Consulting ▪ Design ▪ Project management 

Legal Disclosures

[As of: 14.08.2024]

With this information, the controller named in section 1 (Prof. Jens Hölterhoff) informs the user of the website in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about the collection and processing of personal data. At the same time, we will inform you if we store information in the terminal equipment that you use when accessing our websites or if we access information that is already stored in your terminal equipment.

A General information

1 Controller and data protection officer

1.1 The data processor responsible for this website is: Prof. Jens Hölterhoff, Fürstendamm 1a, 13465 Berlin, hoelterhoff@ing-consulting.de (Art. 13 para. 1 a and Art. 14 GDPR)

1.2 We are not required to appoint a data protection officer.” (cf. Art. 13 para. 1 b and Art. 14 GDPR)

1.3 Our website is hosted by ALL-INKL.COM (www.all-inkl.com), i.e. technically provided on web servers of this web host. The web host is a processor engaged by us in accordance with Art. 28 GDPR.

2 Rights of data subjects

If we collect personal data from you, you have the following rights as a “data subject”:

2.1 Right to information

You can request information in accordance with Art. 15 GDPR about your personal data that we process.

2.2 Right to object

You have the right to object on the specific grounds set out in Art. 21 (1) GDPR. We inform you about this separately from this information under “B”.

2.3 Right to rectification

If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

2.4 Right to erasure

You can request the erasure of your personal data under the conditions of Art. 17 GDPR.

2.5 Right to restriction of processing

In the cases of Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted (“blocking”).

2.6 Right to lodge a complaint

If you are of the opinion that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 para. 1 GDPR.

2.7 Right to data portability

In the event that you have provided us with personal data in accordance with Art. 20 para. 1 GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a structured, common and machine-readable format. The collection of data for the provision of the website and the storage of log files (section 3.1 below) are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, but are justified pursuant to Art. 6(1)(f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not met in this respect.

3 Procedure: Provision of the website and creation of log files

3.1 What data is processed and for what purpose?

Each time the content of the website is accessed, the web server of our web host, where our website is stored, temporarily collects and stores information (data) from the Internet browser of the user's accessing computer or end device. This data may make it possible to identify the user and is therefore personal data.

3.1.1 The following data is collected and stored by our web host:

  • IP address of the user,
  • the date and time the website was accessed
  • the protocol, e.g. HTTP,
  • the request method “Get” or “Post”,
  • the content of the request or details of the retrieved file that was transmitted to the user
  • the access status (successful transmission, error, etc.),
  • the amount of data transferred in bytes,
  • incoming and outgoing data traffic (“traffic”),
  • a process identification number (“process ID”),
  • the time taken for the web server to respond to the user's request
  • the website from which the user accessed the website
  • the browser used by the user, the operating system, the interface, the language of the browser and the version of the browser software.

3.1.2 The temporary storage of this user data is necessary for the course of a website visit in order to enable delivery of the website. For this purpose, the user's IP address must necessarily remain stored for the duration of the session (i.e. the website visit).

3.1.3 Further storage of the IP address with the data from the above list beyond this purpose takes place in log files (logs). This is done so that our web host can ensure the functionality of the website and the security of the information technology systems.

3.2 On what legal basis is this data processed? The data from section 3.1 is collected and processed by our web host for the aforementioned temporary storage purpose and also for the additional storage purpose in accordance with Art. 6(1)(f) GDPR. This purpose also constitutes the legitimate interest in data processing. This legitimate interest is the interest of our web host, but also our legitimate interest in a functional website.

3.3 Are there other recipients of the aforementioned data in addition to the controller? As our processor, our web host has technical access to the data mentioned in 3.1.

3.4 How long will the data be stored? The data from 3.1.1 is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for a maximum of 7 days, unless a security event requires longer storage.

3.5 Is there an obligation to provide data? You must provide the data from 3.1 to our web host. Otherwise you will not be able to use our website technically and our web host cannot guarantee secure technical operation.

4 Data processing procedures

4.1 Data and information processing requiring consent

Insofar as we may only collect and process personal data with your consent, we provide information on this in our consent banner (consent banner) in the context of the consent dialog.

4.2 Use of email address and contact form data based on legitimate interests

4.2.1 What data is processed for what purpose?

If we provide you with an email address and a contact form with input fields, this is for the purpose of enabling you to contact us. If you send us personal data, we will store it and process it for the purpose of contacting you. [Design note: If you design your contact form for other purposes, you must change the standard text and also inform us of these purposes. For example, if you also forward the personal data entered and transmitted to you to third parties for advertising purposes].

4.2.2 What is the legal basis for processing this data?

The data from section 4.2.1 is processed on the basis of Article 6(1)(f) GDPR (legitimate interest of us as the controller). If your request is aimed at the conclusion of a contract, then Art. 6 para. 1 letter b GDPR is an additional legal basis (initiation, conclusion and performance of a contract).

4.2.3 Are there other recipients of the aforementioned data in addition to the controller?

As our processor, our web host has technical access to the data mentioned in 4.2.1.

4.2.4 How long will the data be stored?

The data from 4.2.1 will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent to us by email or via the contact form, this is the case when the respective correspondence with the user has ended and storage is no longer required for other reasons. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

4.2.5 Is there an obligation to provide data?

You are not obliged to provide us with data from 4.2.1. You do not have to communicate with us.

4.3 Use of the “wbk_sid” session cookie based on legitimate interests

4.3.1 What data is processed and for what purpose?

As soon as you use the login form or the contact form, the session cookie “wbk_sid” is stored on your end device by default. This cookie contains a long combination of numbers and letters (“ID”). The purpose of the cookie is to ensure that the user can be recognized as such and distinguished from abusive users (e.g. SPAM bots) when login data or contact information is sent.

4.3.2 On what legal basis is this data processed?

The information in this cookie constitutes personal data. However, the use of the “wbk_sid” cookie does not require consent under data protection law because the data processing is necessary to safeguard the legitimate interests of the website operator and because the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail. The legal basis for data processing is therefore Art. 6 para. 1 sentence 1 letter f GDPR.

4.3.3 Are there other recipients of the aforementioned data in addition to the controller?

As our processor, our web host has technical access to the data mentioned in 4.3.1.

4.3.4 How long is the data stored?

When the user closes the browser, the cookie is automatically deleted from the user's operating system. It is therefore only valid for the duration of the visit to the website (session cookie).

4.3.5 Is there an obligation to provide data?

You are obliged to provide us with data from 4.3.1. Otherwise you will not be able to use the login form or the contact form.

4.3.6 Consent to the use of cookies?

Your consent to the storage of information about the “wbk_sid” cookie in your terminal equipment or our access to this information stored in your terminal equipment is dispensable because storage and/or access are absolutely necessary so that you can use the login form or the contact form (Section 25 (2) No. 2 TTDSG).

5 Processing of information from your end devices

5.1 If we wish to store information in the terminal equipment that you use when visiting our websites and/or access information that is already stored in your terminal equipment, we will ask you for your consent on the basis of clear and comprehensive information. This is done via a consent banner (consent banner) used by us. We obtain the necessary consent before we access your data. You can revoke your consent at any time. However, your consent is not required for certain purposes specified in the law, so that we do not ask for it in these cases. On the one hand, consent is not required if the sole purpose of storing information in the end user's terminal equipment or the sole purpose of accessing information already stored in the end user's terminal equipment is to carry out the transmission of a message via a public telecommunications network. On the other hand, consent to the use of your terminal equipment is not required if the storage of information in the end user's terminal equipment or access to information already stored in the end user's terminal equipment is absolutely necessary so that we, as the provider of a telemedia service, can provide a telemedia service expressly requested by the user

5.2 Such access to end devices is possible via certain technologies. The best-known technology concerns cookies. Cookies are objects that can be stored in the internet browser or by the internet browser on the user's end device. When a user accesses a website, the server of the website operator or a third party can read the cookie stored there via the user's operating system and consequently the information stored therein. A cookie may, but does not have to, contain a characteristic string of characters that enables the user's browser to be uniquely identified when the website is called up again.

5.3 Removal option: The user can prevent or restrict the installation of cookies by setting their browser accordingly. Cookies that have already been saved can also be deleted by the user at any time via their browser. The settings for this depend on the respective browser. However, if the user prevents or restricts the installation of cookies, this may mean that not all functions of the website can be used to their full extent. What applies to cookies also applies to other technologies that make use of the user's end device.

5.4 Cookies and similar technologies requiring consent: Our consent banner on the website provides information on cookies and similar technologies that require consent.

5.5 Cookies and similar technologies that do not require consent: For cookies and similar technologies that do not require consent, we have documented internally that consent is not required in accordance with Section 25 (2) TTDSG.

6 Consent banner (consent banner)

6.1In order to obtain your legally required consent for certain services or functions or to observe your revocation in this regard, you will be shown a consent banner (consent banner). Your consent or non-consent relates to our use of your end device (computer, laptop, smartphone, tablet) through cookies or similar technologies, with which information can be stored on or read from your end device. Your consent may also be required for the processing of personal data by us or third parties in accordance with Art. 6 para. 1 sentence 1 letter a GDPR, which is associated with your use of our websites. In certain cases, the law allows us to use your terminal device without your consent and/or the subsequent processing of your personal data without your consent.

6.2We use the consent banner to inform you about all services or functions that require your consent before we use the service or function. The consent banner consists of an overview of all processing operations requiring consent and describes the details in each case so that you as a user can assess the meaning and scope of your consent. You can agree to each process via a button/click area by activating it or rejecting this process by deactivating it. There are three ways to decide:

- Selecting “Make selection and save” means that the user's decision is saved in the same way as it was made by selecting it via the buttons/click button. All services and functions requiring consent that the user agrees to are active and can be used. The services and functions that cannot be used without consent are not included on the website.

- Selecting “Reject all and save” means that this decision is not saved. The user's decision is therefore that they do not consent to anything that requires their consent and means that all services and functions that require consent will not work for this user. The banner is hidden.

- Selecting “Accept and save all” means that all services and functions requiring consent are “active”. This means that you have given your consent in accordance with the GDPR and also agree to the use of the end device. The banner will then be hidden.

In the course of further use of the websites, the user can actively cause the consent banner to appear by revoking consent that has been given or by obtaining consent that was not initially required. To do this, the user clicks on the “Consent settings” link. The consent banner appears again.

Your consent can therefore be revoked at any time with effect for the future. A later revocation no longer affects the legality of the access or the storage of information up to the time of revocation.

6.3All three decisions made by the user (“Make and save selection”, “Reject all and save” or “Accept all and save”) are stored in the so-called “local storage” on the user's end device via the browser of the user's end device. Storage there is permanent. The information is stored in the “wbkConsent” object. This technology is not a cookie in the true sense of the word. The information in the “wbkConsent” also has no personal reference, i.e. the user is not recognized when he or she visits the WBK user's website again. The decision to give consent is not stored on our server. This use of the user's terminal device does not require consent in accordance with Section 25 (2) No. 2 TTDSG (user request).

7 Technical measures

7.1 SSL/TSL

Our websites are equipped with active SSL or TLS encryption for security reasons and to protect the transmission of confidential content, for example by means of requests that you send to us as the site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and a lock symbol is displayed in the browser line. As a result of this encryption, data that you transmit to us cannot be read by third parties.[Note: Make sure that you store a valid SSL/TLS certificate in the KAS and that the “Enforce SSL” option is activated. If this is not the case, section 7.1 of this privacy policy is incorrect and must not be used].

7.2 End-to-end communication

If you contact us using an email address provided on our website, the content of the email sent to us is not encrypted end-to-end. This means that although the e-mails are generally encrypted in transit via the e-mail providers involved, they are not encrypted on the servers there. Contacting us via the contact form provided is therefore technically secure communication.

7.3 Video integration

If you can watch videos on our websites that are marked as external links to third-party websites, this is done exclusively via the technology of linking to the respective linked website or to a video portal of a third-party provider. These videos are stored there under the data protection responsibility of the respective third-party provider. The respective linked website or video portal is therefore not directly embedded in our website. This ensures that user information is not transmitted to the portal as soon as the website on which the video is integrated is loaded. It is also ensured that cookies or similar technologies for tracking user activities of the portals or the advertising partners of these portals cannot be placed on your end device via the mere link. Only after you consciously click on the video preview image is a connection established to the portal of the third-party provider and the associated data processing triggered. However, this and the associated possible data processing of your user data on the linked portal then occurs exclusively as a result of your wish to view the video there. The data processing triggered by this is outside our sphere of influence and is the responsibility of these third-party providers, who provide more or less detailed information about their data processing.

Data processing. If you do not agree to the data processing by the third-party provider, please do not click on the video preview image.

B Special information

Special right to object pursuant to Art. 21 para. 1 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6(1) GDPR (processing for the purposes of the legitimate interests pursued by us or by a third party) in accordance with Article 21(1) GDPR. You can send your objection to the address in section 1.1.

We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If you object, you must explain to us in detail any interests you may have (your “particular situation”) so that we can weigh up your interests again. If our interests in further storage do not outweigh your interests, the personal data stored in the course of establishing contact will be deleted. If these interests still prevail, we will continue to process the data.