BPO Consulting Group

Privacy Policy

 

Please note: This is a translation of the German language Data Protection Statement. This translation is available for your convenience only. The sole legally binding document is the version in the German language text.

Privacy policy for website providers according to the General Data Protection Regulation (hereinafter referred to as the "GDPR“)

We take the protection of your personal data very seriously and strictly adhere to the rules of data protection laws.

Personal data (usually referred to just as "data" below) will only be processed by us to the extent technically necessary.

In no case will the collected data be sold or passed on to third parties.

The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others.

I. Information about us as controllers of your data

The party responsible for this website (the "controller") for purposes of data protection law is the

BPO Beratergruppe für Personalentwicklung und Organisationsveränderungen GbR

Internetaddress: www.bpo.de

hereinafter referred to as the "BPO Consulting Group“ or „BPO“.

II. Information about the data protection officer

The BPO Consulting Group has less than 9 members or employees. Therefore, we are not legally obliged to name a data protection officer. In order to facilitate contact with respect to data protection issues, the following member of BPO is available in the sense of a data protection officer:

Helge Johannes Baudis
Hinter der Mauer 9
72108 Rottenburg am Neckar
Germany
T +49 172 941 692 8
M h.j.baudis@bpo.de

III. General information about the data processing

  1. Scope of data processing

We do not collect or use any personal data of the users of our website. The personal data of our users are only collected and used after the user has given their consent when they contact us. An exception applies in cases in which prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Data protection declaration for Google Analytics

This website uses Google Analytics provided by

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

  1. Legal basis for the processing of personal data

Insofar as we obtain the data subject's consent for processing personal data, Article 6 (1) lit. EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data, which is necessary for the performance of a contract to which the data subject is a party, Art. 6 Para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 Para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 (1) lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

  1. Deletion of data and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage can also take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

IV. Provision of the website and creation of log files

According to the EU General Data Protection Regulation (GDPR), every responsible body that orders the processing of personal data must conclude a contract for order processing (AVV).

As a customer of "1&1 Internet SE Elgendorfer Str. 57, 56410 Montabaur", hereinafter referred to as "1&1", personal data may be stored on 1&1's servers. As soon as personal data is stored or processed on the systems of 1&1, we have to secure ourselves legally in accordance with Art. 28 GDPR.

For this reason, we have concluded a contract for order processing (AVV) with 1&1. With this agreement, our customers or persons who contact us electronically have legally confirmed the security of the data on the servers of 1&1 Internet SE.

Regardless of the services we use individually, this generally applies to 1&1 for:

  • Server: Cloud Server, Virtual Server Cloud, Managed Cloud Hosting, Dedicated Server, Bare Metal Server, Dynamic Cloud Server, Container Cluster
  • Web hosting & homepage: web hosting, Linux hosting, WordPress hosting, MyWebsite, e-shop, ipayment
  • Office & Online Marketing: online accounting, email marketing

This ensures that 1&1 Internet SE explicitly confirms the legally compliant implementation of the legal data protection requirements.

V. Contact form, email contact and newsletter

  1. Description and scope of data processing

There is no separate contact form on our website, but the e-mail address of the BPO colleague addressed by the website user is transferred to the user's own e-mail program. The personal data of the user transmitted when sending the email is saved.

In this context, the data is not passed on to third parties. The data will only be used to process the conversation.

  1. Legal basis for data processing

The legal basis for the processing of the data is Art. 6 Para. 1 lit. a GDPR.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 Para. 1 lit. f GDPR. If the email contact aims to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR.

  1. Purpose of data processing

The processing of personal data serves us only to establish contact. If you contact us by email, this is also the necessary legitimate interest in the processing of the data.

  1. Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been finally clarified.

Any additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

  1. Rights of rectification and erasure

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

In order to object to the storage of personal data when contacting us per email, it is sufficient to notify us directly in the email sent, to object to the storage in a later email or to notify us of the objection by phone call. The contact person is then the respective colleague of the BPO Consulting Group.

In this case, all personal data saved in the course of contacting us will be deleted.

  1. Newsletter

There is no option to subscribe to a newsletter on our website. Therefore, no personal data is collected in this context.

The other personal data collected during the registration process is usually deleted after a period of seven days.

VI. Rights of the data subject

If your personal data is processed, you are affected in the sense of the GDPR and you have the following rights vis-à-vis the person responsible:

  1. Right of Access

You can request confirmation from the person responsible and / or the respective colleague in the BPO Consulting Group as to whether personal data concerning you have been processed and stored by us.

If your personal data has been processed, you can request information about the following information:

  • the purposes for which the personal data are processed;
  • the categories of personal data that are processed;
  • the recipients or the categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  • the existence of a right to correction or deletion of your personal data, a right to restriction of processing by the person responsible or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information about the origin of the data if the personal data is not collected from the data subject;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

For information: Profiling of contact details is never carried out or commissioned by the BPO Consulting Group.

You have the right to request information as to whether the personal data relating to you are transferred to a third country or to an international organization. In this context, you can request to be informed about appropriate guarantees in accordance with Art. 46 GDPR in connection with the transmission.

  1. Right to rectification

You have a right to correction and / or completion vis-à-vis the person responsible if the processed personal data that concern you are incorrect or incomplete. The person responsible must make the correction immediately.

  1. Right to restriction of data processing

You can request that the processing of your personal data be restricted under the following conditions:

  • if you contest the accuracy of your personal data for a period of time that enables the person responsible to check the accuracy of the personal data;
  • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
  • the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
  • if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.

If the processing of your personal data has been restricted, this data - apart from its storage - may only be obtained with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

If the restriction of processing according to the above is restricted, you will be informed by the person responsible before the restriction is lifted.

  1. Right of deletion

 

a) Obligation to delete

You can request the data controller to delete your personal data immediately, and the data controller is obliged to delete this data immediately if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You revoke your consent on which the processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  • You object to data processing according to Art. 21 para. 1 GDPR and there is no overriding legitimate reason for the processing, or you file an objection to the data processing pursuant to Art. Art. 21 para. 2 GDPR.
  • The personal data concerning you was processed illegally.
  • The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
  • The personal data concerning you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

 

b) Information to third parties

If the person responsible has made your personal data public and is acc. Article 17 (1) GDPR obliged to delete them, then that person will take appropriate measures, taking into account the available technology and implementation costs, including technical ones, to inform those responsible for data processing who process the personal data that you as the data subject have requested that they delete all links to this personal data or copies or replications of this personal data.

 

c) exceptions

The right to deletion does not exist if the processing is necessary

  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation that requires processing in accordance with the law of the Union or the Member States to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of ​​public health in accordance with Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes acc. Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
  • to assert, exercise or defend legal claims.

 

  1. Right to be informed

If you have asserted the right to correction, deletion or restriction of processing against the person responsible, he is obliged to inform all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have the right towards the person responsible to be informed about these recipients.

  1. Right to data portability

You have the right to receive the personal data that you have provided to the person responsible in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided, provided that

  • processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or on a contract acc. Art. 6 para. 1 lit. b GDPR and
  • Processing is carried out using automated processes.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, insofar as this is technically feasible. The freedoms and rights of other people must not be affected by this.

The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

  1. Right to object

You have the right, for reasons that arise from your particular situation, to object at any time against the processing of your personal data, which is based on Art. 6 Para. 1 lit. e or f GDPR.

The controller will no longer process the personal data relating to you, unless he can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option of exercising your right to object in connection with the use of information society services using automated procedures that use technical specifications.

  1. Right to withdraw the data protection declaration of consent

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

  1. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your residence, your place of work or the place of the alleged violation, if you believe that the processing of your personal data is against the GDPR.

The supervisory authority to which the complaint has been submitted will inform the complainant of the status and results of the complaint, including the possibility of a judicial appeal in accordance with Art. 78 GDPR.

VIII. Cookies

20. October 2020

BPO Consulting Group