This policy informs you about the collection of personal data when using our website. Personal data is any data that can be linked to you personally, e.g. name, postal or email address, user behaviour. We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or unauthorised access. Our security procedures are regularly reviewed and updated to the latest technical standards.
1. Data controller
The data controller as per article 4(7) of the General Data Protection Regulation (GDPR) is:
(siehe unser see site notice).
2. Contact details for data protection officer
You can reach our data protection officer at dsb-krongaard(at)intersoft-consulting.de or by writing a letter to our postal address marked for the attention of the “Data protection officer”.
3. Your rights
You have the following rights with regard to your personal data:
3.1 General rights
You have a right of access, rights to rectification, erasure and restriction of processing, the right to object and the right to data portability. If the processing of your data is based on consent, you have the right to withdraw your consent with immediate effect.
3.2 Rights where data is processed on the basis of a legitimate interest
As per article 21(1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) (public interest) or (f) (legitimate interests) of article 6(1), including profiling based on those provisions. If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
3.3 Rights where data is processed for direct marketing purposes
Where your personal data is processed for direct marketing purposes, you have the right as per article 21(2) GDPR to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.
3.4 Right to lodge a complaint with a supervisory authority
You also have the right to lodge a complaint with a competent supervisory authority about our processing of your personal data.
4. Collection of personal data when using our website
If you use our website for information purposes only, i.e. if you do not register or provide information to us by other means, we only collect the personal data that your browser sends to our server. If you choose to view our website, we collect the following data, which is technically necessary in order to display our website and ensure stability and security (legal basis for processing: article 6(1)(f) GDPR):
IP address, date and time of request, time zone difference from Greenwich Mean Time (GMT), content of request (specific page), access status/HTTP status code, transferred data volume, website from which the request originated, browser, operating system and interface, and the language and version of the browser software.
5. Contacting us by email or a contact form
If you contact us by email or using a contact form, we will save the details you provide (your email address and, if applicable, your name and telephone number) in order to respond to your queries. Where our contact form requests information that is not necessary to be able to contact you, we have marked these fields as optional. This information provides us with more detail about your enquiry and helps us to provide a better response. If you give this information, this is explicitly on a voluntary basis and with your consent as per article 6(1)(a) GDPR. Where this information includes details of communication channels (e.g. email address, telephone number), you also consent to us contacting you by these channels to answer your enquiry. You can withdraw this consent at any time with immediate effect.
We will delete this data once we have no further need to store it, or limit processing if there are statutory retention requirements.
6. Project market/CV upload
6.1 What information do we collect?
You can register with us as an expert contractor on our website. To do so, you need to provide at least the following personal details:
- Full name
- Email address
- Telephone number
You can also provide files containing other personal data, such as
- a CV
- a project summary or
- a photo
using the upload function.
This information will not be publicly visible on the site after uploading. The data you submit to us in your CV and/or other documents will be entered into our IT system so that our consultants can work with this information and find suitable projects for you.
Your data will not be shared with our existing or potential clients without your consent. However, you have the option to send an email authorising us to proactively share your anonymised CV with our clients. In that case, the clients will receive an anonymised copy of your CV without personal data such as name, postal/email address, telephone number and pictures. We will only share your personal contact details (postal/email address, telephone number) with a client if we have your specific consent to do so for that client.
If you decide to apply for projects advertised by KRONGAARD or to send us your documents on a speculative basis, in addition to your personal details you will need to provide information about your career history. You are asked to upload your CV using our form. The CV will then be processed and your details stored in our applicant database. If you send your documents by email, they will likewise be entered into our applicant database. All documents that you send with your email (cover letter, CV, references, other supporting evidence) and the information they contain will be stored. If you provide your application documents in person or by post, we will first digitise them and then likewise enter them into our application database. We will return the original documents to you as soon as possible afterwards.
6.2 Prohibited content
You are solely responsible for the content of the documents you submit. Personal data that you submit to us should generally not include information about the following:
- Possible pregnancy
- Ethnic origin
- Political, religious or philosophical beliefs
- Trade union membership
- Any information not specifically related to your application
6.3 Processing based on consent?
6.4 Editing and deleting your CV data
The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the processing of the data is required for the performance of a contract to which you are party or a precontractual measure, then the data will be deleted when it is no longer required for the performance of the contract. Even after concluding the contract, it may be necessary to store your personal data in order to comply with contractual or statutory requirements, in particular retention duties under commercial and tax law, or to protect our legitimate interests:
- Storing data to the extent required to comply with retention duties to which we are subject under commercial and/or tax law. The statutory retention period is ten years for all documents required for determination of taxable profit, and six years for business correspondence (including emails). The legal basis for this processing is article 6(1)(c) GDPR.
- In accordance with the provisions of the German Civil Code (BGB), limitation periods can be up to 30 years, but the standard limitation period is three years. We therefore retain contractual and contractually related documents in accordance with these provisions on limitation periods in case it becomes necessary to take legal action. The legal basis for this processing is article 6(1)(f) GDPR.
If your data is being processed on the basis of consent, you can withdraw this consent in whole or in part at any time and with immediate effect by submitting a request to firstname.lastname@example.org. If you withdraw your consent, this may mean we are unable to match you to vacant positions, in particular if the withdrawal of your consent means that your general or specific application now lacks the typically expected level of detail and potential clients are unable to get a clear picture of you. If you withdraw your consent, we will generally delete your data; if the data is required for the performance of a contract or precontractual measures, it can only be deleted ahead of time if this does not conflict with contractual or statutory requirements.
6.5 Data security
We take precautions to protect your data from misuse by third parties, using measures such as (SSL) encryption, firewalls, anti-hacker software and manual security procedures.
6.6 Data protection officer
For all enquiries relating to privacy and data protection, please contact our data protection officer: email@example.com.
6.7 Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law. You can find a list of German supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
When you use our website, cookies are saved on your device. Cookies are small text files that are stored on your hard drive. They are linked to the browser that you are using and provide certain information to the site that placed the cookies. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.
This website uses the following types of cookies, whose scope and functionality are described below:
7.1 Transient cookies
These cookies are automatically deleted when you close your browser. They include session cookies, which save a session ID that allows different requests from your browser to be linked to the same session and mean we can recognise your device if you return to our website. Session cookies are deleted if you log out or close the browser.
7.2 Persistent cookies
These are automatically deleted after a set period of time, which can vary depending on the cookie. You can delete these cookies at any time in your browser security settings.
7.3 Blocking cookies
You can configure your browser settings according to your preferences. For instance, you can choose to reject third-party cookies or all cookies. Please note that this may mean you are unable to use all functions of this website.
7.4 Cookie Consent with Consent Manager Provider
Our website uses the cookie consent technology of MANDARIN MEDIEN Gesellschaft für digitale Lösungen mbH to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law. The provider of this technology is MANDARIN MEDIEN Gesellschaft für digitale Lösungen mbH, Mueßer Bucht 1, 19063 Schwerin, Germany, https://www.mandarin-medien.de/ (hereinafter "Consent Manager Provider").
When you enter our website, a connection is established to the servers of MANDARIN MEDIEN in order to obtain your consents and other declarations regarding cookie use. Subsequently, MANDARIN MEDIEN stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the MANDARIN MEDIEN cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
8. Social bookmarks
9. YouTube videos
10. Google Web Fonts (local embedding)
This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
11. Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google web fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If a respective declaration of consent has been obtained, the data shall be processed exclusively on the basis of Art. 6(1)(a) GDPR. This declaration of consent may be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
We have integrated features of the Spotify music platform into this website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You will be able to recognize Spotify plug-ins when you see the green logo on this website. An overview of Spotify’s plug-ins can be found at: https://developer.spotify.com.
The plug-in makes it possible to establish a direct connection between your browser and Spotify’s server when you visit this website. As a result, Spotify receives the information that you visited this website with your IP address. If you click the Spotify button while you are logged into your Spotify account, you have the option to link content from this website with your Spotify profile. Consequently, Spotify will be in a position to allocate your visit to this website to your user account.
We would like to point out that when using Spotify, cookies are used by Google Analytics so that your usage data can also be passed on to Google when using Spotify. Google Analytics is a tool of the Google Group for the analysis of user behavior with headquarters in the USA. Spotify alone is responsible for this integration. We as website operators have no influence on this processing.
Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the attractive acoustic presentation of the website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
For more information, please consult Spotify’s Data Protection Declaration under: https://www.spotify.com/us/legal/privacy-policy/.
If you do not want Spotify to be able to allocate the visit of this website to your Spotify user account, please log out of your Spotify user account while visiting our sites.
13. Website analytics
We use various services for the purposes of analysing and optimising our website. These services are described below. They allow us, for instance, to analyse how many users visit our site, what the most popular search terms are and how users found our site. We collect data including which site referred the user to our site, which pages on our site they visited and how often and for how long they viewed each page. This helps us to improve our services and make them more user-friendly. The data that is collected cannot be used to personally identify individual users. Only anonymous/pseudonymous data is collected. The legal basis for this processing is article 6(1)(f) GDPR.
13.1 Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.
The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.
13.2 Google Analytics
This website uses Google Analytics, a Web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”: text files that are stored on your device and enable an analysis of your use of our website. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there.
However, if IP anonymisation is activated on this website, Google will first truncate your IP address within the territory of an EU/EEA member state. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports about website activity and provide other services relating to website and Internet use to the website operator.
The IP address transmitted to Google Analytics by your browser is not combined with other Google data. You can prevent cookies from being stored by selecting a corresponding setting in your browser software; however, please note that this may prevent you from making full use of all the functions of this website. You can also prevent Google from recording and processing the data about your use of the website (including your IP address) generated by the cookie by downloading and installing the browser plug-in available at the following address: (http://tools.google.com/dlpage/gaoptout?hl=de) verfügbare Browser-Plugin herunterladen und installieren.
You can find more detailed information about Google’s terms of service and data protection at www.google.com/analytics/terms/de.html and www.google.de/intl/de/policies/. Please note that this website uses Google Analytics with the code “anonymizeIp” in order to ensure anonymised IP address registration (“IP masking”).
13.3 Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.
The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in marketing the operator’s services and products as effectively as possible.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
13.4 Google Remarketing
This website uses the functions of Google Analytics Remarketing. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user patterns on our website (e.g., clicks on specific products), to allocate a certain advertising target groups to you and to subsequently display matching online offers to you when you visit other online offers (remarketing or retargeting).
Moreover, it is possible to link the advertising target groups generated with Google Remarketing to device encompassing functions of Google. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner tailored to you as well as on any of your devices (e.g., tablet or PC).
If you have a Google account, you have the option to object to personalized advertising under the following link: https://www.google.com/settings/ads/onweb/.
The use of Google Remarketing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the marketing of the operator’s products that is as effective as possible. If a respective declaration of consent was requested, processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.
For further information and the pertinent data protection regulations, please consult the Data Privacy Policies of Google at: https://policies.google.com/technologies/ads?hl=en.
Formation of Target Groups with Customer Reconciliation
For the formation of target groups, we use, among other things, the Google Remarketing customer reconciliation feature. To achieve this, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google accounts, matching advertising messages within the Google network (e.g., YouTube, Gmail or in a search engine) are displayed for them to view.
13.5 Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use Google Conversion Tracking on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the analysis of the user patterns with the aim of optimizing both, the operator’s web presentation and advertising. If a respective declaration of consent was requested (e.g., concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.
For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en
We use the retargeting tool and conversion tracking function provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website. This tag allows LinkedIn to collect pseudonymous statistical data about your visit and use of our website, and to provide us with aggregate statistics based on this data. Generally, the information that is collected includes:
LinkedIn User ID (Cookie ID)
Anonymised IP address
Metadata of website visit, e.g. browser type, visited website
This information also allows us to display relevant offers and recommendations specific to your interests, after you have apprised yourself of particular services, information and offers on our website. This information is stored in a cookie. You can opt out of this tracking at the following address: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
14. Data sharing
Your data will generally not be shared with third parties unless we are legally required to do so, it is necessary for the performance of a contract or you have expressly consented to it.
Where our service providers have access to your data, we shall ensure that their processing of the data as per article 28 GDPR likewise meets the requirements of privacy law. Please also refer to the service providers’ own privacy policies. The content of third-party services is the responsibility of the providers of those services, though we do as far as is reasonably practicable check the services to ensure compliance with legal requirements.
We attach great importance to processing your data within the territory of the EU/EEA. However, we may engage service providers that process data outside the EU/EEA. In such cases, before sharing your personal data we ensure that the recipient has put in place an adequate level of data protection, i.e. a level of protection comparable to EU standards, based on EU standard agreements or an adequacy decision such as the EU Privacy Shield.
15. Data security
We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or unauthorised access. Our security procedures are regularly reviewed and updated to the latest technical standards.
16. Project alert
With your consent as per article 6(1)(a) GDPR, you can subscription to our project alert, which lets you know about our current projects.
The project alert uses double opt-in registration. This means that after subscribing, we will send an email to the address you provided asking you to confirm that you wish to receive the project alert. Unless you confirm your subscription using this link, you will not receive project alert news from us.
The only mandatory information that is required for us to send you the project alert is your email address. Providing your name is optional and allows us to address you personally. After you confirm your subscription, we save your email address for the purpose of sending the newsletter. The legal basis for processing is article 6(1)(a) GDPR.
You can unsubscribe from the project alert and withdraw your consent at any time and with immediate effect. To unsubscribe, click the button in the project alert email or let us know in writing by emailing firstname.lastname@example.org.
17.1 Personal data and processing purposes
In the context of your participation in our free online events (e.g. webcasts), we process personal data in order to conduct the event. We process personal data that you enter in the zoom input mask on the basis of our legitimate interest in enabling participation in free online formats of Krongaard GmbH (Art. 6 para. 1 lit. f DSGVO). The following information is required:
- E-mail address
We process other information marked as optional, such as zip code and location, on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). If you have registered for the event, you will receive a one-time reminder email from us before the event begins. Furthermore, we use your data to draw your attention (by e-mail) to this and other events, provided you have consented to receive such mails (Art. 6 para. 1 lit. a DSGVO) or you have already purchased services from us and we want to inform you about similar services or products (§ 7 para. 3 UWG).
17.2 Data transmission
Insofar as we engage service providers to provide technical support for data processing, this is done in strict compliance with the regulations on commissioned data processing (Art. 28 DSGVO).
For the webcast, we use the service provider Zoom Video Communications Inc., which operates worldwide and, as a data recipient, also transmits data to the United States or stores it there. We have concluded an order processing agreement with this service provider, so that Zoom is subject to our instructions. By concluding standard data protection clauses, we can also ensure an appropriate level of data protection outside the EU.
In addition to the data requested in the Zoom input mask, Zoom, as the responsible party, collects your data in order to provide the service. This includes, for example, device information (IP address, operating system, etc.) and data about product and website usage. For more information about how Zoom processes your personal data, please visit the following website:
17.3 Duration of storage, deletion
The personal data will only be stored and used as long as this is necessary for the fulfillment of the respective service or to achieve the purpose underlying the storage, the data processing has not been objected to or a given consent has not been revoked.
17.4 Your rights
You have the following rights with respect to us regarding personal data concerning you:
17.4.1 General rights
You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to revoke it with effect for the future.
17.4.2 Rights in data processing according to the legitimate interest
Pursuant to Art. 21 (1) DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) sentence 1 lit f DSGVO (data processing for the protection of a legitimate interest). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Please note that in the event of an objection, participation in online events of Krongaard GmbH may not be possible.
17.4.3 Rights in the case of direct advertising
If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Art. 21 (2) DSGVO.
In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
If you have already purchased services or products from us, we may send you promotional emails about similar products and services that may also be of interest to you. The legal basis for this direct advertising is Section 7 (3) UWG. You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.
17.4.4 Right to complain to a supervisory authority
You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data.
Last updated: 03/2021