subpages of our website were called. Through the conversion cookie, both we and Google can track whether you have reached our website via an ad, completed an action (e.g., a purchase) or cancelled.
The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads. We use this information to measure the success of our ads and to optimize our ads for the future. Neither our company nor other advertisers of Google Ads receive information from Google by means of which the data subject could be identified.
Instead of using our cookie banner, you can also prevent the setting of cookies by means of an appropriate setting in your internet browser. Such a setting of the internet browser used would also prevent Google from setting a conversion cookie on your computer. In addition, a cookie already set by Google Ads can be deleted at any time via the browser. Furthermore, it is possible to object to interest-based advertising by Google. To do this, you must call up the link www.google.de/settings/ads from any of the Internet browsers you use (on any device) and make the desired settings there.
If you wish to object to interest-based advertising by Google, you can use the opt-out options provided by Google: http://www.google.com/ads/preferences.
11.2 Google Maps
On this website we use the offer of Google Maps of Google LLC , 1600 Amphitheatre Parkway Mountain View, CA 94043, United States. The legal basis for the use of Google Maps is your consent Art. 6 para. 1 p. 1 lit. a) and Art. 49 para. 1 p. 1 lit. a GDPR.
This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably.
Google Maps is integrated in such a way that data about you as a user is only transmitted to Google when you have activated Google Maps by clicking on it. We have no influence on the data transmission to Google that then takes place.
By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website as well as the date and time of your visit to the website in question and your IP address. This takes place regardless of whether you are logged in to Google. If you are logged in, however, your data will be assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating a map.
If you are logged in to Google, Google may store your data as usage profiles and use it for the purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. This data processing is then governed by the usage agreement concluded between you and Google as part of your Google account.
The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transmitted to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.
For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the Google privacy notice. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/technologies/partner-sites and an opt-out from personalized advertising is possible at https://www.google.com/settings/ads/.
11.3 Use of Matomo
We use the web analysis service Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 p. 1 lit. a) GDPR.
Cookies are stored on your computer for this evaluation. We store the information collected in this way exclusively on our servers in Germany, i.e. third parties have no access to this data.
If you agree to web analysis using Matomo, the following data is collected when you call up individual pages of our website:
- Shortened IP address of the calling system of the user,
- the requested web page,
- the website from which the user accessed the website (referrer),
- the sub-pages that are called up from the web page called up,
- the time spent on the website,
- the frequency of the call of the web page.
You can prevent the storage of cookies either by rejecting them in our cookie banner or by deleting any existing cookies on your computer. The prevention of the storage of cookies is also possible through appropriate settings in your browser. Preventing the use of Matomo is additionally possible by unchecking the following box to activate the opt-out plug-in:
This website uses Matomo with IP anonymization. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
The Matomo program is an open-source project. You can obtain information from the third-party provider on data protection at http://matomo.org/privacy-policy.
12. Our social media presences
You will find us with presences within social networks and platforms, so that we can also communicate with you there and inform you about our services.
We point out that your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. Usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the computers of the users, in which the usage behaviour and the interests of the users are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.
We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at this time with your user name and password, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can store this information in your user account.
In principle, we have no significant influence on the data processing of the social networks. However, we receive statistics from the providers about the use and visits of our company profiles in the social networks (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). For more information about the data used by the providers, please see the providers’ privacy notices linked below.
Insofar as we receive your personal data in the context of our social media presences (e.g. in the context of a communication), you are entitled to the rights mentioned in this privacy notice above in this respect. You can address your requests with regard to data processing within the scope of our company profiles to us via the contact data mentioned above.
If you also wish to assert rights against the provider of the social network, the easiest way to do so is to contact the respective provider directly. The provider knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notice linked below. We will also be happy to support you in asserting your rights, insofar as this is possible for us.
The processing of users’ personal data is generally based on your consent in accordance with Art. 6 (1) sentence 1 lit. a) GDPR. The legal basis is also Art. 6 (1) lit. b GDPR if we receive and process your data as part of a contract-related inquiry via our social media presence. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 (1) lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.
For information on the respective processing and the respective objection options, we refer to the privacy notice of the providers linked below:
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland), social network for maintaining existing and making new business contacts – privacy information https://www.linkedin.com/legal/privacy-policy , opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany), social network for maintaining existing business contacts and making new ones – privacy information/opt-out: https://privacy.xing.com/de/datenschutzerklaerung.