top of page

data protection

Data Protection Policy and Proactive Information in Accordance with Articles 13 and 14 GDPR.

We are very pleased about your interest in our company. Data protection is of particular importance to us. Use of the website is generally possible without providing any personal data. However, if a data subject wishes to use special services provided by our company via our website, processing of personal data may be necessary. If the processing of personal data is necessary within our company, this is carried out on the basis of Art. 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR).

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). By means of this data protection declaration, our company would like to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, for example, by telephone.

​

  1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, the Federal Data Protection Act, and other provisions of a data protection nature is:

HLH Consulting GmbH

Dickhardtstrasse 2

12159 Berlin

Germany

Management: Dr. Henny Lena Holzhauser

Phone: +49 (0) 160 6155703

Email: lena.holzhauser@hlh-consulting.com

VAT number: DE325059050

 

2. Name and address of the company data protection officer

An external company data protection officer has been appointed. You can reach our company data protection officer using the following contact details:

HLH Consulting GmbH

Dickhardtstrasse 2

12159 Berlin

Germany

Management: Dr. Henny Lena Holzhauser

Phone: +49 (0) 160 6155703

Email: lena.holzhauser@hlh-consulting.com

 

3. Cookies

Our website uses cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string that allows websites and servers to associate the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

The use of cookies can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.

The data subject can prevent the setting of cookies by our website at any time by making the appropriate settings in the internet browser used and thus permanently deny the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully available.

 

4. Server Log Files

When you visit our website, we or our hosting provider automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These include:

 

  • Browser type and version

  • Operating system used

  • Referrer URL

  • Hostname of the accessing computer

  • Time of the server request

  • IP address

This data will not be merged with other data sources.

The basis for data processing is Art. 6 (1) (f) GDPR, which permits the processing of data based on the legitimate interest of the website operator in the technically error-free and optimized provision of its services.

 

5. SSL Encryption

Our website uses SSL encryption when transmitting confidential or personal content from our users. This encryption is activated, for example, when processing payments and for inquiries you send to us via our website. Please ensure that SSL encryption is activated on your side for corresponding activities. The use of encryption is easy to recognize: The display in your browser line changes from "http://" to "https://." Data encrypted via SSL cannot be read by third parties. Only transmit your confidential information with SSL encryption enabled, and contact us if in doubt.

 

6. Use of Content Delivery Networks (CDNs)

A CDN is an external storage device that can deliver its content on multiple web servers at different locations. This significantly reduces the loading time of JavaScript, fonts, and frequently used graphics because the necessary files are transferred to you from web servers that are significantly closer to your location and are also specifically optimized for this purpose. Among other things, your IP address is naturally transferred from your browser to the CDN server. The CDN provider we use operates several servers in the EU, and the probability of landing on an EU server is very high due to the anycast technology used. However, it cannot be ruled out that your browser may also access web servers outside the EU. To also speed up page loads for foreign visitors, mirror servers are distributed throughout the world. The actual pages of our website and our service, as well as communication via contact forms, ordering systems, etc., are not handled via the CDN. To prevent JavaScript from running, among other things, you can install a blocker in your browser. Delivering our website as quickly as possible is in our legitimate interest in ensuring a fast and appealing presentation of our website and our online offerings. The legal basis for this data processing is Art. 6 (1) (f) GDPR. The collected raw data is deleted within four hours, but no later than three days.

7. Use of Google Fonts

We use web fonts from the Google Internet service ("Google Fonts") on our website. Google Fonts is a service provided by Google Ireland Limited ("Google"). These web fonts are integrated by calling a server, usually a Google server in Ireland. This transmits to the server information about which of our websites you have visited. The IP address of the browser on the device of the visitor to these websites is also stored by Google. Further information can be found in Google's privacy policy, which you can access here:

https://www.google.com/policies/privacy/

https://fonts.google.com/about

 

8. Google Remarketing

Based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering within the meaning of Art. 6 (1) (f) GDPR), we use the services of Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The individual services are described below:

8.1 Use of Google Analytics (also for target group building)

This website uses Google Analytics. Google Analytics uses "cookies," which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website is usually transferred to a Google server in Ireland and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in Ireland and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent cookies from being saved by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available at the following link (insert link here. The current link is: http://tools.google.com/dlpage/gaoptout?hl=de). In light of the ongoing discussion surrounding the use of analysis tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed in abbreviated form to prevent them from being directly linked to a specific person. Further information can be found in Google's privacy policy, which you can access here:

https://www.google.com/policies/privacy/

We use Google Analytics to display ads placed within Google's and its partners' advertising services only to users who have shown an interest in our online offering or who have certain characteristics (e.g., interests in certain topics or products determined based on the websites visited) that we transmit to Google (so-called "remarketing"). Remarketing also helps us ensure that our ads match the potential interests of users.

8.2 Google AdSense with Personalized Ads

We use the AdSense service, which displays ads on our website and compensates us for their display or other use. For these purposes, usage data, such as clicks on ads and the user's IP address, are processed, with the IP address being truncated by the last two digits. Therefore, user data is processed pseudonymously.

We use AdSense with personalized ads. Google draws conclusions about users' interests based on the websites they visit or apps they use and the user profiles created in this way. Advertisers use this information to tailor their campaigns to these interests, which is beneficial for both users and advertisers. Google considers ads to be personalized when collected or known data determines or influences ad selection. This includes, among other things, previous search queries, activity, website visits, app usage, demographic and location information. Specifically, this includes: demographic targeting, interest category targeting, remarketing, and targeting of customer match lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

For more information about Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).

 

8.3 Google AdWords and Conversion Measurement

We use the online marketing process Google "AdWords" to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the ads. This allows us to display ads for and within our online offering more specifically, so as to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which they have shown interest on other online offerings, this is referred to as "remarketing." For these purposes, when you visit our website and other websites on which the Google advertising network is active, Google code is immediately executed and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (similar technologies can also be used instead of cookies). This file records which websites the user visits, which content they are interested in, and which offers they click on. It also contains technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online service.

We also receive a unique "conversion cookie." The information collected through the cookie is used by Google to compile conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or email address of users, but rather processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in Ireland.

 

8.4 Google DoubleClick

We use the Google "DoubleClick" online marketing process to place ads in the Google advertising network (e.g., in search results, in videos, on websites, etc.). DoubleClick is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online offering more specifically, in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which they have shown interest on other online offerings, this is referred to as "remarketing." For these purposes, when our and other websites on which the Google advertising network is active are accessed, Google code is immediately executed by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e., a small file, is stored on the user's device (similar technologies can also be used instead of cookies). This file records which websites the user has visited, which content he is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and other information about the use of the online offer.

The user's IP address is also recorded, although it is shortened within member states of the European Union or in other contracting states to the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in Ireland and shortened there. Google may also combine the above-mentioned information with information from other sources. If the user subsequently visits other websites, ads tailored to their presumed interests can be displayed based on their user profile.

User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process, for example, the name or email address of the user, but rather processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in Ireland.

Further information about Google's data usage, settings, and opt-out options can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of Google ads (https://adssettings.google.com/authenticated).

8.5 Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, stores cookies, or perform independent analyses. It is used solely to manage and display the tools integrated through it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.

 

Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If consent has been requested, processing will be carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

9. Use of the YouTube plug-in

This website contains at least one plug-in from YouTube, which belongs to Google Ireland Limited, located at Gordon House, Barrow Street, Dublin 4, Ireland. As soon as you visit pages of this website equipped with a YouTube plug-in, a connection to the YouTube servers is established. This tells the YouTube server which specific page of this website you visited. If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this association by logging out of your account beforehand. Further information on the collection and use of your data by YouTube can be found in its privacy policy at https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/

 

10. Use of LinkedIn

Functions and content of the LinkedIn service, offered by inkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, may be integrated into our online offering. This may include, for example, content such as images, videos, or text, and buttons that allow you to share content from this online offering within LinkedIn. If you are a member of the LinkedIn platform, LinkedIn can associate the access to the aforementioned content and functions with your LinkedIn profile. Further information can be found here: https://www.linkedin.com/legal/privacy-policy.

 

11. Use of static links to social media

This website uses static links to our social media channels. This type of link does not establish a connection to the respective servers. Your personal data will therefore not be forwarded.

 

 

12. Registration on our website

The data subject has the option of registering on the controller's website by providing personal data. The personal data transmitted to the controller is determined by the respective input mask used for registration. The personal data entered by the data subject will be collected and stored exclusively for internal use by the controller and for its own purposes. The controller may arrange for the data to be transferred to one or more processors, such as a parcel service provider, who will also use the personal data exclusively for internal use attributable to the controller.

By registering on the controller's website, the IP address assigned to the data subject by the Internet service provider (ISP), the date, and the time of registration are also stored. This data is stored to prevent misuse of our services and, if necessary, to enable the investigation of crimes committed. Therefore, the storage of this data is necessary to protect the controller. This data will generally not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purposes of law enforcement.

The registration of the data subject with the voluntary provision of personal data allows the controller to offer the data subject content or services that, due to the nature of the matter, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the controller's database.

The controller will provide each data subject with information about which personal data about the data subject is stored at any time upon request. Furthermore, the controller will correct or delete personal data at the request or notification of the data subject, provided that this does not conflict with statutory retention periods. A data protection officer named in this privacy policy is available to the data subject as a contact person in this context.

13. Contact options via the website

Due to legal regulations, the website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address for so-called electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data voluntarily transmitted by a data subject to the controller will be stored for the purposes of processing the request or contacting the data subject. This personal data will not be passed on to third parties.

 

14. Legal basis for processing

Article 6(1)(a) GDPR serves as the legal basis for our company's processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations necessary to carry out pre-contractual measures, such as when contacting us. Furthermore, if our company is subject to a legal obligation which requires the processing of personal data, for example, to fulfill tax obligations, the processing is based on Article 6(1)(c) GDPR. Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if the processing is necessary to safeguard a legitimate interest of our company or a third party, unless the interests, fundamental rights and freedoms of the data subject override such interests.

 

15. Disclosure of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below. Your personal data will be disclosed to third parties only to the extent necessary for the performance of the contractual relationship with you. Recipients of the data are public bodies that receive data due to legal regulations (e.g., tax authorities, etc.), internal departments involved in the execution of the respective business processes (accounting, banks/payment service providers, customer service, marketing, sales), as well as contractual partners, business partners, and service providers, to the extent required or permitted by law and necessary for us to fulfill our obligations to our customers.

 

16. Routine deletion and blocking of personal data

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data will be routinely deleted unless it is no longer required for the fulfillment or initiation of the contract and no other legal regulations prevent deletion.

 

17. Rights of the Data Subject

 

As a data subject, you have the following rights:

 

Right to confirmation

If you want to know whether we process your data, you can exercise your right to confirmation.

 

Right to information

You have the right to receive information from us free of charge at any time as to whether and which of your data we have stored.

 

Right to rectification

You can request that we correct your personal data at any time if the data contains errors. If the data is incomplete, you can request that it be supplemented.

 

Right to erasure (right to be forgotten)

You have the right to request that we delete your data immediately, provided that there are no statutory retention periods or legal grounds that prevent this.

 

Right to restrict the processing of your data

You have the right to request that we restrict processing. The data will then not be deleted, but will no longer be available for processing.

 

Right to transfer your data or have it transferred

You have the right to receive your personal data in a structured, common, and machine-readable format. You also have the right to transmit this data to another entity without any hindrance from us, provided there are no compelling reasons to the contrary. To do so, you can request that we directly transfer this data, provided that doing so does not violate the rights and freedoms of others and is technically feasible.

 

Right to object

You can object to the use of your data at any time if the data processing is based on the legal grounds of Article 6 (1) (a) (consent) or (f) (legitimate interest) GDPR.

 

To exercise any of the above rights, simply contact us.

 

Right to lodge a complaint with a data protection supervisory authority

You have the right to lodge a complaint with a supervisory authority if you believe that we are violating data protection law. Information on the Berlin supervisory authority responsible in this case, as well as on the Berlin State Data Protection Commissioner, can be found at https://www.datenschutz-berlin.de/.

 

18. Possible consequences of non-provision of data

We inform you that the provision of personal data is sometimes required by law (e.g., tax regulations) or may also arise from contractual provisions (e.g., information about the contractual partner). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which we must subsequently process. For example, the data subject is obligated to provide us with personal data if our company concludes a contract with them. Failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact our data protection officer. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

 

 

19. Existence of automated decision-making (profiling)

As a responsible company, we do not use automated decision-making or profiling.

©2023 by Christian Parsow and Dr. Henny Lena Holzhauser

members of the DICO - German Institute for Compliance

imprint

data protection

bottom of page