1. General information
Data collection on our website
Data processing on our website is performed by the website operator, whose contact details you can find in the website’s legal notice.
In the first instance, your data will be collected when you disclose them to us. For example, this may be data that you enter into a contact form.
Other data are automatically collected by our IT systems when you visit the website. This is primarily technical information (e.g. about your web browser, operating system, or the time a page was accessed). These data are collected automatically as soon as you access our website.
Some of the data are collected in order to ensure trouble-free provision of the website. Other data may be used to analyse your user behaviour.
You are entitled at any time to request information – free of charge – about the origin, recipients and purpose of the personal data we store about you. You also have the right to demand the rectification, deactivation or erasure of these data. You may contact us about this, or if you have any further questions about the topic of data protection, at any time at the address indicated in the legal notice. Furthermore, you are entitled to lodge a complaint with the relevant supervisory authority.
2. Mandatory information
We must point out that data transmission on the Internet (e.g. in the case of e-mail communication) can be subject to gaps in security. It is not possible to protect data against access by third parties entirely.
Information about the controller
The controller of the data processing on this website is:
Kern Consulting GmbH & Co. KG
60385 Frankfurt am Main
tel.: +49 (0)69 6500-8865
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses etc.).
Withdrawal of your consent to data processing
Many data processing operations are only possible with your explicit consent. You can withdraw consent that you have already given at any time. It is sufficient to send us an informal e-mail for this purpose. The legitimacy of data processing up to the time of withdrawal of consent remains unaffected.
The right to object to data collection in special cases and to direct marketing (Article 21 GDPR)
If personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing; This also applies to profiling to the extent that it is related to such direct marketing. If you do object, your personal data will then no longer be processed for the purpose of such direct marketing (objection in accordance with Article 21 Section 2 GDPR).
Right to lodge a complaint with a supervisory authority
In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to receive the personal data that we process in an automated manner based on your consent or for the purpose fulfilling a contract in a structured, commonly used and machine-readable format, or to have such data transmitted to a third party. Insofar as you request the direct transmission of the data to another controller, this will only be effected to the extent that it is technically feasible.
SSL or TLS encryption
This website uses SSL or TLS encryption for reasons of security and to protect the transfer of confidential content such as orders or enquiries that you send to us as the website operator. You can recognise whether a connection is encrypted by the fact that the address bar of your browser changes from “http://” to “https://” and by the lock icon in the status bar.
When SSL or TLS encryption is activated, it is not possible for third parties to read any data that you transfer to us.
Access, deactivation, erasure and rectification
Under applicable statutory regulations, you are entitled at any time to request information free of charge about the data concerning you that we store, about their origin, about who received them and about the purpose for which they were processed. Where appropriate, you are also entitled to request that these data be rectified, deactivated or erased. You may contact us about this, or if you have any further questions about the topic of personal data, at any time at the address indicated in the legal notice.
Right to the restriction of processing
You have the right to restrict the processing of your personal data by us. You may contact us about this at any time at the address indicated in the legal notice. The right to the restriction of processing exists in the following cases:
If you contest the accuracy of the personal data that we store, we generally require time to verify this. You have the right to request the restriction of the processing of your personal data for the period of this verification.
If the processing of your personal data was / is unlawful, you may request the restriction of their processing rather than their erasure.
If we no longer need your personal data, but you require them for the exercise, defence or establishment of legal claims, you have the right to request the restriction of the processing of your personal data instead of their erasure.
If you have lodged an objection in accordance with Article 21 Section 1 GDPR, your interests will have to be weighed against ours. You have the right to request the restriction of the processing of your personal data until it has been ascertained whose interests take precedence.
If you have restricted the processing of your personal data, these data may only be processed – aside from their storage – with your consent, or for the establishment, exercise or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of significant public interest of the European Union or of a Member State.
Rejection of promotional e-mails
We hereby reject the use by third parties of data published in accordance with our legal obligation to provide contact information in order to send us advertising material and information that we have not explicitly requested. The operators of this website expressly reserve the right to take legal action against the unsolicited sending of advertising material such as spam mails.
3. Data collection on our website
Server log files
The provider of the website automatically collects and stores information in so-called server log files that your browser automatically transfers to us. This information comprises:
Type and version of browser, operating system used, referrer URL, hostname of the accessing device, time of the server request, IP address, pages accessed, and client.
These data are combined with data from other sources.
These data are collected on the basis of Article 6 Section 1 Subsection f GDPR. The website operator has a legitimate interest in presenting the website in a technically correct manner and in optimising it – server log files need to be collected for this purpose.
Enquiry by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your enquiry – together with all the personal data resulting from it (name, enquiry) – will be stored and processed by us for the purpose of handling your enquiry. We will not pass this information on without your consent.
The processing of these data is performed on the basis of Article 6 Section 1 Subsection b GDPR, provided your enquiry is connected with the fulfilment of a contract or the performance of pre-contractual measures. In all other cases, processing is based on your consent (Article 6 Section 1 Subsection a GDPR) and / or our legitimate interests (Article 6 Section 1 Subsection f GDPR), since we have a legitimate interest in dealing with enquiries directed to us in an effective manner.
The data that you send to us in a contact enquiry are retained by us until you request their erasure, withdraw your consent to their storage, or the purpose for data storage lapses (e.g. after your enquiry has been conclusively processed). Compelling statutory provisions – in particular statutory periods of retention – remain unaffected.
This website uses MailChimp services to send out newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.
MailChimp is a service that can be used, for example, to organise and analyse the distribution of newsletters. When you enter data for the purpose of receiving our newsletter (e.g. e-mail address), these data are stored on MailChimp’s servers in the USA. MailChimp is certified in accordance with the EU-US Privacy Shield. The Privacy Shield is an agreement between the European Union (EU) and the USA that is intended to ensure compliance with European data protection standards in the USA.
MailChimp allows us to analyse our newsletter campaigns. When you open an e-mail sent by MailChimp, a file contained in the e-mail (a web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message was opened and, where applicable, which links were clicked on. Technical information is also collected (e.g. time of access, IP address, type of browser and operating system). This information cannot be associated with the individual newsletter recipient concerned. It is only used for the statistical analysis of newsletter campaigns. The results of this analysis can be used to better tailor future newsletters to match the interests of recipients. You must unsubscribe from the newsletter if you do not wish your data to be analysed by MailChimp. We provide a corresponding link for this purpose in every newsletter message. Furthermore, you can also unsubscribe from the newsletter direct on our website.
Data processing is performed on the basis of your consent (Article 6 Section 1 Subsection a GDPR). You can withdraw this consent at any time by unsubscribing from the newsletter. The legitimacy of data processing that has already been performed remains unaffected.
Conclusion of a data processing agreement
We have concluded a data processing agreement with MailChimp in which we oblige MailChimp to protect the data of our customers and to refrain from disclosing them to others. You can view this agreement under the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/.
Updated: October 2018