The protection of your personal data is particularly important to us. You can therefore use our website in principle without providing such data. However, if you wish to make use of certain offers or services on our website, this may entail the processing of your personal data in individual cases. In this context, we obtain your consent if there is no legal basis for such data processing, but the processing is necessary for the use of our website.
As the responsible party, we have initiated a number of technical and organizational measures (TOMs) in order to be able to offer you the fullest possible protection of your personal data when using our website. However, we would like to point out here that data transmission on the Internet can have fundamental security vulnerabilities and for this reason we cannot guarantee absolute protection. You therefore have the option at any time to send us personal data by other means (for example, by telephone or mail).
a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subjects
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
The controller or processor of personal data is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
The controller under data protection law is:
HEINEMANN MANAGEMENT CONSULTING GmbH
80336 Munich – Germany
Tel: +49 89 – 230 32 660
The data protection officer is:
KEHL Rechtsanwaltsgesellschaft mbH
06114 Halle (Saale) – Germany
Tel: +49 345 29 26 70
Data subjects can contact our data protection officer at any time with concerns about data protection.
By using cookies, we can provide user-friendly services via our website and continuously improve and optimize the offers or information on our website. The purpose of recognition and identification is therefore to simplify the use of our website.
You can prevent the setting of cookies at any time by making the appropriate settings in your browser and in this way permanently object to the setting of cookies. You also have the option of deleting cookies that have already been set within your browser. If you object to the setting of cookies in this way, however, not all functions of our website may be fully available.
When you access our website, general information and data is collected and stored in so-called log files of our server. These are usually
We use this information without drawing any conclusions about the person concerned, but we need it in order to
The purpose of the processing is therefore the statistical evaluation and the increase of data and IT security.
We store the above log file data anonymously and separately from possible other personal data of the data subject.
Our website uses components of Google Analytics, a web analysis service for the collection and analysis of data about the behavior of users of our website. In particular, the service collects data about the website from which the user visited our website (referrer), which subpages the user accessed and how long the user stayed on the respective pages. We use this data to improve our website and for cost-usage analysis of online advertising.
The operator of Google Analytics is the company Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, United States of America.
We have added “_gat.anonymizeIp” to Google Analytics. This shortens and anonymizes the IP address of a user who accesses our website from the European Union or a state party to the Agreement on the European Economic Area.
Google Analytics analyzes the flow of visitors to our website by, among other things, using the transmitted data and information to provide us with detailed reports on the activities and behavior of users of our website and to offer us other services related to our website.
Google Analytics sets a cookie on the user’s computer system, which allows it to create an analysis of the use of our website. If the user calls up one of our sub-pages on which Google Analytics is integrated, the user’s browser is caused to transmit data to Google Analytics for the purposes of commission accounting and online advertising. Google Analytics receives personal data in this way, such as the user’s IP address, in order to track the origin of users and ad clicks for commission billing purposes.
The cookie collects and stores personal data (for example, the location from which our website was accessed, the time of access and its duration, or the frequency of the user’s visits). This data, including the IP address, is transferred to the United States of America and stored there. Google Analytics may pass this data on to third parties.
In addition, every data subject has the right to permanently object to the processing of his or her personal data by Google Analytics. For this purpose, the data subject can load and install a browser addon at https://tools.google.com/dlpage/gaoptout. This informs Google Analytics that the above-mentioned personal data may not be transmitted and thus counts as an objection.
If the user’s computer system is later reset, formatted, deleted or reinstalled, the user must reinstall the aforementioned browser addon in order to deactivate Google Analytics. The same applies if the addon – for whatever reason – has been uninstalled.
A detailed description of the service is available here:
The legal basis of Art. 6 (1) (a) GDPR is relevant if the data subject’s consent to the processing of his or her personal data has been given.
Processing of personal data that serves to fulfill a contract or to initiate a contract with the data subject is based on Art. 6 (1) (b) GDPR.
A processing of personal data is based on Art. 6 para. 1 lit. c) GDPR if it is carried out due to legal obligations to which we are subject, such as the fulfillment of tax obligations.
A processing of personal data is based on Art. 6 (1) (d) GDPR if it is necessary to protect the vital interests of the data subject or another natural person. Such a case would be if a visitor were to injure himself on our premises and we then had to transmit his name, age, health insurance data or other vital data to a doctor or hospital.
Art. 6 para. lit. f) GDPR establishes a processing of personal data, which in each case does not find a basis in the previously mentioned and which is necessary to protect a legitimate interest of our company or a third party. In this context, the interests, fundamental rights and freedoms of the data subject must not be overridden.
When processing personal data on the basis of Art. 6 (1) lit. f GDPR, our legitimate interest is to conduct business activities that are oriented towards the well-being of our employees and shareholders.
The benchmark for the duration of the storage of personal data is the statutory retention period. After expiry of this period, the respective data is routinely deleted, provided that it is required for the fulfillment or initiation of the contract.
The provision of personal data may result from contractual (e.g. information on the contractual partner) or legal (e.g. tax regulations) obligations. For example, a data subject may provide us with personal data for the purpose of concluding a contract, which will then be processed by us. Thus, a person may be obliged to provide personal data when concluding a contract with our company. In this case, failure to provide this data would make it impossible to conclude a contract.
Before providing personal data, the data subject may contact our company. We will inform the data subject whether the provision of this data is required by contract or by law, is necessary for this purpose and what the specific consequences of not providing it would be.
As a responsible company, we deliberately refrain from automated decision making or profiling.