Privacy policy

By means of the following data protection information, we would like to inform you about which personal data, to what extent and for what purpose is collected, processed and, if applicable, transmitted during your visit to our website. This applies equally to the services and offers accessible via the website.

Insofar as this website refers to external pages of other providers (links), you will leave our website through these links. The operators of these linked sites are solely responsible for compliance with data protection regulations and not HvS-Consulting AG.

Responsible party and data security officer

The responsible body in terms of data protection laws, in particular the EU General Data Protection Regulation (GDPR), is:

HvS-Consulting GmbH
Parkring 20
85748 Garching near Munich
Managing Directors: Frank von Stetten, Michael Hochenrieder
Local Court: Munich, HRB 290304

If you have any questions about data protection, please send us an E-mail or contact the person responsible for data protection in our organization directly. Our data security officer is:

Dr. Eddie Kohfeldt
Phone: +49 (0)89 890 63 62 - 0
E-mail: datenschutz@hvs-consulting.de

Your data subject rights

You can exercise the following rights at any time using the contact details provided by our data security officer:

• Information about your data stored by us and its processing
• Correction of incorrect personal data
• Deletion of your data stored by us
• Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations
• Objection to the processing of your data by us
• Data portability, provided that you have consented to the data processing or have concluded a contract with us

If you have given us consent, you can revoke this at any time with effect for the future.

You can contact the supervisory authority responsible for you at any time with a complaint. Your competent supervisory authority depends on the federal state of your residence, your work or the alleged violation.

Purposes of data processing by the data controller and third parties

We process your personal data only for the purposes stated in this privacy notice. Your personal data will not be transferred to third parties for purposes other than those mentioned. We will only share your personal data with third parties if:

• You have given your express consent to this
• Processing is necessary for the performance of a contract with you
• Processing is necessary for compliance with a legal obligation
• Processing is necessary to protect legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data

Deletion or blocking of data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data is routinely blocked or deleted in accordance with the statutory provisions.

Collection of general information when visiting our website

When you access our website, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This is exclusively information that does not allow any conclusions to be drawn about your person.

This information is technically necessary in order to correctly deliver the content of web pages requested by you and is mandatory when using the Internet. In particular, they are processed for the following purposes:

• Ensuring a smooth connection setup of the website
• Ensuring the smooth use of our website
• Evaluating system security and stability
• For other administrative purposes

The processing of your personal data is based on our legitimate interest from the aforementioned data collection purposes. We do not use your data to draw conclusions about your person. Recipients of the data are only the responsible body and, if applicable, order processors.

Anonymous information of this kind is statistically evaluated by us, if necessary, in order to optimize our Internet presence and the technology behind it.

Cookies

Like many other websites, we also use so-called "cookies". Cookies are small text files that are transferred from a website server to your hard drive. Through this, we automatically receive certain data such as IP address, browser used, operating system and your connection to the Internet.

Cookies cannot be used to run programs or deliver viruses to a computer. Based on the information contained in cookies, we can facilitate your navigation and enable the correct display of our web pages.

In order to make the visit to our website attractive and to enable the use of certain functions, we use technical cookies. We use these essential cookies on the basis of Art. 6 para. (1) lit. f GDPR.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies in principle. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via your browser settings. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.

Contact form

Our website contains a contact form and E-mail addresses that can be used to contact us electronically. This requires you to provide your name, a validatable E-mail address and, if necessary, further data for contacting us. If contact is established via these communication channels, the personal data transmitted will be stored. The data will not be passed on to third parties. Your data will be processed exclusively for the purpose of processing your inquiry and for possible follow-up questions.

Please note: Requests via our contact form are transmitted to us in encrypted form. Communication via E-mail can have security gaps despite transport encryption.

The legal basis for the processing of data transmitted in the course of contacting us is Art. 6 para.(1) lit. f GDPR.

After completion of your request, the personal data will be deleted, unless there are legal reasons (retention obligations, obligation to provide evidence) to the contrary.

Registration on our website

When registering to use our personalized services, some personal data is collected, such as name, address, contact and communication data such as telephone number and E-mail address. If you are registered, you can access content and services that we offer only to registered users. Of course, we will provide you with information about the personal data we have stored about you at any time. We will also be happy to correct or delete this data at your request, provided that there are no legal obligations to retain data. To contact us in this context, please contact our data security officer.

Newsletter

With our newsletters we inform you at regular intervals about interesting facts and innovations of our products and services.

If you confirm your newsletter registration via the double opt-in procedure, we store your E-mail address, the time of registration and the IP address used for registration and the selection of newsletters you want to receive, until you unsubscribe from the newsletter.

Further data is not collected or only on a voluntary basis. This data is used exclusively for sending the newsletter and is not passed on to third parties. A comparison of the data collected in this way with data that may be collected by other components of our site also does not take place.
The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR).

The storage serves the sole purpose of sending you the subscribed newsletter and to be able to prove your registration. You can unsubscribe from the newsletter at any time.

You can cancel or revoke your subscription to this newsletter and thus your consent to the storage of your data at any time for the future. A corresponding unsubscribe link can be found in each newsletter. A message to the contact details provided above or in the newsletter (e.g. by E-mail or letter) is of course also sufficient for this purpose. The legality of the data processing operations already carried out remains unaffected by the revocation.

Newsletter tracking

Our newsletters (via CleverReach) contain so-called tracking pixels (web bugs), which allow us to recognize whether and when an E-mail was opened and which links in the E-mail were followed by the personalized recipient. The legal basis is their consent according to Art. 6 para. 1 lit. a GDPR in accordance with §25 TDDDG.
We store this data so that we can optimally align our newsletters with the wishes and interests of our subscribers.

Provision of chargeable services

For the provision of chargeable services, we request additional data, such as payment details, in order to be able to execute your order. We store this data in our systems until the legal retention periods have expired.

SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

Embedded YouTube videos

On some of our websites, we embed YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand.

If a Youtube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the saving of cookies for the Google Ad program, you will not have to deal with such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.

Further information on data protection at "Youtube" can be found in the provider's data protection information at:
https://www.google.de/intl/de/policies/privacy/

Audio and Video Conferences 

Data Processing: 

To communicate with our customers, we use various online conferencing tools. 

The specific tools we use are listed below. When you communicate with us via video or audio conference over the internet, your personal data will be collected and processed by both us and the provider of the respective conferencing tool. 

The conferencing tools collect all the data you provide/use to utilize the tools: 

  • E-mail address and/or your phone number. 

Furthermore, the conferencing tools process: 

  • The duration of the conference, 
  • The start and end (time) of participation in the conference, 
  • The number of participants, and 
  • Other "context information" related to the communication process (metadata). 

Additionally, the provider of the tool processes all technical data necessary to facilitate online communication. This includes, in particular: 

  • IP addresses, MAC addresses, 
  • Device IDs, device type, 
  • Operating system type and version, client version, 
  • Camera type, microphone or speaker, and type of connection. 

If content is exchanged, uploaded, or otherwise provided within the tool, this content will also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/instant messages, voicemails, uploaded photos and videos, files, whiteboards, and other information shared during the use of the service. 

Please note that we do not have full control over the data processing operations of the tools used. Our capabilities are largely determined by the corporate policies of the respective provider. For further information on data processing by the conferencing tools, please refer to the privacy policies of the tools used, which are listed below this text. 

Purpose and Legal Basis 

The conferencing tools are used to communicate with prospective or existing contracting parties or to offer certain services to our customers (Art. 6 para. 1 lit. b GDPR). Additionally, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Where consent has been requested, the use of the respective tools is based on this consent; consent can be withdrawn at any time with effect for the future. 

Storage Duration 

Data directly collected by us through the video and conferencing tools will be deleted from our systems as soon as you ask us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. 

We have no control over the storage duration of your data, which is stored by the operators of the conferencing tools for their purposes. For details, please refer directly to the operators of the conferencing tools. 

Digital Events, Video and Audio Recordings

When we conduct webinars or digital events, the following information applies. If a digital event is recorded, we will inform you at the beginning of the event about the conditions for recording. 

We process your data for the purpose of conducting the event as well as documenting the event through video and audio recordings and using the recordings for press and public relations purposes. 

Processed data includes: 

  • Your registration data (first and last name, position, company, email address, according to your personal settings), and 
  • Metadata (call history (date, time, and duration of communication), name of the meeting, device/hardware data, connection data (phone number, country name, start and end times, IP addresses), location data, support and feedback data), 
  • Video and audio recordings of the event. 

If you activate the camera and/or microphone of your device, we also process the data transmitted through these. 

If you participate in chats, whiteboards, or polls, these data will also be processed. 

The legal basis for making video and audio recordings is your consent by activating your camera and/or microphone according to Art. 6 para. 1 lit. a) GDPR. The created video and audio recordings can be transmitted for the purpose of press and public relations to journalists, media companies, press and photo agencies, and social media platforms, including abroad, and published by us in printed or digital form. 

You have the right to revoke your consent to the processing of your video and/or audio recordings at any time with effect for the future. Please note that in the case of publication of the recordings in, for example, print media or on the internet, it may not always be possible to remove your data. 

Archived video and sound recordings of the event and publications are generally not deleted. 

Processing of registration data and metadata is contractually mandatory for participation in events. Without this processing, participation in events is not possible. Making viedo and audio recordings is not mandatory for participation in the event. If you do not want video and audio recordings, please deactivate your camera and microphone. 

Used Conferencing Tools

We use the following conferencing tools: 

Microsoft Teams 

We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams privacy policy: https://privacy.microsoft.com/en-us/privacystatement

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF is committed to complying with these data protection standards. For more information, please refer to the provider: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active

Data Processing Agreement 

We have entered into a data processing agreement (DPA) for the use of the above service. This is a contract required by data protection law that ensures that this service processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. 

Changes to our data protection information

We reserve the right to adapt this data protection notice so that it always complies with the current legal requirements or to implement changes to our services in the data protection notice, e.g. when introducing new services. The new data protection information will then apply to your next visit.

Garching, July 2024