I. Name and address of the data controller:
TopConcept Management Beratung GmbH
is the data controller as defined by the EU General Data Protection Regulation (GDPR) and other national data protection legislation
II. Data Protection Officer
The data protection officer for the data controller is:
III. Data Processing
1. SCOPE OF THE PROCESSING OF PERSONAL DATA
We collect and use our website users' personal data only to the extent necessary for providing an operational website and our content and services.
In principle, our website users' personal data is only collected and used with the user's consent. An exception to this principle applies in cases where the processing of data is permitted by law or where prior consent cannot be obtained for practical reasons.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
The legal bases for the processing of personal data result principally from the following:
- Art. 6 para. 1 let. a GDPR where consent is obtained from the data subject.
- Art. 6 Abs. 1 let. b GDPR in the case of processing for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for carrying out pre-contractual measures.
- Art. 6 Abs. 1 let. c GDPR in the case of processing that is required to fulfil a legal obligation.
- Art. 6 para. 1 let. d GDPR, in the event that vital interests of the data subject or another natural person require a processing of personal data.
- Art. 6 para. 1 let. f GDPR, if processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest.
3. DATA ERASURE AND STORAGE PERIOD
The personal data of a data subject will be erased or blocked as soon as the purpose of storage ceases to exist. Furthermore, data may be stored if this has been provided for by European or national legislation in EU regulations, laws or other provisions to which the data controller is subject. Data will also be blocked or erased if a storage deadline prescribed by the above-mentioned standards expires, unless further data storage is necessary for concluding or performing a contract.
IV. USE OF OUR WEBSITE; GENERAL INFORMATION
1. DESCRIPTION AND SCOPE OF DATA PROCESSING
Every time you visit our website, our system automatically collects data and information from the user’s computer system. In the process, the following information is collected:
- Information regarding the browser type and version used
- The user’s operating system
- The user's Internet service provider
- The user's IP address
- The date and time of access,
- The websites from which the user's system accesses our website
- The websites accessed by the user's system via our website
The data described - with the exception of the user’s IP address or other data that allows the assignment of data to a user – are stored in the log files of our system. This data is not stored together with other personal data of the user.
2. PURPOSE OF AND LEGAL BASIS FOR DATA PROCESSING
Temporary storage of the IP address by our system is required to allow delivery of the website to the user's computer. To this end, the user's IP address must remain stored for the duration of the session.
The legal basis for the temporary storage of data is Article 6 para. 1 let. f GDPR.
The collection of your personal data in order to provide our website is absolutely necessary for the operation of the website. There is therefore no option for the user to opt-out.
3. RETENTION PERIOD
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. Insofar as your data are collected to ensure the provision of the website, they will be erased at the end of the respective session.
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 let. f GDPR. The purpose of the use of technically necessary cookies is to simplify the use of our website.
You can find further information on technically unnecessary cookies in Part VIII. WEB ANALYTICS.
VI. YOUR RIGHTS / RIGHTS OF THE DATA SUBJECT
According to the EU General Data Protection Regulation you have the following rights as a data subject:
1. RIGHT TO INFORMATION
You have the right to receive information from us as the data controller as to whether we process personal data that concern you.
In addition, you could request the following information:
- the purpose of the data processing;
- the categories of personal data processed;
- the recipients or the categories of recipients to whom the personal data concerned have been disclosed or are still being disclosed;
- the planned duration of storage of the personal data concerning you or, if specific details of this are not possible, criteria for the specification of the retention period;
- the existence of a right of rectification or deletion of personal data concerning you or of a restriction on processing by the data controller or of a right to object to such processing;
- the existence of a right of appeal to a supervisory authority;
- all available information about the origin of the data, if the personal data are not collected from the data subject;
- the existence of an automated decision-making process, including profiling, as referred to in Article 22 paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved as well as the scope and desired impact of such processing for the data subject.
Finally, you have the right to request information regarding whether your personal data will be transmitted to a third-party country or an international organisation. In this case, you can request information about the appropriate guarantees in connection with the transfer pursuant to Article 46 GDPR.
You can assert your right to information at: firstname.lastname@example.org
2. RIGHT TO RECTIFICATION
Should the data that we process and which concern you be incorrect or incomplete, you have a right to rectification and/or completion on our part. Such rectification will be made without delay.
3. RIGHT TO RESTRICTION
The right to restriction of processing of personal data that concerns you may be asserted in the following cases:
- the accuracy of your personal data is contested by you for a period of time that allows the data controller to verify the accuracy of your personal data.
- the processing is unlawful and the deletion of the personal data is refused and a restriction of the use of the personal data is requested instead;
- the data controller no longer requires the personal data for the purposes of the processing, but the data subject requires them in order to enforce, exercise or defend legal claims or
- the data subject has raised an objection to the processing pursuant to Article 21 paragraph 1 GDPR, and it is still not certain whether the legitimate grounds of the data controller outweigh those of the data subject.
If the processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the Union or of a Member State.
If the processing has been restricted in accordance with the above conditions, you will be informed by us before the restriction has been lifted.
4. RIGHT TO ERASURE
If the relevant requirements are met, you can request that the personal data relating to you be erased immediately. The data controller is obliged to erase these data immediately. The reasons are:
- the personal data that concern you are no longer necessary for the purposes for which they have been collected or have been processed in any other way;
- the processing is based on consent pursuant to. Article 6 para. 1 let. a or Article 9 para. 2 let. a GDPR and you revoke such consent; another condition is that there is no other legal basis for the processing;
- you file an objection to processing of the data (Article 21 para. 1 GDPR) and there are no overriding and legitimate reasons for processing of the data; another possibility is that you file an objection to the processing pursuant to Article 21 para. 2 GDPR;
- the processing of personal data relating to you is undertaken unlawfully;
- the personal data relating to you must be deleted to comply with a legal obligation under Union or Member State law to which the data controller is subject;
- the personal data have been collected in relation to services offered by information society services as referred to in Article 8 para. 1 GDPR.
Insofar as we have made the personal data public and are obliged to erase them pursuant to Article 17 para. 1 GDPR, we will take appropriate measures taking into account the available technology and the costs of implementation, in order to inform the third parties who are processing the personal data that you as the data subject have also requested that all links to these personal data and copies or replications of these personal data be erased.
Please be advised that the right of erasure does not exist insofar as the processing is necessary;
- to exercise the right to freedom of expression and information
- to fulfil a legal obligation required for processing under the law of the Union or the Member States to which the data controller is subject or for the performance of a task that lies in the public interest or in the exercising of public authority conferred on the data controller;
- for reasons of public interest in the field of public health in accordance with Article 9 para. 2 let. h and i and also Article 9 para. 3 GDPR;
- for archiving purposes of public interest, scientific or historical research purposes or for statistical purposes as referred to in Article 89 para.1 GDPR, where the right referred to in paragraph a) is likely to render impossible or be seriously prejudicial to the attainment of the objectives of such processing, or
- to assert, exercise or defend legal claims;
5. RIGHT TO INFORMATION
If you have exercised your right to rectification, erasure or restriction of the processing, this party is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this rectification or erasure of the data or restriction of the processing, unless this proves impossible or involves a disproportionate effort. You also have the right to be informed of these recipients.
6. RIGHT TO DATA PORTABILITY
In addition, you have the right pursuant to the GDPR to receive the personal data that relate to you, which you have provided to us, in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another data controller without interference from the data controller to which the personal data have been provided, insofar as
- the processing is based on consent pursuant to. Article 6 para. 1 let. a or Article 9 para. 2 let. a GDPR or on a contract pursuant to Article 6 para. 1 let. b GDPR and
- the processing takes place with the aid of automated procedures.
As part of exercising this right to data portability, you ultimately have the right to effect that personal data relating to you are transmitted directly from one data controller to another, insofar as this is technically feasible and freedoms and rights of third parties are not affected.
The right to data portability shall not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
7. RIGHT TO REVOKE DATA PROTECTION DECLARATION OF CONSENT
You have the right to revoke your data protection declaration of consent at any time. We would also like to point out that a revocation of consent will not affect the legality of the processing which has taken place based on such consent before the revocation.
8. RIGHT OF OBJECTION
Furthermore, you have the right, for reasons arising from your specific situation, to object to the processing of personal data relating to you, which is carried out pursuant to Article 6 para.1 let. e or f, at any time. The right of objection also applies to profiling based on these provisions.
The data controller will no longer process the personal data that concern you, unless they can demonstrate compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data that relate to you are processed for advertising purposes, you have the right to object at any time to the processing of personal data that relate to you for the purposes of such advertising. This also applies to any profiling connected with such direct advertising. If you object to the processing of your data for direct advertising purposes, your personal data will no longer be processed for these purposes.
You also have the possibility, in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications.
9. AUTOMATED DECISION IN INDIVIDUAL CASES, INCLUDING PROFILING
According to the EU General Data Protection Regulation, you continue to have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. However, an exception from this principle exists, if the decision
- is necessary for the conclusion or performance of a contract between you and the data controller,
- is authorised by Union or Member State law to which the data controller is subject and this law also lays down appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
- is based on your explicit consent.
If the processing takes place within the context of the cases referred to in (1) and (3), the data controller will take appropriate measures to safeguard your rights and freedoms and your legitimate interests. This includes as a minimum the right to secure the intervention of a person on the data controller’s side, to explain your own point of view and to challenge the decision.
The decision in accordance with (1) – (3) may not be based on special categories of personal data as referred to in Article 9 para. 1 GDPR, insofar as Article 9 para. 2 let. a or g does not apply and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
10. RIGHT OF COMPLAINT TO A SUPERVISORY AUTHORITY
If you are of the opinion that the processing of personal data concerning you infringes the GDPR, you ultimately have the right of complaint to a supervisory authority, in particular in the Member State where you are staying or working or the place in which the suspected infringement has taken place.
VII. ELECTRONIC CONTACT
If you wish to contact us, a form is available to you on our website that you can use to contact us electronically. In the process, the data entered into the input mask will be transmitted to us and stored. This data includes:
The following data are also stored at the time the message is sent:
- The user's IP address
- The date and time of the registration,
In addition, you can contact us via the e-mail address provided. In this case, the user's personal data that is transmitted along with the email will be stored.
Your data will not be passed onto third parties in this process; the data will be used exclusively for processing the record of communication.
The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR if the user has given his consent. The legal basis for processing the data transferred in the course of sending an email is Article 6 paragraph 1 let. f GDPR. If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b DSGVO.
We only process personal data for the purpose of facilitating contact with you. In the event of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
If other personal data are processed during the sending process, these help to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the contact form input screen and the data that was sent by e-mail, this is the case when the respective conversation with the user has been completed. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.
Personal data that was additionally collected during the sending procedure will be deleted at the latest after a period of seven days.
You have the possibility to revoke your consent to the processing of personal data at any time. Also when you make contact by E-mail, you can object at any time to the storage of your personal data. We would like to point out, however, that it will not be possible to continue the conversation in this case.
To revoke consent and object to storage, data subjects can contact the aforementioned people responsible in the company, the data protection officer or the supervisory authority. Please supply us with sufficient information so that we can identify your personal data. We will provide you with the required information within 30 days.
All personal data stored in the course of contacting us will be erased as a result.
VIII. WEB ANALYTICS.
USE OF GOOGLE ANALYTICS
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called "cookies", which are text files stored on your computer that enable an analysis of the way in which you use the website. The cookie-generated data concerning your use of the website will usually be forwarded to a Google server in the USA and stored there. However, if IP anonymisation is enabled on this website, your IP address will first be truncated by Google within the member states of the European Union or other states party to the agreement on the European Economic Area. Only in exceptional cases will your full IP address be forwarded to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator.
The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google.
You may prevent the storage of cookies by selecting the appropriate settings on your browser. However, please be advised that if you opt out of using cookies, you may not be able to fully use all the features of this website. Furthermore, you can prevent the collection of data generated by the cookie and related to the usage of the website (incl. your IP address) being sent to Google and the processing of such data by Google by downloading and installing the browser add-on from the following link: tools.google.com/dlpage/gaoptout.
In addition, you can prevent data collection by clicking on the following link. This sets an opt-out cookie which prevents any future collection of your data when visiting this website. Please note: If you delete your cookies, this results in the opt-out cookie also being deleted and it may need to be re-activated by you.
DISABLING GOOGLE ANALYTICS
This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in truncated form, so that linking these to individuals can be ruled out. If the data collected about you is personally identifiable, it will be blocked immediately and the personal data deleted as soon as possible.
We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Article 6 para.1 clause 1 let. f GDPR.
Information about the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
User conditions: www.google.com/analytics/terms/de.html,
Overview of data protection: www.google.com/intl/de/analytics/learn/privacy.html,