→ KLAITON becomes Haufe Advisory

ADVISORY

Privacy policy statement

Thank you for visiting the websites of the Haufe Group. Protecting your personal data is very important to us. The purpose of this privacy policy statement is to inform you about how your personal data is handled when you visit our websites, and about your rights in this regard.

→ KLAITON becomes Haufe Advisory

1. Who are we and how can you reach us?

We are the

Haufe Advisory GmbH
A Haufe Group Company
Gonzagagasse 15/5
1010 Vienna


and in accordance with the General Data Protection Regulation (hereinafter GDPR), we are responsible for protecting your personal data. We are happy to assist you with any questions you may have about data processing, your rights, or this privacy policy statement. You can contact us at datasecurity@haufe-advisory.com

2. What data is processed when you visit our websites?

Hereinafter we explain what personal data is collected when you visit our websites

the purposes for which it is processed, the legal basis on which the data is processed, what options you have to control processing of your data yourself, and when the data is deleted.

A. Log files

Data collected:

When you visit our websites, your browser automatically transmits the following data to us:

  • the IP address of the terminal from which the website was accessed,
  • date and time of access,
  • name of the requested file and the amount of data transferred,
  • transfer status (completed or cancelled),
  • the site which originally requested the file,
  • the browser, operating system and interface via which the file was requested,
  • GPS location data if you use a mobile terminal

Purposes for which the data is processed:

Temporary storage of this data is necessary to display the website on your computer and to ensure that the website functions properly. We also use this data to compile statistics about how our websites are used. Another reason for collecting this data is to track and prevent unauthorized access to the web server and any improper use of the web pages, and to secure our information technology systems.

Legal basis:

We temporarily store this data on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to achieve the
purposes described above.

Storage period and control options:

The data is deleted when it is no longer needed to achieve the described purposes. Log files will be deleted after 14 months.
 

B. General information about cookies and targeting technologies

Data collected:

When you visit our websites, we use so-called cookies, which are small text files that are stored on your device. Cookies typically contain a unique character sequence called the cookieID which can be used to identify your browser the next time you visit our websites.

We also use so-called tags, i.e. small pieces of code with which we can measure our users’ behavior and determine the success of our advertising activities.

Depending on the type of cookies or tags used, different types of data are collected and processed after pseudonymization.

We use both our own cookies and cookies from other providers (third-party cookies). The third-party cookies are described in detail below, in Section 2 C.

Purposes for which the data is processed:

Some cookies are necessary for technical reasons, enabling the technical functioning of our websites. Certain functions used on our websites cannot be offered without the use of cookies.

Functionality cookies are used to make our websites more user-friendly and to ensure that certain functionalities are available, e.g. the ability to consistently display the shopping cart icon from one page to the next with the number of items in your cart, or storage of your login data so that you can have access to the data and settings you have already entered when you return to the page.

Analysis cookies and tags enable us to generate overall statistics, e.g. the number of times a given page has been accessed, which areas of our pages are most frequently viewed, and information on locations and the average amount of time spent on each page. This helps us to improve the quality of our websites and their content.

Advertising cookies and retargeting technologies enable us to provide you with offers and information tailored to your specific needs. This helps us to provide you with a more interesting experience at our websites, and to reach out to you on other websites with personalized advertising based on your interests.

Legal basis:

We use technically necessary cookies and functionality cookies on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to ensure that our websites function as intended and to provide optimal usability for visitors to our websites.

We use analytics cookies and advertising cookies, as well as tags and retargeting technologies on the basis of legitimate interests (Art. 6 (1)(f) GDPR, Recital 47). It is in our legitimate interest to tailor our websites to our customers’ specific interests.

Storage period and control options:

Some of the cookies we use are automatically deleted after closing the browser (so-called session cookies), while others are stored permanently on your device and enable us to recognize your browser (so-called persistent cookies).

You have full control over the use of cookies and can delete cookies in your browser, completely deactivate the storage of cookies, or selectively accept certain cookies. Use your browser’s help function to learn how you can change these settings. Note that such changes may limit the
functionality of our websites.

C. Third-party cookie and tracking technologies

1. Necessary cookies

Econda

Data collected:

We use solutions and technologies from econda GmbH, Eisenlohrstraße 43, 76135 Karlsruhe, Germany (“Econda”). Econda uses cookies to create pseudonymous user profiles that persist across multiple pages. To do this, data is collected so that your browser can be recognized. Your IP address will be made unrecognizable immediately upon receipt to prevent it from being associated with user profiles.

Purposes for which the data is processed:

We use Econda to optimize our websites and adapt them to our users’ needs.

Legal basis:

We use Econda after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.

Storage period and control options:

Econda stores this data and deletes it regularly.

You can block Econda from collecting and processing your data by configuring your browser settings accordingly, or by following this link.

Cybot A/S

Collected data:

We use a so-called cookie banner on our website to inform you about the use of cookies. For this we use the service "Cookiebot" of the Cybot A/S ,Havnegade 39, 1058 Copenhagen, Denmark.

This service makes it possible to store your consent to the use of cookies. For this purpose, the service creates a cookie under the domain of Cookiebot and the website visited in each case.

Details on the handling of your data by the service can be found here.

The following data is logged with this cookie:

  • IP address of your computer (in abbreviated form)
  • Date and time of consent
  • Web browser
  • used URL of website
  • visited Status of consent

Purposes of data processing:

This service allows you to save your consent to the use of cookies. For this purpose, the service creates a cookie under the domain of Cookiebot and the respective website visited.

Legal basis:

We process your data on the basis of our legitimate interest pursuant to Art. 6 Para. 1 S. 1 lit. fEU-DSGVO

storage period and control options:

This logging serves the fulfilment of § 13 Para. 2 TMG and cannot be revoked.

Google

Data collected:

GOOGLE TAG MANAGER: Google Tag Manager helps us to set and manage tags. Your data is not collected by this service.

GOOGLE RECAPTCHA: We use Google's reCAPTCHA service in some of our forms. For this service, Google collects certain data to determine whether a human being or a machine is accessing our websites; this data may include your IP address, your screen and window resolution, your browser’s language settings, the time zone where you are located, the browser's user agent and what browser plugins you have installed. We have added the code "get._anonymizeIP();" to this service. This causes Google to shorten your IP address. For more information about shortening IP addresses, see the explanation of Google Analytics above.

Legal basis:

We use the Google products listed above after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner at the bottom edge of the page.

We use Google reCAPTCHA on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to prevent misuse of our forms and to protect our information technology systems.

Storage period and control options:

The data that is collected by these Google functions is stored and deleted regularly.

You may prevent the storage of cookies by configuring the appropriate settings on your browser.

You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link

2. Analytics cookies

Google

Data collected:

GOOGLE ANALYTICS: We use Google Analytics, a web analysis service by Google Ireland Limited, based in Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) on our websites. Google Analytics stores cookies on your device that make it possible to evaluate your use of our websites. To do so, Google collects various data, including data to uniquely identify your browser and information about when and how often you have visited our websites, how much time you have spent on our websites, and how you have interacted with our websites (more information available here.

We have added the code "get._anonymizeIP();" to the Google Analytics service. This causes Google to shorten your IP address and enable anonymized evaluation. IP addresses are shortened within the EU or the European Economic Area. Only in exceptional cases is the full IP address sent to a Google server in the United States and shortened there. The IP address sent by your browser for Google Analytics is not merged with other Google data. The data collected through the use of cookies is usually transmitted to a Google server in the United States and stored there. Compliance with data protection standards and respect for your rights is ensured through Google's certification under the EU-US Privacy Shield. Google shares data with third parties if permission has been given, if necessary for legal reasons, or to have the third parties process this data on Google's behalf.

Purposes for which the data is processed:

Google uses the data collected via Google Analytics on our behalf in order to evaluate how our websites are used, compile reports on website activity, and to provide other services relating to website and Internet use.

Legal basis:

We use the Google products listed above after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner at the bottom edge of the page.

We use Google reCAPTCHA on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to prevent misuse of our forms and to protect our information technology systems.

Storage period and control options:

The data that is collected by these Google functions is stored and deleted regularly.

You may prevent the storage of cookies by configuring the appropriate settings on your browser.

You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link.

INFOnline

Data collected:

Our website uses the measurement method (“SZMnG”) of INFOnline GmbH (www.INFOnline.de) to calculate statistical indicators relating to the use of our online offerings. The goal of this measurement process is to determine the number of visits to our website, the number of website visitors and their surfing behavior statistically, based on a uniform standard procedure, and thus to obtain values that are comparable throughout the market. For all digital offers that are members of the German Audit Bureau of Circulation (Informationsgemeinschaft zur Feststellung der Verbreitung von Werbeträgern e.V., or IVW — www.ivw.eu), or that participate in studies by the
Working Group for Online Media Research (Arbeitsgemeinschaft Online-Forschung e.V., or AGOF — www.agof.de), usage statistics are regularly compiled into market reach figures and published with a “Unique Users” score by AGOF and the Working Group for Media Analysis (Arbeitsgemeinschaft Media-Analyse e.V., or AGMA — www.agma-mmc.de), and also published with “Page Impressions” and “Visits” scores by IVW. These market reach figures and statistics can be viewed on the associated websites.

Legal basis for processing:

Measurement by INFOnline GmbH using the SZMnG measurement method is based on a legitimate interest as per Art. 6 (1)(f) GDPR. The purpose of processing personal data is to compile statistics and create user categories. The statistics allow us to track and document the use of our
online offerings. The user categories form a basis on which we can orient our advertising materials and/or activities to better meet our users’ interests. Usage statistics that provide a basis of comparison with other market participants are essential for the marketing of this website. Our legitimate interest arises from the commercial application of the knowledge derived from the statistics and user categories, and from the market value of our website (including its value in direct comparison to third-party websites) that can be
determined from these statistics. We also have a legitimate interest in making the pseudonymized data available to INFOnline, AGOF and IVW for market research purposes (AGOF, agma) and for statistical purposes (INFOnline, IVW). In addition, we have a legitimate interest in making the pseudonymized data available to INFOnline for purposes of developing and preparing appropriate advertising material.

Type of data:

INFOnline GmbH collects the following data classified as personal data according to the GDPR:

IP address: Every device on the Internet requires a unique address, known as an IP address, in order to send and receive data. Because of the way the Internet works, it is technically necessary to store the IP address for at least a short period of time. Before any processing takes place, IP addresses are shortened by 1 byte, and proceed to further processing only in anonymized form. The full IP addresses are not stored or processed in any way.

A randomly generated client identifier: Range processing uses either a third-party cookie, a first-party cookie, a “local storage object”, or a signature created from various automatically transmitted information from your browser to recognize computer systems. This identifier is unique to a given browser as long as the cookie or local storage object is not deleted. Therefore, data can also be recorded and associated with the relevant client identifier when you visit other websites that also use the “SZMnG” measurement method from INFOnline GmbH. The validity of the cookie is limited to a maximum of 1 year.

How the data are used:

The measurement method from INFOnline GmbH that is used on this website calculates usage data. The purpose is to generate scores for Page Impressions, Visits, and Clients, as well other performance indicators (e.g. qualified clients). In addition, the measured data is used as follows:

“Geolocalization”, i.e. the process used to determine the physical location from which a web page was accessed, is based solely on the anonymized IP address, and the identified location is only at the state/regional level. Under no circumstances can the resulting geographical information be used to identify a user’s specific location.

Usage data for a technical client (e.g. for a browser on a specific device) is combined across websites and stored in a database. This information is used to estimate age and gender and passed on to AGOF service providers for further market reach analysis. As part of the AGOF study, social characteristics are estimated on the basis of a random sample, and can then be assigned to the following categories: Age, gender, nationality, professional activity, marital status, general household information, household income, place of residence, Internet use, online interests, place of use, type of user.

Storage period and control options:

INFOnline GmbH does not store the complete IP address. The shortened IP address is stored for a maximum of 60 days. Usage data associated with the unique identifier is stored for a maximum of 6 months.

If you do not wish to take part in the measurement method, you can opt out here: optout.ioam.de

In order to guarantee your exclusion from the measurement, it is technically necessary to set a cookie. Should you delete all cookies from your browser, it will become necessary to repeat the opt-out process by following the link cited above.

Data sharing:

Neither the full IP address nor the shortened IP address are shared with third parties. Data with client identifiers is passed on to the following AGOF service providers for the preparation of the AGOF study:

Kantar Deutschland GmbH (www.tns-infratest.com)

Ankordata GmbH & Co. KG (www.ankordata.de)

Interrogare GmbH (www.interrogare.de)

3. Functional cookies

Social Plugins

COLLECTED DATA:

We use social plugins from the following social media sites:

Facebook, which is operated by Facebook Inc, 1601 S. California Ave, Palo Alto CA 94304, USA (“Facebook”).

Twitter, which is operated by Twitter Inc, 795 Folsom St., Suite 600, San Francisco CA 94107, USA (“Twitter”).

When you visit a website that contains one of these plugins, your browser establishes a direct connection to the servers of the associated social media site. This integration provides the social media site with information about the website you have visited, even if you do not have a user profile or are not currently logged in. If you are logged in, Facebook can associate the website visit to your Facebook account. When you interact with the plugins, the associated information is sent to the social media site and stored there. Your IP address is stored in shortened form. Once collected, the data is transmitted directly from your browser to one of the social media site’s servers in the United States and stored there.

Purposes for which the data is processed:

The social plugins allow you to share website content on social media sites.

Legal basis:

We use social plugins after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.

Storage period and control options:

You can block social media sites from collecting and processing your data by configuring your browser settings
accordingly.

If you do not want social media sites to directly associate the information collected through our websites with your user profile, you must log out before visiting our websites. For more information, see the Facebook and Twitter privacy policy statements.

4. Advertising cookies - don't miss any content

Adform

Data collected:

We use solutions and technologies from Adform Germany GmbH, Großer Burstah 50-52, 20457 Hamburg, Germany.

Adform uses cookies to create user profiles that persist across multiple pages in order to measure the success of and handle advertising campaigns. It processes cookie IDs and order IDs. We can associate the order ID with a specific order.

Purposes for which the data is processed:

This service collects information on the user behavior for the measurement of success and handling of advertising campaigns and the handling of personalized ads.

Legal basis:

We temporarily store this data on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to achieve the purposes described above.

Storage period and control options:

Adform can store data for up to 13 months. In case you do not want to participate in conversion tracking, you can deactivate the Adform cookie on your browser, at https://site.adform.com/privacy-center/platform-privacy/opt-out/.

Transfer to third countries:

Data might be transferred to the United States, Singapore, Belarus and Norway.


Facebook pixel and Facebook Custom Audience (remarketing)

Data collected:

We use the so-called “Facebook pixel” of the “Facebook” company (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). The Facebook pixel enables us to group the visitors to our website into specific target groups in order to have relevant advertisement (“ads”) displayed to you on Facebook. We do not have access to the data collected (e.g. IP addresses, information on the web browser, location of the website, buttons you clicked on, Pixel IDs and other features), we may only use it to display certain ads. The use of the Facebook pixel code entails the setting of cookies.

If you have a Facebook account and are logged in, your visit to this website will be associated with your Facebook user account.

We also use the remarketing feature “Custom Audiences” of the “Facebook” company to some extent. This feature enables the display of interest based ads (“Facebook Ads”) to users of our website that are visiting Facebook or other websites that use this function. We pursue the interest of displaying ads to you that are relevant to your interests in order to provide you with a more interesting experience at our website.

Your browser automatically establishes a direct connection with the Facebook server to exchange the relevant data. We have no control over the extent and further processing of the data collected by Facebook through the use of this tool and therefore we provide the information available to us: The integration of Facebook Custom Audiences provides Facebook with the information that you visited the relevant web page or clicked on one of our ads. In case you are logged into a “Facebook” service, “Facebook” can associate your visit with your account. Even if you do not have a Facebook account or are not logged in, there is a possibility that the provider ascertains your IP address and other identifiers and stores them.

If you have given your consent, we might pass your telephone number or e-mail address to “Facebook” in order to be able to
display ads that are relevant to your interests.

Purposes for which the data is processed:

We use these features to provide you with advertising offers that are relevant to your interests.

Legal basis:

We process your data because we have obtained your consent and because we have a legitimate interest in processing your data (Art. 6 (1)(a) and (f) GDPR).

Storage period and control options:

We store your data for as long as we need it for the specific purpose (display of interest-based advertisements) or as long as you have not objected to the storage of your data or revoked your consent.

Users who are logged in can deactivate the feature “Facebook Custom Audiences” at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

If you are logged in to Facebook, you can adjust your Facebook ads settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.


GOOGLE

Data collected:

GOOGLE REMARKETING UND DOUBLE CLICK (NUN GOOGLE AD MANAGER): We use Google Remarketing and Google Double Click. This technology uses cookies to track how you use our website, and to help us recognize your browser when you visit websites that are part of the Google advertising network. To do this, the Google Analytics tracking code uses so-called DoubleClick cookies in addition to the usual Google Analytics cookies. DoubleClick cookies collect data about which third-party websites you have visited in the Google Display Network, and which ads you have clicked on. Data from first-party cookies (e.g. Google Analytics cookies) is also linked with data from third-party cookies (e.g. Google cookies for display preferences). This allows us to evaluate how advertisements are displayed and how you interact with them.

GOOGLE ADS CONVERSION TRACKING: We use Google Ads Conversion Tracking. This technology stores cookies when you interact with one of our advertisements, e.g. by clicking on it. The cookies are then used to analyze what happens after you interact with an ad, such as whether you bought our product, accessed the ad from a cell phone, downloaded our app, or subscribed to a newsletter.

YOUTUBE: We use the Google provider YouTube to embed videos on our website. Responsible for data processing: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, US, as part of the Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, US. When you visit one of our web pages on which we embedded YouTube videos, your IP address may be sent to YouTube. Additionally, a cookie is installed on your computer. Thus, YouTube learns that you have watched a video on our websites. If you are logged in to your YouTube account, this information will also be associated with your account. Haufe Advisory GmbH has no knowledge of any possible subsequent collection and processing of your data by YouTube. To find out more about data protection, we refer to the following privacy policy.

GOOGLE SIGNALS: We also use the Signals feature by Google Inc. to some extent. The Google Signals feature recognizes individual users across various devices (so-called Cross-Device Tracking). We only have access to anonymized data in form of a report showing patterns in user behavior.

This feature is only active if you

  • have a Google account,
  • are logged in to your Google account while accessing the Haufe Group’s web pages,
  • and the “personalized advertisements” feature is activated in your Google account.

If you do not wish this feature to be used, you need to deactivate the “personalized advertisements” feature in your Google account.

Purposes for which the data is processed:

GOOGLE REMARKETING UND DOUBLE CLICK (NUN GOOGLE AD MANAGER): We use this technology to display ads relevant to your interests on other sites in the Google advertising network. These ads relate to content that you have previously viewed on our websites.

GOOGLE ADS CONVERSION TRACKING: We use this technology to improve our offerings.

GOOGLE SIGNALS: We use this technology to recognize users across various devices and be able to display ads relevant to their interests to them.

Legal basis:

We use the Google products listed above after you have given your consent. When you visit our websites, we obtain your consent via the cookie banner at the bottom edge of the page.

We use Google reCAPTCHA on the basis of legitimate interests (Art. 6 (1)(f) GDPR). It is in our legitimate interest to prevent misuse of our forms and to protect our information technology systems.

Storage period and control options:

The data that is collected by these Google functions is stored and deleted regularly.

You may prevent the storage of cookies by configuring the appropriate settings on your browser.

You can also prevent Google from collecting and processing this data by downloading and installing the browser add-on available at this link.

GOOGLE DYNAMIC REMARKETING UND DOUBLE CLICK SOWIE GOOGLE ADS CONVERSION TRACKING: You can refuse the storage of cookies and the associated data processing by deactivating personalized ads in your add settings.
You can deactivate the use of cookies by third-party providers through the Network Advertising
Initiative’s opt-out page. DoubleClick cookies can alternatively be deactivated by installing a browser plugin.

Note that such changes may limit the functionality of our websites.

For more information, see the Google https://policies.google.com/privacy?hl=en&gl=en.


LinkedIn Insights Tag AND CONVERSION TRACKING

Data collected:

We use LinkedIn’s Insight Tag on this website. The LinkedIn Insight Tag generates a LinkedIn “browser cookie” that collects the following data:

  • IP address,
  • Timestamp,
  • Page activities,
  • demographic data from LinkedIn if the user is an active LinkedIn member.

This technology enables us to monitor the performance of our ads and read information regarding user interaction on our website. The LinkedIn Insight Tag is embedded on our website in order to connect to the LinkedIn Server if and when you visit our site and are logged into your LinkedIn Account while doing so.

Purposes for which the data is processed:

We process your data in order to evaluate campaigns and collect information about users who might have reached our website via our LinkedIn campaigns.

Legal basis:

We process your data because you have given your consent and we have a legitimate interest in processing your data, Art. 6 (1)(a) and (f) EU GDPR.

Storage period and control options:

We store your data for as long as we need it for the respective purpose (evaluation of campaigns) and/or as long as you haven’t objected to the storage of your data or revoked your consent.

The collected data is encrypted. Find more information here. Have a look at LinkedIn’s privacy policy and the LinkedIn Opt-Out.


Microsoft

Data collected:

Bing Universal Event Tracking: We use Bing Universal Event Tracking (“UET”), a service of Microsoft Corporation, One Microsoft Way, Redmond WA 98052-6399, USA (“Microsoft”). When you access our websites through ads provided by Bing Ads, a cookie is placed on your computer. In addition, a UET tag is integrated on our websites. A UET tag is a code that is used together with the cookie to store pseudonymized data about how the website is used. In combination with the cookie, the tag records pseudonymized data to track what actions you perform on our websites after clicking on an ad from Bing Ads. The data collected include the amount of time spent on the website, which areas of the website were viewed, and what ad led you to the website. In addition, Microsoft can use cross-device tracking to track your usage across multiple electronic devices. The collected data is sent to a Microsoft server in the United States. Microsoft is certified under the EU-US Privacy Shield.

Bing Webmaster Tools: Microsoft’s Bing Webmaster Tools store both cookies and so-called “beacons” on your computer. Beacons, or tracking pixels, are small invisible graphics that can be used to register whether a web page has been accessed.

Purposes for which the data is processed:

Bing Universal Event Tracking: UET enables us to track your activities on our websites when you have accessed our websites via ads from Bing Ads; this, in turn, enables us to improve our online offerings. Cross-device tracking enables Microsoft to display personalized advertising.

Bing Webmaster Tools: This tool allows Microsoft to provide its Bing services and to optimize search results.

Legal basis:

We use Bing Tracking Tools after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.

Storage period and control options:

Microsoft stores the data for a period of no more than 180 days. You can prevent your data from being collected and processed by deactivating the use of cookies. Note that such changes may limit the functionality of the websites in question. You can use this link to deactivate cross-device tracking.

For more information on Bing’s analytics services, please visit the Bing Ads website.
For more information on data privacy at Microsoft and in Bing, see the Microsoft Privacy Statement.

 

Wingify

Data collected:

We use the Visual Website Optimizer, an A/B-test tool/web analysis server from Wingify, 14th Floor, KLJ Tower North, Netaji Subhash Place, Pitam Pura, Delhi 110034, India (hereinafter “Wingify”) on our websites. Wingify uses cookies allowing for an analysis of your website use. The information on your website use generated by the cookie as well as your IP address are transferred to a Wingify server in India and stored there. Find more information on the cookies used by following this link.

Purposes for which the data is processed:

Wingify uses this information on our behalf to analyze your website use and optimize our websites based on this information.

Legal basis:

We use Wingify after you have given your consent. When you visit our website, we obtain your consent via the cookie banner at the bottom edge of the page.

Storage period and control options:

Wingify stores your data and deletes it regularly. You may prevent or delete the storage of cookies by configuring the appropriate settings of your browser software. Furthermore, you may prevent Wingify from collecting data generated by the cookie — data related to your website use, including your IP address — as well as from processing this data altogether, and you may do so by following this link.

Find detailed information on how your personal data is handled by following this link.

 

D. Wordpress

Data collected:

We use the open-source content management system “Wordpress” and plug-ins for certain web pages. Plug-ins are functional additions to the “Wordpress” software. The use of these plug-ins can entail the processing of personal data, such as your IP address.  

We partially use third-party cookie and tracking technologies. In these cases, the principles outlined above and in section II.B. apply in full.

Purposes for which the data is processed:

We particularly use plug-ins for the following purposes:

·      Protection against abusive comments (“spam”)

·       Detection of faulty links

·      Improvement of the load speed of our mobile web pages

·      The specification regarding purposes outlined in B. applies to all third-party cookie and tracking technologies. 

Legal basis:

We use Wordpress and the relevant plug-ins based on our legitimate interest. It is in our legitimate interest to achieve the purposes described above.

We use third-party cookie and tracking technologies in connection with a plug-in after you have given your consent. You may revoke your consent at any time, following the procedures laid out above.  

Storage period and control options:

We store your data for as long as we need it for the specific processing purpose. 

You can block social media sites from collecting and processing your data by configuring your browser settings accordingly. 

If you do not want social media sites to directly associate the information collected through our websites with your user profile, you must log out before visiting our websites.

3. What data is processed when you visit our websites?

This sections explains what personal data is collected and processed when you contact us, subscribe to a newsletter, register as user, submit an enquiry for
a project or register as coach/consultant; for what purposes and by which recipients it is processed; on what legal basis the data is processed; and when the data is deleted.

 

A. Contacting us

Data collected:

When you contact us through a contact form or via email, we collect and process the data you provide, such as your contact information, your name and your request. All data that you share with us is transmitted from your browser to our server in encrypted form.

Purposes for which the data is processed:

Data processing is performed by our customer service department or by service providers working on our behalf, exclusively on the basis of your request and in order to process that request.

Legal basis:

We process your data for the implementation of precontractual and contractual measures that are performed at your request (Art. 6 (1)(b) GDPR).

Storage period:

We store your data for as long as we need it for the specific processing purpose, or to guarantee or comply with statutory retention periods.

WEBFLOW:

Data collected:

We use the service provider Webflow, Inc., 398 11th St, Floor 2, San Francisco, California 94103, US, to process messages you send via Internet contact form. The following data is processed:

  • your IP address,
  • your name,
  • your e-mail address,
  • your telephone number,
  • your company’s name,

and the content of your message.

According to Webflow, this data is stored on servers in the United States but passed on exclusively to us. For that reason, Webflow has no direct connection to our end users.

Purpose for which the data is processed:

The data is processed by Webflow on our behalf so that we can receive your message and process it as quickly as possible.

Legal basis:

Depending on the content of your message, our legal basis is either Art. 6 (1)(b) GDPR (initiation of a contract) or Art. 6 (1)(f) GDPR (our legitimate interest to communicate with you).

Storage period and control option:

We will delete your data following the end of our business relationship unless it prevents us from complying with legal or statutory retention periods.

If we process your data based on our legitimate interest, you may object to the processing of data in accordance with Art. 21 (1) GDPR. We will then examine your reasoned objection and either discontinue data processing or provide you with a justification of why we continue to process your personal data.

B. Support requests

Data collected:

If you contact us concerning a support request(including: forgotten password, login error, other product related support),your request will be processed by our data processor TeamViewer. This is aticket system operated by TeamViewer Germany GmbH, Jahnstr. 30, 73037Göppingen, Germany. The following data will be processed:

  • Your name, as far as this is included in yourinquiry
  • Your email address
  • Information from your message
  • Date of your request

Purposes for which the data is processed:

We process your personal data in order toprocess your support request and provide you with a prompt response. We deploya data processor, because we can ensure an efficient management of the supportrequests via his ticket system.

Legal basis:

Dealing with support requests forms part of ourservices and is therefore necessary for the due performance of your contractwith us, cf. Art. 6 para. 1 lit. b GDPR.

Insofar as a third party (e.g. your employer)has entered into a contract with us and not you personally, we process yourdata on the basis of our legitimate interest in the due performance of thecontract with this third party, cf. Art. 6 Para. 1 lit. f GDPR.

Storage period and control option:

We store your personal data arising out of yoursupport request for three years beyond the end of our business relationship, exceptother retention periods apply pursuant to contractual or other legal grounds.

The processing of your data is necessary forthe performance of our contractual relationship, therefore there is no controlpossibility. Without such data processing we would not be able to offer youefficient support in the event you are experiencing any issues.

If you are not a contracting party and we are processingdata based on our legitimate interest, you may object to data processing.However, we would like to point out that in such case we will not be able toprocess your support request properly and may therefore not be able to provideyou with the best possible support.

C. Newsletter

Data collected:

When you subscribe to our newsletter, we collect andprocess the e-mail address you provide. After you have registered for anewsletter, we will process your data with your consent so that we can keep youinformed about the selected topics via e-mail, as well as sending you relevantads. Our approach here is based on the double opt-in principle, i.e. when youorder a newsletter on our website, we send you a confirmation email with aregistration link. Only after clicking on this link will you be added to ournewsletter list.

Purposes for which the data is processed:

We process the data so that we can deliver the newsletter to you.

Legal basis:

We process your personal data based on your consent; see Art. 6 (1)(a) GDPR.

Storage period and control option:

We store your data for as long as your consent toreceive the newsletter is valid. You may revoke your consent informally at alltimes with future effect. Our newsletter provides a particularly easypossibility to do so, you just need to click on the opt-out link at the bottomof each newsletter. After you have revoked your consent, we will delete youre-mail address from our distribution list.


E-Mail dispatch service provider MailChimp

Data collected:

We dispatch our newsletter using “MailChimp”, anonline marketing platform. Data is processed by Rocket Science Group LLC, 675Ponce De Leon Ave NE #5000, Atlanta, GA 30308, United States. The e-mailaddresses of the subscribers to our newsletter are stored on the MailChimpservers in the United States. MailChimp uses this information on our behalf todispatch and analyze the newsletters. Furthermore, MailChimp states that it canuse the data to optimize or improve their services, e.g. for technicaloptimization of dispatch, display of the newsletters or commercial purposessuch as determining the home countries of the subscribers. MailChimp does notuse this data to contact subscribers on their own behalf. It does not pass onpersonal data to third parties.

The newsletters contain a so-called “web beacon”,which is a pixel-size file that is retrieved from the MailChimp servers whenyou open the newsletter. Retrieval triggers the processing of the followinginformation:

  • information on your browser and operating system
  • your IP address
  • time of retrieval
  • whether and when you opened the newsletter
  • and clicked on links.

For technical reasons, this information can be associated with individual newsletter subscribers. However, neither we norMailChimp aim to observe individual users. MailChimp is certified under theEU-US Privacy Shield and thus it is bound to comply with EU data protectionrequirements. You can have a look at MailChimp’s privacy policy at

Purpose for which the data is processed:

We use MailChimp as our e-mail dispatch serviceprovider in order to guarantee effective management of e-mail addresses as wellas to keep in contact with you via our newsletter.

Legal basis for data processing:

Data processing by MailChimp is based on ourlegitimate interest in effectively and safely dispatching our newsletter to you(Art. 6 (1)(f) GDPR).

Storage period and control option:

MailChimp states that it only stores your personal data for as long as we use your data for the dispatch of our newsletter.
MailChimp will delete your data if we unsubscribe you from our mailing list.

You can object to the processing of your personal data by MailChimp. We will examine your reasoned objection and inform you whether
and why we continue to process your data.

You may use the opt-out link at the bottom of each e-mail at any time; as a result, we will delete your e-mail address from our
mailing list and MailChimp will not continue to process your personal data.

C. Registration and matching as user of coaching services

Data collected:

When you register on our platform as user, we ask you to provide information on your person and your coaching request. We will ask you to provide the following information:

  • log-in data (e-mail address and password)
  • information on the motive for/subject of the coaching (e.g. change of roles, new stage in your professional life, improving the impression you make on others, conflict management or similar topics)
  • information on desired personality characteristics of the coach (humor, analytical thinking, creativity etc.)
  • desired sex and age of the coach
  • language
  • location of the coaching (on site, online)
  • starting date of the coaching
  • optional: further subjects that you wish to add to the coaching
  • It is possible that while providing this information, you reveal special categories of data (e.g. information on your health condition, social environment, religion or political opinion)

We will process this data with the sole purpose of finding a suitable coach for you and achieving the best possible result for you query.

Purpose for which the data is processed

Processing this data is necessary for us tomeet our contractual obligations and conduct “matching” with suitable coaches.

Providing information on special categories ofpersonal data (Art. 9 (1) GDPR) is generally voluntary. However, should we needthis kind of personal data to conduct the “matching”, it becomes required asthis data is of the essence for us to perform the contractually owed service.

Legal basis

We process your data for the implementation of acontract or of precontractual measures that are performed at your request (Art.6 (1)(b) GDPR).

Should the information you provide allow conclusionsregarding special categories of personal data according to Art. 9 (1) GDPR,data processing is based on your consent (Art. 6 (1)(a), Art. 9 (2)(a) GDPR).

Storage period and control option:

We will store your personal data for the duration of
our business relationship and will delete it upon termination of the same, as
long as deletion does not interfere with legal or contractual retention
periods.

If you have consented to our processing of your
personal data, you can informally revoke that consent at any time with future
effect. Please note that in this case, we might not be able to uphold our
contractual relationship with you, as we need to process your data to fulfil
our contract.

Order processing in the context of coach matching

If you, your employer or another person booked acoaching on the website of the Haufe Akademie (), we, Haufe Advisory GmbH, are the processor forHaufe Service Center GmbH with whom you conclude a coaching contract. Duringthe process of coach-matching and after you or your employer booked and paidfor one-on-one coaching on the website of the Haufe Akademie (), you need to go to our website and register as user.Our platform will then undertake a coach matching. Responsible for processingof your personal data in this context is the

Haufe Service Center GmbH

A Haufe Group Company

Munzinger Straße 9

79111 Freiburg (Germany)

Email: service@haufe.de

Raik Mickler, data protection officer at Haufe Service Center GmbH, will be happy to assist you with any questions you may have about
data processing, your rights, or the privacy policy statement of the Haufe Service Center GmbH. He can be reached at:

D. Project enquiries by clients

Data collected:

Should you commission
a consulting project, we will store the following information:

·       company name,

·       VAT number,

·       project location and address,

·       project name,

·       purpose of the project,

·       required consulting expertise,

·       scope of the project,

·       a possible daily rate, and

·       any additional information you provide


contact
details of the user(s) (in individual instances only)

You are not obliged
to share any of this data with us; if you decide not to share this data with
us, it will, however, not be possible for us to find high-quality consultants
and take care of your project (issue invoices, carry out quality assurance
measures).

Purposes for which the data is processed:

We process your data in order to put you into contact
with potential clients.

Legal basis:

We process your data in order to be able to implement
a contract with you or to fulfil precontractual measures that are performed
following your registration (Art. 6 (1)(b) GDPR).

Storage period and control option:

We will store your personal data for the duration of
our business relationship.

If our business relationship ends, we will store your
personal data for business activity documentation purposes for a period of
three years starting at the date of our last contact as long as the Haufe Advisory
GmbH is not legally obliged to store them for a longer period of time (e.g.
invoices, consulting contracts which were the legal basis for assignments,
etc.).

E. Registering as coach/consultant

Data collected:

We will store all data that you share with us in the course of your registration or application process; they will allow us to contact you, carry out our selection process and present your profile to potential clients.

You will have to specify the following data in the course of the registration process in order for us to be able to process your
application:

·      
title,
first name, surname, address, e-mail address, phone number

·       date of birth

·       short personal description

·       at least one consulting experience

·      
CV
information that you have provided

·       information on previous projects

·       expertise and sector-specific experience

There are further data that we need in order to be
able to identify and put you in contact with potential clients. It is optional
for you to provide this data. If you do not wish to share this information with
us, it becomes, however, less likely that we will be able to find suitable jobs
for you and that a company/coachee will chose your profile:

·       title, company

·       sector-specific knowledge

·       further consulting experience

·       USP,

·       coaching roles and focus

·       reference projects

·      
professional
experience, qualifications, education and training, language skills

·       profile picture (photo)

In the course of our multi-stage application process,
we will additionally determine and store the results of the individual stages
as part of our documentation:

·      
protocols
of our interviews with you concerning your previous experience as consultant or
coach, the focus of your company, your methods and the like

·      
your
professional self-assessment of your consulting/coaching skills

·      
results
of online performance and behavioral diagnosis procedures carried out as part
of our consultant admission process

·      
notes
on availability and desired projects and similar project-related items of
information

In cooperating with us, you will provide us with your
bank details and your company data (VAT registration number and commercial
register number). We will use this data for paying you for services your
rendered during jobs that were advertised on our platform.

If you want to provide us with more insight into your
professional activities, you may, on a voluntary basis, provide us with the
contact data (company, name, e-mail address, telephone number) of references.

We will contact these references with the sole purpose
of verifying the quality of your work. We take it for granted that the
references have consented to the passing on of their personal data.

Please note that your references may also work for
companies based outside the EU. When we contact one of your references, we will
mention your name and the type of your cooperation with them. Please only
provide the names of references if you agree to the passing on of your data to
them.

When we contact the references, we will obtain
information on the type, duration and point of time of your cooperation with
them, an assessment of your performance and ask about what they would hope for
in a future cooperation with you.

Purposes for which the data is processed:

We process your data in order to put you into contact
with potential clients and to verify your information.

Legal basis:

We process your data in order to be able to implement
a contract with you or to fulfil precontractual measures that are performed
following your registration (Art. 6 (1)(b) GDPR).

Storage period and control option:

We will store your personal data for the duration of
our business relationship.

If our business relationship ends, we will store your
personal data and the personal data of your references (with the exception of
your contact data) for documentation purposes for a period of two years as of
the end of our business relationship as long as the Haufe Advisory GmbH is not
legally obliged to store data for a longer period of time (e.g. invoices,
consulting contracts which were the legal basis for assignments, etc.). Your
contact data will be stored solely for traceability reasons, in connection with
a note on the termination of the business relationship.

In case we do not enter into any business relationship
with you, we will store your personal data and the personal data of your
references (with the exception of your contact data) for the purpose of any
later inquiries for a period of 6 months. Your contact data will be stored for
traceability reasons in connection with a note on the termination of the
business relationship for three years as of the termination of the business
relationship.

4. Transfer to third countries

We use several service providers based outside the European Union or the EEA. As the General Data Protection Regulation does not apply in these so-called third countries, Art. 44-47 GDPR stipulates particular safeguards that guarantee European data-protection standards.

Service providers used

Facebook: We use the services provided by Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, US, on our websites.

Google: We use products from Google LLC., 1600 Amphitheatre Pkwy, Mountain View, California 94043, in order to analyze the use of these websites and to enable their display.

Microsoft: We use Microsoft Azure, a product of the Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052-6399, USA, to host our self-operated IT system “inside”.

Salesforce: We use the service provider Salesforce.com Inc. (salesforce.com EMEA Limited, Company No. 05094083, registered in England; Floor 26 Salesforce Tower, 110 Bishopsgate, EC2N 4AY London; UK) for the management of your data.

Dropbox: We use services by Dropbox Inc., San Francisco, US, for document management.

Used safeguards:

In principle and to the extent possible, personal data is processed in European computer centers. During maintenance and support work, data can also be transferred to the third country Unites States. In order to guarantee appropriate safeguard of your personal data in these instances, we have used standard contractual clauses by the EU or corresponding contracts on order processing to oblige the above-mentioned service providers to adhere to a data protection standard that complies with EU law. Furthermore, all above-mentioned service providers are certified under the EU-US Privacy Shield; see link.

5. What rights do you have and how can you exercise them?

A. Revocation of consent

If you have consented to the processing of your personal data, you can revoke that consent at any time with future effect. Note that such revocation has no effect on the legality of previous data processing, and that it does not extend to data processing for which a statutory justification exists, and which may therefore take place even without your consent.

B. Additional rights of data subjects

In addition, you have the following rights as a data subject under Articles 15 to 21 and 77 of the EU General Data Protection Regulation (GDPR), provided that the statutory requirements are met:

Information:

You can request at any time that we provide you with information as to which of your personal data we process and how, and that we provide you with a copy of the stored personal data that relates to you, Art. 15 GDPR.

Correction:

You can request the correction of incorrect personal data and the completion of incomplete personal data, Art. 16 GDPR.

Deletion:

Regarding the deletion of your personal data: Please note that the right to deletion excludes data that we require for the execution and processing of contracts, and for the assertion, exercise and defense of legal claims, as well as data for which statutory, regulatory or contractual retention requirements apply, Art. 17 GDPR.

Restriction of processing:

Under certain circumstances, you may request that processing be restricted, e.g. if you believe that your data is incorrect, that the processing of your data is unlawful, or if you have objected to the processing of your data. The result of such a request is that your data may only be processed to a very limited extent without your consent, e.g. for the assertion, exercise and defense of legal claims or to protect the rights of other natural and legal persons, Art. 18 GDPR.

Objection to data processing:

You have the option to object at any time to data processing for purposes of direct advertising. In addition, if special reasons apply, you can object at any time to data processing on the basis of a legitimate interest, Art. 21 GDPR.

Data portability:

You have the right to receive the data that you have provided to us, and that we process based on your consent or in order to fulfill a contract, in a common, machine-readable format and, to the extent that this is technically feasible, to request that this data be transmitted directly to third parties, Art. 20 GDPR.

C. How to contact us

You can exercise your rights via the following contact channels

Haufe Advisory GmbH

A Haufe Group Company

Gonzagagasse 15/5

1010 Vienna

E-mail: datasecurity@haufe-advisory.com

 

You can revoke your consent to data processing through cookies and tracking technologies by adjusting the corresponding settings in your browser or by using the opt-out options described in detail under II.C. 

You can also revoke your consent to receive the newsletter at any time by clicking the corresponding link in each newsletter.

D. Right of appeal to a regulatory authority

If you believe, for example, that our data processing is unlawful or that we have not protected the rights described above to the required extent, you have the right to file a complaint with the competent data protection authority.

Updated: 24 October 2019