Data privacy information

This data privacy information informs you about the handling of your personal data. To make the processing of your data transparent, we would like to provide you with the following information to give you an overview of these processing operations. In order to guarantee fair processing, this data protection declaration contains general information about our handling of your data as well as information about your rights according to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

We will inform you in detail about

  • General Data Processing
  • Data processing on our website
  • Data processing on our website III. Data processing on our Facebook and Instagram fan page

The party responsible for data processing is Konzepthaus Consulting GmbH (hereinafter ‘we’ or ‘us’).

  1. General Data Processing
  2. Contact

If you have any questions or feedback concerning this information or wish to contact us to assert your rights, please send your enquiry to

Konzepthaus Consulting GmbH
Augustenstraße 5
80333 München
Germany Tel.: 040 89 12501 90
E-Mail: contact@konzepthaus-consulting.com

  1. Legal basis

The data protection term “personal data” refers to all information relating to an identified or identifiable natural person.

We process personal data in compliance with the data protection regulations, primarily the GDPR and the BDSG. Our data processing solely occurs on a legal permission. We will process personal data solely with your consent (Art. 6 Sec. 1 letter a) GDPR), to perform a contract to which you are a party, or to take steps at your request prior to entering into a contract (Art. 6 Sec. 1 letter b) GDPR), for compliance with a legal obligation (Art. 6 Sec. 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 Sec. 1 letter f) GDPR).

  1. Recipients of data

We may use Service Providers for individual processes. This includes, for example, hosting, maintenance and support of IT-systems, marketing actions or destruction of files and data carriers. These Service Providers process the data only according to strict instructions and are contractually bound to guarantee suitable technical and organisational measures for data protection. In addition, we may transfer personal data of our customers to parties such as postal and delivery services, payment and information services, banks, tax consultants/auditors or the tax authorities.

  1. Processing in the exercise of your rights pursuant to Art. 15 to 22 GDPR

If you exercise your rights pursuant to Art. 12 to 22 GDPR for the purpose of providing information and preparing such information, we will process stored data only for this purpose and for purposes of data protection control and otherwise restrict processing in accordance with Art. 18 GDPR. These processing operations are based on the legal basis of Art. 6 Sec. 1 letter c) GDPR in combination with Art. 15 to 22 GDPR and § 34 Sec. 2 BDSG.

  1. Your rights

As the person concerned, you are entitled to exercise your rights against us. In particular, you have the following rights:

  • Pursuant to Art. 15 GDPR and § 34 BDSG, you have the right to request information confirming whether or not and, if so, to what extent we are processing personal data concerning you.
  • Pursuant to Art. 16 GDPR, you have the right get your data rectified.
  • Pursuant to Art. 17 GDPR and § 35 BDSG, you have the right to delete personal data.
  • Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
  • Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller.
  • Where you have granted us separate consent to process your data, you can withdraw such consent at any time pursuant to Art. 7 Sec. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
  • If you consider that the processing of personal data relating to you infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
  1. Right to object

Pursuant to Art. 21 Sec. 1 GDPR, you have the right to object to processing operations based on Art. 6 Sec. 1 letter e) or letter f) GDPR on grounds arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 Sec. 2 and Sec. 3 GDPR.

  1. Data processing on our website

When using our website, we collect and use information that you provide by yourself. We also automatically collect certain information about your use of the site during your visit on the site. In data protection law, the IP address is also considered as a personal date. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.

  1. Processing Server-Log-Files

When using our website for purely informative purposes, general information that your browser transmits to our server is initially stored automatically (not via registration). This includes by default: browser type/-version, operating system used, page called, the previously visited page (referrer URL), IP address, date and time of server request and HTTP status code. The processing is carried out to ensure our legitimate interests and is based on the legal basis of Art. 6 Sec. 1 letter f) GDPR. This processing provides the technical administration and security of the website. The stored data will be deleted after one month unless there is a justified suspicion of illegal use based on concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you as a data subject based on the stored information. Art. 15 to 22 GDPR therefore do not apply pursuant to Art. 11 Sec. 2 GDPR, unless you provide additional information to enable your identification in order to exercise the rights set out in these articles.

  1. Data transmission to the USA

Visiting our website may involve the transmission of certain personal data to the USA. For the transfer of data to the USA as a non-member country, a country in which the GPDR is not applicable law, the European Commission has decided in accordance with Art. 45 GDPR that an adequate level of data protection is required for companies certified under the EU-US Privacy Shield. The transfer to the USA will then take place in a permissible manner. Certified companies are listed by the U.S. Department of Commerce at https://www.privacyshield.gov/list.

  1. Contact form and requests

Our website provides a contact form, through which you can enquire an offer from us. Your data is transferred encrypted (note the ‚https‘ in the address bar of your browser). All data fields marked as mandatory are necessary to be filled in for the handling of your request. Failure to provide the required information will result in us being unable to process your request. You have the alternative option to send us an email.

We process the data for the purpose of handling your request. If your request relates to the establishment or execution of a contract with us, the processing of your data is based on Art. 6 Sec. 1 letter b) GDPR. In all other cases we process data out of our legitimate interest in contacting the person enquiring. The latter data processing finds its legal basis in Art. 6 Sec. 1 letter f) GDPR.

  1. 4. Newsletter
  1. Cookies

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognised by our web server. If the use of cookies results in the processing of personal data, finds its legal basis in Art. 6 Sec. 1 letter f) GDPR. This processing serves our legitimate interest in making our website more user-friendly, effective and secure. We used so-called “session cookies”, which are deleted when the browser session is closed. Other cookies (“persistent cookies”) are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies through your browser settings in principle or in certain cases. Further information can be obtained from the Federal Office for Information Security at https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

  1. Google Analytics

We use the Google Analytics service from Google Ireland Limited (Ireland/EU) to analyse our website visitors. Google uses cookies. The information generated by the cookie about the use of the online product or service by users is generally transferred to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online products and services by users, to compile reports on the activities within these online products and services and to provide us with further services associated with the use of these online products and services and the use of the internet. Pseudonymous user profiles can be created from the processed data.

We use Google Analytics only with IP anonymization enabled. This means that Google will truncate the IP address of users within Member States of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. Information on the cookies used by Google can be found at https://policies.google.com/technologies/types?hl=en.

The IP address transmitted by the user’s browser is not merged with other Google data.

We use Google Analytics only with your consent. The legal basis for the use of this service is Art. 6 Sec. 1 letter a) GDPR. The processing serves the legitimate interest of the analysis of user behaviour on our website and the possible need-based design. Users can prevent cookies from being stored by adjusting the settings to their browser software accordingly or by downloading and installing the browser plug-in that is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

If you visit our website using a mobile device, you can disable Google Analytics by clicking on this link.

A transmission of your data to the USA cannot be excluded. Google is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation.

  1. Integrated services and third-party content

We use services and content (collectively, “Content”) provided on our Website by third parties. For such an integration a processing of your IP address is necessary, so that the contents can be sent to your browser. Your IP address will therefore be transmitted to the respective third party providers. This data processing is carried out in order to safeguard our legitimate interests in the optimisation and economic operation of our website and finds its legal basis in Art. 6 Sec. 1 letter f) GDPR.

You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.

We have incorporated into our website content from the following third-party services:

  • Services provided by Google Ireland Limited (Ireland/EU):
    • Google Web Fonts to display fonts

When using Google services, we cannot rule out the possibility that the processed data may be transferred to Google LLC (USA), which is based in the USA. Google LLC is certified under the EU-US Privacy Shield.

  • „YouTube“ by YouTube LLC (USA) to display videos. As a subsidiary of Google, YouTube is certified under the EU-US Privacy Shield.
  • „Vimeo“ by Vimeo Inc. (USA) to display videos. Vimeo is certified under the EU_US Privacy Shield.
  • „Fontawesome“ by Fonticons Inc. (USA) for the display of fonts and icons.
  • “Cloudinary” by Cloudinary Inc. (for the display of content). Cloudinary is certified under the EU_US Privacy Shield.
  1. Social network plugins

On our website we use buttons of social networks and similar third-party services (hereinafter ‘plugins’). By using these plugins, you can share the content of our website in your social networks. The code of the respective plugin embedded is retrieved directly from the servers of its distributor with every visit of our website. In the course of this, it is necessary to transmit the IP address used, whether you click on the plugin or not. Should you be logged into your account at the social network while visiting our website or interact with the plugin, further data may be transmitted. For further information contact the distributor of the respective plugin.

This data is processed due to our legitimate interest in improving popularity and coverage of our website. The processing is legally based on Art. 6 Sec. 1 letter f) GDPR.

The following third-party plugins are embedded in our website:

The plugin of instagram.com by Facebook Ireland Limited (Ireland/EU). When using Facebook services, we cannot rule out the possibility that the processed data may be transferred to Facebook Inc. (USA), which is based in the USA. Facebook Inc. is certified under the EU-US Privacy Shield.

III. Data processing on our Facebook and Instagram fan page

  1. Processing of page insights

Facebook provides us with anonymized statistics and insights for our page which grant information about the way visitors use our page (hereinafter ‘page insights’). These page insights are created based in certain information about people that have visited our page. This data processing is carried out by Facebook and us as joint controllers. It serves our legitimate interest in improving our page by means of evaluation of the traffic on it. The legal basis for this processing is art. 6 sec. 1 letter f) GDPR. We will never assign the information obtained through the page insights to a certain Facebook or Instagram profile. Together with Facebook, we came to an agreement about the processing as joint controllers, in which the assignment of data privacy obligations is determined. For details about the processing of personal data for the creation of page insights and the agreement between Facebook and us go to https://www.facebook.com/legal/terms/information_about_page_insights_data.

  1. Processing of data shared via our Facebook or Instagram page

Furthermore, we process information which you share with us via our page. Such information can consist of the Facebook or Instagram name, contact details or messages to us. We will only process this data after having expressly asked for it, for example in the context of a survey or a lottery. We are the sole controllers of this processing.

If your request relates to the establishment or execution of a contract with us, the processing of your data is based on art. 6 sec. 1 letter b) GDPR. In all other cases we process data out of our legitimate interest in contacting the person enquiring. The latter data processing finds its legal basis in art. 6 sec. 1 letter f) GDPR.

Version: 01. 2020