Privacy Policy

Website data protection statement and at the same time information for data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation

General Information

Information about the controller

Company

HKM Consulting GmbH

Legal representative

Klaus Martin Hecht

Address

Nelkenstrasse 44
85521 Hohenbrunn / Greater Munich Area

Contact details

privacy.policy@hkm-consulting.de

General data processing information

Affected data

Personal data is only collected if you communicate it to us yourself. Apart from that, no personal data is collected. Any processing of your personal data that goes beyond the scope of the legal permissions will only be carried out on the basis of your express consent.

Processing purpose

Contract execution

Categories of recipients

  • Public authorities in the event of priority legislation.
  • External service providers or other contractors.
  • Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers

As part of contractual execution, processors could also be used outside the European Union, including email providers.

Duration of data storage

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Specific information about the website

Website Log Files

When you visit our websites, your browser transmits certain data to our web server for technical reasons. The following data are recorded during an ongoing connection for communication between your internet browser and our web server:

  • Date and time of your request
  • Name of the requested file
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Type and version of the browser and the operating system you use
  • Full IP address of the requesting computer
  • Quantity of data transferred

For reasons of technical security, in particular to prevent attacks on our web server, we store these data for a short period of time. It is impossible to discern the identity of individual persons based on this data. After a short period of time, the data is anonymized by shortening the IP address at the domain level, so that it is no longer possible to establish any reference to the individual user. The anonymized data will also be processed for statistical purposes. We don’t compare any data to data in other databases or forward them to third parties.

Use of own “cookies”

This website uses its own “cookies” to increase user-friendliness (“cookies” are data records that are sent from the web server to the user’s browser and stored there for later retrieval). No personal data is stored in our own “cookies”. You can generally prevent the use of “cookies” if you prohibit the storage of “cookies” in your browser.

Information about other data processing procedures

Specific information about the application process

Affected data

Application information

Processing purpose

Implementation of application process

Categories of recipients

  • Public authorities in the event of priority legislation.
  • External service providers or other contractors, including for data processing and hosting.
  • Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers

As part of contractual execution, processors could also be used outside the European Union, including email providers.

Duration of data storage

Application data will generally be deleted within four months of notification of the decision, unless consent to longer data storage has been given in the context of inclusion in the applicant pool.

Specific information for the processing of customer data/prospective parties’ data

Affected data

Data communicated for contract execution; if necessary, additional data for processing on the basis of your express consent.

Processing purpose

Contract execution, including quotes, orders, sales and invoicing, quality assurance

Categories of recipients

  • Public authorities in the event of priority legislation.
  • External service providers or other contractors, including for data processing and hosting, shipping, transport and logistics, service providers for printing and mailing information and call centers.
  • Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers

As part of contractual execution, processors could also be used outside the European Union, including email providers.

Duration of data storage

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Specific information on the processing of employee data

Affected data

Data communicated for contract execution; if necessary, additional data for processing on the basis of your express consent.

Processing purpose

Contract execution

Categories of recipients

  • Public authorities in the case of overriding legal provisions, e.g. tax office, social insurance agency.
  • External service providers or other contractors, including for data processing and hosting, payroll, travel expense reporting, insurance services.
  • Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers

As part of contractual execution, processors could also be used outside the European Union, including email providers.

Duration of data storage

The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Specific information for the processing of supplier data

Affected data

Data communicated for contract execution; if necessary, addition-al data for processing on the basis of your express consent.

Processing purpose

Contract execution, including inquiries, purchasing, quality assurance

Categories of recipients

  • Public authorities in the event of priority legislation.
  • External service providers or other contractors, including for data processing and hosting, accounting, payment processing.
  • Other external bodies in so far as the data subject has given his consent or a transmission is permitted due to a prevailing interest.

Third-country transfers

As part of contractual execution, processors could also be used outside the European Union, including email providers.

Duration of data storage

The duration of data storage depends on the statutory storage re-quirements and is usually 10 years.

Specific information on using video conference/webinar software

Affected data

Data communicated when using video conference software/webinar software (especially first name, last name, email address; optional: audio transmission data; optional: video transmission data; optional: use of chat function); the data your system is technically required to process in order to establish a connection with the provider of the conference software.

Processing purpose

Conducting video conferences resp. webinars

Categories of recipients

  • Public agencies where priority legal provisions exist.
  • External service providers or other contractors, e.g., for data processing and hosting.
  • Other external bodies insofar as the data subject has given his or her consent or transmission is permitted due to a prevailing interest.

Third-country transfers

Contract processors outside the European Union are used (in this case: the United States of America); the appropriate standard contract clauses have been concluded with the service provider.

Duration of data storage

Video conferences can only be recorded if participants have provided documented consent in advance. The technical data will be deleted if they are no longer required. The duration of data storage depends on the statutory storage requirements and is usually 10 years.

Further information and contacts

In addition, you may invoke your rights to correction or deletion at any time, to restrict processing, to object to processing, and to data portability. Here you will find the option to contact us by email or letter. You also have the right to contact the data protection supervisory authority for complaints.