Privacy Policy
We take the protection of personal data very seriously. Therefore, we strictly adhere to the rules of the data protection laws of the Federal Republic of Germany (BDSG) and the European Data Protection Regulation (GDPR).
Controller
Controller of the processing of your personal data is Pawlik Consultants GmbH, Zirkusweg 2, 20359 Hamburg, E-Mail: datenschutz@pawlik.de. You can reach our data protection officer at the above-mentioned postal address, with the addition ” To the Data Protection Officer ” or at the e-mail address: dpo@wiehl.legal.
Data processing for the provision of contractual services
You can contact us via our website and our contact data to request contractual services. You can also use the contact form on our website for this purpose. If you provide us with personal data this way or in another way with this purpose, we process your data for the answer of your requests, for the performance of the order/contract as well as for invoicing. We need your (company) name, your address data as well as your e-mail address. These data are necessary to enter into a contract with us.
In addition, we collect further data you provide within the contractual initiation or performance of the contract, which are not absolutely necessary for the performance of the contract, but which support the purpose and are useful for it, in particular to be able to provide better consulting services. For example, we may collect information about contact persons in your company (name, telephone number, e-mail address, department, position in the company) and information about your company (business sector, planned measures and budget plans, if you provide them).
Depending on the order/contract, we may require additional data; we will inform you on a case-by-case basis.
In the case of suppliers/service providers, we process the provided personal data to order and claim services and to pay for the services provided. For this we need the name, the name of your company (if different) the address data as well as the bank account data. We also use further data you provide in this way or another way for this purpose, but those data are not necessary to enter into a contract. Depending on the order/contract, we may require additional data; we will inform you on a case-by-case basis.
The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
Data processing for communication with you
In addition to the contract data, we process your communication data (names of contact persons, address, telephone number, fax number, e-mail address) in order to be able to contact you and communicate with you. Personal data that you provide to us by e-mail, the contact form on our website, by post or telephone will only be processed for correspondence with you or only for the purpose for which you have made the data available to us. For communication via the contact form on our website, we need at least your full name and e-mail address. If you would like us to call you back, we also need your telephone number.
The basis for this data processing is also Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Data processing for job applications
You can send us applications for jobs and apprenticeships in our company via our website and the contact details provided there. For information on data processing for applications, see https://www.pawlik.de/wp-content/uploads/2018/11/Informationspflichten-für-Bewerber-Pawlik-1.pdf.
Data processing for contact arrangement for applications
We broker potential candidates for jobs as agents. In this context, we address suitable candidates in social networks (of course within the scope of the local terms and conditions) and we ask whether there is interest in getting in contact with our clients.
If you do not give us your consent for the processing of your data, we will save your name and the date of our inquiry for the purpose of documenting our approach, not approaching you again and for respecting any objections.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in the efficient approach of potential candidates as well as in the avoidance of double approaches and approaches of persons who do not want to be approached by us.
If, after our approach, you send us application documents unasked or if you provide us with data in follow-up interviews/conversations or in any other way in this context, and you do not give us your express consent to process and/or to forward this data to our client/provider of a job, we process the data in preparation for the transfer to our client/provider of a job until we receive your consent or the contract with our client ends.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in the preparation for the transfer of to our client/provider of a job in the event that the corresponding consent, which we regularly ask for, is given. In this case, we do not have to request all data again.
Data processing for applications via our JobPortal
On our website, you have the possibility to send applications to us for jobs we broker as agents via our JobPortal. Information on data processing in the JobPortal can be found at https://jobportal.pawlik.de/pdf/datenschutzerklaerung_jobportal_10_2018.pdf.
Newsletter (Performance Impulse)
If you wish to subscribe to our newsletter, we need your first and last name, an e-mail address and information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receiving the newsletter. For this purpose, we will send a confirmation e-mail with a link (double opt-in) to the registered e-mail address. Only after clicking on this link the registration will be completed. The purpose of the procedure is to prove your registration and, if necessary, to clarify any possible abuse of your personal data. We do not collect any further data in this context. We use these data exclusively for the dispatch of the requested newsletter. If we use an order processor to send the newsletter, we will of course comply with the applicable data protection laws.
If you subscribe, you agree that we will send e-mails containing information on our Area of Expertise and on specialist blog contributions as well as on events, products and services of our company group to the deposited e-mail address on a regular basis. You can revoke your consent to receive these e-mails at any time. A text message to the contact data mentioned under point 1 (e.g. e-mail, fax, letter) is sufficient.
This data processing is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent at any time with immediate effect for the future.
Data processing for advertising purposes
We use the provided address data to send you product/service information, current price advantages and product/service offers of our company group by post.
The basis for data processing is Art. 6 para. 1 s. 1 f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. Our interest is the promotion and sale of our products and services.
In addition, we use your e-mail address for recommendations and information about our products and services of our company group by e-mail if you have already purchased products or services from us. You will receive these recommendations from us regardless of having subscribed to a newsletter. In this way we would like to provide you with information about other similar products and services that may be of interest to you based on your recent purchases/orders. Of course, we will strictly comply with legal requirements.
In addition, we use your telephone number to provide you with recommendations and information on our products and services by telephone. Of course we will also comply with legal requirements in this case.
If you no longer wish to receive any recommendations on products or services or any advertising messages from us, you can object at any time. A message in text form to the contact data (e.g. e-mail, fax, letter) mentioned above is sufficient.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override Our interest is economic and lies in the promotion and sale of our products and services.
Log files
Every time our website is accessed, usage data is transmitted through the respective internet browser and stored in log files, the so-called server log files. The data records stored in this way contain the following data: Date and time of access, name of the page accessed, IP address, referrer URL (originating URL from which you accessed the website), the amount of data transferred, as well as product and version information of the browser used and the operating system of your PC. The IP addresses of the users are deleted or made anonymous after the end of use. No evaluation or analysis of the data, except for statistical purposes and then only in anonymous form, take place. No personal “surf profiles” or similar are created or processed.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in ensuring data security on our website and in optimizing our website.
Cookies
Tracking with Matomo (formerly Piwik )
Our website uses the web analysis service Matomo for the analysis of the use of the pages. For this purpose, the information generated by a Matomo cookie about the use of this website is stored on our server. In contrast to other statistical programs, Matomo does not transmit any data to an external server; the program is installed on one of our servers located in Germany. IP addresses are anonymized before storage. Matomo cookies remain on your device until you delete them. The information generated by the cookie about the use of this website will not be disclosed to third parties. You can prevent the cookies from being placed on your computer by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.
If you do not agree with the storage and use of your data, you can deactivate the storage and usage. In this case, an opt-out cookie will be stored in your browser to prevent Matomo from storing usage data. If you delete your cookies, this will result in the Matomo Opt-Out cookie also being deleted. The opt-out must be reactivated when you visit our site again.
Matomo cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in the anonymous analysis of user behaviour in order to optimise both our website and any advertising on it.
Google Maps
This website uses the Google Maps map service via an API. Provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. We have no influence on this data transfer. You can find more information on the handling of user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
We use Google Maps in our interest to make our company locations indicated by us on the website easier to find.
Youtube
On our website videos are embedded. The videos are hosted on www.youtube.com, operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA, a company of Google Inc, and can be played directly from our site. The videos are all embedded in “privacy-enhanced mode”, so no personal data about you will be transmitted to YouTube if you do not click play. Only when you click on the video to play it, the data transfer as described below occurs, on which we have no influence.
After clicking on the video, a direct connection is established between your browser and the YouTube servers and data will be exchanged. Information about your use of this website (including your IP address) will be transmitted. The YouTube plug-in provides us with statistical values for retrieving individual videos embedded in the website without reference to the respective user. YouTube also does not store any data on user activity according to its own data protection declaration due to the privacy-enhanced mode. Further information can be found in the privacy policy of YouTube/Google (https://policies.google.com/privacy?hl=en&gl=en).
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. We are interested in the appealing representation of our website and online services, also using videos.
Social Plugins Sharrif
We use “Shariff”-Social-Media-Buttons from heise on our website. This tool prevents that your data is already transferred to the social networks when you call up the page, as it would otherwise happen with the usual share buttons. “Shariff” integrates these share buttons of the social networks on our website only as a graphic, which contains a link to the corresponding social network. However, if you actively click on the graphic, the corresponding data will be transmitted by you to the respective social network and you will be redirected to the service of the respective social network. We integrate the following social networks with “Shariff” on our website (including a link to the respective data protection settings / privacy policy):
– Facebook – https://www.facebook.com/about/privacy/
–LinkedIn – https://www.linkedin.com/legal/privacy-policy
– XING – https://privacy.xing.com/de/datenschutzerklaerung
– Twitter – https://twitter.com/de/privacy.
The basis for data processing is Art. 6 para. 1 s.1 lit. f GDPR, which permits the processing of data for purposes of the legitimate interests pursued by the controller, provided that the interests or fundamental rights and freedoms of the data subject do not override. Unsere Interessen sind wirtschaftlich und liegen in der Werbung für unserer Produkte und Dienstleistungen sowie in der leichteren Verbreitung der Inhalte unserer Website. Our interests are economic and lie in the advertising of our products and services as well as in the easier distribution of the contents of our website.
Data processing for the purposes of legitimate interests
We also process your data if it is necessary for purposes of legitimate interests of us or third parties. This may be the case in particular to guarantee IT security and IT operation, especially for support requests, to be able to understand and prove facts in case of legal disputes, for market and opinion surveys, to analyze the use of our website and/or to advertise other products from us or our cooperation partners.
The basis for data processing is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the data processing listed afore.
Data processing for the fulfilment of legal obligations
In addition, we process your data to fulfil legal obligations (e.g. regulatory requirements, commercial and tax storage and proof obligations). For this reason we collect e.g. your VAT number for contracts, as well as the VAT ID for international contracts.
The basis for data processing is Art. 6 para. 1 s.1 lit. c GDPR, which permits processing for the fulfilment of a legal obligation.
Categories of recipients of the personal data
Your contract and communication data will be forwarded to the responsible office and the responsible employees within our company for answering your inquiries, for communication, for the execution of the order or for the fulfilment of contractual obligations.
If necessary for the purpose of contract processing or for the dispatch and delivery of products or for the provision of our services, data is passed on to partner companies that have been commissioned to support the contract processing. Our partners commit themselves to comply with and observe the data protection regulations. Our partners are not permitted to use the data for any other purpose than the execution of the contract.
The basis for data processing is Art. 6 para. 1 s.1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
A transfer of applicant data for the purpose of brokering to employers/providers of a job, possibly supplemented by a statement, within the context of our agency contract with the respective employer, will only happen after prior consultation with you. This transfer of your provided data is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future. A message in text form (e.g. e-mail, fax, letter) is sufficient.
In other cases your personal data will only be passed on or otherwise transferred to third parties outside our company if this is necessary for the purpose of contract processing or invoicing or if you have given your prior consent or if there is a legal basis or obligation for the transfer.
Insofar as we make use of the services of third parties to carry out our services, we process personal data according to the provisions of the GDPR. Service providers who support us in providing our services to you are hosting providers, e-mail service providers, IT service providers, software-as-a-service providers, consulting service providers.
Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. We store your data on the basis of legal proof and storage obligations, which result among other things from the German Commercial Code and the German Tax Code, according to which the storage periods are up to ten full years. In addition, we keep data for the period during which claims can be asserted against our company (statutory limitation period of three years until the end of the year).
Data integrity
Your personal data is transmitted securely by encryption. We use the SSL (Secure Socket Layer) coding system. Furthermore, we protect our website and other systems using technical and organizational measures against unauthorized access, modification, distribution, destruction or loss of your data. Our security measures are constantly revised an improved in accordance with technical developments. However, we expressly point out that data transmission on the Internet has security gaps and cannot be completely protected against access by third parties, which applies in particular and above all to communication by e-mail.
Links to third-party sites
You will find links to third-party sites on our site. The respective site operators are responsible for the data processing there. Data processing begins as soon as you click on the respective link or follow the URL it contains.
On our site there is a link to the potential analysis tool scan.up, operated by scan.up AG, Zirkusweg 2, D-20359 Hamburg. The link is behind the button “Analysis of Potential”. The purpose and scope of the data collection and the further processing and use of the data by scan.up as well as the relevant rights can be found in scan.up’s privacy policy: https://www.scan-up.com/home/datenschutzerklaerung/
Our site also contains links to the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The link is recognizable by the LinkedIn logo (white „in“ in a black circle). The purpose and scope of the data collection and the further processing and use of the data by LinkedIn as well as the relevant rights can be found in LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.
Our site further contains links to the social network XING, operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The link can be recognized by the logo (stylized “X”). The purpose and scope of the data collection and the further processing and use of the data by XING as well as the relevant rights and privacy settings for users can be found in XING’s privacy policy: https://privacy.xing.com/en/privacy-policy
Finally, our site contains links to videos hosted on YouTube, part of Google Inc., located in San Bruno, California, USA. The purpose and scope of the data collection and the further processing and use of the data by YouTube/Google as well as the relevant rights can be found in Google’s privacy policy: www.google.de/intl/de/policies/privacy/.
Rights of the data subject
You have the right to request information about your stored personal data, their origin and recipients and the purpose of data processing and, if necessary, a right to correction, blocking or deletion of this data at any time within the scope of the applicable legal provisions.
You may also have the right to restrict the processing of your data and to have the data you provided received back and also transmitted in a structured, common and machine-readable format.
If you have given us your consent to process personal data for specific purposes, you can revoke your consent at any time with effect for the future.
If we process your data to protect legitimate interests, you may object to such processing for reasons arising from your particular situation.
You also have the right to contact a data protection supervisory authority and lodge a complaint.