Below, we will inform you about the processing of your personal data by us and your claims and rights under the data protection law, especially the General Data Protection Regulation (GDPR).
Personal data are any data that are personally attributable to you, e.g. name, address, e-mail addresses, user behavior. Which data are processed in detail and how they are used depends largely on which of our services are used.
1. Who is responsible for data processing and whom can I contact?
Märkische Allee 84a
Phone +49 (0) 030 54800630
You can contact our Data Protection Officer at:
mip Consult GmbH
Asmus Eggert, Attorney-at-Law
10829 Berlin, Germany
Phone +49 (0) 30 208899936
2. Which sources and data do we use?
We process personal data that we receive from you as part of your use of our website and, if applicable, our business relationship.
In the case of purely informative use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we collect the following access data that we technically require to display our website and to ensure stability and security. The access data include the IP address, date and time of the visit, time zone difference compared to Greenwich mean time (GMT), content of the request (i.e. name of the specific visited web page), access status/HTTP status code, respective amount of transmitted data, referrer URL (previously visited page), browser type and version, operating system and its interface, language and version of the browser software, message about successful retrieval.
In addition, we obtain your personal data if you contact us by using our contact form or by e-mail. Personal data here include e.g. name, company, e-mail, phone number, subject, message text (hereinafter called "contact information").
3. What do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) for the following purposes and on the following legal bases:
PurposesLegal basisInsofar as you consent to the processing of personal data for specific purposes, in particular for contacting you (e.g. via our contact form or by e-mail for handling and processing the request, advertising by telephone, e-mail, SMS, etc.), such processing is legal as you have consented. Your consent may be withdrawn at any time. Please note that any withdrawal is effective for the future only. It does not affect any processing that was done prior to the withdrawal. Any withdrawal may be addressed to the above-mentioned contact data or to firstname.lastname@example.orgConsent, Art. 6 (1a) GDPRWhen you contact us (via contact form or by e-mail), in addition to any consent given to processing the contact request and its handling, your details are also processed based on steps taken prior to entering into a contract, Art. 6 (1b) GDPR.Steps taken at the request of the data subject prior to entering into a contract, Art. 6 (1b) GDPRWhen you contact us (by e-mail) in connection with your application, we process your data in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application procedure. Your applicant data will be reviewed after receipt of your application. In principle, only those persons in the company have access to your data who need this for the proper course of our application procedure.Data Processing for Employement-related purposes, Section 26 Federal Data Protection Act (BDSG) such as hiring deciison, after hiring and in the event of rejection in order to protect legitimate interests, Art. 6 para 1 lit. f GDPR (defence against claims), if consent has been granted, Art. 6 para. 1 lit. a GDPRWe process your access data (see data specified under item 2 above) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests: Ensuring IT security, in particular the security of the Website; Advertising or market and opinion research, unless you have objected to the use of your data.As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 (1f) GDPRAssertion of legal claims and defense in case of legal disputes.4. Who can access my data?
Within the organization, entities that need to know your data to fulfill our contractual and regulatory obligations can access your data.
In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services, printing services, telecommunications, sales and marketing. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.
Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose user data to third parties only if this is required, for example, under Art. 6 (1) (b) GDPR for contract purposes or based on legitimate interests pursuant to Art. 6 (1) (f.) GDPR in the economic and effective operation of our business or if you have consented to the data transfer. If the Website is used for purely informational purpose, we generally do not disclose any data to third parties.
5. How long will my data be retained?
For security reasons (e.g. to investigate abusive or fraudulent activities) log-file information is retained for a maximum of four weeks and then deleted (see item 2 above). Data that must be retained further for evidential purposes are exempted from deletion until the respective incident has been finally clarified.
If necessary, we process and retain your personal data for the duration of our business relationship, which also includes, for example, initiation and performance of a contract via the contact form or by e-mail.
Applicant data will be deleted after 6 months in case of a cancellation. In addition, we are subject to various retention and documentation obligations, inter alia under the German Commercial Code (HGB) and the German Tax Code (AO). The deadlines for retention and documentation specified therein range from two to ten years.
Finally, the retention period also depends on the statutory limitation periods, which for example, usually is 3 years according to Sec. 195 et seqq. of the German Civil Code (BGB), but in some cases may be as long as thirty years, with the standard limitation period being three years.
6. Are data transferred to a third country or to an international organization?
There is no data transfer to third countries (countries outside the European Union - EU).
7. What are my data protection rights?
Each and every data subject has
- the right of access according to Art. 15 GDPR,
- the right to rectification according to Art. 16 GDPR,
- the right to erasure according to Art. 17 GDPR,
- the right to restriction of processing according to Art. 18 GDPR and
- the right to data portability under Art. 20 GDPR.
In addition, you may revoke consent in principle with effect for the future.
You furthermore have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with Sec. 19 BDSG).
We would also like to note your right to object according to Art 21 GDPR:
Information about your right to object according to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1e GDPR (data processing in the public interest) and Art. 6 para 1f GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR, which we use – inter alia - to analyze questionnaires or for advertising purposes.
If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.
Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs.
If possible, any objection should be addressed to:
Märkische Allee 84a
or by e-mail to:
8. To what extent do you apply automated individual decision-making, including profiling?
In principle, we do not use fully automated decision-making pursuant to Art. 22 GDPR as part of access to our Website or in the context of contact via form or by e-mail. Should we use such procedures in individual cases, we will notify you separately, if this is required by law. We do not process your data automatically with the objective of evaluating certain personal aspects (profiling).
9. Am I under any obligation to provide data?
On our Website, you must provide the personal data necessary for using our Website for technical or IT security reasons. You cannot use our Website, unless you provide the above-mentioned data.
When contacting us via form or by e-mail, you only need to provide the personal data required to process your request. Otherwise we will be unable to process your request.
Cookies are information transmitted from our web server or third-party web servers to the users' web browsers, where they are stored for later retrieval. Cookies are small files or other types of information storage. Cookies are used for security purposes or for the operation of our Website (e.g. for the optimal display of the website on different terminals) or to save your decision when confirming our cookie banner.
We use "session cookies", which are stored only for the duration of the current visit to our Website and are an enabling factor for the use of our Website in the first place. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the retention period. Session cookies are deleted at the latest when you have finished using our Website and close the browser.
Click here for information about the cookies we use:
If you do not want cookies to be stored on your computer, you may disable the corresponding option in your browser's system settings. Stored cookies may be deleted in the browser's system settings. Please note that disabling cookies may limit the functionality of this Website.
11. Google Analytics
Google is certified under the EU-US Privacy Shield Agreement and therefore guarantees compliance with European data protection law (https://www.privacyshield.gov).
Google uses such data on our behalf to evaluate the use of our Website by our users, to compile reports on the activities on this Website and to provide us with further services related to the use of this Website. The processed data can be used to generate pseudonymous usage profiles.
We use Google Analytics with activated IP anonymization. This means that the users' IP address is shortened by Google within the States that are party to the Agreement on the European Economic Area. The full IP address is sent to a Google server in the USA and shortened there in exceptional cases only.
The IP address transmitted by the user's browser is not merged with other data provided by Google. Users may prevent the storage of cookies by setting their browser software accordingly; in addition, users may also prevent the collection of the data generated by the cookie and their transfer to Google as well as the processing of such data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For more information about data processing by Google, settings and options to object, please visit the websites of Google at: https://www.google.de
12. Other services
On our website, we use third-party services as part of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR, i.e. our interest in an optimal Website. The user's IP address is transmitted to such third-party providers. The IP address is technically required for the contents to be displayed. Third party providers may use so-called web pixels (invisible graphics, also referred to as "web beacons") for evaluation or marketing purposes. The web pixels can be used to evaluate information, such as the traffic of the Website. The third parties may store information in cookies on users' devices.
We use the following third-party providers on our website:
13. Social Media
You will find us with presences within social networks and platforms so that we can communicate with you there as well and inform you about our services. We would like to point out that your data may be processed outside the European Union and that the data is usually processed there for market research and advertising purposes. Usage profiles can be created from the usage behaviour and the resulting interests of the users. These usage profiles can in turn be used, for example, to place advertisements inside and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the users' computers, in which the usage behaviour and interests of the users are stored. Other data may also be stored in these user profiles, especially if the users are members of the respective platforms and are logged in to them.
The processing of the users' personal data is based on our legitimate interests in the broadest possible communication with our users in accordance with Art. 6 para. 1 lit. f GDPR. If the respective social networks obtain consent for data processing, the legal basis for processing is Art. 6 para. 1 lit. a GDPR. For information on the respective processing and the respective possibilities of objection, we refer to the following linked data protection information of the providers:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Facebook pages based on an agreement on joint processing of personal data - data protection information: https://www.facebook.com/about/privacy/, opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
- Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - Privacy Information/ Opt-Out: http://instagram.com/about/legal/privacy/.
In the case of requests for information and the assertion of user rights, we recommend that these are asserted directly with the providers, as the providers have direct access to the data. Should you nevertheless require support, please feel free to contact us using the contact details given above.