DE|EN

Privacy Policy

The protection of your personal data is important to us. We therefore process your personal data (in short "data") exclusively on the basis of according US and EU legal regulations. With this privacy policy we would like to inform you about the processing of your data in our company and the data protection claims and rights to which you are entitled to in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).

1. Who is responsible for data processing and who can you contact?

Responsible is

LEITWERK Consulting GmbH

Agnes-Pockels-Bogen 1

80992 Munich

Tel: +49 89 18923596

E-mail: info@leitwerk-consulting.com

The company data protection officer is

Richard Söldner

Project 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

E-Mail: rs@projekt29.de

Tel.: 0941-2986930

2. What data is processed and from which sources does this data originate?

Personal data includes:

Customer master/contact data, e.g. first and last name, address, contact data (e-mail address, telephone number, fax), bank data.

In case of applicants and employees, e.g. first and last name, address, contact data (e-mail address, telephone number, fax), date of birth, data from curriculum vitae and employment references, bank data, religious affiliation, photo shoots.

Business partner data, e.g. the name of their legal representatives, company name, commercial register number, VAT registration number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data.

Visitors to our company, this includes name and signature.

For journalists, this includes first name, surname, e-mail address and fax number.

In addition, we also process the following other personal data:

  • information about the type and content of contract data, order data, sales and document data, customer and supplier history and consulting documents,
  • advertising and sales data,
  • information from your electronic communication with us (e.g. IP address, log-in data),
  • other data that we have received from you in the course of our business relationship (e.g. in discussions with customers)
  • data, which we generate ourselves from master / contact data as well as other data, e.g. by means of customer demand and customer potential analyses,
  • the documentation of your declaration of consent for receiving e.g. newsletters.
  • Photographs taken during events. 

Server log files:

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are for example:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • used web browser and operating system
  • complete IP address of the requesting computer
  • transferred data volume

This data is not merged with other data sources. Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. For reasons of technical security, in particular to defend against attempts to attack our web server, this data is stored by us for a short period of time. It is not possible for us to draw conclusions about individual persons based on this data. After seven days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. In anonymized form, the data is also processed for statistical purposes; it is not compared with other data sets or passed on to third parties, even in excerpts.

3. For which purposes and on which legal basis are the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act 2018 in the currently valid version:

For the fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR):

Your data will be processed online or in one of our branches for the purpose of contract processing, for the purpose of contract processing of your employees in our company. The data will be processed in particular for the initiation of business and for the execution of contracts with you.

To meet legal obligations (Art. 6 para. 1 lit. c GDPR):

A processing of your data is necessary for the purpose of fulfilling different legal obligations, e.g. from the commercial code or the tax code.

To safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR):

Due to a balancing of interests, data processing may be carried out beyond the actual fulfilment of the contract in order to protect the legitimate interests of us or third parties. Data processing to protect legitimate interests is carried out, for example, in the following cases:

  • Advertising or marketing,
  • measures for business management and further development of services and products,
  • maintaining a group-wide customer database to improve customer service,
  • in the context of legal action,
  • sending of non-sales promoting information and press releases

Within the scope of your consent (Art 6 para. 1 lit. a GDPR):

If you have given us your consent to process your data, e.g. to send our newsletter, publish photos, competitions, etc., we will not use your data for any other purpose.

4. Processing of personal data for advertising purposes

You may object to the use of your personal data for advertising purposes at any time, either in whole or for individual measures, without incurring any costs other than the transmission costs according to the prime rates.

We are entitled, under the legal conditions of § 7 para. 3 of the Act against Unfair Competition, to use the e-mail address you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.

If you do not wish to receive such recommendations by e-mail from us, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the prime rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.

5. Am I obliged to provide data?

The processing of your data is necessary for the conclusion or fulfillment of your contract or interaction with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to execute an existing contract and therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant to the performance of the contract or not required by law.

6. Who receives my data?

If we use a service provider for the purpose of order processing, we will still remain responsible for the protection of your data. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of the service provision. The processors commissioned by us will receive your data if they need the data to perform their respective services. These are e.g. IT service providers, which we need for the operation and security of our IT system or modern communication and data storage providers (e.g. cloud services).

Your data is processed in our customer database. The customer database supports the enhancement of the data quality of the existing customer data (duplicate cleansing, address correction), and enables enrichment with data from public sources.

This data is made available to the Group companies to the extent necessary for the execution of a contract. The storage of customer data is company-related and separate, with the parent company acting as shared-service provider for the individual participating companies in some cases.

In case of a legal obligation and in the context of legal action, authorities and courts as well as external auditors may be recipients of your data.

Furthermore, insurance companies, banks, credit agencies and service providers may be recipients of your data for the purpose of contract initiation and fulfillment.

7. How long will my data be stored?

We process your data until the end of the business relationship or until the expiry of the applicable statutory retention; furthermore, until the end of any legal disputes in which the data is required as evidence.

8. Is personal data transferred to a third country?

We also process data in countries outside the European Economic Area ("EEA"). This applies in particular to:

 United States of America (USA):

  • Amazon.com Inc.
  • Cloudinary Ltd.
  • Google LLC.

In its ruling of July 16, 2020, the European Court of Justice revoked its previously applicable decision, which identified affiliation with the U.S. Privacy Shield as a permissible legal basis. The European Court of Justice thus clarified that the U.S. Privacy Shield does not offer an equivalent guarantee for the protection of personal data as the regulations applicable throughout the EU. In order to make a transfer to a third country nevertheless admissible, EU standard contractual clauses must therefore be agreed and concluded with the recipient. These standard contractual clauses have been agreed and concluded with Akamai Technologies, inc, Google, Inc, Youtube, LLC, Trustarc Inc, Microsoft Corporation.  These can be found here:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en.

9. Data safety

We have taken technical and organizational security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers working for us are bound to the valid data protection laws.

Whenever we collect and process personal data, it is encrypted before it is transmitted. This means that data misuse by third parties is impeded. Our security precautions are subject to a continuous improvement process and our privacy policy is constantly being revised. Please make sure that you have the latest version.

10. Contact form / e-mail contact

If you send us inquiries via contact form or e-mail, your data from the inquiry form, including the contact data you provided there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.

Data transfer upon conclusion of a contract for services and digital content.

We transmit personal data to third parties only if this is necessary in the context of contract processing, for example, to the credit institution entrusted with payment processing.

Further transmission of data does not take place or only if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

11. Applications / job advertisements

We collect various personal data through the application process. Personal data is any information from which conclusions can be drawn about your personal or factual circumstances or which makes you identifiable. The following data is collected and processed for the automated processing of your application:

  • First name, last name, address, e-mail, date of birth, title, telephone number.
  • Additional questions depending on the respective job advertisement.
  • Curriculum vitae, in particular information on professional experience and training
  • Skills and knowledge for the advertised position
  • Application photo
  • Qualifications, awards and language skills
  • letter of motivation
  • Files and documents that you would like to send or upload in connection with your application

By submitting the applicant data, you as the applicant give your consent to the processing of the personal data for the purpose set out in this privacy policy.

No information that may not be processed under the General Equal Treatment Act (this includes, but is not limited to, race, ethnic origin, gender, disability, religion and belief, or age) will be required to process your application. We ask that you do not submit any information that is irrelevant to the processing of your application due to the Equal Treatment Act (including, but not limited to, illnesses, pregnancy, trade union membership, and sex life).

Please do not submit any content that could violate third-party copyrights or press law, for example.

The legal basis for processing your personal data in this context is Art. 6 para. 1 lit. f GDPR, our legitimate interest in carrying out applications, as well as Art. 6 para. 1 lit. b), Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 Federal Data Protection Act (new).

Your application e-mail and the application documents sent will be kept by us for 90 days (according to ISO standards). After this period, your documents will be deleted in accordance with data protection law, unless you give us your consent to store them for our applicant pool.

12. Newsletter

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data is not collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

13. Cookies

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files that are transferred from an Internet server to your browser and stored on its hard drive. Only the Internet protocol address is stored - no personal data. This information, which is stored in the cookies, allows us to automatically recognize you the next time you visit our website, making it easier for you to use.

Of course, you can also visit our website without accepting cookies. If you do not want your computer to be recognized on your next visit, you can also refuse the use of cookies by changing the settings in your browser to "refuse cookies". The respective procedure can be found in the operating instructions of your respective browser. However, if you refuse the use of cookies, you may experience limitations in the use of some areas of our website.

If you do not consent to their use, we will only use cookies that are essential for the functionality of the website.

The following essential cookies are used

name | provider | purpose

  • cookie-consent | LEITWERK Consulting GmbH | Saving the Cookie Consent

The following cookies are used for analysis and marketing purposes

Name | Provider | Purpose

  • _ga | Google Inc. | Analysis and marketing to optimize the offer
  • _gat | Google Inc. | Analysis and marketing to optimize the offer
  • _gat_UA-* | Google Inc. | Analysis and marketing for optimizing the offer
  • _gid | Google Inc. | Analysis and marketing to optimize the offer

14. Third Party Services

Google Web Fonts

Google Web Fonts (http://www.google.com/webfonts/) are used to improve the visual presentation of various information on our website. The web fonts are transferred to the browser's cache when the page is called up in order to be able to use them for the display. If the browser does not support Google Web Fonts or prevents access, the text is displayed in a standard font. When the page is called up, no cookies are stored on the website visitor. Data transmitted in connection with the page view is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can set your browser to not load the fonts from Google servers (for example, by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you disable access to Google servers, the text will be displayed in the system's default font. For information about Google Web Fonts' privacy policy, please visit:

https://developers.google.com/fonts/faq#Privacy

Information on the Google privacy policy and Google terms of use can be obtained directly from Google: http://www.google.com/intl/de-DE/privacy/.

Google Tag Manager

This website uses Google Tag Manager. The Tag Manager does not collect any personal data. The tool provides for the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager. Google's privacy notice for this tool can be found here: https://www.google.de/tagmanager/use-policy.html

Google Analytics

We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), as described below. The information automatically collected by Google technologies about your use of our website is usually transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. For the USA, there is no adequacy decision of the European Commission. Our cooperation is based on standard data protection clauses of the European Commission.

If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymization. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise specified for the individual technologies, the data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in the privacy policy of Google https://policies.google.com/privacy?hl=de.

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information, and information about your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. As a matter of principle, your IP address will not be merged with other data from Google.

For the purpose of optimized marketing of our website, we have activated the data release settings for "Google products and services". This allows Google to access the data collected and processed by Google Analytics and subsequently use it to improve Google services. Data sharing with Google under these data sharing settings is based on an additional agreement between responsible parties. We have no influence on the subsequent data processing by Google.

For the creation and execution of tests, we also use the Google Analytics Google Optimize extension function.

For web analysis, the Google Analytics Google Signals extension function enables so-called "cross-device tracking". Insofar as your internet-enabled devices are linked to your Google account and you have activated the "personalized advertising" setting in your Google account, Google can create reports about your usage behavior (esp. cross-device user numbers), even if you change your terminal device. A processing of personal data by us does not take place in this respect, we only receive statistics generated on the basis of Google Signals.

For web analysis and advertising purposes, the extension function of Google Analytics enables the so-called DoubleClick cookie to recognize your browser when you visit other websites. Google will use this information to compile reports on website activity and to provide other services related to website usage.

Prismic

For our website we use Prismic as a content management system. This is a service of Prismic Networks, Inc. 185 Alewife Brook Parkway, #410 Cambridge, MA 02138 hereinafter referred to as "Prismic".

To enable the presentation of the content of our website, a connection to the Prismic servers is established when our website is accessed.

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

Through the connection to Prismic established when our website is called up, Prismic can determine from which website your request was sent and to which IP address the content is to be transmitted.

Prismic offers a web site at

https://prismic.io/legal/privacy

https://prismic.io/security

for further information and points out that Prismic's privacy policy complies with EU data protection laws (GDPR).

Cloudinary

On our website we use a so-called Content Delivery Network ("CDN") of Cloudinary Ltd, 3400 Central Expressway, Suite 110, Santa Clara, CA 95051, USA ("Cloudinary").

A CDN is an online service that is used in particular to load large media files (such as graphics, page content or scripts) through a network of regionally distributed servers connected via the Internet and display them on our website. The use of the CDN helps us to optimize the loading speeds of our website.

The processing is carried out in accordance to Art. 6 para. 1 sentence 1 lit. f) GDPR on the base of our legitimate interest in a secure and efficient provision, as well as improvement of the stability and functionality of our website.

We have concluded a data processing agreement with Cloudinary (Data Processing Addendum, available at https://cloudinary.com/gdpr/dpa) which includes EU standard contractual clauses.

For more information, please see Cloudinary's privacy policy at: https://cloudinary.com/privacy.

MailChimp

We use MailChimp, which is provided by Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA. This service provides a platform for sending newsletters. We use this to send you the confirmation email for compliant consent as part of the double opt-in process. By clicking on the link contained in this email, we store the IP address and date of registration, as evidence in case a third party abuses your email address to sign you up to receive newsletters without your knowledge or authorization.

The legal basis for sending this email using MailChimp is your consent according to Art. 6 para. 1 lit. a GDPR.

Mailchimp processes the data that the user (customer) himself has transmitted or otherwise provided to Mailchimp. This can be identification and contact data (name, email address, etc.) or publicly available profile information from social media.

The emails contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services, based on the technical data or the target groups and their reading behavior, based on their retrieval locations (which can be determined with the help of the IP address) or the access times.

The email addresses of our newsletter recipients, as well as their other data described in the context of this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the emails on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimize or improve its own services, e.g. to technically optimize the sending and display of the emails or for economic purposes to determine from which countries the recipients come. MailChimp may not, however, use this data of our recipients to write to them itself, nor is it permitted to pass this data on to third parties.

As a legal basis for the transfer outside the EU, MailChimp relies in this regard on the currently applicable standard contractual clauses. You can view MailChimp's privacy policy here https://www.intuit.com/privacy/statement/. The Data Processing Addendum can be accessed at https://mailchimp.com/legal/data-processing-addendum.

Pipedrive

We use Pipedrive, offered by the company Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia as a customer relationship management tool ("CRM tool") for processing and storing contact data. When contacting us (via contact form), user data is collected and processed in Pipedrive. Pipedrive allows us to process and answer requests and messages faster. For this purpose, data is transferred to Pipedrive and stored on Pipedrive servers.

The legal basis for the use of Pipedrive is Art. 6 para. 1 lit. a GDPR for sending newsletters, as well as Art. 6 para. 1 lit. f GDPR, our legitimate interest for the fast and effective processing of requests.

You can access Pipedrive's privacy policy here: https://www.pipedrive.com/en/privacy. Further information on data protection can also be found at: https://support.pipedrive.com/de/article/pipedrive-and-gdpr.

YouTube

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy.

15. What data protection rights do I have?

You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data transferability and to complain in accordance with the requirements of data protection law at any time.

Right of access by the data subject:

You can request information from us as to whether and to what extent we process your data.

Right of rectification:

If we process your data that are incomplete or incorrect, you can demand that we correct or complete them at any time.

Right to erasure (“Right to be forgotten”):

You can demand the deletion of your data from us if we process them illegally or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated storage obligations.

Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, provided that there is no legal obligation to retain them.

Right to restriction of processing:

You can demand that we limit the processing of your data if

  • you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data.
  • the processing of the data is unlawful, but you refuse to have it deleted and instead demand a restriction on the use of the data,
  • we no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims, or
  • you have objected to the processing of the data.

Right to data portability:

You may require us to provide you with your data that you have provided to us in a structured, common, machine-readable format and that you may transfer such data to another responsible party without hindrance from us, provided that

we process this data on the basis of a revocable consent given by you or for the fulfilment of a contract between us, and

this processing is done using automated procedures.

If technically feasible, you can request us to transfer your data directly to another responsible person.

Right to object:

If we process your data out of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to lodge a complaint with a supervisory authority:

If you are of the opinion that we are processing your data in violation of German or European data protection law, please contact us so that we can clarify any questions. Of course you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision.

If you wish to assert any of the above rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

The German version of the Privacy Policy is to apply.

Right to withdraw consent

If we process your data on the base of consent, you shall have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

Automated individual decision-making, including profiling

You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Exceptions to this only apply under the conditions of Art. 22 para. 2 GDPR.

The German version of the Privacy Policy is to apply.

;
Search