Privacy Notice

Datenschutzberatung; Data Protection Consultancy

In the following, we inform you about the processing of your personal data by us and the claims and rights to which you are entitled according to the data protection regulations, in particular the European Data Protection Regulation (GDPR).

This privacy statement informs you about the type, scope and purpose of the processing of personal data within our website (hereinafter “website”). The privacy statement applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

Personal data within the meaning of the GDPR is all data that can be personally related to you, e.g. name, address, email addresses, user behavior. Which data is processed in detail and how it is used depends largely on the services used by us.

We use various other terms in our privacy statement in the sense of the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.

1. Who is responsible for data processing and who can I contact?

The responsible body is:

mip Consult GmbH
Wilhelm-Kabus-Straße 9
10829 Berlin
Tel: +49 (0) 30 – 20 88 999 – 00
Fax: +49 (0) 30 – 20 88 999 – 88

You can contact our company data protection officer at:

Yanick Röhricht
mip Consult GmbH
Wilhelm-Kabus-Straße 9
10829 Berlin
Tel: +49 (0) 30 – 20 88 999 – 00

2. What sources and data do we use?

We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship.

In the case of purely informative use of the website, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data that we technically require to display our website and to ensure stability and security. The access data include the IP address, date and time of the visit, time zone difference compared to Greenwich mean time (GMT), content of the request (i.e., name of the specific visited web page), access status/HTTP status code, respective amount of transmitted data, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, message about successful retrieval.

In addition, we obtain your personal data if you contact us by using our contact form or by e-mail. Personal data here include e.g., name, company, e-mail, phone number, subject, message text (hereinafter called “contact information”).

3. Why do we process your data and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal basis:

Purpose Legal basis
Insofar as you consent to the processing of personal data for specific purposes, in particular for contacting you (e.g. via our contact form or by e-mail for handling and processing the request, advertising by telephone, e-mail, SMS, etc.) or as a reference for our data protection consulting, such processing is legal as you have consented. Your consent may be withdrawn at any time. Please note that any withdrawal is effective for the future only. It does not affect any processing that was done prior to the withdrawal. Any withdrawal may be addressed to the above-mentioned contact data or to Consent, Art. 6 para 1a GDPR
When contacting us (via contact form or email), your details will be processed in addition to any consent given for the processing of the contact enquiry and its handling, also on the basis of steps taken at the request of the data subject prior to entering into a contract, Art. 6 para 1b GDPR. Steps taken at the request of the data subject prior to entering into a contract, Art. 6 para 1b GDPR
When you first visit our website you will be asked if you would like to accept just necessary cookies or all cookies – if you select all cookies this will also enable us to perform marketing activity based on your interactions with the website, other marketing channels and other third parties such as social network. To find out more about cookies, including how to manage and delete them, see the Cookie section below. Consent, Art. 6 (1a) GDPR
When you contact us (via contact form or e-mail) in connection with your application for a position in our company, we process your data in order to check your suitability for the position (or other open positions in our company, if applicable) and to carry out the application process. Your applicant data will be screened by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department managers responsible for the respective open position. There, a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application process. To take steps at the request of the data subject prior to entering into a contract & Legitimate interest after completion of the application process and in the event of rejection to protect against claims & Consent
We process your access data (see above under point 2) to protect our legitimate interests or those of third parties. We pursue the following legitimate interests in particular::
  • Ensuring IT security, in particular the security of the website; we also store the IP address in case someone leaves illegal content (insults, forbidden propaganda, etc.) via the comment function so that we can determine the identity of the author for our own legal protection
  • Advertising or market and opinion research, as long as you have not objected to the use of your data;
  • Asserting legal claims and defence in legal disputes;
In the context of balancing interests to protect legitimate interests, Art. 6 para 1f GDPR

4. Who can access my data?

Within our organization, persons that need to know your data to fulfill our contractual and regulatory obligations can access your data.

In addition, processors engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services, printing services, telecommunications, sales and marketing. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.

Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose user data to third parties only if this is required, for example, if you have consented to the data transfer. If the Website is used for purely informational purpose, we generally do not disclose any data to third parties.

5. How long will my data be stored?

For security reasons (e.g., to investigate abusive or fraudulent activities) log-file information is retained for a maximum of four weeks and then deleted (see item 2 above). Data that must be retained further for evidential purposes are exempted from deletion until the respective incident has been finally clarified.

If necessary, we process and retain your personal data for the duration of our business relationship.

Applicant data will be deleted after 6 months in the event of a rejection. In the event that you have consented to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you withdraw your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.

In addition, we are subject to various retention and documentation obligations, inter alia under the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for retention and documentation specified therein range from two to ten years.

Finally, the retention period also depends on the statutory limitation periods, which for example, usually is 3 years according to Sec. 195 et seqq. of the German Civil Code (BGB), but in some cases may be as long as thirty years, with the standard limitation period being three years.

6. Is data transferred to a third country or to an international organisation?

The data provided will be processed within the European Union and in the USA. For countries without an adequacy decision by the Commission pursuant to Article 45 of the GDPR, as is the case with the USA, we generally agree on EU standard data protection clauses with the recipients of your data or obtain your consent for the data transfer.

Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there are no enforceable rights that safeguard the protection of your data against access by government agencies. Thus, there is a risk that these government agencies can access the personal data without us or the recipient in the US being able to effectively prevent this.

7. What are my data protection rights?

Each person concerned has

  • the right of access pursuant to Art. 15 GDPR (i.e. you have the right to request information about your personal data stored by us at any time),
  • the right of rectification under Art. 16 GDPR (i.e. if your personal data is inaccurate or incomplete, you may request rectification of this data),
  • the right to erasure pursuant to Art. 17 GDPR and,
  • the right to restriction of processing according to Art. 18 GDPR (i.e. you may have the right to demand the deletion or limitation of the processing of your personal data if, for example, such processing no longer has a legitimate business purpose and statutory storage obligations do not require further storage),
  • the right to data portability under Art. 20 GDPR (i.e. you may have the right to receive the personal data relating to you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another responsible person without obstruction).

Furthermore, you can withdraw your consent with effect for the future at any time.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR i.V.m. § 19 BDSG).

In addition, we would like to draw your attention to your right of objection under Art 21. GDPR:

Information about your right of objection according to Art. 21 GDPR

You have the right to object at any time for reasons arising from your particular situation to the processing of personal data concerning you under Art. 6 para 1e GDPR (Data Processing in the Public Interest) and Article 6 para 1f of the General Data Protection Regulation (Data Processing on the basis of a legitimate interest), including profiling based on this provision within the meaning of Art. 4 no. 4 GDPR.

If you object, we will no longer process your personal information unless we can establish compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purposes of asserting, exercising or defending legal claims.

In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising. If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.

The objection can be made informally and no costs other than transmission costs according to basic tariffs need be incurred. The objection should, if possible, be addressed to:

mip Consult GmbH
Wilhelm-Kabus-Straße 9
10829 Berlin
or via e-mail:

8. To what extent do you apply automated individual decision-making, including profiling?

We do not use fully automated decision-making pursuant to Art. 22 GDPR as part of access to our Website or in the context of contact via form or by e-mail. We do not process your data automatically with the objective of evaluating certain personal aspects (profiling).

9. Am I under any obligation to provide data?

On our Website, you must provide the personal data necessary for using our Website for technical or IT security reasons. You cannot use our Website unless you provide the above-mentioned data.

When contacting us via form or by e-mail, you only need to provide the personal data required to process your request. Otherwise, we will be unable to process your request.

10. Cookies

10.1 General

We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are placed on the user’s computer when visiting certain websites.

Some of these cookies are essential for the functioning of our website, while other cookies help us to improve our website by giving us insight into how you use the website.

By default, we only use essential cookies. Essential cookies enable the core functionalities of our website. The website may not display correctly, or some areas may not function properly without these cookies. Essential cookies can only be prevented by appropriate settings in your browser.

We only use cookies that are not essential for the website to function (“non-essential cookies”) if you have given your consent via our cookie banner. You can return to our data protection information at any time and withdraw your consent or make changes to your cookie selection.

We inform you about the use of cookies in the context of website tracking in the following sections. You will find a list of all cookies used by us here.

If you do not want cookies to be stored on your computer, you can either

  • refuse the consent in our cookie banner when accessing our site or – if you have already given your consent – make changes in the cookie settings, or
  • use the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of your browser.

Please note that disabling cookies may limit the functionality of this website.

You can opt out of the use of cookies for website tracking and advertising purposes via the network advertising initiative or the American website or the European website.

10.2 Matomo

Our website uses the web analytics service Matomo to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Matomo is your consent pursuant to Art. 6 (1a) GDPR.

Cookies are retained on your computer for this analysis. The information collected in this way is retained by us exclusively on our servers in Germany. You can prevent the evaluation by deleting existing cookies and preventing the storage of cookies. Preventing the storage of cookies is possible through the settings in your browser or in our cookie banner.

Our website uses Matomo with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form, which means that they cannot be directly linked to a specific person. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.

10.3 Google Ads

We use the Google Ads service of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) based on your consent.

The processing of the data is a joint responsibility between Google and us in accordance with Art 26 GDPR. It is agreed with Google that the primary responsibility under the GDPR for the processing of personal data lies with Google and that all obligations under the GDPR regarding the processing of personal data will be fulfilled by Google (in particular the information obligations pursuant to Article 12 et seq. GDPR, ensuring the rights of data subjects pursuant to Article 15 et seq. GDPR, notification of data breaches pursuant to Articles 33, 34 GDPR).

The processing of data within the scope of this service also takes place in the USA. There are risks associated with the processing of your data in the USA as described above. By giving your consent via our cookie banner, you consent to the processing of your data in the USA (Art. 49 para. 1 p. 1 lit. a GDPR), despite potential access by US authorities.

Google Ads is a service for placing advertising banners on the Internet, which allows us to place ads in Google’s search engine results as well as in the Google advertising network. Google Ads allows us to specify certain keywords in advance, by means of which an ad is displayed in Google’s search engine results exclusively when the user carries out a keyword-relevant search. In the Google advertising network, our advertisements are displayed on websites relevant to the subject matter by means of an automatic algorithm and in compliance with the keywords we have specified in advance.

The purpose of our use of Google Ads is to promote our website by displaying advertisements on the websites of third-party companies and in Google’s search engine results.

If you access our website via a Google advertisement, a so-called conversion cookie will be stored on your computer by Google. A conversion cookie loses its validity after thirty days and is not used to identify you, but to track whether certain sub-pages of our website have been accessed. The conversion cookie enables both us and Google to track whether you have accessed our website via an ad, completed an action (e.g. a order) or abandoned it.

The data and information collected through the use of the conversion cookie are used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads. We thus determine the success of our respective ads and are able to optimise our ads for the future based on this information. Neither our company nor other advertisers of Google Ads receive information from Google by means of which the data subject could be identified.

Instead of using our cookie banner, you can also prevent cookies from being set by setting your internet browser accordingly. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on your computer. In addition, a cookie already set by Google Ads can be deleted at any time via the browser. Furthermore, it is possible to object to interest-based advertising by Google. To do this, you must call up the link from any of the internet browsers you use (on any device) and make the desired settings there.

Further information and the applicable data protection provisions of Google can be found at

If you wish to object to interest-based advertising by Google, you can use the opt-out options provided by Google:

Further information and the applicable Google privacy policy can be found at

11. Third-party services that do not set cookies

Google Web Fonts (Online- Integration)

We use external web fonts of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, Google Fonts are integrated by retrieving the fonts from a Google server (usually in the USA). Google thereby receives the information that your IP address and thus your device has accessed our website.

There are certain risks associated with the processing of your data by Google in the USA (see above). By giving your consent via our cookie banner, you agree to the processing of your data (here your IP address) in the USA despite potential access by US authorities.

Google’s privacy information can be found at and an opt-out is possible at

12. Our social media channels

You can find us on social networks so that we can communicate with you there as well and inform you about our services there. We would like to point out that your data may be processed outside the European Union and that the data is usually processed for market research and advertising purposes. Usage profiles can be created from the usage behaviour and resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users’ computers, in which the users’ usage behaviour and interests are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

The processing of the users’ personal data is based on consent and is carried out under joint responsibility between the platform providers and us. It is agreed with them that the primary responsibility for the processing of personal data lies with the platform providers and that all obligations under data protection law with regard to the processing of personal data are fulfilled by the respective platform providers (in particular, the information obligations, ensuring data subject rights, notification of data breaches).

For information on the respective processing and the respective objection options, please refer to the data protection information of the providers linked below:

  • Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 IRLAND) – privacy notice:, Opt-Out:,
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland) – privacy notice:, Opt-Out:,
  • Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) – privacy notice/ Opt-Out:

In the event that data subject rights are asserted, we recommend that these be asserted with the platform providers, as the providers have direct access to the data. If you would still like our support, please feel free to contact us using the above contact details.