Data Privacy

 

1. General information

 

The following information provides an overview of what happens to your personal data when you visit our website. Personal data are all data that can be used to identify you personally. Please refer to the data privacy policy presented below for more detailed information on the subject of data protection.

 

Data collection on our website

Data processing on our website is performed by the website operator, whose contact details you can find in the website’s legal notice.

In the first instance, your data will be collected when you disclose them to us. For example, this may be data that you enter into a contact form.

Other data are automatically collected by our IT systems when you visit the website. This is primarily technical information (e.g. about your web browser, operating system, or the time a page was accessed). These data are collected automatically as soon as you access our website.

Some of the data are collected in order to ensure trouble-free provision of the website. Other data may be used to analyse your user behaviour.

You are entitled at any time to request information – free of charge – about the origin, recipients and purpose of the personal data we store about you. You also have the right to demand the rectification, deactivation or erasure of these data. You may contact us about this, or if you have any further questions about the topic of data protection, at any time at the address indicated in the legal notice. Furthermore, you are entitled to lodge a complaint with the relevant supervisory authority.

You also have the right to demand a restriction on the processing of your personal data in certain circumstances. Please refer to the section on “Right to the restriction of processing” in our data privacy policy.

 

2. Mandatory information

 

The operators of this website take the protection of your personal data very seriously. We handle your personal data with the utmost confidentiality and in accordance with data protection legislation and the provisions of this data privacy policy.

Various personal data are collected when you use this website. Personal data are data that can be used to identify you personally. This data privacy policy explains what data we collect and the purposes for which we use them. It also explains how and the reasons why this happens.

We must point out that data transmission on the Internet (e.g. in the case of e-mail communication) can be subject to gaps in security. It is not possible to protect data against access by third parties entirely.

 

Information about the controller

The controller of the data processing on this website is:

Kern Consulting GmbH & Co. KG
Wiesenstrasse 23
60385 Frankfurt am Main
tel.: +49 (0)69 6500-8865
e-mail: hello@kern.consulting

 

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.).

 

Withdrawal of your consent to data processing

Many data processing operations are only possible with your explicit consent. You can withdraw consent that you have already given at any time. It is sufficient to send us an informal e-mail for this purpose. The legitimacy of data processing up to the time of withdrawal of consent remains unaffected.

 

The right to object to data collection in special cases and to direct marketing (Article 21 GDPR)

If data processing is performed on the basis of Article 6 Section 1 Subsections e or f GDPR, you have the right to object at any time to the processing of your personal data on grounds concerning your particular situation; this also applies to profiling based on these provisions. Please refer to this data privacy policy for the legal basis for processing. If you enter an objection, we will no longer process personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (objection in accordance with Article 21 Section 1 GDPR).

If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; This also applies to profiling to the extent that it is related to such direct marketing. If you do object, your personal data will then no longer be processed for the purpose of such direct marketing (objection in accordance with Article 21 Section 2 GDPR).

 

Right to lodge a complaint with a supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.

 

Right to data portability

You have the right to receive the personal data that we process in an automated manner based on your consent or for the purpose fulfilling a contract in a structured, commonly used and machine-readable format, or to have such data transmitted to a third party. Insofar as you request the direct transmission of the data to another controller, this will only be effected to the extent that it is technically feasible.

 

SSL or TLS encryption

This website uses SSL or TLS encryption for reasons of security and to protect the transfer of confidential content such as orders or enquiries that you send to us as the website operator. You can recognise whether a connection is encrypted by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock icon in the status bar.

When SSL or TLS encryption is activated, it is not possible for third parties to read any data that you transfer to us.

 

Access, deactivation, erasure and rectification

Under applicable statutory regulations, you are entitled at any time to request information free of charge about the data concerning you that we store, about their origin, about who received them and about the purpose for which they were processed. Where appropriate, you are also entitled to request that these data be rectified, deactivated or erased. You may contact us about this, or if you have any further questions about the topic of personal data, at any time at the address indicated in the legal notice.

 

Right to the restriction of processing

You have the right to restrict the processing of your personal data by us. You may contact us about this at any time at the address indicated in the legal notice. The right to the restriction of processing exists in the following cases:

If you contest the accuracy of the personal data that we store, we generally require time to verify this. You have the right to request the restriction of the processing of your personal data for the period of this verification.

If the processing of your personal data was / is unlawful, you may request the restriction of their processing rather than their erasure.

If we no longer need your personal data, but you require them for the exercise, defence or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of their erasure.

If you have lodged an objection in accordance with Article 21 Section 1 GDPR, your interests will have to be weighed against ours. You have the right to request the restriction of the processing of your personal data until it has been ascertained whose interests take precedence.

If you have restricted the processing of your personal data, these data may only be processed – aside from their storage – with your consent, or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of significant public interest of the European Union or of a Member State.

 

Rejection of promotional e-mails

We hereby reject the use by third parties of data published in accordance with our legal obligation to provide contact information in order to send us advertising material and information that we have not explicitly requested. The operators of this website expressly reserve the right to take legal action against the unsolicited sending of advertising material such as spam mails.

 

3. Data collection on our website

 

Server log files

The provider of the website automatically collects and stores information in so-called server log files that your browser automatically transfers to us. This information comprises:

Type and version of browser, operating system used, referrer URL, hostname of the accessing device, time of the server request, IP address, pages accessed, and client.

These data are combined with data from other sources.

These data are collected on the basis of Article 6 Section 1 Subsection f GDPR. The website operator has a legitimate interest in presenting the website in a technically correct manner and in optimising it – server log files need to be collected for this purpose.

 

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry – together with all the personal data resulting from it (name, enquiry) – will be stored and processed by us for the purpose of handling your enquiry. We will not pass this information on without your consent.

The processing of these data is performed on the basis of Article 6 Section 1 Subsection b GDPR, provided your enquiry is connected with the fulfilment of a contract or the performance of pre-contractual measures. In all other cases, processing is based on your consent (Article 6 Section 1 Subsection a GDPR) and / or our legitimate interests (Article 6 Section 1 Subsection f GDPR), since we have a legitimate interest in dealing with enquiries directed to us in an effective manner.

The data that you send to us in a contact enquiry are retained by us until you request their erasure, withdraw your consent to their storage, or the purpose for data storage lapses (e.g. after your enquiry has been conclusively processed). Compelling statutory provisions – in particular statutory periods of retention – remain unaffected.

 

4. MailChimp

 

This website uses MailChimp services to send out newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service that can be used, for example, to organise and analyse the distribution of newsletters. When you enter data for the purpose of receiving our newsletter (e.g. e-mail address), these data are stored on MailChimp’s servers in the USA. MailChimp is certified in accordance with the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the USA that is intended to ensure compliance with European data protection standards in the USA.

MailChimp allows us to analyse our newsletter campaigns. When you open an e-mail sent by MailChimp, a file contained in the e-mail (a web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message was opened and, where applicable, which links were clicked on. Technical information is also collected (e.g. time of access, IP address, type of browser and operating system). This information cannot be associated with the individual newsletter recipient concerned. It is only used for the statistical analysis of newsletter campaigns. The results of this analysis can be used to better tailor future newsletters to match the interests of recipients. You must unsubscribe from the newsletter if you do not wish your data to be analysed by MailChimp. We provide a corresponding link for this purpose in every newsletter message. Furthermore, you can also unsubscribe from the newsletter direct on our website.

Data processing is performed on the basis of your consent (Article 6 Section 1 Subsection a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legitimacy of data processing that has already been performed remains unaffected.

We will store the data provided by you for the purpose of receiving the newsletter until you have deregistered from the newsletter; they will be erased from our servers and from MailChimp’s servers as soon as you have unsubscribed. Data that we store for other purposes will remain unaffected by this. For more information, please refer to MailChimp’s data privacy policy at:
https://mailchimp.com/legal/terms/.

Conclusion of a data processing agreement

We have concluded a data processing agreement with MailChimp in which we oblige MailChimp to protect the data of our customers and to refrain from disclosing them to others. You can view this agreement under the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.

 

Updated: October 2018