Data Protection

We appreciate your interest in our website. Protecting personal data is of high importance to HKM Consulting GmbH. This privacy policy explains which data is collected, processed and stored when using our website and online services.

Note: This translation is provided for information purposes only. The legally binding version is the German text.

1. Controller and Scope

Controller according to GDPR:
HKM Consulting GmbH
Managing Director: Klaus Martin Hecht
Nelkenstraße 44
85521 Hohenbrunn / Metropolitan Region of Munich
E-Mail: datenschutz@hkm-consulting.de

No data protection officer has been appointed, as there is no statutory obligation under § 38 BDSG. The managing director assumes responsibility for data protection. The mailbox datenschutz@hkm-consulting.de serves as the central contact point.

This privacy policy applies to the website www.hkm-consulting.de and its online services.

2. Collection, Processing and Storage of Personal Data

2.1 Use of the Website

a. Server log files

  • Data: IP address, date/time, URL and file name, referrer URL, browser type/version, operating system, access status, transferred data volume
  • Legal basis: Art. 6(1)(f) GDPR (IT security, stability)
  • Recipient: Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany (hosting, data processing agreement)
  • Retention: maximum 7 days, longer only in case of misuse
  • Third-country transfer: none

b. Technically necessary cookies
The following cookies are used exclusively to ensure the functionality of our website:

Cookie Purpose Retention Recipient
WPML Stores selected language Session / few days none
W3 Total Cache Optimizes loading speed Session / few days none
PHP-Session Ensures technical functionality Until end of session none
wordpress_test_cookie Checks if browser accepts cookies Until end of session none
wordpress_logged_in_* Stores login info (backend users only) Until end of session none

Legal basis: Art. 6(1)(f) GDPR.

c. Fonts (OMGF – locally hosted Google Fonts)

  • Data: no personal data
  • Legal basis: Art. 6(1)(f) GDPR
  • Recipient: none
  • Retention: n/a
  • Third-country transfer: none

d. External social media links
Our website contains links to external platforms (e.g. LinkedIn, Facebook). No data is transmitted to these providers when visiting our website. Data transfer occurs only once you click on the respective link.

e. Newsletter
Currently, we do not offer a newsletter or similar services.

2.2 Contact and Dialogue

a. E-mail contact

  • Data: Name, e-mail address, message, optional details
  • Legal basis: Art. 6(1)(b) and (f) GDPR
  • Recipient: internal departments of HKM Consulting GmbH
  • Retention: 6 years (business correspondence), 10 years (tax-related retention under §§ 147 AO, 257 HGB)
  • Third-country transfer: none
  • Note: End-to-end encryption of e-mails cannot be guaranteed in all cases. For confidential matters, we recommend postal mail or encrypted transfer.

b. Applications via e-mail

  • Data: Name, contact details, application documents (e.g. CV, references)
  • Legal basis: Art. 6(1)(b) GDPR, § 26(1) BDSG; storage to defend claims under the German Equal Treatment Act (AGG)
  • Recipient: HR staff only
  • Retention: maximum 6 months after the recruitment process; longer storage only with express consent (e.g. applicant pool, revocable at any time)
  • Third-country transfer: none

c. Contact forms (topic-related)
Our website offers topic-related contact forms.

  • Data: Name, e-mail address, message. Mandatory fields are marked with an asterisk (*). If a mandatory field is not completed, the user receives an on-page feedback message.
  • Processing: Data is transmitted via a secure TLS/SSL connection to our webserver and immediately forwarded as e-mail to our Strato AG mailboxes (Germany). Strato stores the e-mails exclusively in German data centers under high security standards.
  • Consent: Before sending, users must explicitly consent to the processing of their submitted data by ticking a checkbox.
  • Legal basis: Art. 6(1)(b) and (f) GDPR; additionally Art. 6(1)(a) GDPR (consent)
  • Recipient: internal departments of HKM Consulting GmbH
  • Retention: corresponds to e-mail communication (see a)
  • Third-country transfer: none

2.3 Other Processing

a. Video conferences (Microsoft Teams)

  • Data: Name, e-mail address, communication content (chat, audio, video, files), technical data (IP, device information)
  • Legal basis: Art. 6(1)(b),(f) GDPR; Art. 6(1)(a) GDPR for recordings
  • Recipient: Microsoft Ireland Operations Ltd., affiliated companies
  • Retention: no storage, except when recordings are expressly consented to
  • Third-country transfer: USA; EU-U.S. Data Privacy Framework, Standard Contractual Clauses

b. Security (Limit Login Attempts Reloaded)

  • Data: IP address, username, login events
  • Legal basis: Art. 6(1)(f) GDPR
  • Recipient: none
  • Retention: max. 30 days
  • Third-country transfer: none

c. User management (When Last Login)

  • Data: Timestamps of user logins
  • Legal basis: Art. 6(1)(f) GDPR
  • Recipient: none
  • Retention: until deletion of user account
  • Third-country transfer: none

d. Backups (BackWPup)

  • Data: all WordPress data including personal data
  • Legal basis: Art. 6(1)(f) GDPR
  • Recipient: Strato AG (hosting, processing agreement)
  • Retention: according to internal deletion policy
  • Third-country transfer: none

e. Other plugins
Other plugins (e.g. WPBakery Page Builder, Slider Revolution, The7 Theme) are used exclusively for layout and functionality. They do not process personal data.

f. Data processing by third parties
Aside from hosting by Strato AG, no external processors are currently engaged. All maintenance, security, and IT services are performed internally by HKM Consulting GmbH. If external processors are engaged in the future, this will only take place on the basis of a data processing agreement pursuant to Art. 28 GDPR.

3. Your Rights

You have the right to access (Art. 15 GDPR), rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), restriction (Art. 18 GDPR), data portability (Art. 20 GDPR) and withdrawal of consent (Art. 7(3) GDPR).

4. Right to Object

You may object at any time to the processing of your personal data based on Art. 6(1)(f) GDPR, provided there are reasons arising from your particular situation (Art. 21 GDPR).

5. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. For HKM Consulting GmbH, this is the Bavarian State Office for Data Protection Supervision (BayLDA). You may also contact any other supervisory authority within the European Union.

6. Data Security

We implement technical and organizational measures to protect personal data, including:

  • TLS/SSL encryption of data transmission
  • access restrictions to internal systems
  • encrypted storage of passwords
  • strict authorization management
  • regular software updates and security checks
  • regular backups and system monitoring
  • staff training on data protection

These measures are regularly reviewed and updated to reflect the current state of the art.

7. Updates and Amendments

This privacy policy is valid as of September 2025. Changes may occur due to legal requirements or technical developments. The current version is always available on our website.