Part I: Data Protection Declaration for the website of ASKADO Unternehmensberatung GmbH

Part II: Data Protection Information for applicants

Part III: Data Protection Information for clients



Part I: Data Protection Declaration for the website of ASKADO Unternehmensberatung GmbH

ASKADO Unternehmensberatung GmbH (hereinafter “Company”) is pleased to welcome you to our website and to learn of your interest in our company and in our products and consulting services. The protection of personal data is important to us. When you provide your personal data, you do so voluntarily. The Company processes the data in accordance with the provisions of the European General Data Protection Regulation (GDPR/DS-GVO), the German Telemedia Act and the German Federal Data Protection Act.

We took these matters into consideration when setting up our internal processes, and have informed our staff and cooperating consultants (cooperation partners of ASKADO Unternehmensberatung GmbH) accordingly. The members of the team of advisers at the date of the current version of this document are:

- Mr René Brackmann, Heinrich Kress Straße 1, 63589 Linsengericht

- Mr Steffen Römer, Rollossweg 9, 69121 Heidelberg

- Mr Jürgen Stauß, Am Sportfeld 39, 63843 Niedernberg

We describe below what data will be processed when you visit the company’s website.

1. Responsibility

ASKADO Unternehmensberatung GmbH is responsible for processing your data. Any exceptions will be explained in this Data Protection Declaration.

Our contact details are as follows:

ASKADO Unternehmensberatung GmbH

Chief Executive: Jürgen Stauß

The Squaire 12, 60549 Frankfurt am Main

Kontakt: Data protection

2. Personal data

Personal data are individual details about personal or material circumstances of a specified or identifiable natural person. They include information such as IP address, your correct name, your address, your telephone number and your date of birth. Information that cannot be directly linked to your actual identity (such as favourite Internet sites or the number of users of a website) do not constitute personal data.

3. Processing your personal data

When you visit the Company’s website, we process and store various kinds of temporary data. These include the connection data of the computer making the inquiry, the pages that you select on our website and also the date and duration of your visit. We also detect the identification data of the Internet browser used and of the operating system, and also the website from which you have been directed to us. Personal details such as your name, your address, telephone number or email address are only recorded if you provide these details voluntarily.

4. Use of personal data for a specific purpose and passing on personal data

The Company uses the personal data you provide for technical website administration purposes, to provide services and for customer administration.

5. Legal basis for data processing

The legal basis for processing your personal basis depends on the purpose underlying the data processing in question.

- Technical website administration. The legal basis for processing your personal data for the above purpose, if you have a contractual relationship with us, is Art. 6(1)(b) of the General Data Protection Regulation (GDPR/DS-GVO). If you do not have a contractual relationship with us, the legal basis for processing your data is Art. 6(1)(f) of the GDPR(DS-GVO. We require the transmission of your personal data (for example the IP address) in order to establish a connection and to display the content of the website.

- Services. The legal basis for processing your personal data for the above purpose is Art. 6(1)(b) of the GDPR/DS-GVO. We provide our services as part of the fulfilment of contractual obligations. If we cannot process your personal data, we will be unable to fulfil or perform the contract we have with you.

This website does not use data analysis services such as Google Analytics to measure the frequency of visits to the website, nor does it use Google Maps or Google Fonts.

6. Passing on data

We do not pass on your personal data to third parties unless it is necessary for contract execution purposes or you have given your explicit consent. For example, when we post advertisements, we may need to pass on your company name and company address to the associated advertisement publisher. To the extent that we use external service providers, they are carefully selected, and are obliged, under Art. 28 of the GDPR/DS-GVO, to adhere to all data protection provisions.

7. Technical matters

7.1 SSL/TLS encryption

This website uses SSL/TLS encryption to ensure data processing security and to protect the transmission of confidential content, such as orders, login data and contact inquiries, which you send us as the operator. An encrypted connection is recognisable from the fact that the address line of the browser contains “https://” instead of “http://” and from the lock symbol in your browser toolbar.

When SSL/TLS encryption is activated, data that you transmit to us cannot also be read by third parties.

7.2 Data capture when you visit our website

If you use our website for information purposes only, i.e. if you do not register or transmit other data to us, we gather only the data that your browser transmits to our server (in “server logfiles”). Every time you or an automated system visits our webpage, our Internet site records a range of general data and information, which are saved in the server logfiles.

The following may be recorded:

1. the browser types and versions used;
2. the operating system used by the system accessing the website;
3. the website from which a system that gains access is routed to our website (the referrer);
4. the subsites that are directed to our website via a system that gains access;
5. the date and time of access to the website;
6. an abbreviated Internet Protocol address (anonymised IP address);
7. the Internet service provider (ISP) of the accessing system.

When we use these general data and this information, we draw no conclusions about you. Instead, this information is required:

1. to properly deliver our website content;
2. to optimise the content of our website and also the advertising for it;
3. to ensure the ongoing functionality of our IT systems and the technology of our website; and also
4. in the event of a cyber attack, to provide the criminal investigation authorities with the information they require to bring a prosecution.

We therefore evaluate the data and information gathered both in statistical terms and also with a view to improving data protection and data security within our business, ultimately in order to enable us to ensure the optimum level of security for the personal data that we process. The anonymised server logfile data are stored separately from all personal data provided by individuals.

Data processing is regulated under Art. 6(1)(f) of the European General Data Protection Regulation (GDPR/DS-GVO). We have a justified interest based on the data gathering purposes listed above.

8. The use of cookies

The following cookies are used on our website:

- session cookie, which ceases to be valid when the session/meeting ends;

- language cookie, to set the language version. The correct language version will be selected when you visit the website. This cookie remains valid for 1 year.

- reference cookie for the reference on the homepage to the fact that this website uses cookies;

Cookies are tiny text files that are stored on your computer when you visit our website. They enable us to personalise our website for the user, as described in the previous paragraph. If you do not wish cookies to be used, please amend the cookie administration settings in your Internet browser.

9. Newsletter

We do not publish a newsletter.

10. Statistical evaluation

This website does not use data analysis services such as Google Analytics to measure the frequency of visits to the website, nor does it use Google Maps or Google Fonts.

11. Data security

Our employees and the service companies we commission are bound to secrecy and to comply with the provisions of the applicable data protection laws. The Company puts appropriate technical and organisational security measures in place to protect your personal data from loss, modification, destruction and from access by unauthorised persons or being passed on without authorisation. Our security measures are subject to ongoing improvement in line with technological developments.

12. Data storage period

In principle, we store your data for as long as is necessary in order to provide our online offering and the associated services, or for as long as we have a justified interest in continuing to store it. Data are deleted upon expiry of the statutory or contractual archiving periods (such as archiving periods under fiscal and commercial law). Data not subject to mandatory archiving are deleted after their designated specific purpose no longer applies.

13. User rights

As a user of our website, you hold a number of rights. Please use the details in the Contact section to assert your rights. Please ensure that we are able to clearly identify you.

14. Rights to obtain information about your data and to correct or delete them

Under the General Data Protection Regulation, you will receive information at any time on request, and free written information regarding what personal data is stored about you (such as your name, address). You will also be entitled to correct or delete your data, provided the statutory requirements are met. Exceptions from the right of deletion include, for example, stored data relating to business processes, which are subject to the statutory archiving duty.

15. Right to restrict data processing

You are entitled to restrict the processing of your personal data.

16. Right of objection

Furthermore, you have the right to object at any time to your data being processed by us. If you object we will stop processing your data, unless we can prove, as required by law, the existence of mandatory reasons worthy of protection for continuing to process your data, which outweigh your own rights.

17. Right to the transferability of data

Moreover, we warrant that the personal data you have transmitted will be transferable on request, by making them available in a common and machine-readable data format.

18. Revocation of a consent

You are entitled at any time, and with future effect, to revoke the consent you have given us to the processing of your personal data for one or more specific purposes. This will not affect the legality of the processing of your data until such time as you revoke your consent.

19. Duty to provide personal data

If you hold a contract with our Company, you must provide the personal data that is required in order to enter into, perform and terminate the contractual relationship and to fulfil the associated contractual obligations, or which we are legally obliged to gather. If such data is not provided, we will not normally be able to conclude, execute and terminate the contract with you.

If data processing in connection with the use of this website is not required in order to enter into, perform and terminate a contractual relationship or to fulfil contractual obligations, and is also not statutorily prescribed, then the provision of your data will be voluntary. Please note that certain functionalities of this website or services cannot be used if you fail to provide the necessary data for this purpose.

20. Automated processing of personal data

Exclusively automated processing of your personal data will take place only if such processing is necessary in order to conclude or fulfil a contract, and this generates no legal or similar effect for you.

21. Complaint to supervisory authorities

If you have any complaints relating to the processing of your personal data, you are entitled to approach the responsible supervisory authorities. You may approach the data protection authority responsible for your place of residence of your German federal state, or the data protection authority that is responsible for us. That authority is:

Der Hessische Datenschutzbeauftragte

Postfach 31 63

65021 Wiesbaden

oder:

Gustav-Stresemann-Ring 1

65189 Wiesbaden

Telefon: 06 11/140 80

Telefax: 06 11/14 08-900 oder 901

E-Mail: poststelle@datenschutz.hessen.de

22. Contact

If you have any questions about the processing of your personal data, or any suggestions or complaints, you may approach our contacts named below.

We recommend that you send confidential information exclusively by post.

ASKADO Unternehmensberatung GmbH

Chief Executive: Jürgen Stauß

The Squaire 12, 60549 Frankfurt am Main

Contact Data protection

Hyperlinks

On this website, we only use email links that forward you to other areas of our website.

Data Protection Declaration version

Mai 2018

 




 

Part II: Data protection information for applicants

The information below is designed to provide you with an overview of how we process your personal data and your rights under data protection law.

Who is responsible for data processing and who can I approach?

Responsible is
ASKADO Unternehmensberatung GmbH

The Squaire 12, Am Flughafen

60549 Frankfurt am Main

Chief Executive: Jürgen Stauß

Kontakt: Datenschutz@askado4hr.com

What sources and data do we use?

We process personal data that we have received from applicants during the recruitment process. If necessary, in order to mediate employment relationships, we also process personal data that we have obtained in an authorised manner from publicly accessible sources (for example the press, the Internet) or that we have been sent by other companies or other third parties with permission (such as details of criminal acts).

Relevant personal data are personal data (name, address and other contact details, date and place of birth and also nationality), family data (such as marital status, details of your children), religious affiliation, health data (if relevant to the employment relationship, such as in the case of a serious disability), any prior convictions (criminal record), and details of qualifications and former employers.

For what purpose do we process your data (processing purpose) and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR/DS-GVO) and the local accompanying legislation.

a) To fulfil contractual obligations (Art. 6(1)(b) GDPR/DS-GVO)

Data are processed for the contractual mediation of an employment relationship between interested parties and applicants on the one hand and our clients on the other hand, and also in order to undertake requested pre-contractual measures.

b) When weighing all legitimate interests (Art. 6(1)(f) GDPR-DS-GVO)

Where necessary, we process your data beyond the actual fulfilment of the contract, in order to safeguard our own legitimate interests or those of third parties. Examples include:

• to assert legal claims and defence during legal disputes;

• to ensure the Company's IT security and IT operation.

c) Based on your consent (Art. 6(1)(a) GDPR)

If you have given us your consent to the processing of personal data for specific purposes (such as the extended storage of application documents or images), such processing is lawful on the basis of your consent. Consent given may be revoked at any time. The same applies to the revocation of declarations of consent that were made to us before the GDPR/DS-GVO came into force, namely before 25 May 2018. Revocation of a consent will have future effect, and will not affect the lawfulness of the data processed up to the point of revocation.

Who receives my data?

Within the Company, those departments that need your data in order to fulfil our contractual and statutory obligations will have access to it. Service providers and vicarious agents whom we use may also receive data for that purpose. They include companies in the categories of IT services and telecommunication.

IAs regards passing on data to recipients outside our Company, it must first be noted that we only pass on personal data in compliance with the applicable data protection regulations. In principle, we may only pass on personal data provided this is required under statutory provisions, the applicant or interested party has given consent or we are otherwise authorised to pass them on. Subject to these criteria, recipients of personal data may include in particular our clients, for whom we mediate employment relationships, personal advisers, with whom we cooperate, tax authorities, financial and wage tax auditors and also IT service providers, whom we call upon in connection with order processing.

Other data recipients may be those departments in relation to which you have given us consent to transmit data, or to which we are permitted to transmit personal data for the purposes of weighing legitimate interests.

What data are transmitted to a third country or an international organisation?

The transmission of data to departments outside the European Union (third countries) takes place where

• it is statutorily prescribed (for example reporting duties under tax law);

• you have given us your content; or

• it is legitimate under data protection law, through the justified interest, and is not opposed by a higher interest of the person concerned that is worthy of protection.

For how long will my data be stored?

We process and store your personal data for as long as is necessary in order to fulfil our contractual and statutory obligations.

If the data are no longer required in order to fulfil contractual or statutory obligations, they will generally be deleted, unless they require further processing, for a limited period, for the following purposes:

• to fulfil statutory archiving duties, which may arise, for example, on the basis of the locally applicable social law, commercial law, fiscal law, banking law, money laundering law and securities trading law. Commercial documents and documentation are archived for the periods specified therein.

• preserving evidence under locally applicable statutory regulations relating to periods of limitation.

If data processing takes place in our legitimate interest or that of a third party, the personal data will be deleted as soon as such an interest ceases to exist. The specified exceptions apply in such cases.

The same applies to data processing based on consent that has been granted. As soon as you revoke such consent with future effect, the personal data will be deleted, unless one of the exceptions stated exists, or you have given us your consent to process your data for an unlimited period until you revoke such consent. The purpose in that case is inclusion in our pool of applicants, in order to increase your opportunities for successful mediation and so that you may be considered for current and future projects.

What data protection rights do I have?

Every person affected has the right to information according to Article 15 GDPR/DS-GVO, the right to correction according to Article 16 GDPR/DS-GVO, the right to deletion according to Article 17 GDPR/DS-GVO, the right to restriction of processing according to Article 21 GDPR/DS-GVO and the right to data transferability according to Article 20 GDPR/DS-GVO. The relevant provisions from the local accompanying legislation also apply. A right of appeal to a responsible data protection supervisory authority also exists (Article 77 GDPR/DS-GVO). As regards the right to information and the right to deletion, the restrictions under Sections 34 and 35 of the new version of the new German Data Protection Act (BDSG-neu) apply.

You may at any time revoke the consent you have given us to process personal data. The same applies to the revocation of declarations of consent that were made to us before the GDPR/DS-GVO came into force, namely before 25 May 2018. Please note that the revocation will have future effect only. Data processed prior to the revocation will not be affected by it.

Am I obliged to provide data?

You are not bound by any statutory or contractual obligation to make your data available to us. However, in order to mediate employment relationships, we need the personal data that is required for a decision on the establishment of an employment relationship with our clients and to fulfil the associated contractual obligations.

To what extent is an automated decision made?

We do not use any fully automated decision-making procedure pursuant to Article 22 of the GDPR/DS-GVO in order to mediate and establish employment relationships. Nor do we use profiling techniques. If we use such procedures in individual cases, we will inform you separately about it and about your associated rights, if this is prescribed by law.

Information about your right to object according to Article 21 GDPR/DS-GVO

Right to object in an individual case

You are entitled to object at any time to the processing of personal data relating to you, which takes place on the basis of Article 6(1)(e) GDPR/DS-GVO (data processing carried out in the public interest) and Article 6(1)(f) GDPR/DS-GVO (processing necessary for the purpose of weighing legitimate interests); the same applies to profiling based on this provision in the sense of Article 4 No. 4 GDPR/DS-GVO

If you make an objection, we will no longer process your personal data, unless we can prove mandatory justified reasons for such processing, which outweigh your interests, rights and freedoms. This will include, in particular, circumstances in which processing is necessary in order to assert, exercise or defend legal claims.

Recipient of an objection

The opposition may be made informally, with the subject line “Objection”, stating your name, your address and your date of birth, and should be sent to:

ASKADO Unternehmensberatung GmbH

The Squaire 12, Am Flughafen

60549 Frankfurt am Main

Chief Executive: Jürgen Stauß

Contact: Data protection


Version: May 2018

 




 

Part III: Data Protection Information for clients

The information below is designed to provide you, as a client or as a person interested in our consulting services, with an overview of how we process your personal data and your rights under data protection law. The specific data processed and the way it is used depend primarily on the services required or agreed. Therefore, some of the information will not apply to you.

Who is responsible for data processing and whom can I approach?

Responsible:

ASKADO Unternehmensberatung GmbH

The Squaire 12, Am Flughafen,

60549 Frankfurt am Main

Chief Executive: Jürgen Stauß

Contact: Data protection

What sources and data do we use?

We process personal data that we receive in connection with our business relationships with our clients and other persons involved. To the extent necessary for our business relationship, we also process personal data that we obtain in an authorised manner from publicly accessible sources (for example debtor lists, land registers, trade and association registers, the press, the Internet) or that we have been sent, subject to authorisation, by other third parties (for example a credit reference agency).

Relevant personal data are personal details (name, address and other contact details, date and place of birth and also nationality). This may also include order data (for example payment instruction), data relating to the fulfilment of our contractual obligations (for example sales data relating to payments), information about your financial situation (for example solvency data, scoring/rating data, origin of assets), documentation data (for example minutes from meetings) and other data comparable with the categories listed.

For what purpose do we process your data (processing purpose) and on what legal basis?

We process personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR/DS-GVO) and the German Act to Adapt Data Protection Law to Regulation and to Implement Directive EU (BDSD-neu/new German Data Protection Act)

a) To fulfil contractual obligations (Art. 6(1)(b) GDPR/DS-GVO)

Data are processed for the provision of consulting services in connection with the performance of our contracts with our clients or for undertaking requested pre-contractual measures. The purposes of the data processing depend primarily on the nature and scope of the consulting service requested.

You will find the further details of the purposes of data processing in the relevant contractual documents.

b) IWhen weighing legitimate interests (Art. 6(1)(f) GDPR/DS-GVO) we process your data beyond the actual fulfilment of the contract, in order to safeguard our own legitimate interests or those of third parties. Examples include:

• consulting and exchanging information with information agencies (such as the German General Credit Protection Agency SCHUFA) in order to determine solvency and default risks within our business;

• asserting legal claims and defending legal disputes;

• ensuring our company's IT security and IT operation.

c) With your consent (Art. 6(1)(a) General Data Protection Regulation/DS-GVO)

To the extent that you have consented to the processing of your personal data for specific purposes, such processing is lawful on the basis of your consent. Consent given may be revoked at any time. The same applies to the revocation of declarations of consent that were made to us before the GDPR/DS-GVO entered into force, namely before 25 May 2018. Revocation of a consent will have only future effect, and will not affect the lawfulness of the data processed up to the point of revocation.

d) Based on statutory requirements (Art. 6(1)(c) GDPR/DS-GVO) or in the public interest (Art. 6(1)(e) GDPR/DS-GVO)

As a company, we are also bound by a number of legal obligations, i.e. statutory requirements (such as the Money Laundering Act, fiscal laws and regulatory requirements), which may require us to transmit personal data to public departments in particular. The purposes of data processing include, among other things, fulfilment of monitoring and reporting duties under fiscal law.

Who receives my data?

Within the Company, those departments that require your data in order to fulfil our contractual and statutory obligations will have access to the data. Service providers and vicarious agents whom we use may also receive data for those purposes, provided they safeguard confidentiality and integrity in particular. They include companies in the categories of IT services and telecommunication, and company advisers who cooperate with us.

As regards passing on data to recipients outside our Company, it must first be noted that we only pass on necessary personal data in compliance with the data protection regulations to be observed. In principle, we may only pass on information about you if the statutory provisions allow it, if you have consented or if we are authorised to provide information. Subject to these criteria, recipients of personal data may include, for example:

• public departments and institutions (such as fiscal authorities, law enforcement authorities, family courts, land register offices), under a statutory or official obligation;

• creditors or insolvency administrators, who make an inquiry in connection with a debt enforcement;

• auditors;

• service providers whom we call upon in connection with order processing circumstances.

• publishing houses, that publish our employment ads

• applicants.

What data are transmitted to a third country or an international organisation

Data are transmitted to departments in countries outside the European Union (third countries) in the following circumstances:

• if necessary in order to execute your orders (such as delivery orders);

• if prescribed by law (such as duties to report under fiscal law); or

• if you have given us your consent.

Beyond this, no transmission to departments in third countries is envisaged.

For how long will my data be stored?

We process and store your personal data for as long as required in order to fulfil our contractual and statutory obligations, or where you have given us your consent to the ongoing processing of your personal data, for an unlimited period, until such time as you revoke your consent.

If the data are no longer required in order to fulfil contractual or statutory obligations, they will routinely be deleted, unless they require further processing, for a limited term, for the following purposes:

• fulfilling archiving duties under commercial and fiscal law;

• German Commercial Code (HGB), German Fiscal Code (AO), German Money Laundering Act (GwG). The time limits specified therein in relation to archiving / documentation are customarily two to ten years.

• preserving evidence under statutory regulations relating to periods of limitation. According to Sections 195 ff. of the German Civil Code (BGB), these periods of limitation may be up to 30 years, although the customary period of limitation is 3 years.

What data protection rights do I have?

Every person affected has the right to information according to Article 15 GDPR/DS-GVO, the right to correction according to Article 16 GDPR/DS-GVO, the right to deletion according to Article 17 GDPR/DS-GVO, the right to restriction of processing according to Article 21 GDPR/DS-GVO and the right to data transferability according to Article 20 GDPR/DS-GVO.

As regards the right to information and the right to deletion, the restrictions under Sections 34 and 35 of the new version of the new German Data Protection Act (BDSG-neu) apply. A right of appeal to a responsible data protection supervisory authority also exists (Article 77 GDPR/DS-GVO in conjunction with Section 19 of the German Data Protection Act).

You may revoke at any time the consent that you have given us to process personal data. The same applies to the revocation of declarations of consent that were made to us before the GDPR/DS-GVO entered into force, namely before 25 May 2018. Please note that the revocation will have future effect only. Data processed prior to the revocation will not be affected by it.

Am I obliged to provide data?

In the context of our business relationship, we need from you the personal data that is required in order to enter into, perform and terminate a contractual relationship and to fulfil the associated contractual obligations, or which we are legally obliged to gather. Without such data, we will not normally be able to conclude, execute and terminate the contract with you.

To what extent is an automated decision made?

In principle, we do not use any fully automated decision-making procedure pursuant to Article 22 of the GDPR/DS-GVO in order to establish, perform and terminate the business relationship. Nor do we use profiling techniques. If we use such procedures in individual cases, we will inform you separately about it and about your associated rights, if this is prescribed by law.

Information about your right to object according to Article 21 GDPR/DS-GVO

Right to object in an individual case

You have the right to object at any time to the processing of personal data relating to you, which takes place on the basis of Article 6(1)(e) GDPR/DS-GVO (data processing carried out in the public interest) and Article 6(1)(f) GDPR/DS-GVO (processing necessary for the purpose of weighing legitimate interests); the same applies to profiling based on this provision in the sense of Article 4 No. 4 GDPR/DS-GVO.

If you submit an objection, we will no longer process your personal data, unless we can prove mandatory justified reasons for such processing, which outweigh your interests, rights and freedoms. This will include, in particular, circumstances in which processing is necessary in order to assert, exercise or defend legal claims.

Recipient of an objection

The objection may be made informally, with the subject line “Objection”, stating your name, your address and your date of birth, and should be sent to:

ASKADO Unternehmensberatung GmbH

The Squaire 12, Am Flughafen

60549 Frankfurt am Main

Chief Executive: Jürgen Stauß

Contact: Data protection

Telefon: +49 . (0) 69 . 959 325 365

Stand: Mai 2018

This website uses session-, language- and reference cookies. Hereby I consent to the use of cookies. Find more about data protection in our Data Protection Declaration.