ENDE

PRIVACY POLICY

Last updated: 9 August 2023

The protection of your personal data is very important to us, so we would like to list here all the information about the processing and storage of your data when you visit our website and in our companies.

 

In order to be able to use all the functions and services of our site, it is necessary to collect your personal data. However, processing and storage is only carried out in accordance with the legal guidelines and requirements of the Genereal Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).

 

RESPONSIBLE

Dr. Sabine Schmid
Consulting
Heimstrasse 31
D-89073 Ulm
info@drschmid-consult.com

You can find more information in the imprint.

 

COLLECTION AND PROCESSING OF PERSONAL DATA ON THIS WEBSITE

Note: In order to protect your data as comprehensively as possible from unwanted access, we take so-called technical and organisational measures and use an encryption process on our website. Your data is transmitted over the Internet from your computer to our computer and vice versa using so-called TLS encryption. TLS means “Transport Layer Security” and is an encryption protocol for data transmission on the Internet. You can usually recognise “TLS” by the fact that the lock symbol in the status bar of your browser is closed and the address begins with https://.

  1. COLLECTION OF ACCESS AND LOG DATA

This website automatically collects and stores server log file information that your browser sends to us.

These are

  • IP address of the user,
  • Date and time of access,
  • Type of request,
  • Customer information such as type and version,
  • Operating system of the user (device, OS version of the device),
  • Referrer information (i.e. the source of the access)

The legal basis for this data processing is the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest is based on being able to identify indications of illegal use of our website (e.g. defence against hacker attacks) and to ensure a smooth connection.

We have concluded an order processing contract with the provider of this website, RockingHoster Deutschland GmbH, based in Ahrensburg, Germany, in accordance with Art. 28 GDPR. This is a contract required by data protection law, which ensures that RockingHoster Deutschland GmbH only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR. In addition, we have concluded an order processing contract with Sichtbär GbR, our web agency.

The collected data is stored in server log files that your browser automatically transmits to us in encrypted form. We only save the server log files in the event of attacks on our server infrastructure or other legal violations. This longer storage period is based on our legitimate interest according to Art. 6 para. 1 lit. f) GDPR and only serves to preserve evidence.

  1. ENQUIRIES VIA E-MAIL AND TELEPHONE

Any personal information that you provide to us on a voluntary basis will of course be treated confidentially. We use the personal data you provide exclusively to process and respond to your enquiry. The legal basis for data processing is our legitimate interest according to Art. 6 Para. 1 lit. f) GDPR. This results from our interest in answering enquiries from our customers, business partners and interested parties and in promoting or maintaining customer satisfaction. A further legal basis for natural persons is the initiation or fulfilment of a contract in accordance with Art. 6 (1) (b) GDPR.

 

All personal data that you transmit to us with your enquiry will be deleted or anonymised by us no later than 2 years after the final reply to you, unless a contract is concluded. The retention period of 2 years is due to the fact that it may occasionally happen that you contact us again about the same matter after a reply and refer to the previous correspondence. Experience has shown that after 2 years no further queries follow our replies.

 

Data processing of business partners and customers

  1. Fulfilment of contractual obligations (Art. 6 para. 1 lit. b) GDPR)

The purposes of data processing result from the implementation of pre-contractual measures, and the fulfilment of the obligations from the concluded coaching contract. The provision of your data is necessary for the conclusion of the contract.

  1. Settlement of contracts

For contract processing, we process master data such as first and last name, your billing address as well as your billing and payment data. We use your e-mail address to send outgoing invoices digitally.

  1. For the fulfilment of legal obligations (Art. 6 para. 1 lit. c) GDPR)

The purposes of data processing result from legal requirements in individual cases. These legal obligations include, for example, the fulfilment of retention and identification obligations, e.g. within the framework of requirements for tax control and reporting obligations and data processing within the framework of requests from authorities.

  1. To fulfil our legitimate interests (Art. 6 para. 1 lit. f GDPR)

We process the contact data of contact persons at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone and post. The legal basis for the data processing is the legitimate interest according to Art. 6 para. 1 f) GDPR. The legitimate interest results from the interest in carrying out or initiating the GDPR relationship with customers, interested parties, suppliers and other business partners as well as the personal contact with contact persons. 

 

Personal data is stored for the purpose of carrying out business relationships for as long as there is a legitimate interest in doing so. It may be necessary to process the personal data provided by you beyond the actual performance of the contract with business partners. The legitimate interests here are in particular the assertion of legal claims, defence against liability claims and the settlement of damages resulting from the business relationship.

  1. Retention period

The personal data will be kept for as long as necessary to fulfil the above purposes. 

  1. Data processing to document compliance with the GDPR

Insofar as your data is processed on the basis of consent pursuant to Art. 6 (1) a) GDPR or Art. 9 (2) a) GDPR, we process your data exclusively for a specific purpose and after separate information in order to be able to prove, within the scope of the accountability incumbent upon us pursuant to Art. 5 (2) GDPR, that you have consented to the data processing in question.

 

Insofar as you assert data subject rights from the GDPR against us, we also process and store your data in order to be able to prove within the scope of accountability pursuant to Art. 5 (2) GDPR that we have complied with the GDPR when processing your request.

 

Communication via Microsoft Teams video conferencing system

We use the tool “Microsoft Teams” to conduct telephone conferences, online meetings and video conferences. You can access the arranged appointments via a link provided by e-mail. By clicking on the link, you can join the video room. Before joining, you can decide for yourself whether to activate the video or not. You will be muted by default and will need to manually release your microphone if desired. When you turn on your camera and/or microphone, the meeting processes the data from your microphone as well as your video camera.

If you participate in an online meeting as an external participant, you will receive an access link by e-mail from the meeting host. When registering for the online meeting, you must then enter your name and, if applicable, your e-mail address.

The following additional data may also be processed depending on the type and scope of the specific use:

  • Personal details (e.g. first and last name, email address, profile picture)
  • Meeting metadata (e.g. date, time and duration of the communication, name of the meeting, participant IP address)
  • Device/hardware data (e.g. IP addresses, MAC addresses, Clint version)
  • Text, audio and video data (e.g. chat histories, video, audio and presentation recordings)
  • Connection data (e.g. phone numbers, country names, start and end times, IP addresses)

Furthermore, your personal data may be processed. This also depends on your use, such as the use of the chat and the whiteboard.

We would like to explicitly draw your attention to the fact that any information you provide during the meeting will be processed at least for the duration of the meeting.

Legal basis

The legal basis for data processing for direct contractual partners is Art. 6 para. 1 lit. b) GDPR, for business partners or contact persons at external bodies the legitimate interest according to Art. 6 para. 1 lit. f) GDPR. The legitimate interest is the organisation of virtual communication and the web conference.

Microsoft Teams is a service of Microsoft Corporation. For more information on the processing of your data when using “Teams”, please visit: https://privacy.microsoft.com/de-de/privacystatement and https://news.microsoft.com/de-de/datenschutz-und-sicherheit-in-microsoft-teams-nutzer. We cannot exclude that the routing of data also takes place via internet servers that are located outside the EU or the EEA. For data transfers to Microsoft in the USA, the adequacy decision for the USA applies. You can view Microsoft’s certification here.

The provider Microsoft necessarily receives knowledge of the above-mentioned data, insofar as this is contractually regulated within the scope of our order processing agreement in accordance with Art. 28 GDPR . There are no other recipients.

You are generally not obliged to communicate with us via Microsoft Teams. Alternatively, meetings can also take place by telephone.

We generally delete personal data when there is no need for further storage.

Data subjects’ rights

Your rights as a data subject

According to Art. 15 Para. 1 GDPR, you have the right to receive information about the personal data stored about you free of charge upon request. Furthermore, if the legal requirements are met, you have the right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and restriction of processing (Art. 18 GDPR) of your personal data. If you have provided the processed data yourself, you have a right to data transfer according to Art. 20 GDPR.

If the data processing is based on Art. 6 (1) e) or f) GDPR, you have the right to object pursuant to Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the interest of the data subject in objecting.

You also have the right to lodge a complaint with a data protection supervisory authority. In particular, you can lodge a complaint with a supervisory authority in the EU Member State where you live, work or where the alleged infringement took place.

Contact details of the competent data protection authority:

 

The State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg

Lautenschlagerstraße 20
70173 Stuttgart

Postal address:

PO Box 10 29 32
70025 Stuttgart
Tel.: 0711/615541-0
FAX: 0711/615541-15

E-mail:

No automated decision making

We do not carry out automatic decision-making or profiling.

Provision

Unless otherwise stated in the previous chapters, the provision of personal data is neither legally nor contractually required or necessary for the conclusion of a contract.  Failure to provide your personal data may mean that we are unable to respond to your enquiries, for example.

 

This data protection notice was created in cooperation with the consulting firm SCALELINE. The legal texts are subject to copyright.