IMPORTANT! PLEASE NOTE: You agree to the German Data Protection Statement which has been translated to English for your convenience only. The German Data Protection Statement is binding.
1. Information about the collection of personal data and provider identification
(1) We are glad that you are visiting our website www.hkp.com and that you have shown an interest in our company and its range of services. The protection of personal data is very important to us. All web activity undertaken by hkp Deutschland GmbH is carried out in accordance with the applicable legislation governing the protection of personal data and data security, in particular the GDPR (EU General Data Protection Regulation). This data protection notice tells you about how the information that is collected during your visit to our website is handled. Personal data is any information that relates to you, such as name, postal address, e-mail addresses or user behaviour. The male form is used as standard form of address solely for the purposes of simplification and better legibility. This is generally used to refer to people of all sexes unless suggested otherwise by the context.
(2) The entity responsible for processing your personal data (the data controller) is hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany. You can find further contact details in our website’s legal notice.
2. The collection of personal data for informational use
(1) Personal data is information that makes a person identifiable, which includes data such as his name and e-mail address but also data about his online behaviour. If you are just using the website for informational purposes, i.e. if you do not register to use the website or provide us with any other information, we do not collect any personal data except the data transmitted by your browser in order to facilitate your viewing of the website (these are often called log files, legal basis is Art. 6 (1) 1 f) GDPR. Log files are technically required by us so that it is possible for the website you have requested be sent to your computer and displayed to you. They are deleted within 7 days after accessing the website. The following are classified as log files:
- IP address
- Time and date of the request
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Quantity of data transmitted
- The website from which the request originates
- Type of browser
- Operating system and its interface
- Language and version of the browser software
(2) The log files are used for statistical analysis and for making improvements to the website (legal basis is Art. 6 (1) 1 f) GDPR. This allows us to recognise any errors such as broken links. In connection with your use of the website, data recorded includes the IP address of the computer you are using. Under some circumstances, it may be possible to identify website users via the IP address. However, we will not undertake analysis of IP addresses collected as described in paragraph (1) for such a purpose. The analysis of IP addresses is undertaken on a purely statistical basis, using anonymised data.
3. Use of our website’s functions
(1) Alongside the purely informational use of our website, we offer a range of services that you may use if you wish. To do so, you will generally need to provide additional personal data that we use in order to supply the relevant service. Any additional fields that are not compulsory are marked accordingly.
(2) Personal data shall only be collected if you provide us with it, by filling out contact forms or sending e-mails, during the course of placing an order for products or services, by submitting a query, or by requesting material. We then collect the information that has resulted from establishing contact. In particular, this information includes names and any contact details provided, the date and the reason for contacting us. We will only use the personal data we collect about you in order to supply you with the products or services you have requested (legal basis is Art. 6 (1) 1 b) GDPR), or for other purposes for which you have given your permission (legal basis is Art. 6 (1) 1 a) GDPR), and which are described in this data protection statement. Your consent, for example for setting cookies by third party providers or for web tracking by these providers, can also be given in the appropriate technical settings of your browser.
(3) When you contact us, your details will be stored for the purpose of processing your inquiry and any follow-up questions, and this for the duration of the business relationship and as long as any potential warranty, liability and guarantee claims exist (legal basis constituted by Article 6 (1) 1 b) and f) GDPR), but at least for the duration of statutory retention periods (legal basis Article 6 (1) 1 c) GDPR), and then deleted in accordance with section 4 (1) of this privacy statement, provided you have not consented to further data storage and provided no ongoing data processing is necessary for the purpose which it was originally gathered.
4. Use of our services, transmission of data
(1) If you opt to use our services and would like to order something, you are required to provide your personal details for the conclusion of the contract, we require these to process your order. Any additional information not necessary for the fulfillment of contracts is voluntary and marked as such. We will process the data supplied by you in order to process your order (legal basis Article 6 (1) 1 b) GDPR). Following the fulfillment of the contract, your contact, payment and order details will be stored for the duration of statutory retention obligations (Section 147 of the German Regulation of Taxation (AO): ten years, Section 257 of the German Civil Code HGB: six years calculated from the end of the year following the last date on which data was recorded) (legal basis constituted by Article 6 (1) 1 c) GDPR) and then deleted, unless you have consented to further data storage or further data processing is necessary for the assertion, exercise or defense of legal claims or for marketing communications (see also Section 5 (1) of this privacy statement). We will review the latter at the end of the third calendar year starting from the calendar year of the first instance of data storage.
(2) You will be given the option of opening a user account for using our services, whereby we can save your data for subsequent orders or information requests (legal basis Article 6 (1) 1 b) GDPR). The data provided by you when you set up an account will be stored; consent for this may be revoked at any time. In the case of hkp/// plus membership, we refer you to Section 5 of this privacy statement too.
(3) You can register for different events at www.hkp.com/events. We collect and process the following data for the purpose of processing your registration: First name, surname, email, company, role, zip code, city, country. By selecting “Accept privacy notice” at the end of the online registration process you agree to this (legal basis Article 6 (1) 1 b) GDPR). After registering, your data will be stored in our content management system (CMS) for the purpose of event organization and processed in connection with preparation for and the running of the event (legal basis Article 6 (1) 1 b) GDPR) and used subsequently for the purpose of providing information on relevant and related content (legal basis Article 6 (1) 1 f) GDPR).
(4) We use your data for the following purposes in event organization: Printing name tags and, where applicable, any participant list, briefing moderators, service providers or cooperating institutions and organizations (provided this is necessary for the provision of the service) and sending out materials relevant to the event.
(5) Any photos and videos shot by hkp/// group employees or service providers at the event will be used in print form, in electronic media and on social media as part of reporting on the event and transmitted to the press and media and contract processors and archived for this purpose. The legal basis for this is constituted by Article 6 (1) 1 f) GDPR. The data subject has a right to object for reasons associated with his specific situation. To do so, please refer to the photographer or directly to our staff on the ground.
(6) In order to process your order we also transmit your data to our main bank, as well as to logistics providers and any payment service providers selected by you (legal basis Article 6 (1) 1 b) GDPR). Our service providers may only process or use your data for the purpose for which it was transmitted to them, where necessary. You may access this data at any time. Where data has been sent to external service providers, we have undertaken the necessary technical and organizational measures to ensure that data protection regulations are observed. We may also transmit personal data for debt collection purposes (legal basis Article 6 (1) 1 b) and f) GDPR).
(7) Insofar as we provide a service upfront, i.e. in the case of payment installments or purchases on account, we can have the identity and creditworthiness of customer checked by a service provider, e.g. a credit reference agency, the same applies to identifying default risks for specific business transactions (legal basis of each constituted by Article 6 (1) 1 f) GDPR). Furthermore, we cannot exclude the possibility that we will use anonymized usage data to generate statistics (Section 27 of the German Federal Data Protection Act (BDSG)) and transmit this for market research purposes (Article 6 (1) 1 f) GDPR).
(8) Please note that, in some cases, we are also entitled by order of the competent authorities to share information in relation to data insofar as this is necessary for the purposes of prosecution, to assist national law enforcement agencies in inverting danger, for the fulfillment of the lawful duties of either the federal or the state Office for the Protection of the Constitution, the Federal Intelligence Service or the Military Counter-Intelligence Service or for the assertion of intellectual property rights (legal basis Article 6 (1) 1 c) GDPR).
(9) We also transmit data to recipients in Switzerland (Section 1 (6) 1 of the German Federal Data Protection Act (BDSG)) and recipients in other third countries, providing an adequacy decision has been adopted by the EU Commission. Otherwise we have no intention of transmitting your data to a recipient in a third country (not a member state of the EU or the EEA) or an international organization unless this is your country of residence and an adequacy decision has been adopted by the EU Commission or said transmission is necessary for the fulfillment of a contract which exists between us or for the assertion, exercise or defense of any legal claims. In regards to the possibility of a third-party provider in the USA gaining access to your data we refer you to Sections 9 to 12 of this privacy statement.
5. Advertisements for our customers, hkp/// plus membership and the newsletter
(1) We reserve the right to send you promotional materials for our offers in the field of “corporate consultancy with a focus on performance management, talent management and salary” using the email address supplied by you following the purchase of goods or a service. The same goes for the use of your address details for the purpose of advertising our own offers and third-party goods and services offer recommendations in this field by post. In this respect we also analyze certain personal aspects using an automated system in order to provide you with targeted information about our services. This analysis tool enables targeted communications and advertising including market and opinion research. The legal basis for this is constituted by Article 6 (1) 1 f) and Recital (47) GDPR. You have the right to reject advertising at any time (see section 6 (1) of this statement).
(2) Subscribing to a newsletter or registering as an hkp/// plus member on www.hkp.com gives you access to an extended range of information (legal basis Article 6 (1) 1 a) GDPR). For instance, we use our newsletter to provide you with regular information about challenges and solutions in the hkp/// group’s consultancy fields. We also give you an insight into current developments within the consultancy firm itself. hkp///plus membership grants you extended access to all member-authorized content on www.hkp.com, including exclusive studies and analyses by the hkp/// group. You can also benefit from extended features, such as quick registration for events.
(3) Irrespective of any order as defined under paragraph (1), we use what is referred to as the double opt-in method when it comes to registering for our newsletter and/or hkp/// plus membership. This means that, following your registration, we will send you a confirmation email to the given email address, asking you for confirmation that you wish to receive the newsletter and/or to join hkp/// plus. If you do not confirm this within 24 hours, your information will be blocked and automatically deleted after a month. Where you confirm your request to receive this, we will save your email address and other data provided by you until you unsubscribe from the newsletter and/or cancel your hkp/// plus membership. If you opt only to receive the newsletter and not for hkp/// plus membership, saving your details is all that is required to allow us to send the newsletter to you (legal basis Article 6 (1) 1 a) GDPR). Where you opt to joint hkp/// plus your data will be used to optimize your user experience with an enhanced range of information and features and, where applicable, events organization, should you choose to register for an event. In this respect we also analyze certain personal aspects using an automated system in order to provide you with targeted information. The legal basis for this is constituted by Article 6 (1) 1 a) and f) GDPR. Furthermore, upon registration for the newsletter or hkp/// plus membership and providing confirmation, we will save the IP address used by you and times of these activities in order to verify your registration and, where necessary, to identify any potential misuse of your personal data (legal basis Article 6 (1) 1 a) and c), Article 7 (1) GDPR). This data will be deleted unless a check at the end of the third calendar year starting from the calendar year in which the data was originally stored deems longer-term retention of the data necessary.
(4) The only data that must be supplied to register for the newsletter is an email address. Joining hkp/// plus requires entering your first name, surname, form of address and title, company and position as well as your email address. The provision of any other separately highlighted information is voluntary and is used to allow us to address you personally. This data will be deleted too upon revocation of consent following the expiry of the storage duration designated in paragraph (3).
(5) You may revoke your consent to the sending of the newsletter or cancel your hkp/// plus membership at any time. You can submit your newsletter cancellation request by clicking on the link present in every newsletter email, by sending a message to the contact details provided in the legal notice or to email@example.com. hkp/// plus membership can be canceled at any time too by sending a message to the contact details provided in the website legal notice or to firstname.lastname@example.org.
6. Right to object
(1) You can, at any time and with effect for the future, lodge an objection to the processing of your personal data for advertising purposes (legal basis is Art. 6 (1) 1 f) and Recital 47 GDPR. The same applies for an evaluation of certain features related thereto such as a data analysis. An objection to advertising can be provided informally, it can be carried out for example via a link in the newsletter or directly with us using the contact details mentioned in the legal notice.
(2) In addition, there is a right to object for reasons arising from your particular situation, to processing for other purposes which takes place based on a balancing of interests (Art. 6 (1) 1 f) GDPR). This may be the case when the processing is not required in particular to fulfil a contract with you. When exercising such an objection, we ask for an explanation of the reasons why we should not process your personal data as carried out by us. In the event your objection is justified, we will investigate the matter and will either adjust or adapt the data processing or point out our overriding protection-worthy reasons based on which we will continue the processing.
7. Data security
(1) We take measures in accordance with the state of the art to protect your data from loss, destruction, falsification, manipulation and unauthorised access. Where we have collected and recorded your data, it is saved on highly secure servers. Technical and organisational measures are in place to ensure that these servers are protected from loss, destruction, access, manipulation and from the unauthorised transmission of your data. Your data can only be accessed by a few authorised people. These people are responsible for the technical, commercial or editorial maintenance of the servers. All our staff are bound to observe confidentiality.
(2) We have contracted the technical operation (hosting) of the website to a service provider. This service provider manages the data processing on our behalf. The collection, processing and use of your data performed by the service provider is entirely subject to our instructions. The statements in this data protection statement also apply to this service provider in the same way.
- Transient cookies (temporary use)
- Persistent cookies (time-limited use)
- Third-party cookies (from third parties, see information listed separately).
(3) Transient cookies (legal basis is Art. 6 (1) 1 f) GDPR) are automatically deleted when you close the browser window. In particular, this includes session cookies. Session cookies save what is called a session ID, which is used to identify the various requests that your browser makes during a joint session. This allows your browser to be recognised when you return to the website. Session cookies are deleted when you log out or close the browser window.
(4) Persistent cookies are only used in connection with the web analytics services we use (legal basis is Art. 6 (1) 1 f) GDPR) and they are only used for as long as is required by that purpose; their lifetime is limited to a maximum of two years. You may delete the cookies from your computer’s hard drive at any time by using your browser’s data protection functions. This could result in the functions of the service being limited and it could become less user-friendly.
9. Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. 1600 Amphitheater Parkway, Mountainview, California 94043, USA (“Google”). Google Analytics uses what are called “cookies”, text files saved on your computer, which facilitate an analysis of your use of the website. The information generated by the cookie about your use of the website (including your IP address) is typically transmitted to and saved by Google on servers in the USA. Where IP anonymization is activated on this website, your IP address will first be truncated by Google within Member States of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area. The complete IP address shall only be transmitted to a Google server in the USA and truncated there in exceptional cases. Under the authority of the website operator, Google shall use this information to evaluate your use of the website, compile reports on website activity and to provide the website operator with additional services relating to website and Internet usage. Google may also transmit this information to third parties, insofar as this is prescribed by law or if third parties process this data on Google’s behalf.
(2) The IP address transmitted by your browser via Google Analytics will not be merged with other data by Google.
(3) Cookies are only saved based on a corresponding setting in your internet access software. You may prevent cookies from being saved by amending the corresponding setting in your browser software; we advise you, however, that in this case you may not be able to use the full functionality of the website.
(4) Furthermore, to prevent Google from collecting and processing the data generated by the cookie relating to your use of the website (including your IP address), you can download and install the browser plugin provided by Google and available through the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
(5) This website uses Google Analytics with the “_anonymizeIp” feature. This truncates IP addresses before they are further processed, which eliminates the possibility of direct personal identification. If a personal reference is attributed to the data collect on you, it will be immediately excluded and the personal data will thus be swiftly deleted.
(6) We use Google Analytics in order to analyse the usage of our website and regularly improve it. We can improve our service using the statistics obtained and make it more interesting for you as the user. For exceptional cases where personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. Legal basis for the usage of Google Analytics is Art. 6 (1) 1 f) GDPR.
10. Use of Vimeo
On our website we us a Vimeo plug-in for embedding and accessing video content. The legal basis for the use of this is constituted by Article 6 (1) 1 f) GDPR. Vimeo is operated by the company Vimeo LLC, whose registered offices are based at 555 West 18th Street, New York, New York 10011. If you access any of the pages of our website featuring a plug-in like this, a connection will be established to Vimeo’s servers, thereby allowing the plug-in to be displayed. In doing so, the Vimeo server obtains information with regard to which of our web pages you have visited. If you are logged into Vimeo as a member (of course this is not a requirement for viewing our videos), Vimeo assigns this information to your personal user account. By using the plug-in, i.e. by clicking on a video’s start button this information is sent to your user account too. You can prevent Vimeo from assigning this information to your account by logging out of your Vimeo user account before using our website and deleting the relevant Vimeo cookies. You can find out more about how data is processed as well as information on privacy at Vimeo at https://vimeo.com/privacy. Vimeo has subjected itself to certification under the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
11. Use of social media
(2) Log files and data on your user behavior are only transmitted if you end up on the platforms of third-party providers by clicking on share buttons or video content, such as social media services, provided you have an account there and are logged in. In this case your data will be assigned directly to the relevant provider of your existing account and saved there (in the case of US providers, in the USA). Because these providers generally collect data using cookies, we recommend that you delete all cookies in the security settings of your browser before clicking share.
(3) For instance, if you press the share button, thus setting up a link to a page, the social media platform provider saves this information in your user account too and may share this information with your contacts publicly too.
(4) If you are logged in with that provider, your usage data will be assigned directly to your existing account with the provider. We recommend that you log out regularly after using a social network, but especially before pressing any buttons so as to prevent the provider from making a correlation with your profile.
(5) Social media platform providers save this data to form user profiles and use these for the purposes of advertising, market research and/or customization of their website. This analysis is done (for users who are not logged in too) primarily to help display tailored advertising and to inform other users of the social network of your activities on our website. You have a right to object to the formation of these user profiles, but you must refer to the respective provider to exercise these rights. With sharing we offer you the opportunity to interact with social networks and other users so that we can improve our web presence and tailor it to you as a user. The legal basis for this is constituted by Article 6 (1) 1 f) GDPR.
(6) You can find out more about the purpose and extent of data collection and its processing by social media services in the privacy statements listed below. These will provide you with further information on your rights in relation to this and configuration options to protect your privacy:
a) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has subjected itself to certification under the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
b) Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has subjected itself to certification under the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
12. Third-party provider tools
(1) We use Adobe Typekit to display different font types on our website. Adobe Typekit is a service that enables access to a font library and which is provided by the company Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe). When you access a page, your browser loads the required web fonts in your browser’s cache in order to display text and fonts properly. No cookies are set or used in the course of providing the Typekit service for displaying fonts. In providing the Typekit service Adobe may record information about the font type which is used to identify the website itself and the associated Typekit account. You can find out more on the information page Privacy with Adobe Typekit and in the Adobe Privacy Guidelines. Adobe has subjected itself to certification under the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
(2) Our website uses graphics and statistics generated by Infogram. The data controller is Prezi Inc., 450 Bryant Street, San Francisco, CA 94107, USA. If you visit one of our pages where an Infogram graphic is embedded, a direct connection is established between your browser and the third-party provider’s server. Currently, it may be assumed that this involves at least the IP address and device-specific information being registered and used. Infogram provides information about the use of data in its privacy statement: https://infogram.com/privacy. You can block access to Infogram services via your browser. If you want to remove data that Infogram has collected in relation to your visit to our website pages, please refer directly to Infogram. You can find out more about your rights at https://infogram.com/privacy/gdpr-rights.
(3) Marketers can use Google Tag Manager to manage website tags via an interface. Tag Manager itself, which uses the tags, runs without cookies and doesn’t collect any personal data. Tag Manager is used to solely to remove other tags which themselves collect data under certain circumstances. There are corresponding declarations on each of these different third-party providers in this privacy statement. But Google Tag Manager does not use this data. If you have configured or otherwise effected the disabling of cookies, this will be noted for all tracking tags that have been used with Google Tag Manager, i.e. the tool does not change your cookie settings. Google might ask you for permission to pass on some product data (e.g. your account information) to other Google products to enable certain functions, e.g. to make it easier to add new conversion tracking tags for AdWords. Google developers also review information on product use from time to time in order to further optimize the product. However, Google will never pass on this type of data to other Google products without your consent. Google has subjected itself to certification under the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
(4) We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry pursues these objectives alone and does not analyze any data for advertising purposes. Users’ data such as, for example, data relating to the device or the time of error, is collected anonymously and not used in relation to a specific person and then deleted. You can find out more about this in Sentry’s privacy statement: https://sentry.io/privacy/. Sentry has subjected itself to certification under the EU-US Privacy Shield Framework, https://www.privacyshield.gov/EU-US-Framework.
(5) The legal basis for the use of the method outlined in Section 12 is Article 6 (1) 1 f) GDPR.
13. Further information in line with the GDPR
(1) This privacy statement applies to this website alone (www.hkp.com). To keep you best informed, our pages feature links that lead to third-party sites. Where this is not obviously recognizable, we will inform you that it is an external link. This privacy statement does not cover these other providers. After leaving this website it is recommended that you read the privacy guidelines of each website carefully.
(2) Within the given statutory framework you have the right to request access to data, the right to rectify incorrect data, to restrict processing, a right to object (see Section 6. of this privacy statement) and a right to erasure (Articles 15 to 18, 21 GDPR, Sections 34, and 35 of the German Federal Data Protection Act (BDSG)). With regard to any of your personal data supplied to us by you, for instance via an input mask or a contact form, based on consent or for the purposes of the fulfillment of a contract existing between us, you have the right to receive the personal data in a structured, commonly used and machine-readable format (Article 20 GDPR). You may assert these rights using the contact details listed in paragraph (2).
(3) Insofar as the processing of your data is based on consent (legal basis Article 6 (1) 1 a) GDPR), you are entitled to revoke said consent at any time without the legality of the processing carried out up until the point of revocation being affected. Circumstances in which permission is granted under the law shall remain unaffected by any such revocation.
(4) We have appointed a commissioner for data protection. The contact details are as follows: Mr. Jörg Müller, hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, email@example.com.
(5) You have the right to lodge a complaint with a data protection supervisory authority, i.e. the Hessian Commissioner for Data Protection in whose jurisdiction we lie, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
(6) Your request or the respective contractual agreement results in an obligation to provide your data. Without providing requested mandatory details, it will not be possible to place an order, subscribe to the newsletter, join hkp/// plus or register for an event.
(7) No automated decision-making or profiling as defined under Article 22 (1) and (4) GDPR takes place.
14. Changes to the privacy statement
We will update this statement if need be to adapt it to changes relating to the content of the website as well as any legal changes generally. This shall however apply only to statements on data processing. Insofar as user consent is necessary or parts of the privacy statement contain provisions of the contractual relationship with users, these changes will only be made with the consent of users.
Last updated: May 2019