Privacy Policy

We are very pleased about your interest in our company. The protection of your privacy when processing personal data as well as the security of all business data is of importance to the management and employees of Drozak Consulting GmbH.

Responsible according to Art. 4 para. 7 GDPR

Drozak Consulting GmbH
Leibnizstrasse 53
10629 Berlin
Germany
E-Mail:     berlin@drozak.com
Phone:     +49 30 / 30 67 33-0
Website:     www.drozak.com

Data protection officer of the responsible

Dr. Ralf W. Schadowski
E-Mail:     privacy@drozak.com
Phone:     +49 241 / 44688 25

Definitions

a)    Personal Data
Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b)    Processing
Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c)    Restriction of Processing
the marking of stored personal data with the aim of limiting their processing in the future.

d)    Profiling
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

e)    Pseudonymisation
The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

f)    Controller
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

g)    Processor
A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

h)    Third Party
A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

i)    Consent
Any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

§ 1 Lawfulness of the processing of personal data

(1) Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis.

(2) In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. lit. b GDPR serves as the legal basis. This also applies to processing operations necessary for the performance of pre-contractual measures.

(3) Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

(4) Insofar as vital interests of the data subject or of another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

(5) If the processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

 

§ 2 Data deletion and storage duration

(1) The personal data of the data subject shall be erased or blocked as soon as the purpose of the storage is no longer valid.

(2) Data may also be stored if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the data controller is subject.

(3) Data shall also be blocked or deleted when a storage period prescribed by the standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.

 

§ 3 Information on the collection of personal data

(1) In the following we inform about the collection of personal data when using our website. Personal data are all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data collected in this context after storage is no longer required or restrict processing if there are legal storage obligations.

(3) If we would like to use contracted service providers for individual functions of our offer or use your data for advertising purposes, we will inform you in detail about the respective processes below. In this context, we will also state the defined criteria for the storage period.

Collection of personal data when visiting our website
If you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure stability and security (legal basis for this is Art. 6 para. 1 p. 1 lit. f GDPR):

  • IP address
  • Hostname
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Amount of data transmitted in each case
  • Website from which the request comes (referrer)
  • The specific pages of our website that you have called up
  • Browser: Type, version and set language
  • Operating System: type and version
  • With JavaScript enabled as well:
    • Screen resolution
    • Colour depth
    • Size of the browser window
    • Installed browser plugins

 

Use of cookies

Cookies are small files that are stored on your hard disk in accordance with the browser you are using and through which certain information is transmitted to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective. In addition to the above-mentioned data, the following cookies are stored on your computer when you use our website based on your active consent in our cookie banner:

Category Essential Cookies (Required Cookies)

Cookie name Purpose Duration
has_js This cookie determines whether JavaScript is enabled so that Drupal can function more efficiently and thus become more user-friendly. Session
cookie-agreed, cookie-agreed-categories This cookie recognizes whether the user has already accepted the use of cookies and controls the visibility of the cookie disclaimer. 100 Days HTTP Cookie

 

Category Tracking Cookies

Cookie name Purpose Duration
_ga Google registers a unique ID that is used to generate statistical information about how visitors use the website. 2 Years HTTP Cookie
_gat Google Is used by Google Analytics to limit the request rate. 1 Day HTTP Cookie
_gid Google registers a unique ID that is used to generate statistical information about how visitors use the website. 1 Day HTTP Cookie

Further information on the Google Analytics plugin used can be found in § 6 Web Analytics.

§ 4 Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services which you can use if you are interested. For this purpose, you will generally have to provide additional personal data which we use to provide the respective service and to which the data processing principles apply. Mandatory information is marked with an asterisk. Information in fields not marked in this way is purely voluntary.

(2) If you contact the service provider by e-mail or via the contact form, personal data is collected. Which data is collected in the case of a contact form can be seen from the respective contact form. Alternatively, it is possible to contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored in order to process your request.

(3) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

1. Use of our application form

(1) On our website you have the possibility to apply online for jobs or apprenticeships offered by us via our application form. Within the scope of the online application you provide us with personal data. It is particularly important to us that we handle your personal data confidentially during the application process. It is therefore a matter of course for us to treat all personal data that you entrust to us with strict confidentiality and responsibility, in compliance with the applicable statutory data protection regulations. We use technical and organizational security measures to protect your personal data from accidental or deliberate manipulation, loss, destruction or access by unauthorized persons. When personal data is collected and processed, it is transmitted in TLS-encrypted form to prevent misuse of the data by third parties.
The lawfulness of the processing of personal data that you send us in the context of your application is basically the implementation of pre-contractual measures initiated by your application in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. If the data, you send us for application purposes also contains particularly sensitive data of a special category in accordance with Art. 9 para. 1 GDPR, we will process this data on the legal basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a, which we will therefore obtain from you on a binding basis as explained in more detail in para. 3.

(2) If you would like to apply online for a job offer or training position, this requires the entry of certain personal data marked with mandatory fields in the respective online application form, such as first and last name, e-mail address and telephone number. To enable us to better meet your application requirements, you also have the option of voluntarily sending us additional data and files, e.g. details of your professional qualifications and experience, and files containing your application documents, such as your personal cover letter, CV, application photo, certificates, etc.
Please note that in particular CVs, certificates or any other data you provide for the purposes of the application may also contain particularly sensitive data, such as details of race or ethnic origin, political opinions, religious or philosophical beliefs, trade union or political party membership, physical or mental health or sex life.

We therefore recommend that, if possible, you do not provide information regarding such sensitive data of a particular category.

(3) It cannot be ruled out and in individual cases it is necessary that you provide us with data of a special category as listed in paragraph 2 within the scope of your application. The processing of such data without your consent is prohibited by law. Therefore, your data and uploaded files entered in the online application form will only be transmitted to us after you have declared by clicking the corresponding checkbox that you consent to the processing of this sensitive data of special category in accordance with this data protection declaration. Unfortunately, it is not possible to use our application portal without this consent.

(4) The data and files you provide will be stored and used exclusively for purposes connected with the recording and processing of your interest in employment or training with us and the processing of your online application, including the necessary contact with you. Your application will be treated confidentially and will only be disclosed to authorized employees of Drozak Consulting GmbH. If your application is successful, the data and files you provide may be used further in the context of the employment relationship with you. If your application for a job offer is not successful, we will keep the data and files you have submitted in our applicant database for 3 months in order to be able to answer any questions you may have in connection with your application. After this period, the data and files will be deleted automatically.

(5) Your data and files submitted as part of the online application will not be passed on to third parties unless you have given your express consent or an official order to do so.

(6) You have the possibility to withdraw your application in whole or in part at any time. You can also request at any time that all or some of your transmitted data and files be deleted or changed from our applicant database. Likewise, you are entitled to revoke your consent to the processing of the personal data and files transmitted by you within the scope of the online application at any time with effect for the future. For this purpose, it is enough to send an e-mail to jobs@drozak.com. Certain data relating to your application must, however, be stored for a limited period of 3 months in order to comply with legal requirements, the obligation to provide evidence under the General Equal Treatment Act (AGG). Regarding your fundamental rights, we would like to refer you to § 2 of this data protection declaration.

§ 5 Rights of the data subject

In the following, we will inform you about your rights as a data subject according to Art. 15 GDPR. You can exercise these rights at any time and therefore contact us directly. If you claim these rights from us, we will examine them in detail, considering the legal requirements and conditions associated with them. For this purpose, we may ask you for further information. We will explain the results of our examination and our procedure for fulfilling your request in detail. It is possible that we will not be able to fully meet your requirements in the manner you have requested.
This should not prevent you from asserting your rights against us or from asking us about them. We will gladly answer all your questions.

(1) Right of access by the data subject
In accordance with Art. 15 GDPR, you have the right to request information from us at any time as to whether and which data relating to your person are being processed by us. This also includes information on the purposes of processing, if applicable to recipients to whom we have disclosed data about you, the planned storage period and, if applicable, information on the origin of this data, unless we have collected it directly from you. Furthermore, you have the right to receive a one-time copy of your personal data stored with us free of charge. We reserve the right to charge a reasonable administration fee for making subsequent copies.

(2) Right to rectification
In accordance with Art. 16 GDPR, you have the right to demand that we correct inaccurate data that we have stored about you. This also includes the right to complete incomplete personal data.

(3) Right to erasure (‚right to be forgotten’)
You have the right to demand that we delete data that we have stored about you. If we have published data about you, this also includes our obligation, within the framework of the "right to be forgotten" in accordance with Art. 17 Para. 2 GDPR, to forward your request for deletion, considering available technology and implementation costs, all links to this data as well as copies or replications of this data concerning other persons responsible for processing this published personal data.

(4) Right to restriction of processing
In accordance with Art. 18 GDPR, you have the right to demand that we restrict the processing of data that we have stored about you. Thereafter, processing of this data will only be possible with your consent or for a limited number of legally defined purposes.

(5) Right to object
Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing in accordance with Art. 21 GDPR. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is described by us in the following description of the functions. If you exercise such an objection, we would ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your objection to advertising via the contact channels listed above.

(6) Right of withdrawal of a data protection consent
If you have given your consent to the processing of your data, you can revoke this consent at any time in accordance with Art. 7 Para. 3 GDPR. Such revocation will affect the permissibility of processing your personal data after you have given it to us.

(7) Right to data portability
In accordance with Art. 20 GDPR, you have the right to receive from us data relating to your person which you have provided to us in a structured, common and machine-readable format for the purpose of transfer to another responsible party. At your request and taking into account the existing technical possibilities, this also includes direct transfer from us to the other responsible party.

(8) Right to lodge a complaint with a supervisory authority
In accordance with Art. 13 GDPR, you have the right to complain at any time to a data protection supervisory authority about our processing of data relating to your person. The supervisory authority responsible for Drozak Consulting is: Berlin Commissioner for Data Protection and Freedom of Information; Maja Smoltczyk, Friedrichstr. 219, 10969 Berlin, Phone: +49 (0)30 13889-0, Fax: +49 (0)30 2155050, E-Mail: mailbox@datenschutz-berlin.de

(9) Automated individual decision-making, including profiling
They have the right to obtain information on the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended impact of such processing on the data subject.

§ 6 Web Analytics

The lawfulness of the use of all web analysis tools listed in this section is Art. 6 para. 1 p. 1 lit. f GDPR, i.e. the protection of our legitimate interests in consideration of the interests of our website visitors. Our interest is the analysis of the use of our website by our website visitors in order to improve our offer and to make it more interesting for you as a user by means of the statistics thus obtained. If the analysis tool used also serves other purposes or we use it for other interests of ours, we will inform you about this directly in the explanations of the respective analysis tool.  

1. Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service of Google Inc. in so far as you have agreed to cookies of the category "Tracking Cookies". ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyses how users use the site. The information generated using cookies about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet.

(2) The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". This allows IP addresses to be processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you contains a personal reference, this is immediately excluded, and the personal data is immediately deleted.

(5) For the exceptional cases in which personal data is transferred to the USA, Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(6) Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
User conditions: http://www.google.com/analytics/terms/de.html
Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html
Privacy policy: http://www.google.de/intl/de/policies/privacy.

§ 7 Social Media and other third-party services

1. Use of social media plug-ins

(1) We currently use the following social media plug-ins: Twitter, Facebook, LinkedIn and Xing. We use a data protection-friendly implementation technique ([2-click method OR Shariff]). This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. You can recognize the provider of the plug-in by the marking on the box by its initial letter or logo. We give you the opportunity to communicate directly with the provider of the plug-in via the button. Only if you click on the marked box and thereby activate it, the plug-in provider will receive the information that you have accessed the corresponding website of our online offer. In addition, the data mentioned under § 5 of this declaration will be transmitted. In the case of Facebook and Xing, the IP address will be anonymized immediately after the data is collected, according to the respective providers in Germany. By activating the plug-in, your personal data is thus transmitted to the respective plug-in provider and stored there (in the case of US providers in the USA). Since the plug-in provider collects data via cookies, we recommend that you delete all cookies via your browser's security settings before clicking on the greyed-out box.

(2) We have no influence on the collected data and data processing procedures, nor are we aware of the full scope of data collection, the purposes of processing, the storage periods. We also have no information on the deletion of the collected data by the plug-in provider.

(3) The plug-in provider stores the data collected about you as user profiles and uses this data for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (also for users who are not logged in) for the purpose of presenting need-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact the respective plug-in provider in order to exercise this right. Through the plug-ins we pursue our interest in offering you the opportunity to interact with the social networks and other users, so that we can improve our offer and make it more interesting and attractive for you as a user. The legal basis for the use of the plug-ins is Art. 6 para. 1 p. 1 lit. f GDPR.

(4) The data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect from you will be assigned directly to your account with the plug-in provider. If you click on the activated button and, for example, link to the page, the plug-in provider will also save this information in your user account and share it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as you can then avoid being assigned to your profile with the plug-in provider.

(5) Further information on the purpose and scope of data collection and processing by the plug-in provider can be found in the data protection declarations of these providers, as notified below. There you will also find further information on your rights and settings to protect your privacy.

(6) Addresses of the respective plug-in providers and URL with their data protection information:

a) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.

b) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.

c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has submitted to the EU-US privacy shield, https://www.privacyshield.gov/EU-US-Framework.

d) Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.

2. Integration of YouTube videos

(1) We have included YouTube videos in our online offering, which are stored at http://www.YouTube.com and are integrated from our website. We use a data protection-friendly implementation technique (2-click method). This means that when you visit our site, no personal data is initially passed on to the providers of the plug-ins. Only when you click on the preview image of the video, the data mentioned in paragraph 2 will be transferred. We have no influence on this data transfer. With the integration of YouTube videos, we pursue our interest in making our website more interesting and attractive for our visitors and to achieve a better presentation of contents or facts. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. f GDPR.

(2) This is done regardless of whether YouTube provides a user account that you are logged in with or no user account exists. If you are logged in to Google, your information will be associated directly with your account. If you don't want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation is carried out (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube in order to exercise this right.

(3) For more information on the purpose and scope of data collection and processing by YouTube, please see the Privacy Policy. There you will also find further information on your rights and settings to protect your privacy: YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland; https://policies.google.com/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

3. Integration of Vimeo

(1) We have included Vimeo videos in our online offer, which are stored on http://www.vimeo.com and integrated from our website. We use a data protection-friendly implementation technique (2-click method). This means that when you visit our site, no personal data is initially transferred to the providers of the plug-ins. Only when you click on the preview image of the video, the data mentioned in paragraph 2 will be transferred. We have no influence on this data transfer. are and can be played directly from our website. With the integration of Vimeo videos, we are pursuing our interest in making our website more interesting and attractive for our visitors and to achieve a better presentation of content or facts. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. f GDPR.

(2) For more information about the purpose and scope of data collection and processing by Vimeo, please read the privacy policy. There you will also find more information about your rights and settings to protect your privacy: Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA; https://vimeo.com/privacy.

4. Integration of Google Maps

(1) On this website we use the offer of Google Maps. In this way, we are pursuing our interest in increasing the attractiveness of our website by displaying interactive maps directly on our website and allowing you to use the map function conveniently. The legal basis for the use of the plug-in is Art. 6 para. 1 p. 1 lit. f GDPR.

(2) By visiting the website, Google receives the information that you have called up the corresponding subpage of our website. In addition, the data mentioned under § 5 of this declaration is transmitted. This happens regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in at Google, your data will be assigned directly to your account. If you do not want your profile to be associated with Google, you must log out before activating the button. Google stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out (even for users who are not logged in) for the purpose of providing needs-based advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the creation of these user profiles, whereby you must contact Google in order to exercise this right.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider's privacy policy.

(4) Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
    User conditions: http://www.google.com/analytics/terms/de.html
    Data protection overview: http://www.google.com/intl/de/analytics/learn/privacy.html
    Privacy policy: http://www.google.de/intl/de/policies/privacy.

Updated: 23.03.2020