Privacy Notice

Privacy Policy

I. Name and address of the responsible entity

The responsible entity under the General Data Protection Regulation and other national data privacy laws of the Member States, and under other data protection regulations, is:
Exp3rt Consulting Group
Geretsrieder Str. 10
D- 81379 M√ľnchen
Tel: +49 661 29191 488
Fax: +49 661 29191 487
info@expert-consulting-group.de
Website: www.exp3rt-consulting-group.de

 

II. Contact Data Protection Officer

The Data Protection Officer can be contacted as below:
DataProtectionOfficeMEU@Exp3rtConsultingGroup.de

III. General information on data processing
1. Scope of processing of personal information

In general, we collect and use the personal information of our users only if necessary to provide a functional website and to provide our content and services. We typically only collect and use our users’ personal information after we have received consent to do so from the user. In some exceptional cases, we may not be able to obtain prior consent due to the circumstances of the situation, but may process your data if permitted by law.

2. Legal basis for processing personal information

If we obtain consent from a data subject to process personal information, Art. 6 para. 1 lit. a. of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing such personal information.
When processing personal information necessary to fulfill an agreement to which the data subject is a contractual party, Art. 6 para. 1 lit. b GDPR serves as the legal basis for processing. This also applies to processing procedures necessary to carry out pre-contractual measures.
If personal information must be processed to fulfill a legal obligation of our company, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the vital interests of the data subject or another natural person make it necessary for us to process personal information, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If data processing is required to safeguard a justifiable interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the data subject do not outweigh the above interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage terms

Personal information of data subjects is deleted or blocked once the purpose of saving no longer applies. In addition, data may only be saved if specified under European or national legislation in EU ordinances, laws, or other regulations to which the responsible entity is subject. Data will be blocked or deleted when the storage term specified by law expires unless it is necessary to continue saving the data to conclude an agreement or fulfill a contract.

IV. Provision of our website and creation of log files
1. Description and scope of data processing

Each time you access our website, our system automatically records data and information from the requesting computer.
The following data is collected:

  • Browser type / version
  • Operating system used
  • Referrer URL (page visited directly before)
  • Host name of the accessing computer (IP address)
  • Time of the server inquiry

Data is also saved in our system’s log files. This does not include the user’s IP address or other data which could be used to associate the data with a specific user. This data is never saved alongside other personal information belonging to the user.

2. Legal basis for data processing

Art. 6 para. 1 lit. f) GDPR forms the legal basis for temporary data storage.

3. Purpose of data processing

The system must temporarily store the user’s IP address to allow it to deliver the website to the user’s computer. It must save the user’s IP address for the duration of the session.
We have a justifiable interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR for these purposes.

4. Duration of storage

Data is deleted once it is no longer necessary to achieve the purpose for which it was collected. If data is collected to provide the website, it will no longer be necessary once the specific session is ended.

5. Right to object and right to data deletion

Data must be collected and saved in log files to provide and operate the website. Therefore, the user has no right to object.

V. Use of cookies
1. Description and scope of data processing

Our website uses cookies. Cookies are text files saved in the user’s internet browser on their computer system. When a user accesses a website, a cookie may be saved on their operating system. This cookie includes a characteristic character string which allows it to clearly identify the browser the next time the user accesses the website.
We also use cookies on our website which allow us to analyze user surfing behavior.
The following data may be transmitted by such cookies:

  • Search terms entered
  • Frequency of page visits
  • Use of website functions

When users access our website, they are informed of the use of cookies for analytic purposes, and their consent is obtained to process associated personal information. They are also referred to our Data Privacy Declaration.

2. Legal basis for data processing

Art. 6 para. 1 lit. f) GDPR forms the legal basis for processing personal information using technically required cookies.
The legal basis for processing personal information using cookies for analytic purposes is Art. 6 para. 1 lit. a GDPR, if we have the user’s consent to do so.

3. Purpose of data processing

This website uses analytic cookies in order to improve the quality and content of our website. Analytic cookies tell us how the website is being used, helping us continuously optimize our services.
We have a justifiable interest in data processing personal information in accordance with Art. 6 para. 1 lit. f GDPR for these purposes.

4. Duration of storage, right to object and right to data deletion

Cookies are saved on the user’s computer and transmitted to our page by the computer. Therefore, as a user you have full control over how cookies are used. You can change the settings in your web browser to deactivate or restrict the transmission of cookies. Cookies saved in the past can be deleted at any time. This can also be done using an automatic process. If cookies are deactivated for our website, it is possible that you may not be able to use all of the functions of our website in full.

VIII. Contact form and e-mail contact
1. Description and scope of data processing

Our website includes a contact form that can be used to get in touch with us electronically. If a user uses this contact form, the data they enter on the input screen are transmitted to us and saved. These data include:

  • Name
  • E-mail
  • Subject
  • Your message

When the message is sent, the following data are also saved:

  • Date and time of registration

Your consent will be obtained to process the data during the transmission process, and you will be referred to this Data Privacy Declaration.
Users may also contact us through the email address provided. If they do so, any personal information transmitted in the e-mail will be saved.
Such data are never transmitted to third parties. Data are only used to handle the conversation.

2. Legal basis for data processing

The legal basis for processing personal information is Art. 6 para. 1 lit. a GDPR, if we have the user’s consent.
The legal basis for processing data transmitted when an email is sent is Art. 6 para. 1 lit. f GDPR. If the email contact is sent for the purpose of concluding an agreement, Art. 6 para. 1 lit. b GDPR also serves as the legal basis for processing.

3. Purpose of data processing

We only process personal information from the input screen to process the user’s contact. If a user contacts us via e-mail, this also serves as part of our justifiable interest in processing the data.
Other personal information processed during the transmission process is used to prevent misuse of the contact form and ensure the safety of our information technology systems.

4. Duration of storage

Data are deleted once it is no longer necessary to achieve the purpose for which they were collected. This is the case for the personal information from the contact form input screen and personal information transmitted via email once our conversation with the user is over. The conversation is over when circumstances indicate that the matter in question has been fully clarified.
Additional personal information collected during the transmission process are deleted at the latest after seven days.

5. Right to object and right to data deletion

Users can revoke their consent to process personal information at any time. If the user contact us via email, they may revoke storage of their personal information at any time. In such cases, we will not be able to continue our conversation with them.
All personal information saved during the course of contacting the user will then be deleted.

IX. Rights of affected parties

If we process your personal information, you are a data subject in the sense of the GDPR, and you have the following rights towards the responsible entity:

1. Your right to information

You can request a confirmation from the responsible entity of whether we process your personal information.
If we do process your data, you can request the following information from the responsible entity:

  • the purposes for which personal information is processed;
  • the categories of personal information processed;
  • the recipients or categories of recipients to whom your personal information has been disclosed or will be disclosed;
  • the planned duration for which your personal information will be saved or, if no specific information is available, the criteria for determining this duration;
  • the existence of a right to correct your personal information, a right to restrict processing by the responsible entity or a right to object to such processing;
  • the existence of a right to submit complaints with a supervising authority;
  • all available information on the origin of the data, if it was not collected from the data subject;
  • the use of automated decision-making, including profiling, in accordance with Art. 22 para. 1 and 4 GDPR and – at least in such cases – clear information on the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information on whether your personal information is transmitted to a third party country or an international organization. You can also request in this respect to be informed of relevant guarantees according to Art. 46 GDPR given in conjunction with the transmission.

2. Right to correction

You have the right to request that the responsible entity correct and/or complete your personal information, if personal information processed on you is incorrect or incomplete. The responsible entity must correct such data promptly.

3. Right to restrict processing

Under the following conditions, you can request that processing of your personal information be restricted:

  • if you dispute the correctness of your personal information for a long enough period allowing the responsible entity to check the correctness of said personal information;
  • if processing is unlawful and you reject deletion of personal information, instead requesting a restriction in the use of personal information;
  • if the responsible entity no longer requires the personal information for the purpose of processing, but if you need such data to assert, exercise, or defend against legal claims, or
  • if you have objected to processing according to Art. 21 para. 1 GDPR and it is not yet clear whether the responsible entity’s justifiable grounds for processing outweigh your own justifications.

If processing of your personal information was restricted, this data may only be processed – apart from saving it – with your consent or to assert, exercise, or defend against legal claims, or to protect the rights of another legal or natural person, in order to safeguard a significant public interest of the Union or its member states.

If the restriction of processing was restricted under the above conditions, you will be informed by the responsible entity before this restriction is lifted.

4. Right to deletion

a) Deletion obligation

You can request that the responsible entity promptly delete your personal information, and the responsible entity is obligated to delete this data promptly if one of the following justifications applies:

  • Your personal information is no longer required for the purposes for which it was collected or processed in some other manner.
  • You revoke your consent on which processing was based according to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for processing.
  • You submit an objection to processing according to Art. 21 para. 1 GDPR and there are no justifiable grounds for processing that take priority over your objection, or you submit an objection to processing according to Art. 21 para. 2 GDPR.
  • Your personal information was processed unlawfully.
  • Your personal data must be deleted to fulfill a legal obligation under EU law or the law of its member states, to which the responsible entity is subject.
  • Your personal information was collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR.

b) Information to third parties

If the responsible entity has disclosed your personal information and if it is obligated to delete such personal information according to Art. 17 para. 1 GDPR, it shall take appropriate technical measures in consideration of available technology and implementation costs to inform the entity responsible for data processing that you as the data subject have requested that all links to said personal information or copies or replications of the personal information be deleted.

c) Exceptions
The right to deletion shall not exist if processing is required

  • to exercise a right to freedom of expression and information;
  • to fulfill a legal obligation that requires processing in accordance with EU law or the law of the member states to which the responsible entity is subject, or to carry out an obligation that is in the public interest or under public authority assigned to the responsible entity;
  • to safeguard public interests in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 GDPR;
  • for archival purposes in the public interest, scientific or historical research purposes, or statistical purposes according to Art. 89 para. 1

GDPR, if the right indicated under section a) would likely make it impossible or extremely difficult to achieve the goal of processing, or

  • to assert, exercise, or defend against legal claims.


5. Right to information

If you have asserted your rights to correction, deletion, or restriction of processing against the responsible entity, the responsible entity is obligated to inform all recipients to whom your personal information was disclosed of this correction or deletion of data or restriction of processing, unless this proves to be impossible or unreasonably difficult.
You have the right to be informed by the responsible entity who these recipients were.

6. Right to data portability

You have the right to obtain your personal information, which you have provided to the responsible entity, in a structured, current, and machine-readable format. In addition, you have the right to transmit these data to another responsible entity without being prevented from doing so by the responsible entity to whom personal information were provided, if

  • processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on an agreement according to Art. 6 para. 1 lit b. GDPR and
  • processing is completed using automated processes.

In exercising this right, you furthermore have the right to ensure that your personal information are transmitted directly from one responsible entity to another, if this is technically feasible. The freedoms and rights of other individuals may not be affected.
The right to data portability does not apply to processing of personal information necessary to carry out tasks that are in the public interest or to carry out public authority assigned to the responsible entity.

7. Your right to object

You have the right to object to the processing of your personal information at any time for reasons related to your specific situation, if such processing is carried out under Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.
The responsible entity will no longer process your personal information unless they can show mandatory and protected grounds for processing that outweigh your interests, rights, and freedoms, or if processing serves to assert, exercise, or defend against legal claims.
If your personal information were processed for the purpose of direct advertising, you have the right to object against processing of your personal information for the purpose of such advertisements; this also applies to profiling, if it is connected to such direct advertising.
If you object to processing for the purpose of direct advertising, your personal information will no longer be processed for this purpose.
You may exercise your right to object through an automated process in which technical specifications are used in conjunction with the use of information society services – regardless of directive 2002/58/EG.

8. Right to revoke a declaration of consent under data privacy law

You have the right to revoke your declaration of consent under data privacy law at any time. Your revocation of consent does not affect the legality of processing completed up to that point based on your consent.

9. Automated decisions in individual cases, including profiling

You have the right to have decisions made about you not made exclusively through automated processing – including profiling – if this would have a legal impact on you or would affect you significantly in some other manner. This does not apply if the decision

  • is necessary to conclude or fulfill an agreement between you and the responsible entity,
  • is permitted based on legal regulations of the European Union or member states to which the responsible entity is subject, and if these legal regulations include appropriate measures safeguarding your rights, freedoms, and justifiable interests, or
  • is completed with your express consent.

However, these decisions may not be based on special categories of personal information according to Art. 9 para. 1 GDPR if Art. 9 para. 2 lit. a or g applies and if appropriate measures have been taken to safeguard your rights, freedoms, and justifiable interests.
With respect to the cases described in (1) and (3), the responsible entity must take appropriate measures to safeguard your rights, freedoms, and justifiable interests, including at least the right to human intervention by the responsible entity, to present one’s own opinion, and to challenge a decision.

10. Right to submit complaints to a supervising authority

Apart from any other legal remedies under administrative or other law, you have the right to submit a complaint with a supervising authority, in particular in the member state in which you live, work, or where the alleged violation took place, if you believe that processing of your personal information violates the GDPR.
The supervising authority to which the complaint was submitted must inform the individual submitting the complaint of the status and results of said complaint, including the option of judicial remedy under Art. 78 GDPR.