Privacy information

Consileon Business Consultancy GmbH

Privacy information

(Information according to Art. 13, 14 DSGVO)

We are pleased that you are interested in our company and have therefore contacted us. In accordance with Art. 13 DSGVO, we would like to provide you with the following information on the processing of your personal data in connection with your contact.

Responsible person in the sense of data protection law

Consileon Business Consultancy GmbH
represented by the managing
Partner Dr. Joachim Schü (in the following “we”)
Maximilianstr. 5, 76133 Karlsruhe

Data protection officer of the responsible person

You can reach our data protection officer at

or in written form via our postal address with the reference “Attn: Data Protection Officer”.

Which of your data do we process and for what purposes?

We process your personal data. This is any information relating to an identified or identifiable individual (Art. 4 (1) DSGVO). In the course of business, we process contact data of our customers and their employees, business partners and other third parties. We also process payment data and, where applicable, other information on personal and economic circumstances, insofar as this is necessary for the provision of our services. We also process data that we do not receive from you directly, but from customers or other third parties. In this context, we also include data from publicly accessible sources, namely directories, registers and the freely accessible Internet. We process the data that you have transmitted to us in connection with your contact (e-mail, business card, inquiry, telephone call). This is done, for example, to initiate a business relationship, to fulfill your request for information or, in general, to be able to communicate with you. In addition, storage and processing may occur because they are required by law. We also process your necessary data for the conclusion and performance of a contract concluded between us.

The legal basis for processing your personal data in these procedures is primarily Art. 6 para. 1 lit. f) DSGVO (legitimate interests, e.g. in terms of a desired business initiation or fulfillment of a request for information) and Art. 6 para. 1 lit. b) DSGVO (for contract fulfillment).

How long will the data be stored?

The collected data is stored as long as it is needed, i.e. it is required to achieve the purpose for which it was collected. In addition, we store personal data due to tax and commercial law retention and documentation obligations (e.g. from HGB, StGB or AO), according to which we are obliged to store for a longer period. Further storage will take place if you have consented to this or if there is a further justified interest in accordance with Art. 6 Para. 1 Sentence 1 lit. f) DSGVO. If several retention periods come into consideration, the longest period is decisive in each case.

Who is the recipient of data? To whom is your data disclosed?

The personal data collected through the contact will not be disclosed to third parties, unless required by law, necessary for the performance of contractual obligations, required by the legitimate interests of third parties or agreed upon based on your consent. Among these measures, the following recipients may be considered: processors commissioned by us, authorities, public organizations, customers and partners. A transfer to countries outside the European Economic Area will only take place if they can demonstrate an adequate level of data protection confirmed by the EU Commission, further if corresponding data protection guarantees exist, it is necessary for the fulfillment of contractual obligations or if you have given us consent in this regard. In the course of fulfilling the contract, we will, if necessary and subject to your consent, involve affiliated companies of the Consileon Group that are subject to confidentiality (for a list, see the Appendix) in order to provide you with the best possible advice. We use technical support services, as well as IT maintenance, hosting services, and services for the disposal and destruction of files and data carriers. In this context, it cannot be ruled out that data will be passed on to these service providers. Therefore, we conclude a contract on commissioned processing within the meaning of Art. 28 DSGVO with the respective service provider to ensure compliance with data protection.

Where is the data processed?

The personal data is processed in our internal systems, by the processors contracted by us and in data centers in the Federal Republic of Germany.

How is the data backed up?

We are obligated to regularly back up data to the required extent. We must also comply with the technical and organizational requirements pursuant to Art. 32 DSGVO, in particular we must protect the systems subject to our access against unauthorized disclosure, storage, modification and other unauthorized access or attacks of any kind by employees or other third parties. To this end, we shall take appropriate measures to the necessary extent in accordance with the latest state of proven technology, in particular to protect against viruses and other malicious programs or program routines, as well as other measures to protect its equipment, in particular to protect against burglary.

What are your rights as a data subject?

You have the right to information about the personal data we process about you (Art. 15 DSGVO). In the case of a request for information that is not made in writing, we ask for your understanding that we may then require evidence from you that proves that you are the person you claim to be. You have the right to rectification, deletion or restriction of processing, insofar as you are entitled to this by law (Art. 16 – 18 DSGVO). You have the right to object to processing, insofar as you are entitled to do so by law (Art. 21 DSGVO). You have the right to data portability, insofar as you are entitled to this by law (Art. 20 DSGVO). If the personal data was collected because you gave a declaration of consent to this, you have the right to revoke this consent at any time without giving reasons (Art. 7 (3) DSGVO). You have a right of appeal. This gives you the opportunity to complain to the competent supervisory authority (State Data Protection Commissioner) if you believe that we are not processing your personal data correctly (Art. 77 DSGVO). The competent supervisory authority is usually the supervisory authority of your regular place of residence.

The supervisory authority responsible for Consileon Business Consultancy GmbH is: The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg

The supervisory authority responsible for Consileon Frankfurt GmbH is: The Hessian Commissioner for Data Protection and Freedom of Information

If you wish to exercise your right to complain to the supervisory authority, we invite you to contact us beforehand and approach us again (e.g. at e-mail:

Right to appeal

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation.If you wish to exercise your right of withdrawal or objection, an email to