Privacy Notice

State 22.07.2019

Privacy notices of Dr. Schönheit + P. Consulting GmbH and Dr. Schönheit + P. Engineering GmbH (hereinafter collectively referred to as S + P) are valid from 25 May 2018. The following data protection information provides an overview of the collection and processing of your data. We at S + P take the protection of your personal data very seriously and process it in accordance with the applicable statutory data protection requirements. Personal data in the sense of this information is all information that may be related to your person. On the basis of the following information we would like to clarify the processing of your personal data by us. In addition, we would like to give you an overview of your rights under data protection law. Which data is processed in detail and how it is used depends largely on the services requested or agreed.

I. RESPONSIBLE AUTHORITY, RESPONSIBLE PERSON AND DATA PROTECTION OFFICER

Responsible authority is:

Dr. Schönheit + P. Consulting GmbH
Aachener Straße 382
50933 Cologne

Dr. Schönheit + P. Engineering GmbH
Aachener Straße 382
50933 Cologne

Responsible person for Dr. Schönheit + P. Consulting GmbH and Dr. Schönheit + P. Engineering GmbH is:

Dr. Schönheit + P. Consulting GmbH
Privacy Policy
Dr. Martin Schönheit (Managing Director and owner)
Tobias Kuhnert, MBA (Managing Director)
Aachener Straße 382
50933 Cologne
datenschutz@dr-schoenheit.de
+49 221 / 710 60

Dr. Schönheit + P. Engineering GmbH
Privacy Policy
Dr. Martin Schönheit (Managing Director and owner)
Peter Thomé (Managing Director)
Aachener Straße 382
50933 Cologne
datenschutz@dr-schoenheit.de
+49 221 / 710 60

You can reach our data protection officer at:

Dr. Schönheit + P. Consulting GmbH
Aachener Straße 382
50933 Cologne
datenschutz@dr-schoenheit.de
+49 221 / 710 60

Dr. Schönheit + P. Engineering GmbH
Aachener Straße 382
50933 Cologne
datenschutz@dr-schoenheit.de
+49 221 / 710 60

II. SOURCE OF PERSONAL DATA

We process personal data which we receive from our customers and interested parties in the course of our business relationship. Furthermore, we process - should this be necessary for the provision of our services - personal data which we permissibly obtain from publicly accessible sources or which are exchanged between Dr. Schönheit + P. Consulting GmbH and Dr. Schönheit + P. Engineering GmbH or by other third parties.

III. CATEGORIES OF PERSONAL DATA PROCESSED

We process the following categories of personal data: master data (e.g. name and address), order data (e.g. address and name of the contractual partner), data for the fulfilment of our contractual obligations (e.g. contact data of the project manager), information about correspondence (e.g. correspondence with you), as well as other data comparable with the aforementioned categories.

IV. THE PURPOSES FOR WHICH THE PERSONAL DATA ARE TO BE PROCESSED AND THE LEGAL BASES OF THE PROCESSING

We process your personal data in compliance with the applicable statutory data protection requirements. Processing is lawful if at least one of the following conditions is fulfilled:

a. Consent (Art. 6 para. 1 a DSGVO)The lawfulness for the processing of personal data is guaranteed with consent for processing for specified purposes (e.g. passing on data between Dr. Schönheit + P. Consulting GmbH and Dr. Schönheit + P. Engineering GmbH, use of the data for marketing purposes). A given consent can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the DSGVO came into force, i.e. before 25 May 2018.

b. To fulfil contractual obligations or to implement pre-contractual measures (Art. 6 para. 1 b DSGVO)
In order to comply with our contractual obligations to provide services to our customers or to carry out pre-contractual measures, which take place on request, we process data. The purposes of the data processing result primarily from the concrete product and can include among other things requirement analyses and consultation. Further details on the data processing purposes can be found in the contract documents and terms and conditions.

c. Based on legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)
S + P is subject to various legal obligations, which means legal requirements (e.g. commercial and tax retention regulations according to the German Commercial Code). The purposes of processing include, among other things, the fulfilment of fiscal control and reporting obligations and also risk assessment and control within the company.

d. In the context of balancing interests (Art. 6 para. 1 f DSGVO)
If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties. Examples:

Revision and improvement of procedures for general business management and further development of products and services

Advertising and marketing purposes, provided that you have not objected to the use of your data

Assertion of legal claims and defense in legal disputes

Prevention, information and prevention of criminal offences

Ensuring IT security and IT operations

Advice and data exchange with credit agencies to determine creditworthiness and default risks

V. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Within the company, the positions that need them to fulfil our contractual and legal obligations are entitled to access. S + P also has some of the aforementioned processes and services carried out by carefully selected service providers commissioned in accordance with data protection regulations who are based within the EU. These are companies in the categories IT services, payment transactions, print service providers, invoicing and consulting as well as sales and marketing and service providers that we use within the framework of order processing relationships. With regard to the passing on of data to other recipients, we may only pass on information about you if this is required by law, if you have consented or if we are authorized to do so. If these conditions are met, recipients of personal data may be, among others:

Public bodies and institutions (e.g. tax authorities) in the event of a statutory or official obligation
Other companies or similar entities to which we may transfer personal information to conduct business with you (e.g. data centers)
Exchange between Dr. Schönheit + P. Consulting GmbH and Dr. Schönheit + P. Engineering GmbH
Other parties may also be data recipients if you have given us your consent to the transfer of data.

VI. INTENTION TO TRANSFER THE PERSONAL DATA TO A THIRD COUNTRY OR AN INTERNATIONAL ORGANISATION

There is no active transfer of personal data to a third country or to an international organization.

VII. CRITERIA FOR DETERMINING THE DURATION FOR WHICH PERSONAL DATA WILL BE STORED

The criteria for determining the duration of storage shall be based on the end of the purpose and the subsequent legal period of retention. If the data are no longer required for the fulfilment of contractual or legal obligations, they are deleted regularly, unless their further processing - limited in time and possibly limited - is necessary for the following purposes:

Compliance with commercial and tax retention obligations: The German Commercial Code (HGB) must be mentioned. According to this, the storage and documentation periods are specified for up to 10 years.
Preservation of evidence within the framework of the statutory statute of limitations: According to §§ 195 ff. of the German Civil Code (BGB), the regular statute of limitations is 3 years, but under special circumstances up to 30 years.
Compliance with storage obligations under telecommunications law in accordance with the current Telecommunications Act (TKG) and other laws.

VIII. DATA PROTECTION RIGHTS

Every data subject has the right of access under Article 15 DSGVO, the right of rectification under Article 16 DSGVO, the right of cancellation under Article 17 DSGVO, the right of limitation of processing under Article 18 DSGVO, the right of opposition under Article 21 DSGVO and the right of data transfer under Article 20 DSGVO. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to cancellation. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 DSGVO in conjunction with § 19 BDSG). You may revoke your consent to the processing of personal data at any time with effect for the future. This also applies to the revocation of declarations of consent given to us prior to the application of the Basic Data Protection Regulation, i.e. before 25 May 2018.

In detail:

Right to "information" (see Article 15 DSGVO)
You have a right of access to the data concerning you. This is exactly what the present document is intended to guarantee in the best possible way. If you have any further questions, please do not hesitate to contact us.

The right to "rectification" of inaccurate data (see Article 16 DSGVO)
You have the right to have incorrect data corrected. Please contact us for this purpose.

The right to "deletion of your data" (see Article 17 DSGVO)
You have the right to delete your data if (a) the data is no longer necessary, (b) you have revoked your consent if necessary or there is no other legal basis (anymore), (c) you have rightfully objected, (d) the data has been unjustly processed, (e) the deletion is required by law, (f) the data originates from children and should be deleted. Please note that pursuant to Article 17 (2) of the DSGVO, deletion may not be possible.

The right to "limitation of processing" (see Article 18 DSGVO)
You have the right to "block" your data if (a) you dispute the accuracy of the data, (b) the processing is unlawful and you deny deletion, (c) the data is no longer needed by us, (d) you still need the data because of legal claims.

The right to "opposition to the processing" (see Article 21 DSGVO)
You have the right to object to the processing if there are reasons for it for your SPECIAL SITUATION. We will consider whether we have compelling reasons worthy of protection for a processing.

The right to "withdraw consent" (see Article 7 (3) DSGVO)
You have the right to withdraw your consent (insofar as this is relevant to the processing described here). The revocation is only valid for the future.

The right to "data transferability" (see Article 20 DSGVO)
You have a right to receive your data provided that (a) the legal basis is based on consent or a contract, (b) you have provided the data yourself, (c) the data are processed automatically. If these conditions are met, you may also request that we forward the data to a recipient of your choice.

The right to "appeal" (see Article 77 DSGVO)
You have the right to complain to a data protection supervisory authority.

The contact details are as follows:

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
Post box 20 04 44
40102 Düsseldorf

Tel.: +49 211/38424-0
Fax: +49 211/38424-10
E-mail: poststelle@ldi.nrw.de

Internet: https://www.ldi.nrw.de/metanavi_Kontakt/index.php

You are welcome to contact us first before contacting the supervisory authority; our very competent company data protection officer will quickly take care of your request.

Dr. Schönheit + P. Consulting GmbH
Aachener Straße 382
50933 Cologne
datenschutz@dr-schoenheit.de
+49 221 / 710 60

Dr. Schönheit + P. Engineering GmbH
Aachener Straße 382
50933 Cologne
datenschutz@dr-schoenheit.de
+49 221 / 710 60

IX. OBLIGATION TO PROVIDE AND POSSIBLE CONSEQUENCES OF NON-AVAILABILITY OF DATA

As part of our business relationship, you must provide the personal information that is necessary to establish and conduct a business relationship and to fulfill the contractual obligations associated therewith, or that we are required by law to collect. Without this information, we will generally not be able to enter into or perform the contract with you.

X. EXISTING OF AN AUTOMATED DECISION MAKING PROCESS INCLUDING PROFILING

As a matter of principle, we do not use automatic decision making pursuant to Article 22 DSGVO for the establishment and implementation of the business relationship. Should we use these procedures in individual cases, we will inform you separately if this is required by law.

XI. PRIVACY POLICY FOR THE USE OF GOOGLE ANALYTICS (WITH ANONYMIZATION FUNCTION)

The data controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, collection and evaluation of data on the behavior of visitors to Internet pages. A web analysis service collects data on, among other things, from which website a person concerned came to a website (so-called referrers), which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimize a website and to analyze the costs and benefits of Internet advertising.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the addition "_gat._anonymizeIp" for the web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the Internet connection of the person concerned if access to our Internet pages is from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services in connection with the use of our website.

Google Analytics places a cookie on the information technology system of the person concerned. What cookies are has already been explained above. When the cookie is set, Google is able to analyze the use of our website. Each time you access one of the individual pages of this website, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the person concerned, which Google uses, among other things, to track the origin of visitors and clicks and subsequently to enable commission statements.

The cookie is used to store personal information, such as the access time, the location from which an access originated and the frequency of visits to our website by the person concerned. Each time you visit our website, this personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

The person concerned can prevent the setting of cookies by our website at any time, as described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the person concerned. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, it is possible for the person concerned to object to and prevent the collection of data generated by Google Analytics and relating to the use of this website and the processing of this data by Google. For this purpose, the person concerned must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on visits to Internet pages may be transmitted to Google Analytics. The installation of the browser add-on is considered a contradiction by Google. If the data subject's information technology system is later deleted, formatted or reinstalled, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the person concerned or by another person within his/her sphere of control, the browser add-on may be reinstalled or reactivated.

For more information and to review Google's current privacy policies, please visit https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html Google Analytics is explained in more detail at this link, https://www.google.com/intl/de_de/analytics/.

XII. PRIVACY POLICY FOR THE USE OF GOOGLE-ADWORDS

The person responsible for the processing has integrated Google AdWords on this website. Google AdWords is an Internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to pre-define keywords that will be used to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword relevant search result. In the Google advertising network, the ads are distributed to topic-relevant Internet pages using an automatic algorithm and taking into account the previously defined keywords.

The operating company of the Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by displaying advertisements of interest on third-party websites and in the search engine results of Google and by displaying third-party advertisements on our website.

If a person concerned reaches our website via a Google advertisement, a so-called conversion cookie is stored on the information technology system of the person concerned by Google. What cookies are has already been explained above. A conversion cookie loses its validity after thirty days and does not serve to identify the person concerned. If the cookie has not yet expired, the conversion cookie is used to track whether certain subpages, such as the shopping cart of an online shop system, have been accessed on our website. The conversion cookie enables both we and Google to track whether a person who came to our website via an AdWords ad generated a turnover, i.e. completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimize our AdWords ads for the future. Neither our company nor other Google AdWords advertisers receive information from Google that could be used to identify the person concerned.

The conversion cookie is used to store personal information, such as the Internet pages visited by the person concerned. Accordingly, each time you visit our website, personal data, including the IP address of the Internet connection used by the person concerned, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties..

The person concerned can prevent the setting of cookies by our website at any time, as described above, by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the person concerned. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs.

Furthermore, the person concerned may object to the interest-related advertising by Google. To do this, the data subject must access the link www.google.de/settings/ads from any of the Internet browsers he or she uses and make the desired settings there.

Further information and the valid data protection regulations of Google can be called up under https://www.google.de/intl/de/policies/privacy/.

XIII. DATA PROTECTION PROVISIONS ON THE USE AND APPLICATION OF XING

The data controller has integrated Xing components into this website. Xing is an Internet-based social network that allows users to connect to existing business contacts and make new business contacts. Individual users can create a personal profile of themselves at Xing. Companies can, for example, create company profiles or publish job offers on Xing.

Xing's operating company is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which an Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information on the Xing plug-ins can be found at https://dev.xing.com/plugins. As part of this technical process, Xing obtains information about which specific subpage of our website is visited by the person concerned.

If the person concerned is logged in to Xing at the same time, Xing recognizes which specific page of our website the person concerned is visiting each time the person concerned accesses our website and for the entire duration of that person's stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the person concerned. If the person concerned activates one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the person concerned and saves this personal data.

Xing always receives information via the Xing component that the person concerned has visited our website if the person concerned is logged in to Xing at the same time as accessing our website; this takes place regardless of whether the person concerned clicks on the Xing component or not. If the data subject does not wish to transmit this information to Xing in this way, he or she can prevent the transmission by logging out of his or her Xing account before accessing our website.

The data protection regulations published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Furthermore, Xing has published data protection information for the XING Share button at https://www.xing.com/app/share?op=data_protection.