A. Responsible person within the meaning of art. 4, no. 7 of the General Data Protection Regulation (GDPR)
WINKELMANN CONSULT GMBH & CO. KG
Head office, Hamburg
Gänsemarkt 45,
20354 Hamburg, GERMANY
Tel. +49 (0)40 – 411617 – 0
Fax +49 (0)40 – 411617 – 20
e-mail: info@winkelmannconsult.de
internet: www.winkelmannconsult.com
We are delighted that you are visiting the website of WINKELMANN CONSULT GMBH & CO. KG and thank you for your interest in our company and our services. The protection of your privacy is particularly important to us. In what follows, we inform you about the collection, processing and use of your data. This is always done in accordance with the data protection regulations.
B. General Information
Fundamentally, you can visit the website of WINKELMANN CONSULT GMBH & CO. KG without telling us who you are.
If you voluntarily provide us with your personal data (name, address, e-mail address, telephone number etc.) in the context of an enquiry, we will use this data to send you the offer you have requested or to provide you with information. This data is not stored on the web server and is not sold or published externally. The legal basis for this data collection and data processing is the initiation of a contract in accordance with art. 6, section 1, sentence 1, letter b of the General Data Protection Regulation (GDPR), or your consent in accordance with art. 6, section 1, sentence 1, letter a of the GDPR. Your personal data will only be stored for as long as is necessary to answer all enquiries or until your consent is revoked. If a contract is subsequently concluded, your personal data will be stored until the expiry of the relevant statutory retention periods.
We also automatically receive the following log data:
1. Websites visited
2. Time of access
3. Quantity of transmitted data in bytes
4. Source or link from which you have accessed our page
5. Browser used
6. Operating system used
7. IP address used
An inference from the IP address used to an individual end user is only possible by recourse to provider data of the internet access provider. This recourse is usually only granted to investigating authorities by judicial order in justified individual cases. However, the IP address can be used to identify the responsible internet access provider. This is necessary in order to report cases of abuse to the access provider and to be able to request the provider to remedy the problem. The remaining data is summarised in the statistics in such a way that no more personal information can be recovered from it.
These so-called server log files are stored on a rolling basis for 28 days and the oldest file is automatically deleted during log rotation. The files are evaluated once for general access statistics immediately on the following day after recording and are otherwise referred to exclusively for the analysis of detected malfunctions or in the event of suspected misuse.
Unless otherwise specified in the following sections, data processing is carried out exclusively by WINKELMANN CONSULT GMBH & CO. KG.
In accordance with art. 6, section 1, sentence 1, letter f of the GDPR, this data collection and data processing serves to protect our legitimate interests in the correct presentation of our offering, which are considered to prevail in the context of a balancing of interests.
C. Cookies
Cookies are small databases that store user-specific content. We have deliberately avoided cookies that are not necessary. We use a session cookie for your preferred language setting: ppqtrans_cookie_test. This is deleted after closing the session.
Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) [Telecommunications and Telemedia Data Protection Act]
The legal basis for the storage and retrieval of information from the end user’s terminal equipment is consent, in accordance with section 25 (1), sentence 1 of the TTDSG. This consent is requested when the website is called up.
According to section 25 (2), no. 2 of the TTDSG, consent is not required if the storage of information on the end user’s terminal equipment or access to information already stored on the end user’s terminal equipment is absolutely necessary in order for the provider of a telemedia service to provide such a service that has been expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as ‘technically necessary cookies’) and therefore fall under the exemption of section 25 (2 of the) TTDSG and hence do not require consent.
Please note that the legal basis for the downstream processing of personal data is then derived from the GDPR. The relevant legal basis for the processing of personal data on this website can be found in the further course of this data privacy statement.
D. Your Rights
You can assert your rights, as listed below, against us at any time and free of charge.
Right to information: in accordance with article 15 of the GDPR, you have the right to receive information from us about the processing of your personal data.
Right of rectification: in accordance with art. 16 of the GDPR, you have the right to demand that we correct any personal data relating to you that is incorrect or incomplete.
Right to deletion: you have the right to demand the deletion of your data if the conditions set out in art. 17 of the GDPR are met. According to this, you can, for example, demand the deletion of your data if it is no longer necessary for the purposes for which it was collected. You can also request deletion if we process your data on the basis of your consent and you revoke this consent.
Right to restriction of processing: you have the right to request that the processing of your data be restricted if the conditions of art. 18 of the GDPR are met. This is the case, for example, if you dispute the accuracy of your data. You can then demand the restriction of processing for the duration of the verification of the accuracy of the data.
Right of objection: insofar as the processing is based on our overriding legitimate interest, in accordance with art. 21 of the GDPR you have the right to object to the processing of your data. An objection is permissible if the processing is either in the public interest or based on the exercise of official authority or on the basis of a legitimate interest of WINKELMANN CONSULT GMBH & CO. KG or a third party. In case of objection, we ask you to inform us of your reasons for objecting to the data processing.
Right to data portability: insofar as the data processing is based on your consent or on the fulfilment of a contract and if it is also carried out using automated processing, you have the right according to art. 20 of the GDPR to receive your data in a structured, standard and machine-readable format and to transfer it to another data processor.
Right of revocation: insofar as the data processing is based on your consent, you have the right in accordance with art. 7, section 3, sentence 1 of the GDPR to revoke the data processing within the scope of consent with effect for the future at any time.
Right of complaint: you also have the right to complain about our processing of your data to a data protection supervisory authority, in accordance with art. 77 of the GDPR.
Right to effective judicial remedy: without prejudice to any available administrative or extrajudicial remedy, including the right to lodge a complaint with a supervisory authority under article 77 of the GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data not in compliance with this Regulation.
E. Data Protection Officer
Our data protection officer is available to you as a contact for data protection related concerns at any time:
Thilo Noack
SharedIT Professional GmbH & Co. KG
Saebystr. 17a,
24576 Bad Bramstedt,
GERMANY
e-mail: thilo.noack@sharedit-pro.de
For the assertion of rights within the framework of data protection or for questions regarding the use, collection or processing of your personal data, please contact info@winkelmannconsult.de.
F. Recipients / passing on of data
Unless already mentioned above, data that you provide to us will not be passed on to third parties as a matter of principle. In particular, your data will not be passed on to third parties for their advertising purposes.
However, we may use service providers for the operation of this website or for e-mail services, for example. In this case, it may happen that a service provider obtains knowledge of personal data. We select our service providers carefully, especially with regard to data protection and data security, and take all measures required by data protection law for permissible data processing.
G. Data protection information for job applicants
We are delighted that you are interested in us, and are applying or have applied for a position in our company. We would like to provide you with the following information on the processing of your personal data in connection with your application.
a. What data of yours do we process? And for what purposes?
We process the data you have sent us in connection with your application in order to check your suitability for the position (or other open positions in our company, if applicable) and to conduct the application procedure.
b. What are the legal grounds on which this is based?
The legal basis for the processing of your personal data in this application procedure is primarily section 26 of the German Federal Data Protection Act (BDSG) in the version applicable from 25.05.2018. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible.
Should the data be required for legal proceedings after completion of the application process, data processing may be carried out on the basis of the requirements of art. 6 of the GDPR, in particular to safeguard legitimate interests in accordance with art. 6, section 1, sentence 1, letter f of the GDPR. Our overriding legitimate interest then consists in the assertion of or defence against claims.
c. For how long will the data be stored?
Data of applicants will be deleted after 6 months in case of a rejection.
In the event that you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. The data will be held there and then be deleted after two years.
If you have been accepted for a position during the application process, the data from the applicant data system will be transferred to our personnel information system.
d. To what recipients will the data be passed on?
Your application data will be reviewed by our HR department after receipt of your application. Suitable applications are then forwarded internally to the department heads responsible for the respective open position. The further procedure is then coordinated. Within the company, basically only those persons have access to your data who need this for the proper conduct of our application procedure.
e. Where will the data be processed?
The data will be processed exclusively at data centres in the Federal Republic of Germany.
f. Your rights as a ‘data subject’
You have the right to information about the personal data we process about you.
In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you to prove that you are the person you claim to be.
Furthermore, you have a right to correction or deletion of the data or to restriction of processing of the data, insofar as you are entitled to this by law.
Furthermore, you have a right to object to processing within the scope of the law as well as a right of revocation. The same applies to the right of data portability.
Furthermore, you have the right to complain about the processing of personal data by us to a data protection supervisory authority.