Privacy information

Privacy Information | Consileon | Management and IT Consulting

In accordance with Art. 13 GDPR, we would like to provide you below with information regarding the processing of your personal data in connection with contact with you or your company/employer. These privacy information notices cover all processing of personal data concerning our business partners, customers, clients, contractors, prospective customers, etc., that do not exclusively concern the processing of personal data on our homepage — the latter can be found under Privacy Policy — or, in individual cases for special purposes, are presented in separate privacy notices.

Responsible person in the sense of data protection law

Consileon Business Consultancy GmbH (in the following “we”)
represented by the managing Partner Dr. Joachim Schü
Maximilianstr. 5, 76133 Karlsruhe
E-Mail: info@consileon.de

Data protection officer of the responsible person

You can reach our data protection officer at
natalie.dittrich@consileon.de
or in written form via our postal address with the reference “Attn: Data Protection Officer”.

Which of your data do we process and for what purposes?

a) Communication

As part of our business activities, we process (contact) data (in particular first and last name, telephone number, e-mail address, postal address) of our customers, contractors, business partners and their employees or service providers, as well as other third parties, and engage in communication with them, during which additional personal data may arise. In this context, we also process data that we do not receive directly from you but from customers or other third parties.

This takes place, in particular, in order to initiate a business relationship, to perform our contractual obligations towards our customer, to organize and manage our company, to comply with legal obligations, or generally to be able to conduct communication with you.

The legal basis for the processing of your personal data is primarily Art. 6 (1) lit. f GDPR (legitimate interests, e.g., in the sense of desired business initiation, fulfillment of our contractual obligations towards our customers, organization of our company, or fulfillment of an information request) and Art. 6 (1) lit. c GDPR (compliance with legal obligations).

The collected data will be stored as long as it is needed, i.e., required for the purpose for which it was collected. In addition, we store personal data due to tax and commercial law retention and documentation obligations (e.g., from the German Commercial Code (HGB), German Criminal Code (StGB) or German Fiscal Code (AO)), which require us to store it for longer periods. Communication data such as e-mails and telephone notes are usually stored as business letters for 6 years until the end of the year. Connection records and MS Teams communication are subject to a shorter deletion period.

b) Customer Relationship Management

We process your data in our CRM system — our system for the targeted, legally compliant and effective management and maintenance of business partner and customer relationships — to manage sales communication with business partners and customers, as well as to be able to organize and maintain our marketing and sales activities in general.

For this purpose, we mainly process the following personal data: name, title and salutation, company affiliation, contact details (e-mail address, telephone number, postal address), communication history or excerpts thereof, any contract and offer data, and other business information relevant to the cooperation.

We may also include data from publicly accessible sources, namely directories, registers, and the publicly available internet.

The legal basis for the processing of your personal data is Art. 6 (1) lit. f GDPR (legitimate interest in efficient customer and business partner management).

c) Sales Approaches, Direct Marketing, Newsletter

To maintain the existing business relationship or partnership, we keep direct contact with our contacts and, on occasion, inform you personally about topics and offers of the Consileon Group that may be of interest to you. For this purpose, we mainly process the following personal data: first name, last name, title and salutation if applicable, company affiliation, contact details (e-mail address), any communication history or excerpts thereof, and any contract and offer data.

The legal basis for the processing of your personal data is Art. 6 (1) lit. f GDPR (legitimate interest in maintaining business relationships and acquiring new contracts and projects).

In addition, we offer you the possibility to subscribe to our e-mail newsletter about our company, our offerings, and topics of the Consileon Group. For this purpose, we process the following information from you: first name, last name, salutation, title if applicable, e-mail address, information on your consent including confirmation of the newsletter subscription.

The legal basis for the processing of your personal data in this respect is solely your consent pursuant to Art. 6 (1) lit. a GDPR.

As part of the newsletter distribution, we track opening data (date and time of loading the embedded tracking pixel, technical features such as browser type, operating system, location data if applicable) as well as bounce data including the time and type of returns (soft bounce, hard bounce). We have a legitimate interest in this pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

Who is the recipient of data? To whom is your data disclosed?

Your personal data will not be shared with third parties unless required by law, necessary due to legitimate interests, or agreed upon based on your consent. Entities commissioned by us as processors are not considered third parties. We are happy to provide you with a corresponding list of our processors.

We inform you that, even without commissioned data processing, your personal data may be transferred to other companies of the Consileon Group if we have a legitimate interest in doing so (Art. 6 (1) lit. f GDPR). Legitimate interests include, in particular, joint sales purposes, initiation of subcontracting, or the defense and enforcement of legal claims. A list of group companies as well as the cases of personal data transfers is available upon request.

What are your rights as a data subject?

You have the right to:

  • withdraw your consent pursuant to Art. 7 (3) GDPR at any time. This means that we will no longer be permitted to continue the data processing that was based on this consent in the future.
  • request information pursuant to Art. 15 GDPR about your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data if not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
  • request rectification pursuant to Art. 16 GDPR without undue delay of inaccurate or incomplete personal data stored by us.
  • request erasure pursuant to Art. 17 GDPR of your personal data stored by us, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of legal claims.
  • request restriction pursuant to Art. 18 GDPR of the processing of your personal data where the accuracy of the data is contested by you, the processing is unlawful but you oppose erasure, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
  • request data portability pursuant to Art. 20 GDPR to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format or to request the transfer to another controller.
  • lodge a complaint pursuant to Art. 77 GDPR with a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or work, or of our registered office (State Commissioner for Data Protection and Freedom of Information Baden-Württemberg).

The supervisory authority responsible for Consileon Business Consultancy GmbH is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
https://www.baden-wuerttemberg.datenschutz.de/kontakt/

The supervisory authority responsible for Consileon Frankfurt GmbH is:
The Hessian Commissioner for Data Protection and Freedom of Information
https://datenschutz.hessen.de/

If you wish to exercise your right to lodge a complaint, we invite you to contact us first and reach out to us again (e.g., via e-mail to info[at]consileon.de or datenschutz[at]consileon.de).

Right to appeal

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, provided that there are reasons for doing so arising from your particular situation, or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without you having to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, an e-mail to datenschutz[at]consileon.de is sufficient.