I. NAME AND ADDRESS OF RESPONSIBLE OFFICE
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature is:
CONSENSUS GmbH Königstraße 40 70173 Stuttgart
Tel.: +49 711 645 619 433 E-Mail: firstname.lastname@example.org Registergericht Stuttgart, HRB 748716
II. DATA PROTECTION OFFICER
Dr. Peter Bechstein
III. GENERAL NOTES AND MANDATORY INFORMATION
We are pleased that you are visiting our homepage http://www.consensus-campus.de and thank you for your interest in our company. The protection of your privacy and the security of all business data are extremely important to us and are taken into account in our business processes. Data protection and information security are part of our corporate policy. The trust placed in us has a very high priority and therefore the importance and obligation to handle your data carefully and to protect it from misuse.
To ensure that you feel safe and comfortable when visiting our website, we take the protection of your personal data and its confidential treatment very seriously. Therefore, we act in accordance with applicable laws on the protection of personal data and data security.
With these notes on data protection in this data protection declaration, we would therefore like to inform you when we store which data and how we use it, naturally in compliance with the applicable German case law. Our data protection takes the European data protection level (DSGVO) into account and is based in particular on the current Federal Data Protection Act (BDSG new).
- Scope of the processing of personal data
We only collect and use personal data of our users as far as this is necessary for the provision of a functional website as well as our contents and services and for the implementation of our business purpose. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies in those cases in which prior consent cannot be obtained for actual reasons and the processing of the data is permitted by statutory provisions.
- Purposes and legal basis for the processing of personal data
We process personal data only to fulfil our contractual obligations or to safeguard our overriding legitimate interests. Our legitimate interests are based on the implementation of our corporate purpose.
Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU Basic Data Protection Regulation (DSGVO)
serves as the legal basis for the processing of personal data. Art. 6 para. 1 lit. b DSGVO serves as a legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This shall also apply to processing operations necessary for the implementation of pre-contractual measures. If the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the legal basis. In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 para. 1 lit. d DSGVO serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f DSGVO serves as the legal basis for the processing.
- Categories of recipients and personal data, origin thereof
We pass on personal data to our business partners and service providers in order to implement our corporate purpose. For the implementation of our business purpose we typically use contact and address data of our customers and business partners. We typically receive personal data directly from the data subject or, with the consent of the data subject, from third parties in exceptional cases.
Your personal data will not be transferred to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
- you have given
your express consent in
accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
- the transfer in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not passing on your data,
- in the event that for the transfer in accordance with Art.
6 Para. 1 S. 1 lit. a DSGVO you have given your express consent in accordance with Art. 6 Para. 1
S. 1 lit. f DSGVO.
6 (1) sentence 1 lit. c DSGVO, and
- this is legally permissible and required
pursuant to Art. 6 (1) sentence 1 lit. b DSGVO for the execution of contractual relationships with you.
- Transfer to third countries
In principle, we do not pass on personal data to recipients in third countries (i.e. countries outside the EU). If a transfer to recipients in third countries takes place in the future, we ensure that, in addition to the necessary authorisation for the transfer, the recipient in the third country ensures an appropriate level of data protection (or an exception according to Art. 49 para. 1 DSGVO exists).
IV. INFORMATION ON THE COLLECTION OF PERSONAL DATA
(1) In the following we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, possibly your name and telephone number) will be stored by us in order to answer your questions.
(3) The data arising in this context will be deleted after storage is no longer required or processing will be restricted if there are legal storage obligations. You will find more detailed explanations in section VIII of this data protection declaration.
(4) If we wish to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you below in detail about the respective processes. We also specify the fixed criteria for the storage period.
V. THEIR RIGHTS (AFFECTED RIGHTS)
(1) You have the following rights against us with regard to the personal data concerning you:
- Right in accordance with Art. 7 Para. 3 DSGVO. to appeal to us at any time against your consent once given. The consequence of this is that we may no longer continue the data processing based on this consent in the future. The legality of the data processing carried out until the revocation remains unaffected by your revocation;
- Right to information according to Art. 15 DSGVO about your personal data processed by us. You may request
information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been and will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if not collected by us, as well as the existence of an automated decision-making process including profiling and, if applicable, meaningful information on its details;
- Right to rectification pursuant to Art. 16 DSGVO. Accordingly, you can immediately demand the correction of incorrect or the completion of your personal data stored with us;
- Right to deletion according to Art. 17 DSGVO. Pursuant to Art. 17 DSGVO, you have the right to demand the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Right to restriction of processing pursuant to Art. 18 DSGVO. You may then request that your personal data be processed only to the extent that the accuracy of the data is disputed by you, the processing is unlawful but you refuse to delete it and we no longer need the data but you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant
to Art. 21 DSGVO;
- Right to object to the processing pursuant to Art. 21 DSGVO;
- Right to data transfer pursuant to Art. 20 DSGVO. You have the right to receive the personal information you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another responsible person.
(2) Pursuant to Art. 77 DSGVO, you also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The responsible supervisory authority is the data protection officer of the federal state in which our company is based. An overview of the state data protection officers and their contact details can be found at
(3) The assertion of all rights mentioned in V. (1) and (2) is basically free of charge for you.
However, in the case of manifestly unfounded or – in particular in the case of frequent repetition – excessive applications, we may, in accordance with Art. 12 (5) DSGVO, either demand an appropriate fee which takes into account the administrative costs of information or notification or the implementation of the requested measure, or refuse to act on the basis of the application.
VI. COLLECTION AND STORAGE OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE AND THE NATURE AND PURPOSE OF ITS USE
(1) In principle, you can visit our website without telling us who you are. Our web servers automatically store information of a general nature. When you access our web pages, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file.
When using the website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. The following information is collected without your intervention and stored until automated deletion:
- IP address of the requesting computer,
- date and time of the request,
- name and URL of the retrieved file,
- website from which the request originates (referrer URL),
- browser used,- operating system, possibly name of your access provider,
- language and version of the browser software.
The above data will be processed by us for the following purposes
- to ensure a smooth connection to the website,
- to ensure comfortable use of our website,
- to evaluate system security and stability and
- for other administrative purposes. The
legal basis for data processing is Art. 6 Para. 1 S. 1 lit. F DS-GVO). Our legitimate interest under Art. 6 para. 1 sentence 1 lit. F DS-GVO follows from the purposes listed above for data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.
(2) Our website or web pages partly use so-called cookies. Cookies do not damage your computer and do not contain viruses. You will find more detailed explanations in the following section VII. This data protection declaration.
Information is stored in the cookie, which results in each case in connection with the specifically used terminal device. This does not mean, however, that we will gain immediate knowledge of your identity.
In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your terminal device for a specified period of time. If you visit our site again to use our services, it is automatically recognized that you have already been with us and what inputs and settings you have made so that you do not have to enter them again.
The data processed by cookies are necessary
for the purposes mentioned to safeguard our legitimate interests and those of third parties pursuant to Art. 6 Para. 1 S. 1 lit. F) DSGVO.
Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, if you disable cookies completely, you may not be able to use all the features of our website.
VIII. STORAGE DURATION AND DATA ERASURE
We adhere to the principles of data avoidance and data economy. In particular, your personal data will be deleted as soon as they are no longer necessary for the purposes for which they were collected or otherwise processed. The data shall then be erased, unless the retention is necessary to fulfil a legal obligation which the processing is subject to under Union law or the law of the Member States to which the controller is subject. Such a legal obligation is represented by the legal storage obligations, which e.g. amount to 10 years (for accounting data and payroll accounting) or 6 years (for commercial correspondence). For the duration of the storage obligations, the data will be blocked, after the expiry of which deletion will take place.
IX. CONTACT AND COMMUNICATION
If you have any questions, we offer you the possibility to contact us by e-mail. In order for us to know who sent the request and to be able to answer it, we require a valid e-mail address. Further information can be provided voluntarily. Data processing for the purpose of establishing contact with us is carried out in accordance with Art. 6 Para. 1 Sentence 1 lit. A DSGVO on the basis of your voluntary consent. The personal data collected by us will be automatically deleted after the completion of your request.
This data will only be processed for this correspondence with you and for the purpose for which you provided us with the data in the context of this communication, such as for processing your enquiries or to contact you at your request. In this case the processing of personal data takes place with your consent and is then permissible
according to Art. 6 para. 1 lit. A DSGVO. We will delete your data in this regard if the purpose for which you have provided us with your data has been fulfilled or completed and we are not entitled or obliged to further store it for legal reasons.
X. OTHER PROCESSING ON THE BASIS OF A LEGITIMATE INTEREST
To the extent necessary, we process your data beyond the actual fulfilment of a contract concluded with you or a consent given by you to protect the legitimate interests of us or third parties, unless a consideration in individual cases shows that your justified fundamental rights and freedoms, which require the protection of personal data, prevail (cf. Art. 6 para. 1 lit. F DSGVO). This may include:
- advertising, insofar as they have not objected to the use of your data;
- assertion of legal claims and defence in legal disputes;
- guarantee of IT security and IT operation;
- prevention and investigation of criminal offences;
- measures for business control and further development of services and products.
(1) If you have given us permission to process personal data for certain other purposes (e.g. receipt of the newsletter), this data processing will be based on this permission. Details on the contents of the consent will be provided upon request.
(2) Consents are always voluntary. If a processing of personal data is based on a consent given by you, you have the right to revoke this consent at any time. The legal basis for data processing based on consent is Art. 6 Para. 1 Letter. A) DSDVO.
(3) Further processing of your personal data will only take place if you have given us your consent to do so and we are thus entitled to process your personal data in
accordance with Art. 6 para. 1 lit. A DSGVO. In some areas of our Internet presence you have the possibility to give such explicit consent. We will inform you of the purpose for which the data will be processed if you give your consent, and how long we will store this personal data.
XII. OBJECTION OR REVOCATION AGAINST THE PROCESSING OF YOUR DATA
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.
(2) Insofar as we base the processing of your personal data on a weighing of interests, you may object to the processing. This is the case, if the processing is not necessary in particular for the fulfilment of a contract with you, which is represented by us in each case with the following description of the functions. In the event of such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling grounds for protection on the basis of which we will continue the processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time.
(4) If you wish to make use of your right of revocation or objection, an e-mail to the e-mail address email@example.com or a message to the contact addresses listed in the imprint is sufficient.
XIII. WEB ANALYTICS
This website uses functions of the web analysis service Google Analytics. Provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files which are stored on your computer and which allow an analysis of your use of the website. The information generated by the cookie about your use of this website will generally be transmitted to and stored by Google on servers in the United States.
We have activated the IP Anonymization function on this website. As a result, your IP address will be truncated by Google within member states of the European Union or other signatory states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
Browser PluginYou can prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link:
Order data processing
We have concluded a contract with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
We use Google Analytics to analyse the use of our website and to improve it regularly. The statistics obtained will enable us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to
the EU-US Privacy Shield,
The legal basis for the use of Google Analytics is Art. 6 Para. 1 S. 1 lit. f DS-GVO.
http://www.google.com/analytics/terms/de.html, Privacy Statement:
http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Statement:
XIV. SOCIAL MEDIA PLUG – INS
(1) We use social media plug-ins from Facebook and Twitter on our website on the basis of Art. 6 para.1 sentence 1 lit.f DSGVO in order to make our company known about them. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the DSGVO. The responsibility for the data protection-compliant operation is to be guaranteed by the respective provider. The integration of this plug-in by us takes place by means of the so-called two-click method in order to protect visitors to our website as best as possible. Our buttons in this regard act as external links, so that no information is transferred to one of these providers without clicking on one of the buttons. If you do not want the social networks mentioned to collect data about the use of our websites, please do not click on the buttons mentioned. You can recognize the plugin providers by the mark on the box above its initial letter or the logo.
(2) If the user clicks on one of the buttons, he will be forwarded to the website of the respective provider. The URL of the current page is passed as a parameter. We have no influence on whether or how the providers may use this date for evaluation.
In the case of Facebook, the IP address is anonymized immediately after collection, according to information provided by the respective provider in Germany. By activating the plug-in, your personal data is transferred to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data in particular via cookies, we recommend that you delete all cookies via your browser’s security settings before clicking on the grayed-out box.
We have no influence on the collected data and data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. Also, for the deletion of the collected data by the plug-in provider no information is available to us.
The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (also for users who are not logged in) in order to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact the respective plug-in provider to exercise this right. Through the plug-ins we offer you the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The legal basis for the use of the plug-ins is Art. 6 Para. 1 S. 1 lit. f DSGVO. The
data transfer takes place regardless of whether you have
an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be directly assigned to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also stores this information in your user account and communicates it publicly to your contacts. We recommend that you log out regularly after using a social network, especially before activating the button, as this allows you to avoid being assigned to your profile by the plug-in provider.
If you are logged in to Facebook, Facebook can directly assign your visit to our website to your Facebook account. If you interact with the plugins, e.g. confirm the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to their Facebook friends.
Facebook may use this information for the purpose of advertising, market research and tailoring Facebook Pages to meet your needs. To this end, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.
If you do not want Facebook to associate the information collected through our website with your Facebook account, you must log out of Facebook before visiting our website. The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in the data protection information at(https://www.facebook.com/about/privacy/) of Facebook.
using Twitter, the websites you visit are linked to your Twitter account and made known to other users. Data will also be transferred to third parties. These functions are offered by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. This may include, for example, content such as images, videos or text and buttons with which users can express their appreciation of the content, the authors of the content or subscribe to our contributions. If the users are members of the Twitter platform, Twitter can assign the call of the above-mentioned contents and functions to the profiles of the users there. Instgram
Twitter is certified
(5) Further information on the purpose and scope of data collection and processing by the plug-in providers can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.
Addresses of the respective plug-in providers and URL with their data protection information:
a) [Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
b) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
XV. OTHER PLUGINS AND TOOLS
GOOGLE WEB FONTS
Thissite uses web fonts provided by Google for the purpose of presenting fonts in a consistent manner. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
If your browser does not support web fonts, a standard font will be used
by your computer.
Thissite uses the Google Maps
map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The
use of Google Maps is in the interest of an appealing presentation of our online offers and an easy retrievability of the places indicated by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. You can
XVI. DATA SECURITY – SSL ENCRYPTION
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments. Our servers are protected by firewalls and virus protection.
We also use SSL or TLS encryption (SSL = Secure Sockets Layer; TLS = Transport Layer Security; SSL is the previous name of TLS) during your visit to our Web site. You can tell whether an individual page of our website is transmitted in encrypted form by the fact that the address line of the browser changes from “http://” to “https://”, and also by the lock symbol in your browser line. If SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties.
However, complete data security cannot be guaranteed for data transmission over the Internet (e.g. communication by e-mail). You are therefore free to send confidential information only by post.
XVII. LINKS TO WEBSITES OF OTHER PROVIDERS
Insofar as this website refers to external pages of other providers (links), these links will cause you to leave the website and the contents of CONSENSUS. CONSENSUS is not responsible for compliance with the data protection regulations on these pages, nor are their operators.
XVIII. COMMITMENT OF EMPLOYEES AND EXTERNAL SERVICE PROVIDERS
It goes without saying that our employees and the service companies commissioned by us are bound to secrecy and to compliance with data protection regulations.
XIX. COOPERATION WITH EXTERNAL SERVICE PROVIDERS
If necessary, we commission other companies and individuals to carry out tasks for us. Examples include parcel delivery, sending letters, maintaining our customer lists, analyzing our databases, advertising (including providing search results and links), processing payments (credit card, direct debit) and customer service. These service providers have access to personal information needed to perform their functions. However, they may not use them for other purposes. In addition, they are obliged to treat the information in accordance with this data protection declaration as well as the German data protection laws and the basic data protection ordinance.
If these contractors are contract data processors pursuant to § 11 BDSG (contract processors pursuant to Article 28 EU-DSGVO), we have concluded corresponding contracts with them in accordance with the law.
XX. UPDATE OF THIS PRIVACY STATEMENT
From time to time, it may be necessary to update this data protection information, for example as a result of new legal or official requirements or new offers on our website. We will then inform you at this point. In general, we recommend that you visit this privacy notice regularly to check whether there have been any changes. You can tell whether changes have been made by, among other things, the fact that the status indicated at the bottom of this document has been updated.
XXI. PRINT AND SAVE THIS PRIVACY NOTICE
You can print and save this data protection notice directly, for example by using the print or save function in your browser.
Status: May 2018