DATA PROTECTION ADVISORY

Protecting your data and preserving your privacy is of utmost importance to us. For this reason, we have established security and data protection provisions that ensure the greatest possible protection of your data.

We guarantee compliance with statutory data protection provisions. All employees of the company are bound by these provisions.

Below, we would like to explain which data we process when and for what purpose and on what legal basis. We would like to explain to you how the services we offer work and how the protection of your personal data is guaranteed

Pursuant to Article 4 no. 1 GDPR personal data means any information relating to an identified or identifiable natural person. A natural person is considered identifiable if he or she can be identified directly or indirectly. Further information on this can be found in Article 4 no. 1 GDPR.

This data privacy policy can be accessed, saved and printed out at any time at (https://www.rundstedt.de/).

In order to keep the following data privacy policy concise, we refer to information and data privacy policies found on external websites (see also the section “External Links” in this data privacy policy) at various points in the document. We make every effort to keep the links listed in this data privacy policy up-to-date. Nevertheless, since the web pages are being updated constantly, we cannot rule out links not functioning correctly. If you notice such a link, we would be pleased if you let us know so that we can include the current link.

1) Controller

The controller of processing personal data within the meaning of Article 4 no. 7 GDPR is:

v. Rundstedt & Partner GmbH
Bleichstraße 20
40211 Düsseldorf
service@rundstedt.de

2)  Contact for data protection

If you have any questions regarding the processing of your personal data, as well as your rights regarding data protection, please contact:

Klarissa Peters
v. Rundstedt & Partner GmbH
Eschersheimer Landstraße 14
60322 Frankfurt am Main
Germany
Tel. +49 (0)69 6199 641
datenschutz@rundstedt.de

3)  Log files

Every time you visit our website, we automatically collect data and information from your device’s system and store it in so-called server log files. This data is information that relates to an identified or identifiable natural person (here: website visitor). The data is automatically transferred by your browser when you visit our website. This includes the following information:

  • The time you visited our website (request to the server of the host provider),
  • URL of the website from which you visited our website,
  • The operating system you are using,
  • Type and version of the browser you are using,
  • IP address of your computer.

The purpose of this processing is to make our website accessible from your device and to enable our website to be displayed correctly on your device or in your browser. Furthermore, the data helps us to optimise our website and to ensure the security of our systems. This data is not evaluated for marketing purposes.

The legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in presenting you with a website optimised for your browser and in enabling communication between our server and your terminal. The latter requires in particular the processing of your IP address.

The recipient of the data is our server host, which works for us under a commissioned data agreement.

4) Cookies
We use cookies on our website. Cookies are text files that are stored on your device to make using a website more convenient. Cookies can be used to store inputs and settings on a website so that you do not have to enter them again each time you visit a website again. Cookies contain a so-called cookie ID, which makes it possible to identify the device in which the cookie was stored.

In your browser settings you can restrict or completely prevent cookies from being stored. You can also arrange for the automatic deletion of cookies when closing the browser window. You can find how to delete cookies in the most common browsers and change the cookie settings here:

Please note that a general deactivation of cookies may lead to functional limitations of our website.

We use essential cookies, which are required to operate the website. These enable the use of features, without which you would not be able to use the website as intended. The legal basis for processing is our legitimate interests in maintaining a functional website and thus the result of a balancing of interests pursuant to Art. 6(1)(1)(f) GDPR. 

Furthermore, we use optional cookies for the purposes of website analytics and tracking as well as to improve our website service. Below, we describe the tools used on this website and the associated optional cookies in detail. We only use optional cookies with your prior consent, Art. 6(1)(1)(a) GDPR and Section 25 (1) TTDSG (German Act on Data Protection and the Protection of Privacy in Telecommunications and Telemedia). If you are visiting our website for the first time, a banner will appear in which we will ask you for your consent to the use of optional cookies.

If you give your consent, we will save a cookie on your computer and the banner will not be displayed again for the lifetime of the cookie. Thereafter, or if you actively delete this cookie beforehand, the banner will be displayed again the next time you visit our website in order to obtain your consent once again. 

If you consent to the use of optional cookies, you also consent to your personal data being processed in third countries outside the European Union that have an inadequate level of data protection according to EU standards (e.g. United States). There is a risk that authorities there may also be able to access your data without the possibility of obtaining legal protection. We will inform you about potential processing in third countries and the measures we have taken to protect your personal data in the individual sections on our processors.

In particular, we set the following cookies

5) Information about Google services
On our website we use various services of Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You will find more detailed information on the specific Google services that we use on this website in the rest of the data privacy policy.

By integrating Google services, Google may collect information (including personal data) and process it. The possibility of Google also transferring the information to a server in a third country cannot be ruled out.

The transmission to the USA depends on the function in which personal data is transmitted. As the responsible party, we ourselves may transfer data to Google for further use in the USA. The transfer can be based on standard contractual clauses. Google has undertaken to comply with the Standard Contractual Clauses (SCC) for the transfer of personal data to third countries under Regulation (EU) 2016/679.

More information on the Standard Contractual Clauses can be found at ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractuals-clauses-scc_en as well as at policies.google.com/privacy/frameworks

We cannot on our own influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed among others:

  • Log data (in particular the IP address)
  •  Locational information
  • Unique application numbers
  • Cookies and similar technologies

If you are signed in to your Google account, Google may add the processed information to your account and treat it as personal information, depending on your account settings, see www.google.de/policies/privacy/partners/ in particular.  

Google states the following, among other things:
“We may combine personal information from one service with information and personal information from other Google services. This makes it easier for you to share content with friends and acquaintances, for example. Depending on your account settings, your activities on other websites and apps may be linked to your personal information in order to improve Google services and advertising displayed by Google.” (https://www.google.com/intl/de/policies/privacy/index.html)

You can prevent this information from being added directly by signing out of your Google account, or by using the appropriate account settings in your Google account. Furthermore, you may refuse the use of cookies – if Google stores any – by selecting the appropriate settings on your browser; however, we would point out that in this case the full functionality of this website might not be available.

How to delete cookies in the most common browsers is explained in section “4) Cookies”.

You can find more information in Google’s data privacy policy, which you can download here:

  • developers.google.com/terms/
  • www.google.com/policies/privacy/

You can find information about Google’s privacy settings at privacy.google.com/take-control.html

6) Use of Google Analytics
On our website we use Google Analytics, a web analytics service provided by Google Inc. (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Furthermore we use the “Google-Optimize” tool in addition to Google Analytics.

Google Analytics uses “cookies”; these are text files which are stored on your device and enable the analysis of the websites you visited. Google Analytics also uses so-called web beacons (invisible graphics). These web beacons can be used to evaluate information such as visitor traffic on websites. The information generated by cookies and web beacons about the use of our website (including the users’ IP address) will be transferred to a Google server, probably in the U.S. or other third countries, and stored there. This information may be shared by Google with Google’s contractual partners.

For information about Google’s existing Privacy Shield certification and other relevant data about Google’s data processing in connection with your use of Google services, please refer to section “5) Information about Google services” in this data privacy policy.
The following data types are processed by Google:

  • Online identifiers (including cookie identifiers)
  • IP address (only anonymised)
  • Device identifiers

In addition, you can find more detailed information on the information processed at www.google.com/intl/de/policies/privacy/ under “Data we receive as a result of you using our services”, and at privacy.google.com/businesses/adsservices/.

We use Google Analytics solely with activated IP anonymisation (“anonymize IP”). In this manner, your IP address is abbreviated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there.

Furthermore, we have concluded a processing agreement with Google for the use of Google Analytics and Google Optimize (Article 28 GDPR). Google processes the data on our behalf for the purpose of evaluating your use of the website, compiling reports on website activities for us and providing us with other services related to website and internet use. If necessary, Google may transfer this information to third parties to the extent that this is prescribed by law or where third parties process the data on Google’s behalf.  A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.

Through the integration of Google Analytics, we aim to analyse user behaviour on our website and be able to react to it. This enables us to continuously improve our offer. We use Google Optimize to understand the effect of adjustments to our website on our users and to constantly optimise our website. For this purpose, users are presented with different versions of our website and various criteria are defined (e.g. determining whether a section can be found based on the click behaviour of users). We are only presented with statistics, it is not possible for us to draw conclusions about a single person based on these statistics. 

The processing of your personal data takes place exclusively on the basis of your consent in accordance with Article 6(1)(f) GDPR. Our legitimate interest in this is based on the great benefit that the functions described above have for our offer. The statistical evaluation of user behaviour enables us in particular to react and optimise our offer in line with the interests of our customers. The consent can be revoked at any time.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout 

You can also prevent data being captured by Google Analytics by managing the cookie settings. An opt-out cookie is then set which prevents your data being captured the next time you visit this website. How to delete cookies in the most common browsers and how to change the cookie settings is explained in section “4.) Cookies”.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, we would like to point out that in this case the full functionality of this website might not be available.

7) Use of Google Tag Manager
On our website we use Google Tag Manager of Google Inc. (“Google”), Gordon House, Barrow Street, Dublin 4, Irland.

Google Tag Manager is a utility service and only processes personal data itself for technically necessary purposes. Google Tag Manager loads other components, which in turn may collect data. Google Tag Manager does not access this data. Further information on Google Tag Manager can be found in Google’s Privacy Policy. 

Use of the Google Tag Manager is based on Art. 6(1)(1)(f) GDPR. We have a legitimate interest in being able to integrate various services in a simplified and clear manner. 

8)  Use of retargeting and remarketing

We use the Google Analytics Remarketing tool from Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland on our website.
Information on the standard contractual clauses and our transfer of data to Google in the United States as well as other relevant information on data processing by Google in the context of the use of Google services can be found in this Privacy Policy under Section 5, ‘Information on Google services’.

Google Remarketing analyses your user behaviour on our website (e.g. clicking on certain products) in order to classify you as part of certain advertising target groups and subsequently display suitable advertising messages to you when you visit other online services (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Remarketing may be linked with Google’s cross-device features. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) to be displayed on another of your end devices (e.g. tablet or PC).

The use of this service is based on your consent pursuant to Art. 6 (1)(1)(a) GDPR and § 25 (1) TTDSG. The consent may be revoked at any time. If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.

The installation of cookies for Google Remarketing and Google AdWords Conversion Tracking can be prevented by adjusting the respective browser software by visiting the website http://www.google.com/policies/privacy/ads/  and changing the relevant setting. You can also find further information on cookies under point "4) Cookies".

You can find more information in Google’s data privacy policy, which you can download here:

  • developers.google.com/terms/
  • www.google.com/policies/privacy/

You can find information about Google’s privacy settings at privacy.google.com/take-control.html 

9) Use of Google Maps
We use Google Maps on our website. Google Maps is a service of Google Inc.("Google"), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

The Google-Maps plug-in is integrated by embedding the service on our website by means of a so-called “iFrame”. When loading this iFrame, Google may collect information (including personal data) and process it. The possibility of Google also transferring the information to a server in a third country cannot be ruled out.

For information about Google’s existing Privacy Shield certification and other relevant data about Google’s data processing in connection with your use of Google services, please refer to section “5) Information about Google services” in this data privacy policy.

For our part, we do not collect any data when you use Google Maps via our website.

Through the integration of Google Maps, we aim to be able to show you our address and provide you with further information for travelling to our offices. We can also present locations to you through this integration of Google Maps, with you not being limited to individual map sections and being able to independently research distances etc.

The legal basis for the processing of personal data described here is Article 6(1) f GDPR. Our necessary legitimate interest in this lies in the great benefit that Google Maps offers. Through the integration, we do not have to show the directions to the respective places by means of maps or the like, but enable each user to plan his or her own journey. Google also has a legitimate interest in the collected (personal) data in order to improve its own services.
 

10) Google Ads

We use the Google Ads (previously Google AdWorks) tool from Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland on our website.

Information on the standard contractual clauses and our transfer of data to Google in the United States as well as other relevant information on data processing by Google in the context of the use of Google services can be found in this Privacy Policy under Section 5, ‘Information on Google services’.

We use the Google Ads Conversion service to draw attention to our offers with the help of advertising (Google Ads) on external websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. In this way, we pursue the interest of showing you advertising that is of interest to you, thus making our website itself more interesting for you and optimising our advertising costs.

These advertisements are delivered by Google via ad servers. For this purpose, we use ad server cookies, which can be used to measure certain success parameters, such as the display of ads or clicks made by you. If you access our website via a Google ad, Google Ads will store a cookie on your device. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (indication that you no longer wish to be targeted) are usually stored as analysis values for this cookie.

These cookies enable Google to recognise your internet browser. If you visit certain pages on our website and the cookie stored on your computer has not yet expired, we and Google will be able to recognise that you clicked on the ad and were redirected to that page. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. These evaluations enable us to see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising; in particular, we cannot identify you using this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no control over the scope of the data that Facebook collects with the help of this plug-in and therefore inform users to the best of our knowledge. Through the integration of Ads Conversion, Google receives information that you have visited the corresponding part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is still possible for Google to obtain and store your IP address.

The use of this service is based on your consent pursuant to Art. 6 (1)(1)(a) GDPR and § 25 (1) TTDSG. The consent may be revoked at any time.

The installation of cookies for Google Ads can be prevented by setting the respective browser software; to do this, visit the website http://www.google.com/policies/privacy/ads/ and change the corresponding setting. Further information on cookies can also be found in Item 4, Cookies You will find more information and the data protection provisions in Google's Privacy Policy at: https://policies.google.com/technologies/ads?hl=en   

11) Newsletter and knowledge base (Evalanche)
a ) General information
On our website you have the possibility of registering for our newsletter. The newsletter is tailored to your individual interests.

In our knowledge base you have the possibility of requesting various content such as checklists, guides, e-books and white papers, all of which require registration. After you have registered for the content, you can access the download.

If you sign up for our free webinars, registration is also required. After signing up for the webinar, you will receive the access data and, if necessary, further information for participation in the webinar.

Our newsletter and our other content are sent with the newsletter service Evalanche. Evalanche is a service of SC-Networks GmbH, Enzianstr. 2, 82319 Starnberg, Germany, telephone: +49 (0)8151 555 160, fax: +49 (0)8151 555 1629, e-mail: info@sc-networks.com, website: www.sc-networks.com. Within the framework of a commissioned data processing agreement Evalanche processes your personal data on our behalf and according to our instructions.

Evalanche is a member of the Certified Senders Alliance (https://certified-senders.org/de/teilnehmer/ ). In addition, SC-Networks GmbH holds various other certificates regarding data and IT security, e.g. from TÜV SÜD, TÜV Hessen in compliance with ISO/IEC 27001:2013 and is a member of the TeleTrust-Initiative “IT-Security made in Germany”, a competence network supported by the Federal Association for IT Security e.V. For more details on certifications and memberships, please visit www.sc-networks.de/produkt/zertifikate/ .

In addition, the login data is also transferred to our CRM system. Our CRM system is technically provided by our service provider itdesign (itdesign GmbH, Friedrichstraße 12, 72072 Tübingen, Germany). Within the framework of a commissioned data processing agreement itdesign processes your personal data on our behalf and according to our instructions.

b) Sign up/registration
If you sign up for our newsletter or a webinar or if you download any of our content, we process the following mandatory information from you, in particular:

  • E-mail address

In addition, we process further voluntary information from you (e.g. your name), if you provide it, as well as various other information, such as object and profile reference, date and time, IP address, action type (registration, update, permission change) and the metadata of the action.

In order to be able to display the proof of consent and cancellation in a legally compliant manner, we keep the following data for each user profile, which is generated via an Evalanche web form with an e-mail address confirmed by double opt-in procedure, for the events “registration/change”, “confirmation of the link” and “cancellation of the newsletter”:

  • Date and time
  • IP address

c) Statistical evaluation
With the help of the Evalanche service we analyse the success and effectiveness of our newsletter (campaigns) as well as our download and webinar offer. In doing so, we especially evaluate, for example, whether and when you open the e-mails sent to you, whether and which links you click or how you otherwise handle the e-mails.

For this purpose, for statistical surveys and to build interest profiles, Evalanche sets and stores cookies. This information is processed on a personal basis. Furthermore, the e-mails sent contain so-called web beacons, also called tracking pixels. These are one-pixel image files that link to our website and thus enable us to evaluate your user behaviour. This is done by collecting web beacons that are assigned to your e-mail address and linked to your own ID. Links contained in the newsletter also contain this ID. With the data thus obtained, we create a user profile in order to provide you with the newsletter tailored to your interests.

d) Basis of lawfulness
By signing up for the newsletter, for our webinars and by downloading our content, you expressly consent to the processing of your personal data (Article 6(1)(a) GDPR).

In a first step, you enter the mandatory data (e.g. e-mail address) and agree to the processing of your personal data by activating the box provided for this purpose. The sign up form is provided by Evalanche, thus letting your data be transferred directly to Evalanche. In a second step, you will then automatically receive an e-mail with a confirmation or activation link, which you must also confirm or activate. In this way we ensure that the e-mail address entered on our website also belongs to you. If the confirmation or activation link is not used, the corresponding e-mail address will not receive any further e-mails from us and the data entered will be deleted.

The purpose of collecting and processing the user's e-mail address is to be able to deliver the requested information. The collection and processing of further personal data within the scope of the sign up process is intended to prevent misuse of our information offer or the e-mail address used. Furthermore, the processing described above serves the purpose of enabling us to prove that you have given your consent. The purpose of processing your personal data by our CRM system is to be able to address you as a customer and use the information for marketing purposes.

The purpose of processing cookie and measurement data is to create an individual newsletter tailored to the interests of the recipient and to track the success and reach of our newsletters.

The legal basis for the processing of further personal data as well as the processing of your personal data within the framework of our CRM system is our legitimate interest in accordance with Article 6(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent. Furthermore, we have a legitimate interest in preventing or being able to prove misuse of our information offer. The consent can be revoked at any time.

12) Newsletter and knowledge base (Pardot)
General information
On our website you have the possibility of registering for our newsletter. The newsletter is tailored to your individual interests.

In our knowledge base you have the possibility of requesting various content such as checklists, guides, e-books and white papers, all of which require registration. After you have registered for the content, you can access the download.

If you sign up for our free webinars, registration is also required. After signing up for the webinar, you will receive the access data and, if necessary, further information for participation in the webinar.

Our newsletter and our other content are sent with the newsletter service "Pardot MAS". Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA is a service of Salesforce.com EMEA Limited (Salesforce), village 9, floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY. Within the framework of a commissioned data processing agreement Pardot processes your personal data on our behalf and according to our instructions.

In addition, the login data is also transferred to our CRM system. Our CRM system is technically provided by our service provider itdesign (itdesign GmbH, Friedrichstraße 12, 72072 Tübingen, Germany). Within the framework of a commissioned data processing agreement itdesign processes your personal data on our behalf and according to our instructions.

a) Sign up/registration
If you sign up for our newsletter or a webinar or if you download any of our content, we process the following mandatory information from you, in particular:

  • E-mail address

In addition, we process further voluntary information from you (e.g. your name), if you provide it, as well as various other information, such as object and profile reference, date and time, IP address, action type (registration, update, permission change) and the metadata of the action.

In order to be able to display the proof of consent and cancellation in a legally compliant manner, we keep the following data for each user profile, which is generated via a Pardot web form with an e-mail address confirmed by double opt-in procedure, for the events “registration/change”, “confirmation of the link” and “cancellation of the newsletter”:

  • Date and time
  • IP address

The purpose of collecting and processing the user's e-mail address is to be able to deliver the requested information. The collection and processing of further personal data within the scope of the sign up process is intended to prevent misuse of our information offer or the e-mail address used. Furthermore, the processing described above serves the purpose of enabling us to prove that you have given your consent. The purpose of processing your personal data by our CRM system is to be able to address you as a customer and use the information for marketing purposes.

The email addresses of our newsletter recipients, as well as their other data described in this notice, may be stored on Salesforce.com servers in the United States. In these cases, Pardot is certified under the EU-U.S. Privacy Shield Agreement. Salesforce says the following about this:

“For certain Services, for which we act as a data processor, Salesforce has certified under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. For more details about the scope of the certification see here. The Privacy Shield frameworks were designed by the U.S. Department of Commerce, European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with EU and Swiss data protection requirements when transferring personal data from the European Union and Switzerland to the United States, but have since been held by the the Court of Justice of the European Union and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland to be invalid. Additional information can be found at https://www.privacyshield.gov/Program-Overview .
EU and Swiss personal data may however still be transferred to and within Salesforce’s services pursuant to Salesforce’s Processor Binding Corporate Rules and the European Commission’s standard contractual clauses, both of which are incorporated by reference into Salesforce’s Data Processing Addendum. For further information, please see our International Transfers of EU Personal Data to Salesforce's Services document. (https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/Agreements/EU-Data-Transfer-Mechanisms-FAQ.pdf )” 
https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active 

b) Statistical evaluation
With the help of the Pardot service we analyse the success and effectiveness of our newsletter (campaigns) as well as our download and webinar offer. In doing so, we especially evaluate, for example, whether and when you open the e-mails sent to you, whether and which links you click or how you otherwise handle the e-mails.

For this purpose, for statistical surveys and to build interest profiles, Pardot sets and stores cookies. This information is processed on a personal basis. Furthermore, the e-mails sent contain so-called web beacons, also called tracking pixels. These are one-pixel image files that link to our website and thus enable us to evaluate your user behaviour. This is done by collecting web beacons that are assigned to your e-mail address and linked to your own ID. Links contained in the newsletter also contain this ID. With the data thus obtained, we create a user profile in order to provide you with the newsletter tailored to your interests.

The purpose of processing cookie and measurement data is to create an individual newsletter tailored to the interests of the recipient and to track the success and reach of our newsletters. 

c) Online access and data management
There are cases in which we direct newsletter recipients to websites belonging to Pardot. For example, our newsletters contain a link with which newsletter recipients can visit the newsletters online (e.g. in the event of display problems in the email client). Furthermore, newsletter recipients can subsequently correct their data, such as their email address. Likewise, Pardot’s Privacy Policy can only be accessed on their website.

In this context, we would like to point out that cookies are used on Pardot’s websites and that personal data is processed by Pardot and its partners and service providers (e.g. Google Analytics). We have no influence on this data collection. Further information on data protection at Pardot can be found at: www.salesforce.com/company/privacy/  

Basis of lawfulness
By signing up for the newsletter, for our webinars and by downloading our content, you expressly consent to the processing of your personal data (Article 6(1)(a) GDPR).

In a first step, you enter the mandatory data (e.g. e-mail address) and agree to the processing of your personal data by activating the box provided for this purpose. The sign up form is provided by Pardot, thus letting your data be transferred directly to Pardot. In a second step, you will then automatically receive an e-mail with a confirmation or activation link, which you must also confirm or activate. In this way we ensure that the e-mail address entered on our website also belongs to you. If the confirmation or activation link is not used, the corresponding e-mail address will not receive any further e-mails from us and the data entered will be deleted.

The legal basis for the processing of further personal data as well as the processing of your personal data within the framework of our CRM system is our legitimate interest in accordance with Article 6(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent. Furthermore, we have a legitimate interest in preventing or being able to prove misuse of our information offer. The consent can be revoked at any time.

13) Inxmail
a ) General information
We use the “Inxmail” service for our event notifications. Inxmail is a service of Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, e-mail: info@inxmail.de.
Within the framework of a commissioned data processing agreement Inxmail processes your personal data on our behalf and according to our instructions.

(b) Sign up/registration
If you sign up for our event newsletter, we will process the following mandatory data from you, in particular:

  • E-mail address
  • Location

In addition, we process further voluntary information from you (e.g. your name), if you provide it, as well as various other information, such as date and time and IP address.
In order to be able to display the proof of consent and cancellation in a legally compliant manner, we keep the following data for each user profile for the events “registration/change”, “confirmation of the link” and “cancellation of the event newsletter”:

  • Date and time
  • IP address

The collection and processing of the e-mail address and the location of the user pursues the purpose of being able to deliver the event newsletter and to be able to present the user with events from his vicinity. The collection and processing of further personal data during the registration process serves the purpose of preventing misuse of our event newsletter or the e-mail address used. In addition, the processing described above serves to enable us to prove that you have given your consent.

c) Statistical evaluation of the event newsletter
Using the Inxmail service, we analyse the success and effectiveness of our event invitations anonymously for statistical purposes.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, your registration data will only be stored as long as the subscription to the newsletter is active. The legal basis for the processing of your personal data for the event newsletter is your consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO. The consent can be revoked at any time.

14) It-design
We transfer your registration data, which we receive when you register for our newsletter, our knowledge library or for your participation in webinars, to our CRM system. 
Our CRM system is technically provided by our service provider itdesign (itdesign GmbH, Friedrichstraße 12, 72072 Tübingen, Germany). Within the scope of a data processing agreement, itdesign processes your personal data on our behalf and according to our instructions.

The purpose of processing your personal data through our CRM system is to be able to address you as a customer and to use the information for marketing purposes.

The legal basis for the processing of your personal data within the scope of our CRM system is our legitimate interest pursuant to Art. 6(1)(1)(f) GDPR. We have a legitimate interest in being able to prove that you have given your consent. In addition, we have a legitimate interest in preventing or being able to prove misuse of our information service.

15) Using Adobe Connect/Webinaris
We offer various webinars on our website, which we conduct using Adobe Connect (“AC”). AC is a service or software from Adobe Systems Incorporated, 601 Townsend St., San Francisco, CA 94103, USA. Furthermore, on the Adobe website accessible from Germany, the subsidiary Adobe Systems Software Ireland Limited, 4–6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland is listed as being responsible for Europe.

AC is integrated via a corresponding interface from Adobe. Through the integration, Adobe collects information (including personal data) and processes it. The possibility of Adobe also transferring the information to a server in a third country (e.g. USA) cannot be ruled out.

As is evident from the Adobe Systems Incorporated Privacy Shield certification (available at www.privacyshield.gov/list under the search term “Adobe Systems Incorporated”), Adobe has undertaken to comply with the EU-US Privacy Shield Framework regarding the collection, use, and storage of personal data from third countries, respectively. Adobe has certified that it adheres to the Privacy Shield Principles.
Within the framework of a commissioned data processing agreement Adobe processes your personal data on our behalf and according to our instructions. This may include the following data:

  • The name you provided,
  • Your IP address,
  • Type of browser and device,
  • Web page from which you arrived at an Adobe website,
  • Search terms entered into a search engine that led you to an Adobe website,
  • Use and navigation of websites and applications (collected by cookies and similar technologies or by Adobe servers when you are logged into the application or website),
  • Analysis of your content (such as activity logs and direct feedback from you) sent or received through an online feature of an Adobe application or website or stored on Adobe servers.

If you are signed in to your Adobe account, Adobe can add the processed information to your account.

You can prevent this information from being added directly by logging out of your Adobe account.

Further information can be found at https://www.adobe.com/privacy/policy.html 

Through the integration of AC we aim to be able to offer you various webinars.

The legal basis for the processing of personal data described here is Art. 6 (1) p. 1 lit. b) DSGVO - insofar as the webinars are conducted within the scope of contractual relationships - as well as our legitimate interest in the professional handling of our webinars pursuant to Art. 6 (1) p. 1 lit. f DSGVO. The consent can be revoked at any time.
 

16) Contact form
On our website there is a contact form which you can use for electronic contact. If you contact us via this contact form, the data entered in the input fields will be processed by us.
This includes the following data as mandatory information:

  • E-mail address
  • Postcode, Town/City

Furthermore, you can add further data as voluntary information. This may simplify and speed up the processing of your request. The following data is potentially affected:

  • Salutation
  • Telephone
  • First name
  • Last name
  • Company
  • The information arising in each instance from the message text

Mandatory and voluntary information is treated equally by us. The mandatory information is necessary to be able to contact you and process your request.

Please note that the extent of the personal data collected in the contact form also depends on the data you yourself disclose in the message text of the contact form.

The purpose of the processing of personal data within the scope of the mandatory and voluntary information is to process the contact enquiry and to be able to contact the enquirer in order to respond to the request.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. It is our legitimate interest to offer you the possibility to contact us at any time so that we can answer your questions.

The personal data are processed only as long as necessary for the provision of the function.

The recipient of the data is our server host, which is working for us within the scope of a commissioned data processing agreement.
 

17) Making contact
You have the possibility to contact us by mail, telephone, fax or e-mail.

If you contact us by post, we can process, in particular, your address data (e.g. surname, first name, street, town/city, postcode), date and time of receiving the letter as well as such data resulting from your letter itself.

If you contact us by telephone, we can process your telephone number and, if necessary, in the course of the conversation on request your name, your e-mail address, the time of the call and details of your request.

If you contact us by fax, we can process, in particular, the fax number or the source identifier as well as the data resulting from the fax.

When you contact us by e-mail, your e-mail address, the time of the e-mail and the data resulting from the message text (and attachments if applicable) are processed.

The purpose of processing the above-mentioned data is to process the contact enquiry and to be able to contact the enquirer in order to respond to the request.

The legal basis for the processing of personal data described here is Article 6(1)(f) GDPR. It is our legitimate interest to offer you the possibility to contact us at any time and to answer your questions.

The personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.
 

19) Online appointment booking via Microsoft Bookings
We offer you the possibility to book appointments online via our website. For this purpose, we use the Microsoft Bookings tool, a service of Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, United States. We have concluded both a data processing agreement and EU Standard Contractual Clauses (SCC) with Microsoft to guarantee an appropriate level of data protection. 

To the extent that Microsoft Bookings processes personal data in connection with Microsoft’s legitimate business operations, Microsoft is the independent data controller for such use and as such is responsible for compliance with all applicable laws and obligations of a data controller. In this case, we have no influence over Microsoft’s data processing. 

Further information about Microsoft Bookings and how it handles user data can be found here: https://privacy.microsoft.com/en-us/privacystatement  

The connection to the service is established when you visit our contact page; the data you enter there is processed after you confirm the form. To book an appointment, your entries in the appointment form are transferred to Microsoft. Please note that you are not obliged to use Microsoft Bookings to book an appointment. If you do not wish to use the service, please use another of the contact options offered to book an appointment. 

The legal basis for the data transfer, storage and processing is your consent pursuant to Art. 6(1)(1)(a) GDPR. The consent may be revoked at any time. 
You have the option to revoke your consent to data processing or to object to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.

20)  Social networks and external links
We would like to point out that personal data of users may be processed outside the European Union. This may result in risks for users as there is sometimes a lack of an appropriate level of data protection (e.g. in the United States), which makes it difficult, for example, to enforce users’ rights.

In addition, the social network provider may process the most important data of the computer system from which you visit it – for example, your IP address, the type of processor used and browser version including plug-ins.

If you are logged in with your personal user account on the respective network while visiting such a website, this network can assign the visit to this account.

The purpose and scope of data collection by the respective medium and the further processing of your data there as well as your rights in this regard can be found in the respective provisions of the respective controller, such as:

  • Facebook / Meta Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; the link to the privacy policy can be found at www.facebook.com/policy.php; further information on data collection: www.facebook.com/help/186325668085084, www.facebook.com/about/privacy/your-info-on-other as well as www.facebook.com/about/privacy/your-info.    
  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. The link to Twitter's privacy policy can be found at twitter.com/en/privacy 
  • Instagram by Facebook / Meta Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The link to Instagram's privacy policy can be found at help.instagram.com/155833707900388  
  • YouTube by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The link to Google's privacy policy can be found at policies.google.com/privacy 
  • Xing / New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. The link to xing's privacy policy can be found at privacy.xing.com/en 
  • LinkedIn Corporation; 1000 West Maude Avenue, Sunnyvale, CA 94085, USA: The link to LinkedIn's privacy policy can be found at www.linkedin.com/legal/privacy-policy 

Requests for information and the data subject rights can be asserted most effectively with the providers. This is because only the providers have access to the users’ data and can take appropriate measures and provide information directly. However, we will of course support you if you still need help.

Fanpage Facebook: Insofar as you communicate directly with us via our fan pages on Facebook and Instagram or share personal content with us, we are responsible for processing your data. 

Please note that Facebook also processes your data when you use our fan pages for its own purposes, which are not shown in this Privacy Policy. We have no influence on these data processing procedures by Facebook. In this respect, please see the privacy policies of the respective social networks:

An exception applies to data processing for usage analytics (page insights); we are jointly responsible for this with Meta Platforms Ireland Ltd (Facebook).

This data includes information about the types of content users view or interact with, or the actions they take (see ‘What data do we collect?’ in the Facebook Privacy Policy: www.facebook.com/policy), as well as information about the devices users use (e.g. IP addresses, operating system, browser type, language settings, cookie data; see ‘Device information’ in the Facebook Privacy Policy: www.facebook.com/policy). As explained in the Facebook Privacy Policy under ‘How do we use your information?’, Facebook also collects and uses information to provide analytics services, known as ‘Page Insights’, to page operators to provide them with insights into how people interact with their pages and the content associated with them. We have entered into a special agreement with Facebook (‘Information about Page Insights’, www.facebook.com/legal/terms/page_controller_addendum), which in particular regulates which security measures Facebook must observe and in which Facebook has agreed to fulfil data subject rights (i.e. users may, for example, send information or deletion requests directly to Facebook). Users’ rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the ‘Information about Page Insights’ (https://www.facebook.com/legal/terms/information_about_page_insights_data).

We, as the provider of the information service, also process that data from your use of our service that you voluntarily provide on the fan page (e.g. in comments) for the purpose of answering your enquiries, communicating with you and publishing information regarding the content offered on the Facebook pages or our company. The legal basis for the processing is Art. 6(1)(1)(b) and (f) GDPR. The legitimate interest is the effective provision of information to users, customers and interested parties and communication with these persons.

As a co-responsible party for the processing of personal data in the course of making this content available on Facebook, we undertake to display the greatest possible degree of responsibility in accordance with the remaining content of this Privacy Policy with regard to the processing of personal data. However, we would also like to point out that we are not aware of the exact processing that is carried out by Facebook, neither in its full extent nor content, and that we have no influence over it.

21) Data security
We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. However, despite regular checks, complete protection against all risks is not possible.

22) Storage and retention periods
We will retain your personal data for as long as is necessary to achieve the processing purposes set out in this Privacy Policy. 

Specific statements in this Privacy Policy or legal requirements for the retention and deletion of personal data, in particular that which we are required to retain for tax law reasons, remain unaffected.

23) Obligation to provide data
Within the scope of our business relationship, you are only required to provide the personal data that is necessary for the establishment, implementation and termination of a business relationship or which we are legally obliged to collect. Without this data, we will generally have to refuse to conclude a contract or execute the order, or be unable to continue to execute an existing contract and may have to terminate it.

Furthermore, in order to provide paid services, it is necessary for us to ask for additional data and, for example, to process the method of payment requested by you.

However, subject to the provisions set out above, you are generally free to provide personal data. 

24) Amending the data privacy policy
Changes in the law or changes in our internal processes may make it necessary to amend this data privacy policy.
In the event of such a change, we will inform you of this above the heading “Data Privacy Policy”.

25) Cancellation
You have the right to withdraw any consent you have given at any time with future effect, without affecting the lawfulness of the processing carried out on the basis of the consent up to the point of withdrawal.

You can send or communicate your revocation of consent to us at any time (e.g. by e-mail to datenschutz@rundstedt.de).

26) Rights of the data subject
In principle, you have the following rights:

  • right of access (Art. 15 GDPR)
  • right of rectification (Article 16 GDPR)
  • right to object (Art. 21 GDPR)
  • right to erasure (Article 17 GDPR)
  • right to restrict processing (Article 18f. GDPR)
  • right to data transferability (Article 20 GDPR)

For enquiries of this kind, please contact datenschutz@rundstedt.de. Please note that in the case of such requests, we must ensure that the person making contact is indeed the data subject.

You have the right to appeal to a data protection supervisory authority, without prejudice to any other administrative or judicial remedy.

Automated decision making does not take place on our website.

27) In addition, for users of the myTURN app

Data Protection Advisory - myTURN App

Information about your right of objection pursuant to art. 21 GDPR

Insofar as we cite our legitimate interest (Art. 6 (1)(f) GDPR) as the basis for lawful processing, you have a right of objection pursuant to Art. 21 GDPR.

Under Art. 21 GDPR, you have the right to object to the processing of personal data at any time. If you do so, we will no longer process the personal data for direct marketing or related profiling purposes. We will also not process your personal data for other purposes after an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or unless the processing serves the establishment, exercise or defence of legal claims (see, for example, Art. 21(1) GDPR, ‘limited right of objection’). In this case, you must provide reasons for the objection that arise from your particular situation.

You may also object to the processing of your personal data on grounds relating to your particular situation, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out in the public interest (see Art. 21(6) GDPR).
You can send or inform us of your objection at any time (e.g. by email to datenschutz@rundstedt.de).