Skip to content

Privacy Policy

Downloads

Privacy Policy for Applicants

Fair Processing Notice

Data protection information on the recording of expert interviews

 

Privacy Policy 

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used. 

This privacy policy applies to the website of Altman Solon GmbH & Co KG, which is accessible under this domain and the various subdomains ("our website"). 

Objection to advertising e-mails 

We hereby object to the use of the contact data published in the legal notice, the data protection notice and other contact data published on the website for sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails. 

Who is responsible and how can I reach you? 

Person responsible 

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR) 

Altman Solon GmbH & Co KG  
Kardinal-Faulhaber-Str. 6  
80333 Munich 

Data Protection Officer 

Our data protection officer is Stephan Krischke and you can contact the data protection team at dataprotection@altmansolon.com.

What is it about? 

This privacy policy meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose. 

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations. 

Who receives my data? 

Your personal data will not be transferred to third parties for purposes other than those listed below. 

We only pass on your personal data to third parties if: 

  • you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR, 
  • the disclosure is permitted in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data, 
  • in the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 lit. c GDPR, and 
  • this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 lit. b GDPR. 

In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This may not apply in the case of data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR. 

As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. The USA does not have an adequate level of data protection (ECJ: Schrems II ruling). In particular, US investigative authorities can oblige US companies to hand over or disclose personal data without the data subjects being able to take effective legal action against this. This means that there is a fundamental possibility that your personal data may be processed by US investigative authorities. We have no influence on these processing activities. In order to protect your data, we have concluded data processing agreements based on the European Commission's standard contractual clauses. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a) GDPR. This may not apply in the case of data transfer to third countries for which the European Commission has issued an adequacy decision pursuant to Art. 45 GDPR. 

Do you use cookies? 

Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to carry out various analyses, so that we are able, for example, to recognize the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses. 

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website. 

What rights do I have? 

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject: 

  • Information pursuant to Art. 15 GDPR about the personal data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data; 
  • Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us; 
  • Deletion in accordance with Art. 17 GDPR of the data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims; 
  • restriction of processing pursuant to Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose the erasure of the data because you need it for the establishment, exercise or defense of legal claims or you have objected to processing pursuant to Art. 21 GDPR. 
  • Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible. 
  • Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there. 
  • Revocation pursuant to Art. 7 para. 3 GDPR of your consent with effect for the future. 
  • Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters. 

How is my data processed in detail? 

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling. 

Provision of the website 

Type and scope of processing 

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file: 

  • IP address of the requesting computer 
  • Date and time of access 
  • Name and URL of the retrieved file 
  • Website from which the access is made (referrer URL) 
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider 

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR. 

Purpose and legal basis 

Processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data. 

Storage duration 

The aforementioned data is stored for the duration of the display of the website and - for technical reasons - for a maximum of 7 days thereafter. 

Contact form 

Type and scope of processing 

Personal data is collected when you contact us (e.g. via contact form or email). Which data is collected in the case of a contact form can be seen from the respective contact form. You can also voluntarily provide additional information that you believe is necessary to process the contact request. 

When using the contact form, your personal data will not be passed on to third parties. 

Purpose and legal basis 

The processing of your data by using our contact form is carried out for the purpose of communication and processing your request on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Insofar as your request relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means. 

Storage duration 

If you use the contact form on the basis of your consent, we will store the data collected for each inquiry for a period of three years, starting from the time your inquiry is dealt with or until you withdraw your consent. 

If you use the contact form as part of a contractual relationship, we store the data collected for each inquiry for a period of three years from the end of the contractual relationship. 

Contact form for applicants 

Type and scope of processing 

We collect and process the personal data of applicants. Corresponding data processing may also be carried out electronically, for example when applicants send us application documents by e-mail or via a web form on our website. On our website, we offer you the opportunity to send us applications for advertised vacancies by e-mail. 

Your data will also only be stored in an applicant database beyond the current application process if you have given us your separate consent to do so. 

Purpose and legal basis 

The processing of your data in connection with your application is carried out for the purpose of processing your application and deciding on the establishment of an employment relationship on the basis of Section 26 BDSG. If your application documents are forwarded to third parties, in particular to companies affiliated with us, and if your data is stored beyond the current application process, your data will be processed on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your application without providing the information. 

Storage duration 

Applicant data will be deleted after 6 months in the event of rejection. In the event that you have consented to your personal data being stored further, we will transfer your data to our applicant pool. There the data will be deleted after 24 months. 

Newsletter 

Type and scope of processing 

On our website, you are given the opportunity to subscribe to our company's newsletter. Which personal data is transmitted to us when you subscribe to the newsletter can be seen from the input mask used for this purpose. 

We inform our customers and business partners about our offers at regular intervals by means of a newsletter. In principle, you can only receive our company newsletter if 

  • you have a valid e-mail address and 
  • you have registered to receive the newsletter. 

For legal reasons, a confirmation e-mail will be sent to the e-mail address you entered for the first time for the newsletter mailing using the double opt-in procedure. This confirmation e-mail is used to check whether you, as the owner of the e-mail address, have authorized the receipt of the newsletter. 

When you register for the newsletter, we also store the IP address assigned by your Internet service provider (ISP) of the IT system you are using at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of your e-mail address at a later date and therefore serves our legal protection. 

The personal data collected when registering for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a registration in this regard, as could be the case in the event of changes to the newsletter offer or changes to the technical circumstances. The personal data collected as part of the newsletter service will not be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for the newsletter dispatch can be revoked at any time. There is a corresponding link in every newsletter for the purpose of revoking consent. It is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way. 

Purpose and legal basis 

We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data. 

Storage duration 

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this. 

Newsletter tracking 

Our newsletters contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in e-mails sent in HTML format to enable log file recording and analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. Based on the embedded tracking pixel, the company can recognize whether and when an e-mail was opened by you and which links in the e-mail were called up by you. 

Purpose and legal basis 

Such personal data collected via the tracking pixels contained in the newsletters are stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. This personal data will not be passed on to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After revocation, this personal data will be deleted by us. Unsubscribing from the newsletter is automatically interpreted as a revocation. 

Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interests in the display of personalized advertising, market research and/or demand-oriented design of our website. 

Presence on social media platforms 

We maintain so-called fan pages or accounts or channels on the networks listed below in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you which data we or the respective social network process in connection with your accessing and using our fan pages/accounts. 

Data that we process from you 

If you wish to contact us via Messenger or via Direct Message via the respective social network, we generally process your user name, which you use to contact us, and may store other data provided by you insofar as this is necessary to process/answer your request. 

The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary for the purposes of the legitimate interests pursued by the controller). 

(Static) usage data that we receive from the social networks 

We receive automated statistics regarding our accounts via Insights functionalities. The statistics include the total number of page views, likes, information on page activities and post interactions, reach, video views/views and information on the proportion of men/women among our fans/followers. 

The statistics only contain aggregated data that cannot be related to individual persons. They are not identifiable to us. 

It is not possible for us to draw conclusions about individual users by means of the statistical information transmitted. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality. 

What data the social networks process from you 

In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network. 

Please note, however, that the social networks also collect and store data from website visitors without a user account when the respective social network is accessed (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies, over which we have no influence whatsoever. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above) 

If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts/contributions and/or wish to contact us via messenger functions, you must first register with the respective social network and provide personal data. 

We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside the EU/EEA and passed on to third parties. 

Due to the fact that the actual data processing is carried out by the provider of the social network, our access options to your data are limited. Only the provider of the social network is authorized to have full access to your data. As a result, only the provider can directly take and implement appropriate measures to fulfill your user rights (request for information, request for deletion, objection, etc.). The assertion of corresponding rights is therefore most effectively carried out directly against the respective provider. 

Purpose and legal basis 

We only collect your data via our profile in order to realize a possible provision for communication and interaction with us. This collection generally includes your name, message content, comment content and the profile information you provide "publicly". 

The processing of your personal data for the above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 (1) f) GDPR. If you as a user have given your consent to data processing to the respective provider of the social network, the legal basis for processing extends to Art. 6 para. 1 a), Art. 7 GDPR. 

X 

X (formerly Twitter) is a short message service of Twitter International Company, with registered office at One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland, which enables the creation of private profiles of natural persons (Personal Account) and professional profiles (Professional Account) of natural persons and companies. Via X, users can, among other things, write short messages, interact with the content of other users, e.g. give likes to posts, share posts and reply when other users mention or tag you in content. 

When using or visiting the network and thus also when visiting our X account, Twitter automatically collects data from users or visitors during the use or visit, for example user name and IP address. This is done with the help of tracking technologies, in particular the use of cookies. Twitter provides users with information, offers and recommendations based on the data collected in this way, among other things. This information is used to provide us, as the operator of our Twitter page, with statistical information about the use of the X page. You can find more information on this in Twitter's privacy policy: https://twitter.com/privacy#twitter-privacy-1. 

We are jointly responsible with Twitter for the personal content of the fan page. Data subject rights can be asserted with Twitter Inc. as well as with us. 

The primary responsibility under the GDPR for the processing of Insights data lies with Twitter and Twitter complies with all obligations under the GDPR with regard to the processing of Insights data. Twitter makes the essence of the Page Insights Supplement available to data subjects. 

We do not make any decisions regarding the processing of Insights data and the storage duration of cookies on user end devices. 

For more information, including the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines on the use of cookies and similar technologies in the context of registration and use, please refer to Twitter's privacy policy/cookie policy: Privacy Policy: https://twitter.com/privacy#twitter-privacy-1 
Cookie Policy: https://help.twitter.com/rules-and-policies/twitter-cookies 

You can adjust your X privacy settings yourself in your user account. To do this, click on the following link and log in: https://twitter.com/personalization. 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details at: https://gdpr.twitter.com/en/controller-to-controller-transfers.html. 

LinkedIn 

LinkedIn is a social network of LinkedIn Inc. based in Sunnyvale, California, USA, which enables the creation of private and professional profiles of natural persons and company profiles. Users can maintain their existing contacts and make new ones within the social network. Companies and other organizations can create profiles where photos and other company information can be uploaded to present themselves as employers and recruit employees. Other LinkedIn users have access to this information and can write their own articles and share this content with others. The focus of the network is on professional exchange on specialist topics with people who have the same professional interests. 

When using or visiting the network, LinkedIn automatically collects data from users or visitors, such as user name, job title and IP address. This is done with the help of various tracking technologies. LinkedIn provides users with information, offers and recommendations based on the data collected in this way, among other things. 

We are jointly responsible with LinkedIn for the personal content of our company profile. Data subject rights can be asserted with LinkedIn Inc. as well as with us. 

We do not make any decisions regarding the data collected on the LinkedIn site using tracking technologies. 

If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. 

You can find more information about LinkedIn at: https://about.linkedin.com. 

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy. 

Further information on storage duration/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use at LinkedIn can be found at: https://de.linkedin.com/legal/cookie-policy?trk=homepage-basic_footer-cookie-policy. 

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs. 

Technology 

SSL/TLS encryption 

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us as the operator. You can recognize an encrypted connection by the "https://" in the address line of the browser instead of "http://" and by the lock symbol in your browser line. 

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties. 

Bitly URL Shortener

Type and scope of processing

We use the Bitly URL shortener to generate particularly short URLs, which are used, for example, on social networks, when the number of characters is limited or to analyse advertisements. The provider is Bitly, Inc, DPT 5006, 601 W. 26th Street, Suite 357 (3rd Floor), New York, NY 10001, USA, ("Bitly Inc."), and for Europe Bitly Europe GmbH, Am Lenkwerk 13, 33609 Bielefeld, Germany ("Bitly Europe"), (Bitly Inc. and Bitly Europe collectively "Bitly").

Bitly automatically collects personal information about the interaction (e.g. clicks or views) with each Bitly link created through the Services (each of our Bit.ly links or one of our branded domains) on a third-party website. This information includes, but is not limited to: (i) the anonymised IP address and location derived from the IP address; (ii) the referring websites or services; (iii) the time and date of each access; (iv) device settings such as browser type, operating system and language; (v) cookies, as described below, and mobile advertising identifiers; and (vi) Bitly link sharing information on third party services such as X and Facebook (collectively, "Bitly Link Metrics").

Purpose and legal basis

The use of Bitly is based on our legitimate interests, i.e. interest in optimising our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Storage duration

The personal data will be deleted or anonymised from Bitly's systems if the data subject or the client they represent (us) requests this (within 30 days), or if the data is identified as irrelevant during automated or manual system maintenance, or after three years from the last contact with the data subject, whichever comes first. Further information can be found in Bitly's privacy policy at: https://bitly.com/pages/privacy

Common Ninja Widgets 

Type and scope of processing 

We use various website widgets from Common Ninja Ltd, Mefi 5, Netanya, Israel. We use e.g. animated counters, dynamic graphics and interactive elements. These widgets have user analytics, which gives us various insights into views and interactions. 

Purpose and legal basis 

The use of Common Ninja Widgets is based on our legitimate interests, i.e. interest in optimizing our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by Common Ninja Ltd. Further information can be found in the privacy policy for Common Ninja: https://www.commoninja.com/privacy. 

Google Analytics 

Type and scope of processing 

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors. 

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. 

This information is used, among other things, to compile reports on website activity. 

Purpose and legal basis 

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. 

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). 

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. 

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware). 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy. 

Google Tag Manager 

Type and scope of processing 

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website. 

This allows us to flexibly integrate additional services in order to evaluate user access to our website. 

Purpose and legal basis 

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. 

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). 

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. 

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware). 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/. 

HubSpot Analytics 

Type and scope of processing 

We use HubSpot Analytics from HubSpot, Inc, Cambridge, Massachusetts, US, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors. 

HubSpot Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users. 

This information is used, among other things, to compile reports on website activity. 

Purpose and legal basis 

The use of HubSpot Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. 

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). 

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. 

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware). 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot Analytics: https://legal.hubspot.com/privacy-policy. 

HubSpot CDN 

Type and scope of processing 

We use HubSpot CDN to properly provide the content of our website. HubSpot CDN is a service of HubSpot, Inc. which acts as a content delivery network (CDN) on our website to ensure the functionality of other HubSpot, Inc. services. You will find a separate section in this privacy policy for these services. This section only deals with the use of the CDN. 

A CDN helps to provide the content of our online offering, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of HubSpot, Inc, Cambridge, Massachusetts, US, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of HubSpot CDN. 

Purpose and legal basis 

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot CDN: https://legal.hubspot.com/de/privacy-policy. 

HubSpot Chat 

Type and scope of processing 

We have integrated components of the HubSpot Chat customer communication platform on our website. HubSpot Chat is a service of HubSpot, Inc. and offers us the opportunity to communicate with visitors to our website via chat and to provide targeted help with questions. HubSpot Chat uses cookies and other browser technologies to evaluate user behaviour and recognize users. Furthermore, HubSpot Chat is used to store and transmit data entered in chats using cookies, including your IP address. In this case, your data will be passed on to the operator of HubSpot Chat, HubSpot, Inc, Cambridge, Massachusetts, US. 

Purpose and legal basis 

The use of HubSpot Chat is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. 

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). 

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. 

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware). 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot Chat: https://legal.hubspot.com/privacy-policy. 

HubSpot Cookie Banner 

Type and scope of processing 

We have integrated HubSpot Cookie Banner on our website. HubSpot Cookie Banner is a consent solution from HubSpot, Inc., Cambridge, Massachusetts, US, with which consent to the storage of cookies can be obtained and documented. HubSpot Cookie Banner uses cookies or other web technologies to recognize users and store the consent given or revoked. 

Purpose and legal basis 

The use of the service is based on the legally required consent to the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR. 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot Cookie Banner: https://legal.hubspot.com/privacy-policy. 

HubSpot Forms 

Type and scope of processing 

We have integrated HubSpot Forms on our website. HubSpot Forms is a service provided by HubSpot, Inc. and offers marketing automation software for marketing services and products, including SEO and content creation, lead management, email marketing and web analytics. 

HubSpot Forms is used to save data entered in forms, e.g. when contacting us via the contact form. The data entered can be stored in our customer relationship management system (CRM system). 

In this case, your data will be passed on to the operator of HubSpot Forms, HubSpot, Inc, Cambridge, Massachusetts, US. 

Purpose and legal basis 

We process your data with the help of HubSpot Forms for the purpose of processing the contact request and its handling in accordance with Art. 6 para. 1 lit. b. GDPR. 

The use of HubSpot Forms and the integrated services is subject to our legitimate interest pursuant to Art. 6 para. 1 lit. f. GDPR. GDPR, the optimization of our marketing measures and the improvement of our service quality on the website. 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot Forms: https://legal.hubspot.com/privacy-policy. 

HubSpot LeadFlow 

Type and scope of processing 

We have integrated HubSpot LeadFlow on our website. HubSpot LeadFlow is a service of HubSpot, Inc., Cambridge, Massachusetts, US, which identifies anonymous website visitors, provides complete contact data and insights into the visit history. 

HubSpot LeadFlow uses cookies and other browser technologies to evaluate user behavior and recognize users. 

Among other things, HubSpot LeadFlow shows us which companies have visited our website, determines the history of your visit, including all the pages you have visited and viewed and the length of your stay on this website. 

HubSpot LeadFlow collects and processes data about companies such as company name, phone number, address, web address, industry, company profile, turnover and key people on LinkedIn. 

Purpose and legal basis 

The use of HubSpot LeadFlow is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TDDDG. 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by HubSpot, Inc. Further information can be found in the privacy policy for HubSpot LeadFlow: https://legal.hubspot.com/privacy-policy. 

jQuery CDN 

Type and scope of processing 

We use jQuery CDN to properly deliver the content of our website. jQuery CDN is a service provided by jQuery, which acts as a content delivery network (CDN) on our website. 

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to jQuery servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of jQuery CDN. 

Purpose and legal basis 

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR. 

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). 

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE. 

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware). 

Storage duration 

The specific storage period of the processed data cannot be influenced by us, but is determined by jQuery. Further information can be found in the privacy policy for jQuery CDN: https://www.stackpath.com/legal/privacy-statement/. 

 

Data protection information on the recording of expert interviews 

What data we process
We may record the interviews we conduct with you. The purpose is to transcribe and analyze the recording so that we can continue to use the content of the interview internally. In addition, we store data on your person, position and the project in our internal expert database.

Who are the recipients 
Within our international company, those employees, personnel, and contractors who need your data for projects we are working on will have access to it. The software providers we use   also receive the data in order to process it with AI support to create text files. With regard to the transfer of data to recipients outside our company, please note that we oblige providers to maintain confidentiality and data protection. Finally, our clients who have commissioned the projects receive portions of the data as part of our work product. 

Note: We may only pass on additional information about you if this is required by law, if you have given your consent or if we are legally obliged to provide information.

Legal basis for data processing
The legal basis for the processing of data is your consent, which we obtain prior to every interview.

Duration of storage
We process and store your personal data for as long as we need it to fulfill our tasks. We delete the data if is no longer required. The data processed by the software providers will be deleted in accordance with our agreements with them and applicable law.

Please don’t hesitate to send us your questions about data protection and your rights to our data protection team at dataprotection@altmansolon.com

 

Version: July 2024