Privacy Policy

1. Data protection overview

General information

The following information is designed to give you a simple overview of what happens to your personal data when you visit this website. Personal data is any data that identifies you as an individual. More detailed information about data protection can be found in our Privacy Policy below.

Data collection on this website

Who is responsible for data collection on our website?

Data from our website is processed by the website operator. You can find their contact information in the “Responsible party” section of this Privacy Policy.

How do we collect your data?

Some data is collected when you provide it to us, such as when you enter your data in a contact form.

Other data is collected automatically or subject to your consent by our IT systems when you visit our website. This data is primarily technical data, such as details of your Internet browser or operating system or the time that you visited this website. This data is collected automatically as soon as you enter this site.

What do we use your data for?

Some data is collected to help us keep our website running properly. Other data is collected so that we can analyse how visitors use our site.

What are your rights regarding your data?

You have the right to request information, at any time and free of charge, about your personal data, its origin, its recipients and the purpose of its collection. You also have the right to request that your data be corrected or deleted. If you have given your consent to the processing of your data, you may withdraw it at any time. In addition, subject to certain conditions, you have the right to request that the processing of your personal data be restricted. You also have the right to lodge a complaint with the responsible supervisory authorities.

If you wish to invoke these rights or have any other questions about data protection, you can contact us at any time.

Analytics and third-party tools

We use statistical analyses to evaluate the way that visitors use this site. For this, we mostly use cookies and analytics programs.

More detailed information about this can be found in the Privacy Policy below.

2. Hosting

We host the content of our website with the following provider:

External hosting

This website is hosted externally. Personal data that is captured on this website is stored on the host’s/hosts’ servers. This may comprise IP addresses, contact requests, metadata and communication data, contract details, contact details, names, website visits and other data that is generated by a website.

External hosting is used for the purpose of fulfilling the contract with our potential and existing clients (Art. 6 (1b) GDPR) and in the interests of providing our website securely, quickly and efficiently through a professional service provider (Art. 6 (1f) GDPR). If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1a) GDPR and Section 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw your consent at any time.

Our host(s) will only process your data insofar as this is required to fulfil their obligation to perform a contract and will follow our instructions with regard to this data.

We use the following web host(s):

webspezi.com
Sonnentalstr. 2
52222 Stolberg
Germany

Order processing

We have concluded a contract for order processing with the provider named above. This is a contract prescribed by data protection law that guarantees that the personal data of visitors to our website is only processed according to our instructions and in compliance with the GDPR.

3. General and mandatory information

Data protection

Protecting your personal data is of great importance to the operators of this website, and we take it very seriously. We treat your data as confidential and process it in line with both data protection legislation and the terms of this Privacy Policy.

When you use this website, various items of your personal data will be collected. Personal data is any data that identifies you as an individual. The following Privacy Policy explains what data we collect and what we use it for. It also explains how we collect your data and for what purpose.

Please note, however, that data transfer on the Internet (e.g. via email) may be subject to security vulnerabilities. It is not possible to completely protect data against third-party access.

Responsible party

The party responsible (controller) for data processing on this website is:

HUNDT CONSULT GmbH
Mönkedamm 9
20457 Hamburg

Tel: +49 (40) 33 44 153 100
Email: contact@hundt-consult.de

The responsible party (controller) is the natural or legal person with sole or joint responsibility for deciding on the purposes for which, and means by which, your personal data (names, email addresses, etc.) is processed.

Storage period

Unless a more specific storage period is stated within this Privacy Policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you make a legitimate request for erasure or withdraw consent to data processing, your data will be deleted providing we have no other legally permissible reasons to store your personal data (e.g. retention periods under tax or commercial law). In the case of the latter, the data will be deleted once these reasons no longer apply.

General information about the legal basis for data processing on this website

If you have consented to data processing, we will process your personal data on the basis of Art. 6 (1a) GDPR, or Art. 9 (2a) GDPR, insofar as data categories according to Art. 9 (1) GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, the data processing is also carried out on the basis of Art. 49 (1a) GDPR. If you have consented to the storage of cookies or to the access to information on your device (e.g. via device fingerprinting), data processing is also carried out on the basis of Section 25 (1) TTDSG. You can withdraw your consent at any time. If your data is required in order to fulfil a contract or carry out pre-contractual measures, we will process your data on the basis of Art. 6 (1b) GDPR. Furthermore, insofar as this is necessary to fulfil a legal obligation, we process your data on the basis of Art. 6 (1c) GDPR. Data processing may also be carried out on the basis of our legitimate interest pursuant to Art. 6 (1f) GDPR. Information on the relevant legal basis in each individual case is provided in the following paragraphs of this Privacy Policy.

Data protection officer

We have appointed a data protection officer.

Eva Adam
Mönkedamm 9
20457 Hamburg

Tel: +49 (40) 33 44 153 0
Email: e.adam@hundt-consult.de

Note on the transfer of data to third countries that are not secure under data protection law and the transfer to US companies that are not DPF-certified

Among other tools, we use tools from companies based in third countries that are not considered secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). When these tools are active, your personal data may be transferred to these countries and processed there. We point out that no level of data protection comparable to that in the EU can be guaranteed in third countries that are not considered secure under data protection law.

We point out that the USA, as a secure third country, generally has a level of data protection comparable to that of the EU. Transferring data to the USA is allowed when the data recipient is certified under the EU-US Data Privacy Framework (DPF) or has appropriate additional guarantees. Information regarding the transfer of data to third countries, including the data recipient, can be found in this Privacy Policy.

Recipients of personal data

As part of our business activities, we work with various external offices. In this process, it is in some cases necessary to transfer personal data to these external offices. We only share personal data with external offices if this is necessary in the course of contract fulfilment, if we are legally obliged to do so (e.g. passing on of data to tax authorities), if we have a legitimate interest in sharing the data in accordance with Art. 6 (1f) GDPR, or if another legal basis permits sharing of the data. When using commissioned processors, we only share personal data concerning our clients on the basis of a valid data processing agreement. In the case of shared processing, a contract on joint processing is concluded.

Withdrawal of consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw the consent you have given at any time. The withdrawal of consent does not affect the lawfulness of any data processing prior to this withdrawal.

Right to object to data collection in particular cases and against direct marketing (Art. 21 GDPR)

IF DATA PROCESSING TAKES PLACE ON THE BASIS OF ART. 6 (1E) OR (1F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

WHERE YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT TO PROCESSING FOR DIRECT MARKETING PURPOSES, THE PERSONAL DATA SHALL NO LONGER BE PROCESSED FOR SUCH PURPOSES (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to lodge a complaint with the responsible supervisory authorities

In the case of infringements of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority in particular in the member state of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedy.

Right to data portability

You have the right to receive data that we have processed automatically on the basis of your consent or where the processing is necessary for the performance of a contract or to have it passed on to a third party in a commonly used, machine-readable format. If you request to have the data transferred directly to another controller, this will only occur insofar as this is technically feasible.

Information, rectification and erasure

Within the framework of the applicable legal provisions, you have the right to obtain information – about your stored personal data, its origin and recipient and the purpose of the data processing – at any time and free of charge, and, if applicable, a right to rectification or erasure of this data. If you wish to invoke these rights or have any other questions about personal data, you can contact us at any time.

Right to the restriction of processing

You have the right to request that the processing of your personal data be restricted. You can contact us in this regard at any time. The right to the restriction of processing applies in the following cases:

If you dispute the accuracy of the personal data about you that we have stored, we usually need time to verify this. You have the right to request that the processing of your personal data be restricted for the duration of the verification.
If your data is or has been processed unlawfully, you can request that the processing of your data be restricted rather than be erased.
If we no longer require your personal data, but you do in order to exercise, defend or assert legal claims, you have the right to demand that the restriction of the processing of your personal data rather than erasure.
If you have filed an objection pursuant to Art. 21 (1) GDPR, it must be decided whether your interests or ours take precedence. As long as it is not clear whose interests take precedence, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data may only be processed – with the exception of its storage – with your permission or for the purposes of asserting, exercising or defending legal claims or to protect the rights of another natural or legal person or on the grounds of an important public interest of the European Union or a member state.

SSL and/or TLS encryption

This site uses SSL and/or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the padlock symbol in your browser address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to the sending of promotional emails

The use of the contact details provided under the obligation under German law to provide contact details in the form of a “site notice” for the transmission of unsolicited advertising and information materials is hereby prohibited. The operators of this website expressly reserve the right to take legal action in the event that unsolicited advertising material, such as in the form of spam, is sent using the aforementioned contact details.

4. Data collection on this website

Server log files

Your browser automatically transmits certain data. The website provider automatically collects and stores this information in server log files. This data includes:

Browser type and version
Operating system used
Referrer URL
Host name of the computer accessing the website
Time of the server query
IP address

This data is not combined with other data sources.

This data is collected on the basis of Art. 6 (1f) GDPR. The website operator has a legitimate interest in ensuring its website is displayed properly and is optimised; server log files must be captured for this purpose.

Contact form

If you send us an enquiry using our contact form, we store any data entered in the form, including your contact details, for the purposes of processing your enquiry and any follow-up questions. We will not pass on this information without your consent.

This data is processed on the basis of Art. 6 (1b) GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 (1f) GDPR) or on your consent (Art. 6 (1a) GDPR) insofar as this was requested; you may withdraw your consent at any time.

The data you enter in the contact form stays with us until you demand its erasure, withdraw your consent to its storage or the purpose of storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory statutory provisions – in particular, retention periods – remain unaffected.

Enquiries by email, phone or fax

If you contact us by email, phone or fax, your enquiry, including all related personal data (name and enquiry), will be stored and processed by us for the purposes of dealing with your concern. We will not pass on this information without your consent.

The data you send to us via contact requests stays with us until you demand its erasure, withdraw your consent to its storage or the purpose of storing the data no longer applies (e.g. once your enquiry has been processed). Statutory requirements, in particular those governing statutory retention periods, always take precedence.

5. Social media

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time you access a page on this website which contains LinkedIn functions, a connection is established with LinkedIn servers. LinkedIn is informed that you have visited this webpage using your IP address. If you click the LinkedIn “Recommend” button while logged into your LinkedIn account, LinkedIn can associate your visit to this website with your user account. Please be advised that as the provider of the webpages in question, we have no knowledge regarding the contents of the data transmitted or their use by LinkedIn.

This service is used based on your consent in accordance with Art. 6 (1a) GDPR and Section 25 (1) TTDSG. You can withdraw your consent at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190?lang=en-US

You can find further information about this in the LinkedIn Privacy Policy at: https://www.linkedin.com/legal/privacy-policy.

XING

This website uses functions of the XING network. The provider is New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany.

Every time you access one of our webpages which contains XING elements, a connection is established with XING servers. To the best of our knowledge, personal data is not stored in the process. Specifically, IP addresses are not stored and user behaviour is not evaluated.

This service is used based on your consent in accordance with Art. 6 (1a) GDPR and Section 25 (1) TTDSG. You can withdraw your consent at any time.

More information about data protection and the XING “Share” button can be found in XING’s data protection statement at: https://www.xing.com/app/share?op=data_protection.

6. Newsletter

Newsletter data

If you wish to receive the newsletter offered on the website, we require your email address as well as information that allow us to verify whether you are the owner of the email address given and agree to receive the newsletter. Other data will not be collected or will only be collected on a voluntary basis. For our newsletter services, we use the newsletter service provider described below.

CleverReach

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter “CleverReach”). CleverReach is a service that can be used to organise the distribution of newsletters. The data you enter for the purpose of receiving the newsletter (e.g. email address) will be stored on CleverReach’s servers in Germany or Ireland.

The newsletter we send with CleverReach enables us to analyse the behaviour of the newsletter recipients. For example, we can analyse how many recipients opened the newsletter and how often a given link was clicked. With support from conversion tracking, we can also analyse whether the recipient takes a previously defined action (e.g. buys a product through the website) after clicking the link in the newsletter. More information about data analysis through the CleverReach newsletter can be found at: https://www.cleverreach.com/en-de/newsletter-tool/newsletter-reporting/

Data processing occurs with your consent on the basis of Art. 6 (1a) GDPR. You can revoke this consent at any time by unsubscribing from the newsletter. This does not affect the lawfulness of any data processing prior to this withdrawal.

If you do not wish your data to be analysed by CleverReach, you must unsubscribe from the newsletter. We include a link for this purpose in every newsletter.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter by us or by the newsletter service provider, and it will be deleted from the newsletter mailing list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.

After unsubscribing from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. Data from the blacklist are used only for this purpose and are not combined with other data. They serve both your interest and ours and comply with the legal requirements for the sending of newsletters (legitimate interest as defined in Art. 6 (1f) GDPR). Data may be stored on the blacklist for an unlimited period of time. You can object to storage if your interests outweigh our legitimate interest.

For more information, the Privacy Policy of CleverReach can be found at: https://www.cleverreach.com/en-de/privacy-policy/.

Order processing

7. Plugins and tools

Vimeo without tracking (do not track)

This website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

If you visit a webpage that is equipped with Vimeo plugins, a connection is established with Vimeo’s servers, informing them which of our pages you have visited. Vimeo also receives your IP address. But we have made it so Vimeo cannot track your user activity or use any cookies.

We use Vimeo to help us generate attractive online content. This constitutes a legitimate interest as defined in Art. 6 (1f) GDPR. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1a); you can withdraw your consent at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on “legitimate business interests”. Details can be found at: https://vimeo.com/privacy

More information about the handling of personal data is provided in Vimeo’s Privacy Policy at: https://vimeo.com/privacy.

Google Fonts (local hosting)

We use Google Fonts, which are provided by Google, to ensure fonts are displayed uniformly. Google Fonts are installed locally. No connection to Google servers is made in this process.

Further information about Google Fonts is available at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://policies.google.com/privacy?hl=de.

Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google“), Gordon House, Barrow Street, Dublin 4, Ireland.

To enable the use of the Google Maps features, your IP address must be stored. This information is usually transmitted to a Google server in the USA and stored there. The website operator has no control over the transmission of this data. When Google Maps is activated, Google can use Google Fonts for the purpose of ensuring the uniform display of fonts. When you open Google Maps, your browser loads the required web fonts into your browser cache so that the texts and fonts are displayed correctly.

We use Google Maps to help us generate attractive online content and to make it easier for visitors to find the locations mentioned on our website. This constitutes a legitimate interest as defined in Art. 6 (1f) GDPR. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1a) GDPR and Section 25 (1) of the Telecommunications and Telemedia Data Protection Act (TTDSG), insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. You can withdraw your consent at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Further information about the handling of personal data is provided in Google’s Privacy Policy at: https://policies.google.com/privacy?hl=en&gl=de.

The company has certification in accordance with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA which is intended to guarantee that data processing that takes place in the USA complies with European data protection standards. Every company certified in accordance with the DPF commits to complying with these data protection standards. Further information about this is available from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active.

8. Use of SalesViewer® technology

Type and purpose of processing:

This website uses the SalesViewer® technology of SalesViewer® GmbH, Bongardstr. 29, 44787 Bochum, Germany, on the basis of the legitimate interests of the website operator (Art. 6 (1f) GDPR) to collect and store data for the purposes of marketing, market research and optimisation.

For this purpose, a JavaScript-based code is used to collect and use company-related data. With this technology, collected data is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymised and is not used to personally identify the website visitor.

The collection and storage of data can be revoked for future use at any time by clicking the link https://www.salesviewer.com/opt-out and prohibiting SalesViewer® from recording any data within this website in future. Doing this will store an opt-out cookie for this website on your device. If you delete cookies in your browser, you will need to click the link again.

Legal basis:

We also have a legitimate interest in using the SalesViewer® technology for the purposes listed above. The corresponding legal basis for this is Art. 6 (1f) GDPR. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1a); you can withdraw your consent at any time.

Recipients:

Data recipients are providers.

Transfer to third country:

The collected data is not transferred to third countries.

Storage period:

The data stored within the framework of SalesViewer® will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

Mandatory or required provision:

Provision of your personal data is based on your consent. Without being provided your personal data, the controller cannot provide the content or services offered.