Data Privacy Statement

Information about the collection of personal data

a) Below, we provide information about the collection of personal data when using our website. Personal data is any data
that can be related to you personally, e.g., name, address, email addresses, user behavior.

b) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (hereinafter "GDPR") is

Roland Consult Stasche & Finger GmbH
Heidelberger Str. 7
14772 Brandenburg an der Havel
Tel.:
Email: info@roland-consult.de

To protect your rights and ensure that your data is processed in a legally compliant manner, we have appointed an external data protection officer.
Here is their contact information:


gds – Gesellschaft für Datenschutz Mittelhessen mbh
datenschutz@gdsm.de
Tel.: 06421 / 870413-10

c) If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes,
we will inform you in detail about the respective processes below. We will also specify the criteria for the storage period.

Contact via email, contact form

a) When you contact us by email or via a contact form, the data you provide
and the resulting personal data (e.g., name, inquiry, email address, telephone number) will be stored by us for the purpose of processing your inquiry
and for the event of follow-up questions. We will not pass on this data to third parties without your consent.

b) The data you send us via contact requests will remain with us until you request us to delete it,
you withdraw your consent to its storage, or the purpose for data storage no longer applies (e.g., after your request has been processed).
Mandatory legal provisions—in particular statutory retention periods—remain unaffected.

c) This data is processed on the basis of Art. 6 (1) lit. b GDPR, provided that your request is related to the performance of a contract,
or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest
in the effective processing of a request addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR)
if this has been requested.

Collection of personal data when visiting our website

  1. When you use the website for informational purposes only, even if you do not register or otherwise provide us with information,
    we only collect the personal data that your browser transmits to our server. If you wish to view our website,
    we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security
    on the basis of Art. 6 (1) lit. f GDPR and in accordance with § 25 TDDDG:
  • IP address of the requesting computer in anonymized form
    • Date and time of the request
    • Time zone difference to Greenwich Mean Time (GMT)
    • Content of the request (specific page)
    • Access status/HTTP status code
    •Amount of data transferred in each case
    •Website from which the request originates
    •Browser
    •Operating system and its interface
    •Language and version of the browser software.
  1. When using this general data and information, Roland Consult Stasche und Finger GmbH does not draw any conclusions about the data subject. Roland Consult Stasche und Finger GmbH therefore analyzes anonymously collected data and information statistically in order to increase the data protection and data security of our company and to ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.
  2. In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall. The use of these cookies is based on Art. 6 (1) (a) or (c) GDPR.

Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:
•Transient cookies (see b)
•Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies.
These store a so-called session ID, which can be used to assign various requests from YOUR browser to the shared session.
This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out
or close your browser.

c) Persistent cookies are automatically deleted after a shortened period of time, which may vary depending on the cookie.
You can delete cookies at any time in your browser's security settings.

d) We use cookies that are technically necessary and that make your visit to our website possible in the first place. If we use cookies that are not technically necessary, we will obtain your consent for this.

e) When using cookies that are technically necessary for the display and necessary functions of our website, the legal basis is § 25 (2) TDDDG and Art. 6 (1) (1) (f) GDPR (legitimate interest). If we do not use cookies that are technically necessary for the display and necessary functions of our website, we will obtain your consent. The legal basis for the use of these cookies is Section 25 (1) sentence 1 TDDDG and Art. 6 (1) sentence 1 lit. a GDPR.

f) You can give any necessary consent in our Consent Manager when you first visit our site and then manage it at any time.


Data security

The personal data we collect is treated confidentially and protected by appropriate technical and organizational measures
against loss, alteration, and unauthorized access by third parties. For security reasons and to protect the transmission of
confidential content, such as orders or inquiries that you send to us as the site operator, for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator.
You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and a lock symbol appears in your browser line.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties (end-to-end encryption).
The protocols authenticate the communication partner and ensure the integrity of the data being transported.


Automated decisions, profiling

We do not carry out any automated decisions (including profiling) with the personal data we collect when you visit our website.


Your rights

a) You have the following rights vis-à-vis us with regard to your personal data:
• Right of access (Art. 15 GDPR),
• Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
• Right to restriction of processing (Art. 18 GDPR),
• Right to object to processing (Art. 21 GDPR), for more details see section 6.
• Right to data portability (Art. 20 GDPR).

b) You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).
The competent supervisory authority in this case is:

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht
Dagmar Hartge
Stahnsdorfer Damm 77
14532 Kleinmachnow

Phone: 033203/356-0
Fax: 033203/356-49
Email: Poststelle@LDA.Brandenburg.de


Objection or revocation of the processing of your data

a) If you have given your consent to the processing of your data, you can revoke this at any time. A revocation affects the permissibility of the processing of your personal data after you have expressed it to us.

b) If we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if the processing is not necessary to fulfill a contract with you, which is described by us in the additional description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adjust the data processing or point out to you our compelling legitimate reasons for continuing the processing.

You can, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the following contact details: By mail to Roland Consult Stasche & Finger GmbH, Heidelberger Str. 7, 14772 Brandenburg an der Havel
Email: info@roland-consult.de

External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses, and other data generated via a website.

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offering by a professional provider (Art. 6 (1) (f) GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's terminal device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfill its service obligations and will follow our instructions regarding this data.

We use the following host:

Strato GmbH

Otto-Ostrowski-Straße 7
10249 Berlin

Additional functions and offers on our website

 

  1. In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you will usually need to provide additional personal data, which we will use to provide the respective service and to which the aforementioned principles for data processing apply.

 

  1. In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.
  1. Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contract conclusions, or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.
  1. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the offer.

Services used and service providers:

        Integration of Cloudflare

This website uses services from "Cloudflare" (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA).

Cloudflare operates a content delivery network (CDN) and provides protection functions for the website (web application firewall). Data transfer between your browser and our servers flows through Cloudflare's infrastructure and is analyzed there to ward off attacks. Cloudflare uses cookies to enable you to access our website. The legal basis for this is your consent within the meaning of Art. 6 (1) (a) GDPR. For cases in which personal data is transferred to the USA, Cloudflare has submitted to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/

Further information can be found in the Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/

Use of Google reCAPTCHA

This site uses the reCAPTCHA function from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This function is primarily used to distinguish whether an entry is made by a natural person or is abusive due to machine and automated processing. The service includes sending the IP address and, if necessary, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 (1) lit. a GDPR on the basis of your consent. When using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA. For cases in which personal data is transferred to the USA, Google has submitted to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/

Further information on Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

Integration of Google Web Fonts

This site uses web fonts provided by Google to ensure uniform font display. When you visit a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. The fonts are stored locally by us, so no personal data is transmitted to Google. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://www.google.com/policies/privacy.

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook, etc., can usually analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Controller and assertion of rights

When you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).

Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions—in particular retention periods—remain unaffected.

We have no influence on the storage period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

Social networks in detail:

Facebook

We have a profile on Facebook. The provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We have entered into an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.Details. For more information, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The social network Instagram is operated by Meta Platforms Ireland Limited. Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/581066165581870

YouTube

We have a profile on YouTube. The operator of the YouTube video portal is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=de

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Details on how your personal data is handled can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

Data processing for job applications

 

When you apply for a job with us, we process the information we receive from you during the application process, e.g., through your cover letter, resume, references, correspondence, telephone or verbal information. In addition to your contact details, information about your education, qualifications, work experience, and skills is particularly relevant to us.

Your data will initially be processed exclusively for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used for the execution and termination of the employment relationship and deleted in accordance with the regulations applicable to personnel files. If we are currently unable to offer you employment, we will continue to process your data for up to six months after sending the rejection letter in order to defend ourselves against any legal claims, in particular those relating to alleged discrimination in the application process. If you receive expense reimbursements or other tax-related transactions, the corresponding accounting documents will be retained in accordance with the applicable retention requirements in order to comply with budgetary and tax law retention obligations. Your data will initially be accessed by our human resources department and the department for the position you have applied for, and, if necessary, by the accounting department.

Our administrators and processors have the technical ability to access data processed by IT systems. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we must disclose your personal data to third parties, such as our bank if you receive a reimbursement or the postal service if we communicate with you by letter.

The legal basis for data processing in the application process and as part of the personnel file is Section 26 (1) sentence 1 BDSG and Art. 6 (1) lit. b GDPR and, if you have given your consent, for example by sending information that is not necessary for the application process , Art. 6 (1) lit. a GDPR. The legal basis for data processing after a rejection is Art. 6 (1) (f) GDPR. The legal basis for storage for budgetary and tax purposes is Art. 6 (1) (c) GDPR in conjunction with § 147 AO (German Fiscal Code). The legitimate interest in processing on the basis of Art. 6 (1) (f) GDPR is the defense against legal claims.

We do not generally require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask you not to send us any such information in advance. If, in exceptional cases, such information is relevant to the application process, we will process it together with your other application data. This may, for example, concern information about a severe disability, which you can provide to us voluntarily and which we then have to process in order to fulfill our special obligations with regard to severely disabled persons. In these cases, the processing serves to exercise rights or fulfill legal obligations under labor law, social security law, and social protection law. The legal basis for data processing is then Art. 9 (2) lit. b GDPR, §§ 26 (3) BDSG, 164 SGB IX. In exceptional cases, it may be necessary to obtain information about your health or disability or information from the Federal Central Register, i.e., about previous convictions, in order to assess your suitability for the intended position. The legal basis for this is Section 26 BDSG. Your data will not be used by us for automated decision-making or profiling.