According to the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG), we are obliged to inform you about the purpose for which personal data is collected and used on our homepage, how this is done and what the scope of this is, as well as what we do want to do with the data.
This information also tells you what rights you have with regard to data protection.
I. NAME AND ADDRESS OF THE CONTROLLER
TopConcept Management Beratung GmbH
is the controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. DATA PROTECTION OFFICER
You can reach the data protection officer responsible at:
III. DATA PROCESSING
1. SCOPE OF THE PROCESSING OF PERSONAL DATA
In principle, we only collect and use personal data of the users of our homepage to the extent that this is necessary to provide a functional website, our content and services.
In principle, the collection and use of personal data from our users only takes place with their consent. An exception to this principle applies in cases where processing of the data is permitted by statutory provisions or obtaining prior consent is not possible for actual reasons.
2. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
In principle, the legal bases for the processing of personal data result from:
- Article 6 (1) (a) of the GDPR when obtaining the consent of the data subject.
- Article 6 (1) (b) of the GDPR for processing that serves to fulfil a contract to which the data subject is a party. Processing operations that are required to carry out pre-contractual measures are also included here.
- Article 6 (1) (c) of the GDPR for processing that is necessary to fulfil a legal obligation.
- Article 6 (1) (d) of the GDPR if the vital interests of the data subject or another natural person require the processing of personal data.
- Art. 6 (1) (f) of the GDPR if the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the party concerned do not outweigh the first-mentioned interest.
3. DATA DELETION AND STORAGE PERIOD
The users' personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage that goes beyond this can take place if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the data controller is subject. The data will also be blocked or deleted once a storage period stipulated under the mandatory norms referred to expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
We use so-called cookies on our website. Cookies are small text files that are stored on the storage medium of your terminal device, e.g. on a hard drive, and through which we, as the body that sets the cookie, receive certain information. Cookies cannot run programs or transfer viruses to your terminal device. This website uses the following types of cookies, the scope and functionality of which are explained below.
Cookies that are stored as part of your web browser:
- Transient cookies: These cookies are automatically deleted when you close your web browser. These include session cookies in particular. These store a so-called session ID, which can be used to assign various requests from your web browser to the joint session. This enables your device to be recognised when you return to our website. Session cookies are deleted as soon as you log out or close the web browser.
- Persistent cookies: These cookies are automatically deleted after a specified period, which can vary depending on the cookie. You can delete these cookies at any time in your web browser settings.
The processing of personal data by the above-mentioned cookies serves to make our website offer more user-friendly and effective for you overall. A number of our website functions cannot be offered without the use of these cookies. In particular, some functions of our website require that your web browser can still be identified after a page change. The data processed by cookies that are required to provide the functions of our website are not used to create user profiles.
Our legitimate interest in the processing of data lies in the purposes set out above. The legal basis is Article 6 (1) (f) of the GDPR.
The above cookies are stored on your terminal device and transmitted from the terminal device to our server. You can therefore configure the processing of data and information via cookies yourself. You can make appropriate configurations in the settings of your web browser, which you can use, for example, to reject third-party cookies or cookies altogether. In this context, we would like to point out that you may then not be able to use all the functions of our website properly. In addition, we recommend regularly deleting cookies and your browser history manually.
V. YOUR RIGHTS / RIGHTS OF THE DATA SUBJECT
Under the EU General Data Protection Regulation, you as the data subject have the following rights:
1. RIGHT OF ACCESS
You have the right to receive information from us as the controller regarding whether we are processing personal data relating to you.
Finally, you also have the right to request information regarding whether your personal data is being transmitted to a third country or to an international organisation. In this case, you can request information about the appropriate guarantees under Art. 46 of the GDPR associated with the transmission.
You can assert your right of access at: info(at)topconcept.com
2. RIGHT TO RECTIFICATION
If the personal data processed by us and relating to you is incorrect or incomplete, you have the right to have it corrected and/or completed. The correction will be made immediately.
3. RIGHT TO RESTRICTION
The right to restriction of the processing of your personal data
If the processing of the personal data concerning you has been restricted, this data - apart from its storage - may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State.
If there is a restriction on processing in accordance with the principles outlined, you will be informed by us before the restriction is lifted.
4. RIGHT TO ERASURE
If the reasons set out below apply, you can request the immediate erasure of the personal data concerning you. The controller is then obliged to erase this data immediately. The reasons are:
If we have made public the personal data relating to you and we are obliged to erase it in accordance with Article 17 (1) of the GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform the controller processing your personal data that you, as the data subject, have requested the erasure of all links to this personal data or of copies or replications of that personal data.
We would like to point out that the right to erasure does not exist if processing is required
- to exercise the right to freedom of expression and information;
- to fulfil a legal obligation that requires processing under the law of the Union or Member State law to which the controller is subject, or to perform a task that is carried out in the public interest or in the exercise of official authority that has been delegated to the controller;
- for reasons of public interest in the field of public health in accordance with Article 9 (2) (h) and (i) and Article 9 (3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR, insofar as the law mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
- to assert, exercise or defend legal claims.
5. RIGHT TO INFORMATION
If you have asserted the right to rectification, erasure or restriction of processing, we will be obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort. You also have the right to be informed about these recipients.
6. RIGHT TO DATA PORTABILITY
Under the GDPR, you also have the right to receive the personal data concerning you that has been provided to us in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit such data to another controller without hindrance from the controller to whom the personal data was provided.
Finally, as part of the exercise of the right to data portability, you have the right to have the personal data concerning you transmitted directly from one controller to another controller, insofar as this is technically feasible and the freedoms and rights of other persons are not impaired.
The right to data portability does not apply to the processing of personal data that is required to perform a task that is carried out in the public interest or in the exercise of official authority that has been assigned to the controller.
7. RIGHT TO WITHDRAW DECLARATION OF DATA PROTECTION-RELATED
You have the right to withdraw your declaration of data protection-related consent at any time. We would like to point out that the withdrawal of consent does not affect the legality of the processing carried out on the basis of the consent up to the moment of withdrawal.
8. RIGHT TO OBJECT
Furthermore, you have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data that is carried out on the basis of Article 6 (1) (e) or (f) GDPR. The right to object also applies to profiling based on these provisions.
The controller will no longer process the personal data relating to you unless the controller can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. This also applies to profiling insofar as it is associated with such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
You also have the option of exercising your right of objection in conjunction with the use of information society services (notwithstanding Directive 2002/58/EC) by means of automated procedures that use technical specifications.
9. AUTOMATED INDIVIDUAL DECISION-MAKING, INCLUDING PROFILING
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. There is an exception to this principle, however, if the decision
- is necessary for entering into, or performance of, a contract between you and the controller;
- is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- is based on your explicit consent.
If the processing is carried within the context of the cases mentioned in (1) and (3), the controller shall implement appropriate measures to safeguard the rights and freedoms as well as your legitimate interests. This includes at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
The decision referred to in (1) - (3) must not be based on special categories of personal data referred to in Article 9 (1) of the GDPR, unless point (a) or (g) of Article 9 (2) applies and suitable measures to safeguard the rights and freedoms as well as your legitimate interests are in place.
10. RIGHT TO COMPLAIN TO A SUPERVISORY AUTHORITY
Finally, if you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority can be found at:
VI. ELECTRONIC CONTACT
If you contact us by email, you consent to us processing the data we receive from you for the appropriate purpose. This can be for the purpose of answering inquiries, arranging appointments, etc.
The legal basis for the processing of this data after it has been recorded is Article 6 (1) (a) of the GDPR or Article 6 (1) (f) of the GDPR.
Your data will only be stored by us until the purpose of the processing has been fulfilled. After that, the data will be deleted. This does not apply if we are legally obliged (e.g. tax law) to keep this data longer.
VII. WEB FONTS
This site uses so-called web fonts provided by Google and Font Awesome for the uniform display of fonts. When you access a page, your browser loads the required web fonts into your browser cache in order to display text and fonts correctly.
A connection is not established via the Google and Font Awesome URL for this purpose. The characters (fonts) are loaded from our servers provided locally.
Your IP address will therefore not be stored on servers in third countries or of their subsidiaries within the EU.
Web fonts are used in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Article 6 (1) (f) of the GDPR.