Data protection information for certain business transactions
Information about the collection of personal data
In the following, we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.
The responsible person according to Art. 4 (7) of the General Data Protection Regulation (GDPR) is:
Consist Software Solutions GmbH
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer required or restrict the processing if there are statutory retention obligations.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below.
You have the following rights with respect to us regarding personal data concerning you:
- Right to information,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to revoke against processing in case of given consent,
- Right to data portability.
You also have the right to lodge a complaint about the processing of your personal data with a data protection supervisory authority (see below).
Collection of personal data when visiting our website
In the case of merely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Operating system and its interface
- Language and version of the browser software.
The legal basis is Art. 6 para. 1 sent. 1 lit. f GDPR; our legitimate interest is to ensure the stability and security of our systems.
In addition to the previously mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie receives certain information.
For more information about which cookies are set, please see our > Cookie declaration.
We use a Consent Manager (Cookie Notice Banner) to inform you in a legally compliant manner and to query your preferences. This also serves to comply with the legal obligations of proof, such as the storage of consent or, if you do not consent, non-consent.
Contact and registration forms
The personal data from the contact form is the following data:
- E-Mail Address*
The fields marked with * are the minimum information that must be provided in order to use the form.
The transmitted data can be evaluated by the operator of the site for statistical purposes and to combat abuse. The data is not passed on to third parties. Client-related user profiles are not created. If you do not consent, your data will be deleted after the request has been answered or after the event has been attended, and you will not receive any further information. You can object to the use of your data for the purpose of sending information at any time, even after you have given your consent, to Consist Software Solutions GmbH.
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. This data is processed on the basis of Section 26 (1) Sentence 1 of the German Federal Data Protection Act (BDSG) (decision on the establishment of an employment relationship).
If the controller does not conclude an employment contract with the applicant, the application documents will be deleted automatically five months after receipt of the application, provided that no other legitimate interests of the controller prevent deletion. Other legitimate interest pursuant to Art. 6 (1) f may, for example, constitute a duty to provide evidence in proceedings under the German General Equal Treatment Act (AGG).
We use SuperMailer for sending more extensive mailings. The provider of SuperMailer is Mirko Böer, Softwareentwicklungen, Malachitstraße 16, 04319 Leipzig, Germany.
SuperMailer is a service with which, among other things, the sending of e-mails can be organized and analyzed. The data you enter for the purpose of receiving e-mails is stored on our own servers in Germany. If you do not want any analysis by SuperMailer, you must unsubscribe from the e-mails. For this purpose, we provide a corresponding link in each e-mail as part of a mailing campaign. Furthermore, you can also unsubscribe from the emails directly on the website.
With the help of SuperMailer, we are able to analyze our mailing campaigns. Among other things, we can see whether a mailing message has been opened and which links, if any, have been clicked. SuperMailer also allows us to divide the mailing recipients according to different recipient categories. In this way, the mailings can be better adapted to the respective target groups.
For detailed information about the features of SuperMailer, please refer to the following link: http://www.supermailer.de/about-mailings-software.htm
Linking social media via graphic or text link
We also advertise on our website presences on the social networks listed below. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents a connection to the respective server of the social network from being automatically established when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the corresponding graphic will the user be redirected to the service of the respective social network.
After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way is processed in the USA.
This is initially data such as IP address, date, time and page visited. If the user is logged into his user account of the respective network during this time, the network operator may be able to assign the collected information of the specific visit of the user to the personal account of the user. If the user interacts via a "Share" button of the respective network, this information can be stored in the user's personal user account and may be published. If the user wants to prevent the collected information from being directly assigned to his user account, he must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are integrated into our site by linking:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
Privacy Statement: https://policies.google.com/privacy
Google AdWords and conversion measurement
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google") on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR).
We use the online marketing method Google "Ads" to place ads in the Google advertising network (e.g., in search results, in videos, on web pages, etc.) so that they are displayed to users who have a presumed interest in the ads. This allows us to display ads for and within our Online Offerings in a more targeted manner to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products he or she was interested in on other online offers, this is referred to as "remarketing". For these purposes, when our website and other websites on which the Google advertising network is active are called up, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also referred to as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which web pages the user has visited, which content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring web pages, time of visit and other information about the use of the online offer.
Furthermore, we receive an individual "conversion cookie". The information obtained with the help of the cookie is used by Google to create conversion statistics for us. However, we only learn the anonymous total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information that personally identifies users.
User data is processed pseudonymously within the Google advertising network. I.e. Google does not store and process e.g. the name or email address of the users, but processes the relevant data cookie-related within pseudonymous user profiles. I.e. from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about the users is transmitted to Google and stored on Google's servers in the USA.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with other services related to the use of this online offer and the Internet. In doing so, pseudonymous usage profiles of the users can be created from the processed data.
We only use Google Analytics with IP anonymization activated. This means that the IP address of users is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user's browser is not merged with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of the data generated by the cookie and related to their use of the online offer to Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
YouTube with enhanced privacy
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube - regardless of whether you watch a video - establishes a connection to the Google DoubleClick network.
As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.
Video conferencing, online meetings, webinars and screen sharing
We use platforms and applications of other providers (hereinafter referred to as "third-party providers") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting the third-party providers and their services, we observe the legal requirements.
In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual as well as vocal contributions and entries in chats and shared screen contents.
If users are referred to the third-party providers, or their software or platforms, in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.
Notes on legal basis:
→ Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
→ Data subjects: Communication partners, users (e.g. website visitors, users of online services).
→ Purposes of processing: Contractual performance and service, contact requests and communication, office and organizational procedures.
→ Legal bases: Consent (Art. 6 para. 1 sent. 1 lit. a GDPR), Contractual performance and pre-contractual inquiries (Art. 6 para. 1 sent. 1 lit. b GDPR), Legitimate interests (Art. 6 para. 1 sent. 1 lit. f GDPR).
Note on data transfer to the USA
Among other things, tools from companies based in the USA are integrated on our website. If these tools are active, your personal data may be transferred to the US servers of the respective companies. We would like to point out that the USA is not a safe third country in the sense of EU data protection law. US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
Services used and service providers:
- Microsoft Teams:
Insofar as personal data of employees of our company is processed, § 26 BDSG is the legal basis for data processing. If, in connection with the use of "Microsoft Teams", personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of "Microsoft Teams", Art. 6 (1) f GDPR is the legal basis for data processing. In these cases, our interest is in the effective implementation of "online meetings".
For the rest, the legal basis for data processing when conducting "online meetings" is Art. 6 (1) lit. b GDPR, insofar as the meetings are conducted in the context of contractual relationships.
Should no contractual relationship exist, the legal basis is Art. 6 (1) lit. f GDPR. Here, too, our interest is in the effective implementation of "online meetings".
- Cisco Webex:
We use Cisco Webex exclusively for video conferencing.
When using "Cisco Webex", various types of personal data are processed. The scope of the data processing also depends on the information you provide before or when participating in a web meeting and the settings you make. The following personal data is subject to processing: User details: surname, first name, university e-mail address, Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information. For recordings: MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with the telephone: information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored. Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in a web meeting. To this extent, the text entries you make are processed in order to display and, if necessary, record them in the web meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the "Cisco Webex" applications. Our default settings are made in such a way that no text, audio or video data from you is processed without you initiating this processing yourself.
An AV contract has been concluded with Cisco Webex.
Recordings of video conferences require admissibility as well as the consent of the participants*.
We secure our website and other systems through appropriate technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. However, despite regular checks, complete protection against all dangers is not possible.
Our website uses the industry standard SSL/TLS (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal information over the Internet. You can tell whether encrypted transmission is taking place by the closed key/lock symbol in your browser display. We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is technically not possible.
Passing on of data
Your personal data will only be passed on to third parties,
- if you have given your express consent to this in accordance with Art. 6 (1) a GDPR;
- if the transfer is necessary for the fulfillment of contractual obligations in accordance with Art. 6 (1) b GDPR;
- if we are legally obliged to pass on the data in accordance with Art. 6 (1) c GDPR;
- if the disclosure of the data is in the public interest as defined in Art. 6 (1) e GDPR or;
- if the disclosure of the data is necessary to protect our legitimate interests or the legitimate interests of a third party pursuant to Art. 6 (1) f GDPR, unless your interests in the protection of your data override these interests.
Categories of recipients
We use IT service providers who work exclusively on our behalf and bound by instructions (order processing) to provide the service offered, e.g. hosting this website. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
Third party recipients
In order to process your requests satisfactorily, it may be necessary for us to pass on your personal data to third party recipients. Third party recipients can be our suppliers, transport and logistics partners and our trading partners.
Duration of storage of personal data
We store your data for as long as they are needed for the respective purposes on which the processing is based. Beyond that, we only store data insofar as we are legally obligated to do so, e.g. due to statutory retention obligations.
Detailed information on the right to object
An objection to the processing of personal data concerning you, on the basis of Article 6 (1e) (data processing in the public interest) or (f) (data processing for the protection of legitimate interests based on a balance of interests) is possible at any time in accordance with Article 21 GDPR. In the event of an objection, the personal data will no longer be processed unless compelling legitimate grounds for the processing are demonstrated which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
Please address your objection to the responsible body mentioned under point 1.
Detailed information on the right of withdrawal
If you have given us your consent to the processing of personal data, you may revoke this consent at any time. Of course, this also applies to declarations of consent given to us before May 25, 2018 (before the GDPR applies). The revocation of consent can always only be valid for the future. The lawfulness of the processing is not retroactively eliminated by a revocation.
Please address your revocation to the responsible body mentioned under point 1.
This data protection declaration is as of 31.08.2020. It is the current and valid version of our data protection declaration.
The address of the supervisory authority responsible for us is:
Data protection officer
If you have any questions regarding data protection, please do not hesitate to contact our data protection officer:
Name: Matthias Krohe on behalf of HM-Consult IT-Management GmbH
The design of the Consist Software Solutions GmbH Internet presence was made primarily with the use of our own and license-free image elements and text documents. When using image elements, text documents, and publications of third parties, Consist Software Solutions GmbH respects their copyrights and ownership rights.