→ KLAITON becomes Haufe Advisory

Privacy policy statement

Thank you for visiting the websites of the Haufe Group. Protecting your personal data is very important to us. The purpose of this privacy policy statement is to inform you about how your personal data is handled when you visit our websites, and about your rights in this regard.

→ KLAITON becomes Haufe Advisory

1. Who are we and how can you reach us?

We are the

Haufe Advisory GmbH
A Haufe Group Company
Gonzagagasse 15/3c
1010 Vienna


and in accordance with the General Data Protection Regulation (hereinafter GDPR), we are responsible for protecting your personal data. We are happy to assist you with any questions you may have about data processing, your rights, or this privacy policy statement. You can contact us at datasecurity@haufe-advisory.com

2. What data is processed when you visit our websites?

Hereinafter we explain what personal data is collected when you visit our websites

the purposes for which it is processed, the legal basis on which the data is processed, what options you have to control processing of your data yourself, and when the data is deleted.

A. Log files

Data collected:

When you visit our websites, your browser automatically transmits the following data to us:

  • the IP address of the terminal from which the website was accessed,
  • date and time of access,
  • name of the requested file and the amount of data transferred,
  • transfer status (completed or cancelled),
  • the site which originally requested the file,
  • the browser, operating system and interface via which the file was requested,
  • GPS location data if you use a mobile terminal.

Purposes for which the data is processed:

Temporary storage of this data is necessary to display the website on your computer and to ensure that the website functions properly. We also use this data to compile statistics about how our websites are used. Another reason for collecting this data is to track and prevent unauthorized access to the web server and any improper use of the web pages, and to secure our information technology systems.

Legal basis:

We temporarily store this data on the basis of legitimate interests (Art. 6 (1) (f) GDPR). It is in our legitimate interest to achieve the
purposes described above.

Storage period and control options:

The data is deleted when it is no longer needed to achieve the described purposes. Log files will be deleted after 14 months.
 

B. General information about cookies and targeting technologies

Data collected:

When you visit our websites, we use so-called cookies, which are small text files that are stored on your device. Cookies typically contain a unique character sequence called the cookie-ID which can be used to identify your browser the next time you visit our websites.

We also use so-called tags, i.e. small pieces of code with which we can measure our users’ behavior and determine the success of our advertising activities.

Depending on the type of cookies or tags used, different types of data are collected and processed after pseudonymization.

We use both our own cookies and cookies from other providers (third-party cookies). The third-party cookies are described in detail below, in Section 2. C.

Purposes for which the data is processed:

Some cookies are necessary for technical reasons, enabling the technical functioning of our websites. Certain functions used on our websites cannot be offered without the use of cookies.

Functionality cookies are used to make our websites more user-friendly and to ensure that certain functionalities are available, e.g. the ability to consistently display the shopping cart icon from one page to the next with the number of items in your cart, or storage of your login data so that you can have access to the data and settings you have already entered when you return to the page.

Analysis cookies and tags enable us to generate overall statistics, e.g. the number of times a given page has been accessed, which areas of our pages are most frequently viewed, and information on locations and the average amount of time spent on each page. This helps us to improve the quality of our websites and their content.

Advertising cookies and retargeting technologies enable us to provide you with offers and information tailored to your specific needs. This helps us to provide you with a more interesting experience at our websites, and to reach out to you on other websites with personalized advertising based on your interests.

Legal basis:

We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Art. 6 (1) (f) GDPR). It is in our legitimate interest to ensure that our websites function as intended and to provide optimal usability for visitors to our websites.

We use analytics cookies and advertising cookies, as well as tags and retargeting technologies on the basis of legitimate interests (Art. 6 (1) (f) GDPR, Recital 47). It is in our legitimate interest to tailor our websites to our customers’ specific interests.

Storage period and control options:

Some of the cookies we use are automatically deleted after closing the browser (so-called session cookies), while others are stored permanently on your device and enable us to recognize your browser (so-called persistent cookies).

You have full control over the use of cookies and can delete cookies in your browser, completely deactivate the storage of cookies, or selectively accept certain cookies. Use your browser’s help function to learn how you can change these settings. Note that such changes may limit the functionality of our websites.


C. Third-party cookie and tracking technologies

1. Necessary cookies

Econda

Data collected:

We use solutions and technologies from econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe, Germany (“Econda”). Econda uses cookies to create pseudonymous user profiles that persist across multiple pages. To do this, data is collected so that your browser can be recognized. Your IP address will be made unrecognizable immediately upon receipt to prevent it from being associated with user profiles.

Purposes for which the data is processed:

We use Econda to optimize our websites and adapt them to our users’ needs.

Legal basis:

We use Econda after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1) (a) GDPR).

Storage period and control options:

Econda stores this data and deletes it regularly.

You can block Econda from collecting and processing your data by configuring your browser settings accordingly, or by following this link.

Cybot A/S

Collected data:

We use a so-called cookie banner on our websites to inform you about the use of cookies. For this we use the service “Cookiebot” of the Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Details on the handling of your data by the service can be found here.

The following data is logged with this cookie:

  • IP address of your computer (in abbreviated form)
  • Date and time of consent
  • Web browser
  • used URL of website
  • visited Status of consent.

Purposes of data processing:

This service makes it possible to store your consent to the use of cookies. For this purpose, the service creates a cookie under the domain of Cookiebot and the websites visited in each case.

Legal basis:

We process your data on the basis of our legitimate interest pursuant to Art. 6 Para. 1 S. 1 lit. fEU-DSGVO

storage period and control options:

This logging serves the fulfilment of § 13 Para. 2 TMG and cannot be revoked.

Google

Data collected:

GOOGLE TAG MANAGER:

Google Tag Manager helps us to set and manage tags. Your data is not collected by this service.

GOOGLE RECAPTCHA:

We use Google's reCAPTCHA service in some of our forms. For this service, Google collects certain data to determine whether a human being or a machine is accessing our websites; this data may include your IP address, your screen and window resolution, your browser’s language settings, the time zone where you are located, the browser's user agent and what browser plugins you have installed. We have added the code "get._anonymizeIP();" to this service. This causes Google to shorten your IP address. For more information about shortening IP addresses, see the explanation of Google Analytics below.

Legal basis:

We use the Google products listed above after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1) (a) GDPR).

We use Google reCAPTCHA on the basis of legitimate interests (Art. 6 (1) (f) GDPR). It is in our legitimate interest to prevent misuse of our forms and to protect our information technology systems.

Storage period and control options:

The data that is collected by these Google functions is stored and deleted regularly.

You may prevent the storage of cookies by configuring the appropriate settings on your browser.

You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link

Further information can be found in Google's Data Privacy Policy.

2. Analytics cookies - better usability

Google

Data collected:

GOOGLE ANALYTICS: 

We use Google Analytics, a web analysis service by Google Ireland Limited, based in Gordon House, Barrow Street, Dublin 4, Ireland (“Google Analytics”) on our websites. Google Analytics stores cookies on your device that makes it possible to evaluate your use of our websites. To do so, Google Analytics collects various data, including data to uniquely identify your browser and information about when and how often you have visited our websites, how much time you have spent on our websites, and how you have interacted with our websites (more information available here).

We have added the code "get._anonymizeIP();" to the Google Analytics service. This causes Google to shorten your IP address and enable anonymized evaluation. IP addresses are shortened within the EU or the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. The IP address sent by your browser for Google Analytics is not merged with other Google data. The data collected through the use of cookies is usually transmitted to a Google server in the United States and stored there. In order to ensure adequate safeguarding of your data, we have obligated Google to comply with a level of data protection that complies with EU law, employing the relevant EU standard Contractual Clauses. Google shares data with third parties if permission has been given, if necessary for legal reasons, or to have the third parties process this data on Google's behalf.

Purposes for which the data is processed:

Google uses the data collected via Google Analytics on our behalf in order to evaluate how our websites are used, compile reports on website activity, and to provide other services relating to website and internet use.

Legal basis:

We use the Google products listed above after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1) (a) GDPR).

Storage period and control options:

The data that is collected by these Google functions is stored and deleted regularly.

You may prevent the storage of cookies by configuring the appropriate settings on your browser.

You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link.

For more information, see the Google Privacy Policy.

INFOnline

Data collected:

Our websites use the measurement method (“SZMnG”) of INFOnline GmbH (www.INFOnline.de) to calculate statistical indicators relating to the use of our online offerings. The goal of this measurement process is to determine the number of visits to our website, the number of website visitors and their surfing behavior statistically, based on a uniform standard procedure, and thus to obtain values that are comparable throughout the market. For all digital offers that are members of the German Audit Bureau of Circulation (Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V., or IVW — www.ivw.eu), or that participate in studies by the Working Group for Online Media Research (Arbeitsgemeinschaft Online-Forschung e.V., or AGOF — www.agof.de), usage statistics are regularly compiled into market reach figures and published with a “Unique Users” score by AGOF and the Working Group for Media Analysis (Arbeitsgemeinschaft Media-Analyse e.V., or AGMA — www.agma-mmc.de), and also published with “Page Impressions” and “Visits” scores by IVW. These market reach figures and statistics can be viewed on the associated websites.

Legal basis for processing:

Measurement by INFOnline GmbH using the SZMnG measurement method is based on a legitimate interest as per Art. 6 (1) (f) GDPR. The purpose of processing personal data is to compile statistics and create user categories. The statistics allow us to track and document the use of our online offerings. The user categories form a basis on which we can orient our advertising materials and/or activities to better meet our users’ interests. Usage statistics that provide a basis of comparison with other market participants are essential for the marketing of this website. Our legitimate interest arises from the commercial application of the knowledge derived from the statistics and user categories, and from the market value of our website (including its value in direct comparison to third-party websites) that can be determined from these statistics. We also have a legitimate interest in making the pseudonymized data available to INFOnline, AGOF and IVW for market research purposes (AGOF, agma) and for statistical purposes (INFOnline, IVW). In addition, we have a legitimate interest in making the pseudonymized data available to INFOnline for purposes of developing and preparing appropriate advertising material.

Type of data:

INFOnline GmbH collects the following data classified as personal data according to the GDPR:

IP address: Every device on the Internet requires an unique address, known as an IP address, in order to send and receive data. Because of the way the internet works, it is technically necessary to store the IP address for at least a short period of time. Before any processing takes place, IP addresses are shortened by 1 byte, and proceed to further processing only in anonymized form. The full IP addresses are not stored or processed in any way.

A randomly generated client identifier: Range processing uses either a third-party cookie, a first-party cookie, a “local storage object”, or a signature created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique to a given browser as long as the cookie or local storage object is not deleted. Therefore, data can also be recorded and associated with the relevant client identifier when you visit other websites that also use the “SZMnG” measurement method from INFOnline GmbH. The validity of the cookie is limited to a maximum of 1 year.

How the data are used:

The measurement method from INFOnline GmbH that is used on our websites calculates usage data. The purpose is to generate scores for Page Impressions, Visits, and Clients, as well other performance indicators (e.g. qualified clients). In addition, the measured data is used as follows:

“Geolocalization”, i.e. the process used to determine the physical location from which a web page was accessed, is based solely on the anonymized IP address, and the identified location is only at the state/regional level. Under no circumstances can the resulting geographical information be used to identify a user’s specific location.

Usage data for a technical client (e.g. for a browser on a specific device) is combined across websites and stored in a database. This information is used to estimate age and gender and passed on to AGOF service providers for further market reach analysis. As part of the AGOF study, social characteristics are estimated on the basis of a random sample, and can then be assigned to the following categories: Age, gender, nationality, professional activity, marital status, general household information, household income, place of residence, internet use, online interests, place of use, type of user.

Storage period and control options:

INFOnline GmbH does not store the complete IP address. The shortened IP address is stored for a maximum of 60 days. Usage data associated with the unique identifier is stored for a maximum of 6 months.

If you do not wish to take part in the measurement method, you can opt out here: optout.ioam.de

In order to guarantee your exclusion from the measurement, it is technically necessary to set a cookie. Should you delete all cookies from your browser, it will become necessary to repeat the opt-out process by following the link cited above.

Data sharing:

Neither the full IP address nor the shortened IP address are shared with third parties. Data with client identifiers is passed on to the following AGOF service providers for the preparation of the AGOF study:

Kantar Deutschland GmbH (www.kantardeutschland.de)

Ankordata GmbH & Co. KG (www.ankordata.de)

Interrogare GmbH (www.interrogare.de)

3. Functional cookies

Social Plugins

COLLECTED DATA:

We use social plugins from the following social media sites:

Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto CA 94304, USA (“Facebook”).

Twitter, which is operated by Twitter Inc, 795 Folsom St., Suite 600, San Francisco CA 94107, USA (“Twitter”).

When you visit a website that contains one of these plugins, your browser establishes a direct connection to the servers of the associated social media site. This integration provides the social media site with information about the websites you have visited, even if you do not have a user profile or are not currently logged in. If you are logged in, Facebook can associate the website visits to your Facebook account. When you interact with the plugins, the associated information is sent to the social media site and stored there. Your IP address is stored in shortened form. Once collected, the data is transmitted directly from your browser to one of the social media site’s servers in the United States and stored there.

Purposes for which the data is processed:

The social plugins allow you to share website content on social media sites.

Legal basis:

We use social plugins after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1) (a) GDPR).

Storage period and control options:

You can block social media sites from collecting and processing your data by configuring your browser settings accordingly.

If you do not want social media sites to directly associate the information collected through our websites with your user profile, you must log out before visiting our websites. For more information, see the Facebook and Twitter privacy policy statements.

4. Advertising cookies - don't miss any content

Adform

Data collected:

We use solutions and technologies from Adform Germany GmbH, Großer Burstah 50-52, 20457 Hamburg, Germany.

Adform uses cookies to create user profiles that persist across multiple pages in order to measure the success and handle advertising campaigns. It processes cookie IDs and order IDs. We can associate the order ID with a specific order.

Purposes for which the data is processed:

This service collects information on the user behavior for the measurement of success and handling of advertising campaigns and the handling of personalized ads.

Legal basis:

We temporarily store this data on the basis of legitimate interests (Art. 6 (1) (f) GDPR). It is in our legitimate interest to achieve the purposes described above.

Storage period and control options:

Adform can store data for up to 13 months. In case you do not want to participate in conversion tracking, you can deactivate the Adform cookie on your browser, at https://site.adform.com/privacy-center/platform-privacy/opt-out/.

Transfer to third countries:

Data might be transferred to the United States, Singapore, Belarus and Norway.

ORACLE ELOQUA

DATA COLLECTED:

We use the Eloqua service provided by ORACLE Deutschland B.V. & Co. KG, Riesstrasse 25, 80992 Munich, Germany. Eloqua sets a permanent cookie on your browser on the respective website.

PURPOSES FOR WHICH THE DATA IS PROCESSED:

We use Eloqua to analyse the use of our websites in order to continually improve them, as well as to personalize e-mails and send appropriate offers.

LEGAL BASIS:

We use Eloqua after you have given your consent pursuant to Art. 6(1) (a) GDPR.

STORAGE PERIOD AND CONTROL OPTIONS:

Eloqua stores your data and deletes it in regular intervals. You can block Eloqua from collecting and processing your data by configuring your browser settings accordingly or by using this link.

TRANSFER TO THIRD COUNTRIES:

It cannot be excluded that, in individual cases and as part of support and administration services, single employees of the Oracle Corporation outside the EU might have access to user data based on their contractual provision of services. As a precaution, we have ensured an adequate data protection level of Oracle Corporation by means of sufficient guarantees according to the EU General Data Protection Regulation.

For more information, see Oracle’s privacy policy statements.


Facebook pixel and Facebook Custom Audience (remarketing)

Data collected:

We use the so-called “Facebook pixel” of the “Facebook” company (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Facebook pixel enables us to group the visitors to our websites into specific target groups in order to have relevant advertisement (“ads”) displayed to you on Facebook. We do not have access to the data collected (e.g. IP addresses, information on the web browser, location of the website, buttons you clicked on, Pixel IDs and other features), we may only use it to display certain ads. The use of the Facebook pixel code entails the setting of cookies.

If you have a Facebook account and are logged in, your visit to our websites will be associated with your Facebook user account.

We also use the remarketing feature “Custom Audiences” of the “Facebook” company to some extent. This feature enables the display of interest based ads (“Facebook Ads”) to users of our websites that are visiting Facebook or other websites that use this function. We pursue the interest of displaying ads to you that are relevant to your interests in order to provide you with a more interesting experience at our website.

Your browser automatically establishes a direct connection with the Facebook server to exchange the relevant data. We have no control over the extent and further processing of the data collected by Facebook through the use of this tool and therefore we provide the information available to us: The integration of Facebook Custom Audiences provides Facebook with the information that you visited the relevant web page or clicked on one of our ads. In case you are logged into a Facebook service, Facebook can associate your visit with your account. Even if you do not have a Facebook account or are not logged in, there is a possibility that the provider ascertains your IP address and other identifiers and stores them.

If you have given your consent, we might pass your telephone number or e-mail address to “Facebook” in order to be able to
display ads that are relevant to your interests.

Purposes for which the data is processed:

We use these features to provide you with advertising offers that are relevant to your interests.

Legal basis:

We process your data because we have obtained your consent and because we have a legitimate interest in processing your data (Art. 6 (1) (a) and (f) GDPR).

Storage period and control options:

We store your data for as long as we need it for the specific purpose (display of interest-based advertisements) or as long as you have not objected to the storage of your data or revoked your consent.

Users who are logged in can deactivate the feature “Facebook Custom Audiences” at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

If you are logged in to Facebook, you can adjust your Facebook ads settings at https://www.facebook.com/help/109378269482053/?helpref=hc_fnav.


GOOGLE

Data collected:

GOOGLE REMARKETING UND DOUBLE CLICK (Now GOOGLE AD MANAGER):

We use Google Remarketing and Google Double Click. This technology uses cookies to track how you use our websites, and to help us recognize your browser when you visit websites that are part of the Google advertising network. To do this, the Google Analytics tracking code uses so-called Double Click cookies in addition to the usual Google Analytics cookies. Double Click cookies collect data about which third-party websites you have visited in the Google Display Network, and which ads you have clicked on. Data from first-party cookies (e.g. Google Analytics cookies) is also linked with data from third-party cookies (e.g. Google cookies for display preferences). This allows us to evaluate how advertisements are displayed and how you interact with them.

GOOGLE ADS CONVERSION TRACKING:

We use Google Ads Conversion Tracking. This technology stores cookies when you interact with one of our advertisements, e.g. by clicking on it. The cookies are then used to analyze what happens after you interact with an ad, such as whether you bought our product, accessed the ad from a cell phone, downloaded our app, or subscribed to a newsletter.

YOUTUBE:

We use the Google provider “YouTube” to embed videos on our websites. Responsible for data processing: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, US, as part of the Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US. When you visit one of our web pages on which we embedded YouTube videos, your IP address may be sent to YouTube. Additionally, a cookie is installed on your computer. Thus, YouTube learns that you have watched a video on our websites. If you are logged in to your YouTube account, this information will also be associated with your account. Haufe Advisory GmbH has no knowledge of any possible subsequent collection and processing of your data by YouTube. To find out more about data protection, we refer to the following privacy policy.

GOOGLE SIGNALS:

We also use the Signals feature by Google Inc. to some extent. The Google Signals feature recognizes individual users across various devices (so-called Cross-Device Tracking). We only have access to anonymized data in form of a report showing patterns in user behavior.

This feature is only active if you

  • have a Google account,
  • are logged in to your Google account while accessing the Haufe Group’s web pages,
  • activated the “personalized advertisements” feature in your Google account.

If you do not wish this feature to be used, you need to deactivate the “personalized advertisements” feature in your Google account.

Purposes for which the data is processed

GOOGLE REMARKETING UND DOUBLE CLICK (Now GOOGLE AD MANAGER):

We use this technology to display ads relevant to your interests on other sites in the Google advertising network. These ads relate to content that you have previously viewed on our websites.

GOOGLE ADS CONVERSION TRACKING:

We use this technology to improve our offerings.

GOOGLE SIGNALS: 

We use this technology to recognize users across various devices and to be able to display ads relevant to their interests.

Legal basis:

We use the Google products listed above after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1) (a) GDPR).

Storage period and control options:

The data that is collected by these Google functions is stored and deleted regularly.
You may prevent the storage of cookies by configuring the appropriate settings in your browser.
You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link.

GOOGLE DYNAMIC REMARKETING and DOUBLE CLICK as well as GOOGLE ADS CONVERSION TRACKING:

You can refuse the storage of cookies and the associated data processing by deactivating personalized ads in your add settings. You can deactivate the use of cookies by third-party providers through the Network Advertising Initiative’s opt-out page. DoubleClick cookies can alternatively be deactivated by installing a browser plugin.

Note that such changes may limit the functionality of our websites.

For more information, see the Google Data Privacy Policy https://policies.google.com/privacy?hl=en&gl=en.


LinkedIn Insights AND CONVERSION TRACKING

Data collected:

We use LinkedIn’s Insight Tag on our websites. The LinkedIn Insight Tag generates a LinkedIn “browser cookie” that collects the following data:

  • IP address,
  • Timestamp,
  • Page activities,
  • demographic data from LinkedIn, if the user is an active LinkedIn member.

This technology enables us to monitor the performance of our ads and read information regarding user interaction on our websites. The LinkedIn Insight Tag is embedded on our websites in order to connect to the LinkedIn Server if and when you visit our sites and are logged into your LinkedIn Account while doing so.

Purposes for which the data is processed:

We process your data in order to evaluate campaigns and collect information about users who might have reached our websites via our LinkedIn campaigns.

Legal basis:

We process your data, because you have given your consent and we have a legitimate interest in processing your data, Art. 6 (1) (a) and (f) EU GDPR.

Storage period and control options:

We store your data for as long as we need it for the respective purpose (evaluation of campaigns) and/or as long as you haven’t objected to the storage of your data or revoked your consent.

The collected data is encrypted. Find more information here. Have a look at LinkedIn’s privacy policy and the LinkedIn Opt-Out.

lead Forms:

If you fill in a so-called lead form on the website of LinkedIn, we process your personal data to be able to provide the requested information to you. As far as you have given your consent, we transfer your given data from the lead form into our customer database (CRM-system). If necessary, we will connect the information of the lead form with your already existing data, to be able to sumbit an offer according to your interests.

As far as you have consented to this, you can revoke the appropriate usage any time.

Your may revoke the usage of your data

1. regarding LinkedIn within 90 days here,

2. at Haufe any time by Mail at dsd@haufe-lexware.com.


MICROsoft

Data collected:

We use Bing Universal Event Tracking (“UET”), a service of Microsoft Corporation, One Microsoft Way, Redmond WA 98052-6399, USA (“Microsoft”). When you access our websites through ads provided by Bing Ads, a cookie is placed on your computer. In addition, a UET tag is integrated on our websites. A UET tag is a code that is used together with the cookie to store pseudonymized data about how the website is used. In combination with the cookie, the tag records pseudonymized data to track what actions you perform on our websites after clicking on an ad from Bing Ads. The data collected includes the amount of time spent on the websites, which areas of the websites were viewed, and what ad led you to the websites. In addition, Microsoft can use cross-device tracking to track your usage across multiple electronic devices. The collected data is sent to a Microsoft server in the United States. In order to ensure adequate safeguarding of your data, we have obligated Microsoft to comply with a level of dataprotection that complies with EU law, employing the relevant EU Standard Contractual Clauses.

Purposes for which the data is processed:

Bing Universal Event Tracking: UET enables us to track your activities on our websites when you have accessed our websites via ads from Bing Ads; this, in turn, enables us to improve our online offerings. Cross-device tracking enables Microsoft to display personalized advertising.

Bing Webmaster Tools: This tool allows Microsoft to provide its Bing services and to optimize search results.

Legal basis:

We use Bing Tracking Tools after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1)(a) GDPR).

Storage period and control options:

Microsoft stores the data for a period of no more than 180 days. You can prevent your data from being collected and processed by deactivating the use of cookies. Note that such changes may limit the functionality of the websites. You can use this link to deactivate cross-device tracking.

For more information on Bing’s analytics services, please visit the Bing Ads website. For more information on data privacy at Microsoft and in Bing, see the Microsoft Privacy Statement.

 

Wingify

Data collected:

We use the Visual Website Optimizer, an A/B-test tool/web analysis server from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter “Wingify”) on our websites. Wingify uses cookies allowing for an analysis of your website use. The information on your website use generated by the cookie as well as your IP address are transferred to a Wingify server in India and stored there. Find more information on the cookies used by following this link.

Purposes for which the data is processed:

Wingify uses this information on our behalf to analyze your website use and optimize our websites based on this information.

Legal basis:

We use Wingify after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner (Art. 6 (1) (a) GDPR).

Storage period and control options:

Wingify stores your data and deletes it regularly. You may prevent or delete the storage of cookies by configuring the appropriate settings of your browser software. Furthermore, you may prevent Wingify from collecting data generated by the cookie — data related to your website use, including your IP address — as well as from processing this data altogether, and you may do so by following this link.

Find detailed information on how your personal data is handled by following this link.

 

D. Wordpress

Data collected:

We use the open-source content management system “Wordpress” and plugins for certain web pages. Plugins are functional additions to the “Wordpress” software. The use of these plugins can entail the processing of personal data, such as your IP address.  

We partially use third-party cookie and tracking technologies. In these cases, the principles outlined above and in section 2. B. and 2. C. apply in full.

Purposes for which the data is processed:

We particularly use plugins for the following purposes:

·      Protection against abusive comments (“spam”)

·      Detection of faulty links

·      Improvement of the load speed of our mobile web pages

·      The specification regarding purposes outlined in 2. B. and 2. C. applies to all third-party cookie and tracking technologies. 

Legal basis:

We use Wordpress and the relevant plugins based on our legitimate interest. It is in our legitimate interest to achieve the purposes described above.

We use third-party cookie and tracking technologies in connection with a plugin after you have given your consent. You may revoke your consent at any time, following the procedures laid out above.  

Storage period and control options:

We store your data for as long as we need it for the specific processing purpose. 

You can block social media sites from collecting and processing your data by configuring your browser settings accordingly. 

If you do not want social media sites to directly associate the information collected through our websites with your user profile, you must log out before visiting our websites.

3. What data is processed when you visit our websites?

This sections explains what personal data is collected and processed when you contact us, subscribe to a newsletter, register as a user, submit an enquiry for a project or register as a coach/consultant; for what purposes and by which recipients it is processed; on what legal basis the data is processed; and when the data is deleted.

 

A. Contacting us

Data collected:

When you contact us through a contact form or via e-mail, we collect and process the data you provide, such as your contact information, your name and your request. All data that you share with us is transmitted from your browser to our server in encrypted form.

Purposes for which the data is processed:

Data processing is performed by our customer service department or by service providers working on our behalf, exclusively on the basis of your request and in order to process that request.

Legal basis:

We process your data for the implementation of precontractual and contractual measures that are performed at your request (Art. 6 (1) (b) GDPR).

Storage period:

We store your data for as long as we need it for the specific processing purpose, or to guarantee or comply with statutory retention periods.


WEBFLOW

Data collected:

We use the service provider Webflow, Inc., 398 11th St, Floor 2, San Francisco, California 94103, US, to process messages you send via web contact form. The following data is processed:

  • your IP address,
  • your name,
  • your e-mail address,
  • your telephone number,
  • your company’s name and the content of your message.

According to Webflow, this data is stored on servers in the United States but passed on exclusively to us. For that reason, Webflow has no direct connection to our end users.

Purpose for which the data is processed:

The data is processed by Webflow on our behalf so that we can receive your message and process it as quickly as possible.

Legal basis:

Depending on the reason of your message, our legal basis is either Art. 6 (1) (b) GDPR (initiation of a contract) or Art. 6 (1) (f) GDPR (our legitimate interest to communicate with you).

Storage period and control option:

We will delete your data following the end of our business relationship unless it prevents us from complying with legal or statutory retention periods. If we process your data based on our legitimate interest, you may object to the processing of data in accordance with Art. 21 (1) GDPR. We will then examine your reasoned objection and either discontinue data processing or provide you with a justification of why we continue to process your personal data.

B. Support requests

Data collected:

If you contact us concerning a support request (including: forgotten password, login error, other product related support), your request will be processed by our data processor TeamViewer. This is a ticket system operated by TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. The following data will be processed:

  • Your name, as far as this is included in your inquiry
  • Your e-mail address
  • Information from your message
  • Date of your request.

Purposes for which the data is processed:

We process your personal data in order to process your support request and provide you with a prompt response. We deploy a data processor, because we can ensure an efficient management of the support requests via this ticket system.

Legal basis:

Dealing with support requests is part of our services and is therefore necessary for the due performance of your contract with us, cf. Art. 6 para. 1 lit. b GDPR.

Insofar as a third party (e.g. your employer) has entered into a contract with us and not you personally, we process your data on the basis of our legitimate interest in the due performance of the contract with this third party, cf. Art. 6 Para. 1 lit. f GDPR.

Storage period and control option:

We store your personal data arising out of your support request for five years after closing your support ticket, except other retention periods apply pursuant to contractual or other legal grounds.

The processing of your data is necessary for the performance of our contractual relationship, therefore is no control possibility. Without such data processing we would not be able to offer you efficient support in the event you are experiencing any issues.

If you are not a contracting party and we are processing data based on our legitimate interest, you may object to data processing. However, we would like to point out that in such case we will not be able to process your support request properly and may therefore not be able to provide you with the best possible support.

C. Newsletter

Data collected:

When you subscribe to our newsletter, we collect and process the e-mail address you provide. After you have registered for a newsletter, we will process your data with your consent, so that we can keep you informed about the selected topics via e-mail, as well as sending you relevant ads. Our approach here is based on the double opt-in principle, i.e. when you order a newsletter on our website, we send you a confirmation e-mail with a registration link. Only after clicking on this link you will be added to our newsletter list.

Purposes for which the data is processed:

We process the data so that we can deliver the newsletter to you.

Legal basis:

We process your personal data based on your consent; see Art. 6 (1) (a) GDPR.

Storage period and control option:

We store your data for as long as your consent to receive the newsletter is valid. You may revoke your consent informally at all times with future effect. Our newsletter provides a particularly easy possibility to do so, you just need to click on the opt-out link at the bottom of each newsletter. After you have revoked your consent, we will delete your e-mail address from our newsletter list.


E-Mail Dispatch service provider mailchimp

Data collected:

We dispatch our newsletter using “MailChimp”, an online marketing platform. Data is processed by Rocket Science Group LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of the subscribers to our newsletter are stored on the MailChimp servers in the United States. MailChimp uses this information on our behalf to dispatch and analyze the newsletters. Furthermore, MailChimp states that it can use the data to optimize or improve their services, e.g. for technical optimization of dispatch, display of the newsletters or commercial purposes such as determining the home countries of the subscribers. MailChimp does not use this data to contact subscribers on their own behalf. It does not pass on personal data to third parties.

The newsletters contain a so-called “web beacon”, which is a pixel-size file that is retrieved from the MailChimp servers when you open the newsletter. Retrieval triggers the processing of the following information:

  • information on your browser and operating system
  • your IP address
  • time of retrieval
  • whether and when you opened the newsletter
  • and clicked on links.

For technical reasons, this information can be associated with individual newsletter subscribers. However, neither we no rMailChimp aim to observe individual users. MailChimp is committed to maintaining an adequate level of data protection using EU Standard Contractual Clauses. You can have a look at MailChimp’s privacy policy at https://Mailchimp.com/legal/privacy/.

Purpose for which the data is processed:

We use MailChimp as our e-mail dispatch service provider in order to guarantee effective management of e-mail addresses as well as to keep in contact with you via our newsletter.

Legal basis for data processing:

Data processing by MailChimp is based on our legitimate interest in effectively and safely dispatching our newsletter to you (Art. 6 (1) (f) GDPR).

Storage period and control option:

MailChimp states that it only stores your personal data for as long as we use your data for the dispatch of our newsletter. MailChimp will delete your data if we unsubscribe you from our mailing list.

You can object to the processing of your personal data by MailChimp. We will examine your reasoned objection and inform you whether
and why we continue to process your data.

You may use the opt-out link at the bottom of each e-mail at any time; as a result, we will delete your e-mail address from our
mailing list and MailChimp will not continue to process your personal data.

SCHEDULING MEETINGS WITH MIRCROSOFT BOOKING

We use the “Microsoft Bookings” service (https://www.microsoft.com/en-gb/microsoft-365/business/scheduling-and-booking-app) provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, for the online scheduling of meetings. This service enables the user to make a telephone appointment or an appointment for a personal or online meeting with our project managers online. To that purpose, the data you entered, your IP address, the website you accessed and the time of access, as well as your browser configurations will be transmitted to Microsoft. For more information, see Microsoft’s privacy policy statement (https://privacy.microsoft.com/en-gb/privacystatement). The legal basis for processing of your data in relation to the “Microsoft Bookings” service is our legitimate interest to offer you user-friendly websites with a wide range of functions, displayed in a visually attractive way.


D. Registration and matching as user of coaching/mentoring services

Data collected:

When you register on our platform as user, we ask you to provide information on your person and your coaching/mentoring request. We will ask you to provide the following information:

  • log-in data (e-mail address and password)
  • information on the motive for/subject of the coaching/mentoring (e.g. change of roles, new stage in your professional life, improving the impression you make on others, conflict management or similar topics)
  • information on desired personality characteristics of the coach/mentor (humor, analytical thinking, creativity etc.)
  • desired sex and age of the coach/mentor
  • language
  • location of the coaching/mentoring (on site, online)
  • starting date of the coaching/mentoring
  • optional: further subjects that you wish to add to the coaching/mentoring
  • It is possible that while providing this information, you reveal special categories of data (e.g. information on your health condition, social environment, religion or political opinion).

We will process this data with the sole purpose of finding a suitable coach for you and achieving the best possible result for you query.

Purpose for which the data is processed:

Processing this data is necessary for us tomeet our contractual obligations and conduct “matching” with suitable coaches/mentors.

Providing information on special categories of personal data (Art. 9 (1) GDPR) is generally voluntary. However, should we need this kind of personal data to conduct the “matching”, it becomes required as this data is of the essence for us to perform the contractually owed service.

Legal basis:

We process your data for the implementation of a contract or of precontractual measures that are performed at your request (Art.6 (1) (b) GDPR).

Should the information you provide allow conclusions regarding special categories of personal data according to Art. 9 (1) GDPR, data processing is based on your consent (Art. 6 (1) (a), Art. 9 (2) (a) GDPR).

Storage period and control option:

We will store your personal data for the duration of our business relationship and will delete it upon termination of the same, as long as deletion does not interfere with legal or contractual retention periods.

If you have consented to our processing of your personal data, you can informally revoke that consent at any time with future effect. Please note that in this case, we might not be able to uphold our contractual relationship with you, as we need to process your data to fulfil our contract.

Order processing in the context of coach matching:

If you, your employer or another person booked a coaching on the website of the Haufe Akademie (www.haufe-akademie.de), we, Haufe Advisory GmbH, are the processor for Haufe Service Center GmbH with whom you conclude a coaching contract. During the process of coach-matching and after you or your employer booked and paid for one-on-one coaching on the website of the Haufe Akademie (www.haufe-akademie.de), you need to go to our website and register as user. Our platform will then undertake the coach matching. Responsible for processing your personal data in this context is the

Haufe Service Center GmbH

A Haufe Group Company

Munzinger Straße 9

79111 Freiburg (Germany)

Email: service@haufe.de

Raik Mickler, data protection officer at Haufe Service Center GmbH, will be happy to assist you with any questions you may have about
data processing, your rights, or the privacy policy statement of the Haufe Service Center GmbH. He can be reached at: dsb@haufe-lexware.com


E. Project enquiries by clients

Data collected:

Should you commission a consulting project, we will store the following information:

  • company name,
  • VAT number,
  • project location and address,
  • project name,
  • purpose of the project,
  • required consulting expertise,
  • scope of the project,
  • a possible daily rate, and
  • any additional information you provide
  • contact details of the user(s) (in individual instances only).

You are not obliged to share any of this data with us; if you decide not to share this data with us, it will, however, not be possible for us to find high-quality consultants and take care of your project (issue invoices, carry out quality assurance measures).

Purposes for which the data is processed:

We process your data in order to put you into contact with potential clients.

Legal basis:

We process your data in order to be able to implement a contract with you or to fulfil precontractual measures that are performed following your registration (Art. 6 (1) (b) GDPR).

Storage period and control option:

We will store your personal data for the duration of our business relationship.

If our business relationship ends, we will store your personal data for business activity documentation purposes for a period of three years starting at the date of our last contact as long as the Haufe Advisory GmbH is not legally obliged to store them for a longer period of time (e.g. invoices, consulting contracts which were the legal basis for assignments, etc.).


F. Registration as coach/consultant

1. Data collected:

a. registration:

We will store all data that you share with us in the course of your registration or application process. They will allow us to contact you, carry out our selection process and present your profile to potential clients.

You will have to specify the following data in the course of the registration process in order for us to be able to process your application:

  • title, first name, surname, address, e-mail address, phone number
  • date of birth
  • short personal description
  • at least one consulting experience
  • CV information that you have provided
  • information on previous projects
  • expertise and sector-specific experience.

There are further data that we need in order to be able to identify and put you in contact with potential clients. It is optional for you to provide this data. If you do not wish to share this information with us, it becomes, however, less likely that we will be able to find suitable jobs for you and that a company/coachee will choose your profile:

  • title, company
  • sector-specific knowledge
  • further consulting experience
  • USP,
  • coaching roles and focus
  • reference projects
  • professionaL experience, qualifications, education and training, language skills
  • profile picture (photo).

In the course of our multi-stage application process, we will additionally determine and store the results of the individual stages as part of our documentation:

  • protocols of our interviews with you concerning your previous experience as consultant or coach, the focus of your company, your methods, etc.
  • the professional self-assessment of your consulting/coaching skills
  • results of online performance and behavioral diagnosis procedures carried out as part of our consultant admission process
  • notes on availability and desired projects and similar project-related items of information.

In cooperating with us, you will provide us with your bank details and your company data (VAT registration number and commercial register number). We will use this data for paying you for services your rendered during jobs that were advertised on our platform.

B. reFerenceS:

If you want to provide us with more insight into your professional activities, you may, on a voluntary basis, provide us with the contact data (company, name, e-mail address, telephone number) of references.

We will contact these references with the sole purpose of verifying the quality of your work. We take it for granted that the references have consented to the passing on of their personal data.

Please note that your references may also contain companies based outside the EU. When we contact one of your references, we will mention your name and the type of your cooperation with them. Please only provide the names of references if you agree to the passing on of your data to them.

When we contact the references, we will obtain information on the type, duration and point of time of your cooperation with them, an assessment of your performance and ask about what they would hope for in a future cooperation with you.

Purposes for which the data is processed:

We process your data in order to put you into contact with potential clients and to verify your information.

Legal basis:

We process your data in order to be able to implement a contract with you or to fulfil precontractual measures that are performed following your registration (Art. 6 (1) (b) GDPR).

Storage period and control option:

We will store your personal data for the duration of our business relationship.

If our business relationship ends, we will store your personal data and the personal data of your references (with the exception of your contact data) for documentation purposes for a period of two years as the end of our business relationship as long as the Haufe Advisory GmbH is not legally obliged to store data for a longer period of time (e.g. invoices, consulting contracts which were the legal basis for assignments, etc.). Your contact data will be stored solely for traceability reasons, in connection with a note on the termination of the business relationship.

In case we do not enter into any business relationship with you, we will store your personal data and the personal data of your references (with the exception of your contact data) for the purpose of any later inquiries for a period of 6 months. Your contact data will be stored for traceability reasons in connection with a note on the termination of the business relationship for three years as of the termination of the business
relationship.

G. Registration as mentor

DATA COLLECTED:

REGISTRATION:

We will store all data that you share with us in the course of your registration in order to match you with mentees.

You will have to specify the following data in the course of the registration process in order for us to be able to match you properly:

  • title, first name, surname, address, e-mail address, phone number
  • career level
  • age group
  • short personal description
  • mentoring focus
  • language skills
  • profile picture (photo)
     

PURPOSES FOR WHICH THE DATA ISPROCESSED:

We process your data in order to fulfill our matching services.

LEGAL BASIS:

We process your data in order to be able to implementa contract with you or to fulfil precontractual measures that are performed following your registration (Art. 6 (1) (b) GDPR).

STORAGE PERIOD AND CONTROLOPTION:

We will store your personal data for the duration of our business relationship.

H. Presentation of Learning Contents

3Q SDN VIDEOHOSTING

DATA COLLECTED:

We integrated the SaaS platform 3Q SDN on our websites for the display of video content. 3Q SDN is a platform for processing video material and all related services. The operating company of 3Q SDN is 3Q GmbH, Kurfürstendamm 102, 10711 Berlin, Germany. 3Q SDN sets a cookie on your browser. This allows 3Q SDN to gain insight into the extent of use of our video offers. As a rule, the personal data transmitted to 3Q SDN comprise IP address, timestamp, URL, user agent, as well as data necessary for statistical recording. 3Q SDN’s current data protection regulations can be accessed at https://www.3qsdn.com/de/datenschutz_und_richtlinien (German only).

PURPOSES FOR WHICH THE DATA IS PROCESSED:

The 3Q SDN platform collects data on the use of audio-visual content. We use 3Q SDN to provide you with our learning contents, thus complying with our obligation to fulfil the contract.

Legal basis:

We use 3Q SDN to make training content available to you via video, as it is stated in our offer of contract. Data processing is therefore based on the contract between us, Art. 6(1) (b) GDPR.

STORAGE PERIOD:

Your data will only be stored for as long as it is necessary to fulfil the purpose. Furthermore, you can prevent cookies from being set on your browser by adjusting the respective settings in your browser. Please note that this may lead to problems in the display of contents and that you may not be able to use all functions on our website.


4. What rights do you have and how can you exercise them?

A. Revocation of consent

If you have consented to the processing of your personal data, you can revoke that consent at any time with future effect. Note that such revocation has no effect on the legality of previous data processing, and that it does not extend to data processing for which a statutory justification exists, and which may therefore take place even without your consent.


B. Additional rights of data subjects

In addition, you have the following rights as a data subject under Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR), provided that the statutory requirements are met:

Information:

You can request at any time that we provide you with information as to which of your personal data we process and how, and that we provide you with a copy of the stored personal data that relates to you, Art. 15 GDPR.

Correction:

You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR.

Deletion:

Regarding the deletion of your personal data: Please note that the right to deletion excludes data that we require for the execution and processing of contracts, and for the assertion, exercise and defense of legal claims, as well as data for which statutory, regulatory or contractual retention requirements apply, Art. 17 GDPR.

Restriction of processing:

Under certain circumstances, you may request that processing be restricted, e.g. if you believe that your data is incorrect, that the processing of your data is unlawful, or if you have objected to the processing of your data. The result of such a request is that your data may only be processed to a very limited extent without your consent, e.g. for the assertion, exercise and defense of legal claims or to protect the rights of other natural and legal persons, Art. 18 GDPR.

Objection to data processing:

You have the option to object at any time to data processing for purposes of direct advertising. In addition, if special reasons apply, you can object at any time to data processing on the basis of a legitimate interest, Art. 21 GDPR.

Data portability:

You have the right to receive the data that you have provided to us, and that we process based on your consent or in order to fulfill a contract, in a common, machine-readable format and, to the extent that this is technically feasible, to request that this data be transmitted directly to third parties, Art. 20 GDPR.


C. How to contact us

You can exercise your rights via the following contact channels

Haufe Advisory GmbH

A Haufe Group Company

Gonzagagasse 15/3c

1010 Vienna

E-mail: datasecurity@haufe-advisory.com

You can revoke your consent to data processing through cookies and tracking technologies by adjusting the corresponding settings in your browser or by using the opt-out options described in detail under 3. C. 

You can also revoke your consent to receive the newsletter at any time by clicking the corresponding link in each newsletter.

D. Right of appeal to a regulatory authority

If you believe, for example, that our data processing is unlawful or that we have not protected the rights described above to the
required extent, you have the right to file a complaint with the competent data protection authority.


UPDATE: 20 April 2021