This privacy statement provides you with information about how we process your personal data and the claims and rights to which you are entitled under data protection regulations, namely the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
This privacy statement explains the nature, scope and purpose of the processing of personal data within our website (hereinafter referred to as “the website”). This privacy statement applies regardless of the domains, systems and devices (e.g. desktop, mobile, etc.) used.
Personal data is all data that is personally identifiable to you, e.g. name, address, email addresses, user behaviour. Which data is processed in detail and how it is used depends largely on the services used.
In our privacy statement we use various terms within the meaning of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. Art. 4 GDPR you can find corresponding definitions for these terms. The corresponding definitions for these terms can be found in Art. 4 GDPR.
1. Who is responsible for data processing and who can I contact?
The responsible body is:
mip Consult GmbH
Tel: +49 (0) 30 – 20 88 999 – 00
Fax: +49 (0) 30 – 20 88 999 – 88
You can contact our company data protection officer at:
Dietrich Felgner, Solicitor
Eggert & Partner Rechtsanwälte
Tel: +49 (0) 30 – 20 88 999 – 00
2. What sources and data do we use?
We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship.
For purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data, which is technically necessary for us to display our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specifically accessed website), access status/HTTP status code, data volume transmitted in each case, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, notification of successful retrieval.
We also receive your personal data if you contact us via contact form or email. Personal data here refers to name, address, email, telephone number (hereinafter referred to as “contact data”), for example.
3. Why do we process your data and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal basis:
|If you have given us your consent to process personal data for specific purposes (e.g. when contacting us via our contact form or by email for processing and handling the inquiry, sending newsletters, advertising by telephone, email, SMS, etc.), the legality of this processing is given on the basis of your consent. Given consent can be withdrawn at any time. Please note that the withdrawal will only take effect in the future. Processing that took place before the withdrawal is not affected by this. The withdrawal can be made to the contact data mentioned above or to firstname.lastname@example.org.||Consent, Art. 6 para 1a GDPR|
|When contacting us (via contact form or email), your details will be processed in addition to any consent given for the processing of the contact enquiry and its handling, also on the basis of steps taken at the request of the data subject prior to entering into a contract, Art. 6 para 1b GDPR.||Steps taken at the request of the data subject prior to entering into a contract, Art. 6 para 1b GDPR|
We process your access data (see above under point 2) to protect our legitimate interests or those of third parties. We pursue the following legitimate interests in particular::
||In the context of balancing interests to protect legitimate interests, Art. 6 para 1f GDPR|
4. Who gets my data?
The departments needed to fulfill our contractual and regulatory obligations within the organization will have access to your information.
Processors used by us (Art. 28 GDPR) may also receive data for the aforementioned purposes. These are companies in the categories IT services, printing services, telecommunications, consulting and sales and marketing. If we use processors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, e.g. on the basis of Art. 6 para 1b GDPR for contractual purposes or on the basis of legitimate interests pursuant to Art. 6 para 1f GDPR to an economic and effective operation of our business or if you have consented to the data transmission. In the purely informational use of the website, we do not pass on any data to third parties.
5. How long will my data be stored?
For security reasons (e.g. to investigate misuse or fraud) log file information is stored for a maximum of 4 weeks and then deleted (see point 2 above). Data whose further storage is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
If necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract via contact form or by email.
In addition, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The periods for retention and documentation specified here are usually ten years.
Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 ff. of the German Civil Code (BGB) may as a rule be 3 years, but in certain cases also up to thirty years, whereby the regular limitation period is 3 years.
6. Is data transferred to a third country or to an international organisation?
The data provided will be processed within the European Union and in the USA. Please note that we either ensure with recipients of your data for countries without a Commission adequacy decision under Art. 45-50 GDPR, as is the case with the USA, that they are certified under the EU-US Privacy Shield (such as Google) or that we have agreed EU standard data protection clauses with these recipients. This is in order to protect your data and to achieve an appropriate level of protection for your personal data. You have the option of obtaining or viewing copies of the EU standard data protection clauses. If required, please contact us using the contact details given above under point 1.
7. What are my data protection rights?
Each person concerned has
- the right of access pursuant to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
- the right of rectification under Art. 16 GDPR (i.e. if your personal data is inaccurate or incomplete, you may request rectification of this data),
- the right to erasure pursuant to Art. 17 GDPR and,
- the right to restriction of processing according to Art. 18 GDPR (i.e. you may have the right to demand the deletion or limitation of the processing of your personal data if, for example, such processing no longer has a legitimate business purpose and statutory storage obligations do not require further storage),
- the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another responsible person without obstruction).
Furthermore, you can withdraw your consent with effect for the future at any time.
In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR i.V.m. § 19 BDSG).
In addition, we would like to draw your attention to your right of objection under Art 21. GDPR:
Information about your right of objection according to Art. 21 GDPR
You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you under Art. 6 para 1e GDPR (Data Processing in the Public Interest) and Article 6 para 1f of the General Data Protection Regulation (Data Processing on the basis of a legitimate interest), including profiling based on this provision within the meaning of Art. 4 no. 4 GDPR.
If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.
In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
The objection can be made informally and no costs other than transmission costs according to basic tariffs need be incurred. The objection should, if possible, be addressed to:
mip Consult GmbH
oder per E-Mail an:
8. To what extent is there automated decision making in individual cases, including profiling?
When accessing our website or contacting us by form or email, we do not use fully automated automatic decision-making in accordance with Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you separately, insofar as this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).
9. Is there an obligation for me to provide data?
Within the framework of our website, you must provide the personal data that is technically necessary for IT security reasons or for the use of our website. If you do not provide this information, you may not use our website.
When contacting us by form or email, you only need to provide the personal data required to process your request. Otherwise we will not be able to process your request.
Cookies are information that is transferred from our web server or third party web servers to the user’s web browser and stored there for later retrieval. Cookies are small files or other types of information storage. Cookies are used for security purposes or are required to operate our website (e.g. for optimal presentation of the website on various end devices) or to save your decision when confirming our cookie banner.
We use “session cookies”, which are only stored for the duration of the current visit to our website and in some cases enable the use of our online content in the first place. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. Session cookies are deleted at the latest when you have finished using our website and close your browser.
If you do not want cookies to be stored on your computer, you can either
- refuse the consent in our cookie banner when accessing our site or – if you have already given your consent – make changes in the cookie settings, or
- use the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser.
Please note that disabling cookies may limit the functionality of this website.
11. Google Analytics
Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law, see https://www.privacyshield.gov/.
Google will use this information on our behalf to evaluate the use of our website by our users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Duration of data storage
The data sent by us and linked with cookies, user IDs or advertising IDs is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
Further information on data use by Google, setting and objection options can be found on Google’s website: https://www.google.de
12. Google AdWords
We use the Google AdWords service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”) on the basis of our legitimate interests, i.e. our interest in the analysis and optimisation of our website within the meaning of Art. 6 para 1f GDPR. Google is certified in accordance with the EU-US Privacy Shield Agreement and thus offers the guarantee to comply with European data protection law (https://www.privacyshield.gov).
Google AdWords is a banner advertising service on the Internet that allows us to serve ads in both Google’s search engine results and the Google advertising network. Google AdWords allows us to pre-define certain keywords. An ad will only appear in Google’s search engine results if the user performs a search that matches our keywords. In the Google advertising network, our ads are displayed on topic-relevant Internet pages by means of an automatic algorithm and in compliance with the keywords previously defined by us. The purpose of our use of Google AdWords is to promote our website by displaying advertisements on third-party websites and in Google’s search engine results and, where applicable, by displaying third-party advertisements on our website.
If you access our website via a Google advertisement, a so-called conversion cookie is stored on your computer by Google. A conversion cookie loses its validity after thirty days and is not used to identify you, but rather to track whether certain subpages of our website have been accessed. Through the conversion cookie, both we and Google can track whether you have reached our website via an AdWords ad, have completed an action (e.g. a purchase) or have cancelled. The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who have been referred to us via AdWords ads. We thus determine the success of our respective AdWords ads and are able to optimize our AdWords ads for the future based on this information. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the person concerned. When the conversion cookie is set, your IP address is also transmitted to Google in the USA and stored in the USA.
However, the conversion cookie will only be set if you have given your consent in our cookie banner. You can withdraw this consent at any time via the cookie settings. You can also prevent the setting of cookies by our website by means of an appropriate setting in your Internet browser and thus permanently object to the setting of cookies. Such a setting in your Internet browser would also prevent Google from setting a conversion cookie on your computer. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser. It is also possible to object to interest-related advertising by Google. To do this, you must access the www.google.de/settings/ads link from each of the Internet browsers you use (on each device) and make the desired settings there.
Further information and Google’s data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/.
If you wish to object to the interest-related advertising by Google, you can use the opt-out options provided by Google: http://www.google.com/ads/preferences.
13. Other services
On our website, we use service offers from third parties on the basis of our legitimate interests within the meaning of Art. 6 para. 1f GDPR, i.e. our interest in an optimal website. The IP address of the user is transmitted to these third parties. The IP address is technically necessary so that the contents can be displayed. Third parties may use so-called web pixels (invisible graphics, also known as “web beacons”) for evaluation or marketing purposes. The web pixels can be used to evaluate information such as visitor traffic to the website using the web beacon. The third party providers may store information in cookies on the user’s device.
We use the following third-party providers on our website:
- “Google Maps” maps of the third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- “YouTube” videos from third-party provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.
14. Our social media channels
You will find us with presences within social networks and platforms, so that we can also communicate with you there and inform you about our services. We would like to point out that your data may be processed outside the European Union and that the data is usually processed there for market research and advertising purposes. User profiles can be created on the basis of user behaviour and the interests of the users which can be derived therefrom. These user profiles can in turn be used, for example, to place advertisements inside and outside these social platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the user’s computer in which the user’s usage behaviour and interests are stored. Other data may also be stored in these user profiles, in particular if the users are members of the respective platforms and are logged in to them.
The processing of users’ personal data is carried out on the basis of our legitimate interests in the broadest possible communication with our users pursuant to Art. 6 para 1f GDPR. If the respective social networks obtain consent for the data processing, then the legal basis for the processing is Art. 6 para. 1a GDPR. For information on the respective processing operations and the respective possibilities of objection, we refer to the following linked data protection declarations of the providers:
- Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – privacy statement: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
- Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland) – privacy statement / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
- LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland) – privacy statement: https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
- Google/ YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – privacy statement: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
In the case of requests for information and the assertion of further user rights, we recommend that these be asserted directly with the providers, since the providers have direct access to the data. If you have any questions, please get in touch with us using the contact data below.