IMPORTANT! PLEASE NOTE: You agree to the German Data Protection Statement which has been translated to English for your convenience only. The German Data Protection Statement is binding.
1. Information about the collection of personal data and provider identification
(1) We are glad that you are visiting our website www.hkp.com and that you have shown an interest in our company and its range of services. The protection of personal data is very important to us. All web activity undertaken by hkp Deutschland GmbH is carried out in accordance with the applicable legislation governing the protection of personal data and data security, in particular the GDPR (EU General Data Protection Regulation). This data protection notice tells you about how the information that is collected during your visit to our website is handled. Personal data is any information that relates to you, such as name, postal address, e-mail addresses or user behaviour. The male form is used as standard form of address solely for the purposes of simplification and better legibility. This is generally used to refer to people of all sexes unless suggested otherwise by the context.
(2) The entity responsible for processing your personal data (the data controller) is hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany. You can find further contact details in our website’s legal notice.
2. The collection of personal data for informational use
(1) Personal data is information that makes a person identifiable, which includes data such as his name and e-mail address but also data about his online behaviour. If you are just using the website for informational purposes, i.e. if you do not register to use the website or provide us with any other information, we do not collect any personal data except the data transmitted by your browser in order to facilitate your viewing of the website (these are often called log files, legal basis is Art. 6 (1) 1 f) GDPR. Log files are technically required by us so that it is possible for the website you have requested be sent to your computer and displayed to you. They are deleted within 7 days after accessing the website. The following are classified as log files:
- IP address
- Time and date of the request
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Quantity of data transmitted
- The website from which the request originates
- Type of browser
- Operating system and its interface
- Language and version of the browser software
(2) The log files are used for statistical analysis and for making improvements to the website (legal basis is Art. 6 (1) 1 f) GDPR. This allows us to recognise any errors such as broken links. In connection with your use of the website, data recorded includes the IP address of the computer you are using. Under some circumstances, it may be possible to identify website users via the IP address. However, we will not undertake analysis of IP addresses collected as described in paragraph (1) for such a purpose. The analysis of IP addresses is undertaken on a purely statistical basis, using anonymised data.
3. Use of our website’s functions
(1) Alongside the purely informational use of our website, we offer a range of services that you may use if you wish. To do so, you will generally need to provide additional personal data that we use in order to supply the relevant service. Any additional fields that are not compulsory are marked accordingly.
(2) Personal data shall only be collected if you provide us with it, by filling out contact forms or sending e-mails, during the course of placing an order for products or services, by submitting a query, or by requesting material. We then collect the information that has resulted from establishing contact. In particular, this information includes names and any contact details provided, the date and the reason for contacting us. We will only use the personal data we collect about you in order to supply you with the products or services you have requested (legal basis is Art. 6 (1) 1 b) GDPR), or for other purposes for which you have given your permission (legal basis is Art. 6 (1) 1 a) GDPR), and which are described in this data protection statement. Your consent, for example for setting cookies by third party providers or for web tracking by these providers, can also be given in the appropriate technical settings of your browser.
(3) When you contact us, your details will be stored for the purpose of processing your inquiry and any follow-up questions, and this for the duration of the business relationship and as long as any potential warranty, liability and guarantee claims exist (legal basis constituted by Article 6 (1) 1 b) and f) GDPR), but at least for the duration of statutory retention periods (legal basis Article 6 (1) 1 c) GDPR), and then deleted in accordance with section 4 (1) of this privacy statement, provided you have not consented to further data storage and provided no ongoing data processing is necessary for the purpose which it was originally gathered.
4. Use of our services, transmission of data
(1) If you opt to use our services and would like to order something, you are required to provide your personal details for the conclusion of the contract, we require these to process your order. Any additional information not necessary for the fulfillment of contracts is voluntary and marked as such. We will process the data supplied by you in order to process your order (legal basis Article 6 (1) 1 b) GDPR). Following the fulfillment of the contract, your contact, payment and order details will be stored for the duration of statutory retention obligations (Section 147 of the German Regulation of Taxation (AO): ten years, Section 257 of the German Civil Code HGB: six years calculated from the end of the year following the last date on which data was recorded) (legal basis constituted by Article 6 (1) 1 c) GDPR) and then deleted, unless you have consented to further data storage or further data processing is necessary for the assertion, exercise or defense of legal claims or for marketing communications (see also Section 5 (1) of this privacy statement). We will review the latter at the end of the third calendar year starting from the calendar year of the first instance of data storage.
(2) You will be given the option of opening a user account for using our services, whereby we can save your data for subsequent orders or information requests (legal basis Article 6 (1) 1 b) GDPR). The data provided by you when you set up an account will be stored; consent for this may be revoked at any time. In the case of hkp/// plus membership, we refer you to Section 5 of this privacy statement too.
(3) You can register for different events at www.hkp.com/events. We collect and process the following data for the purpose of processing your registration: First name, surname, email, company, role, zip code, city, country. By selecting “Accept privacy notice” at the end of the online registration process you agree to this (legal basis Article 6 (1) 1 b) GDPR). After registering, your data will be stored in our content management system (CMS) for the purpose of event organization and processed in connection with preparation for and the running of the event (legal basis Article 6 (1) 1 b) GDPR) and used subsequently for the purpose of providing information on relevant and related content (legal basis Article 6 (1) 1 f) GDPR).
(4) We use your data for the following purposes in event organization: Printing name tags and, where applicable, any participant list, briefing moderators, service providers or cooperating institutions and organizations (provided this is necessary for the provision of the service) and sending out materials relevant to the event.
(5) Any photos and videos shot by hkp/// group employees or service providers at the event will be used in print form, in electronic media and on social media as part of reporting on the event and transmitted to the press and media and contract processors and archived for this purpose. The legal basis for this is constituted by Article 6 (1) 1 f) GDPR. The data subject has a right to object for reasons associated with his specific situation. To do so, please refer to the photographer or directly to our staff on the ground.
(6) In order to process your order we also transmit your data to our main bank, as well as to logistics providers and any payment service providers selected by you (legal basis Article 6 (1) 1 b) GDPR). Our service providers may only process or use your data for the purpose for which it was transmitted to them, where necessary. You may access this data at any time. As far as data is passed on to external service providers, for example in the case of surveys conducted by us, we have taken technical and organizational measures to ensure that data protection regulations are respected. We may also transmit personal data for debt collection purposes (legal basis Article 6 (1) 1 b) and f) GDPR).
(7) Insofar as we provide a service upfront, i.e. in the case of payment installments or purchases on account, we can have the identity and creditworthiness of customer checked by a service provider, e.g. a credit reference agency, the same applies to identifying default risks for specific business transactions (legal basis of each constituted by Article 6 (1) 1 f) GDPR). Furthermore, we cannot exclude the possibility that we will use anonymized usage data to generate statistics (Section 27 of the German Federal Data Protection Act (BDSG)) and transmit this for market research purposes (Article 6 (1) 1 f) GDPR).
(8) Please note that, in some cases, we are also entitled by order of the competent authorities to share information in relation to data insofar as this is necessary for the purposes of prosecution, to assist national law enforcement agencies in inverting danger, for the fulfillment of the lawful duties of either the federal or the state Office for the Protection of the Constitution, the Federal Intelligence Service or the Military Counter-Intelligence Service or for the assertion of intellectual property rights (legal basis Article 6 (1) 1 c) GDPR).
(9) We also transfer data to recipients in Switzerland (§ 1 (6) 1 BDSG) and to recipients in other third countries (not a member state of the EU or EEA) if an adequacy decision by the EU Commission pursuant to Art. 45 GDPR, suitable guarantees pursuant to Art. 46 GDPR, to which we then refer in individual cases, or a legal exception pursuant to Art. 49 GDPR, in particular your consent, has been obtained. For the possibility of third party providers in the USA taking note of your data, we refer to points 10. to 12. of this data protection declaration.
5. Advertisements for our customers, hkp/// plus membership and the newsletter
(1) We reserve the right to send you promotional materials for our offers in the field of “corporate consultancy with a focus on performance management, talent management and salary” using the email address supplied by you following the purchase of goods or a service. The same goes for the use of your address details for the purpose of advertising our own offers and third-party goods and services offer recommendations in this field by post. In this respect we also analyze certain personal aspects using an automated system in order to provide you with targeted information about our services. This analysis tool enables targeted communications and advertising including market and opinion research. The legal basis for this is constituted by Article 6 (1) 1 f) and Recital (47) GDPR. You have the right to reject advertising at any time (see section 6 (1) of this statement).
(2) Subscribing to a newsletter or registering as an hkp/// plus member on www.hkp.com gives you access to an extended range of information (legal basis Article 6 (1) 1 a) GDPR). For instance, we use our newsletter to provide you with regular information about challenges and solutions in the hkp/// group’s consultancy fields. We also give you an insight into current developments within the consultancy firm itself. hkp///plus membership grants you extended access to all member-authorized content on www.hkp.com, including exclusive studies and analyses by the hkp/// group. You can also benefit from extended features, such as quick registration for events.
(3) Irrespective of any order as defined under paragraph (1), we use what is referred to as the double opt-in method when it comes to registering for our newsletter and/or hkp/// plus membership. This means that, following your registration, we will send you a confirmation email to the given email address, asking you for confirmation that you wish to receive the newsletter and/or to join hkp/// plus. If you do not confirm this within 24 hours, your information will be blocked and automatically deleted after a month. Where you confirm your request to receive this, we will save your email address and other data provided by you until you unsubscribe from the newsletter and/or cancel your hkp/// plus membership. If you opt only to receive the newsletter and not for hkp/// plus membership, saving your details is all that is required to allow us to send the newsletter to you (legal basis Article 6 (1) 1 a) GDPR). Where you opt to joint hkp/// plus your data will be used to optimize your user experience with an enhanced range of information and features and, where applicable, events organization, should you choose to register for an event. In this respect we also analyze certain personal aspects using an automated system in order to provide you with targeted information. The legal basis for this is constituted by Article 6 (1) 1 a) and f) GDPR. Furthermore, upon registration for the newsletter or hkp/// plus membership and providing confirmation, we will save the IP address used by you and times of these activities in order to verify your registration and, where necessary, to identify any potential misuse of your personal data (legal basis Article 6 (1) 1 a) and c), Article 7 (1) GDPR). This data will be deleted unless a check at the end of the third calendar year starting from the calendar year in which the data was originally stored deems longer-term retention of the data necessary.
(4) The only data that must be supplied to register for the newsletter is an email address. Joining hkp/// plus requires entering your first name, surname, form of address and title, company and position as well as your email address. The provision of any other separately highlighted information is voluntary and is used to allow us to address you personally. This data will be deleted too upon revocation of consent following the expiry of the storage duration designated in paragraph (3).
(5) You may revoke your consent to the sending of the newsletter or cancel your hkp/// plus membership at any time. You can submit your newsletter cancellation request by clicking on the link present in every newsletter email, by sending a message to the contact details provided in the legal notice or to firstname.lastname@example.org. hkp/// plus membership can be canceled at any time too by sending a message to the contact details provided in the website legal notice or to email@example.com.
6. Right to object
(1) You can, at any time and with effect for the future, lodge an objection to the processing of your personal data for advertising purposes (legal basis is Art. 6 (1) 1 f) and Recital 47 GDPR. The same applies for an evaluation of certain features related thereto such as a data analysis. An objection to advertising can be provided informally, it can be carried out for example via a link in the newsletter or directly with us using the contact details mentioned in the legal notice.
(2) In addition, there is a right to object for reasons arising from your particular situation, to processing for other purposes which takes place based on a balancing of interests (Art. 6 (1) 1 f) GDPR). This may be the case when the processing is not required in particular to fulfil a contract with you. When exercising such an objection, we ask for an explanation of the reasons why we should not process your personal data as carried out by us. In the event your objection is justified, we will investigate the matter and will either adjust or adapt the data processing or point out our overriding protection-worthy reasons based on which we will continue the processing.
7. Data security
(1) We take measures in accordance with the state of the art to protect your data from loss, destruction, falsification, manipulation and unauthorised access. Where we have collected and recorded your data, it is saved on highly secure servers. Technical and organisational measures are in place to ensure that these servers are protected from loss, destruction, access, manipulation and from the unauthorised transmission of your data. Your data can only be accessed by a few authorised people. These people are responsible for the technical, commercial or editorial maintenance of the servers. All our staff are bound to observe confidentiality.
(2) We have contracted the technical operation (hosting) of the website to a service provider. This service provider manages the data processing on our behalf. The collection, processing and use of your data performed by the service provider is entirely subject to our instructions. The statements in this data protection statement also apply to this service provider in the same way.
- Transient cookies (temporary use)
- Persistent cookies (time-limited use)
- Third-party cookies (from third parties, see information listed separately).
(3) Transient cookies are automatically deleted when you close the browser window. In particular, this includes session cookies. Session cookies save what is called a session ID, which is used to identify the various requests that your browser makes during a joint session. This allows your browser to be recognised when you return to the website. Session cookies are deleted when you log out or close the browser window.
(4) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. They are only used for as long as the purpose requires and have a maximum lifetime of two years. You can delete the cookies from your computer's hard drive at any time using the data protection functions of your browser. In this case, the functions and user-friendliness of the service could be restricted.
(6) Cookies that are not technically necessary for the provision of our service are only set with your consent, which you can revoke at any time (legal basis Art. 6 (1) 1 a) GDPR). These are cookies for recording preferences, for statistics and for marketing purposes. You can activate or deactivate your consent via our opt-in cookie banner as well as via a check box offered in individual cases. We would like to point out, however, that you may not be able to use all the functions of this website in this case.
9. Matomo Analysis Service
(1) This website uses the web analytics service Matomo (formerly Piwik) to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting for you as a user.
(2) Cookies are stored on your computer for this analysis. The information collected in this way is stored exclusively on servers in Germany. You have given your consent to use Matomo via our opt-in cookie banner (legal basis is Art. 6 (1) 1 a) GDPR). If you prevent the storage of cookies, we point out that you may not be able to use this website to its full extent.
(3) Matomo uses this website with the extension "AnonymizeIP". This means that IP-addresses are processed in a shortened form, a direct personal reference can be excluded. The IP address transmitted by your browser via Matomo is not merged with other data collected by us.
(4) The Matomo program is an open source project of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769. Information of this provider on data protection is available at https://matomo.org/privacy-policy/.
10. Use of Vimeo
(2) In the case of data transfer to providers based in the USA, the EU Commission has not yet determined the adequacy of the level of data protection in the third country in accordance with Art. 45 GDPR, nor are there any suitable guarantees in accordance with Art. 46 GDPR. It is therefore possible that a level of data protection exists in the USA that is not equivalent to that under the GDPR. Possible risks that cannot be ruled out are in particular the lack of proportionality of official access to data stored there and the lack of a guarantee of functioning legal protection.
(3) Through our opt-in banner, you have given your consent to the use of Vimeo and the setting of cookies by this provider (legal basis is Art. 6 (1) 1 a), Art. 49 (1) 1. subparagraph 1 lit. a GDPR). This allows external content from this provider to be displayed and data to be transferred to this provider.
11. Use of social media
(2) Log files and data on your user behavior are only transmitted if you end up on the platforms of third-party providers by clicking on share buttons or video content, such as social media services, provided you have an account there and are logged in. In this case your data will be assigned directly to the relevant provider of your existing account and saved there (in the case of US providers, in the USA). Because these providers generally collect data using cookies, we recommend that you delete all cookies in the security settings of your browser before clicking share.
(3) For instance, if you press the share button, thus setting up a link to a page, the social media platform provider saves this information in your user account too and may share this information with your contacts publicly too.
(4) If you are logged in with that provider, your usage data will be assigned directly to your existing account with the provider. We recommend that you log out regularly after using a social network, but especially before pressing any buttons so as to prevent the provider from making a correlation with your profile.
(5) Social media platform providers save this data to form user profiles and use these for the purposes of advertising, market research and/or customization of their website. This analysis is done (for users who are not logged in too) primarily to help display tailored advertising and to inform other users of the social network of your activities on our website. You have a right to object to the formation of these user profiles, but you must refer to the respective provider to exercise these rights. With sharing we offer you the opportunity to interact with social networks and other users so that we can improve our web presence and tailor it to you as a user.
(6) You can find out more about the purpose and extent of data collection and its processing by social media services in the privacy statements listed below. These will provide you with further information on your rights in relation to this and configuration options to protect your privacy:
a) Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy.
b) Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; http://www.xing.com/privacy.
c) LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy.
(7) In the case of data transfer to providers based in the USA, following the withdrawal of the EU-US privacy shield, the EU Commission has not yet determined the adequacy of the level of data protection in the third country in accordance with Art. 45 GDPR, nor are there any suitable guarantees in accordance with Art. 46 GDPR. It is therefore possible that a level of data protection exists in the USA which is not equivalent to that under the DS Block Exemption Regulation. Possible risks that cannot be ruled out are in particular the lack of proportionality of official access to data stored there and the lack of a guarantee of functioning legal protection.
(8) By clicking on the corresponding share button, you have given your consent to use the aforementioned procedure. The legal basis is Art. 6 (1) 1 a), Art. 49 (1) 1. subparagraph 1 lit. a GDPR.
12. Third-party provider tools
(1) We use the Sentry service (Sentry, 1501 Mariposa St #408, San Francisco, CA 94107, USA) to improve the technical stability of our service by monitoring system stability and identifying code errors. Sentry pursues these objectives alone and does not analyze any data for advertising purposes. Users’ data such as, for example, data relating to the device or the time of error, is collected anonymously and not used in relation to a specific person and then deleted. You can find out more about this in Sentry’s privacy statement: https://sentry.io/privacy/. The legal basis for using Sentry is Art. 6 (1) 1 f) GDPR.
(2) In the case of the transfer of personal, i.e. non-anonymous, data to providers based in the USA, the EU Commission has not yet determined the adequacy of the level of data protection in the third country in accordance with Art. 45 GDPR, nor are there any suitable guarantees in accordance with Art. 46 GDPR. It is therefore possible that a level of data protection exists in the USA which is not equivalent to that under the GDPR. Possible risks that cannot be ruled out are in particular the lack of proportionality of official access to data stored there and the lack of a guarantee of functioning legal protection.
13. Further information in line with the GDPR
(1) This privacy statement applies to this website alone (www.hkp.com). To keep you best informed, our pages feature links that lead to third-party sites. Where this is not obviously recognizable, we will inform you that it is an external link. This privacy statement does not cover these other providers. After leaving this website it is recommended that you read the privacy guidelines of each website carefully.
(2) Within the given statutory framework you have the right to request access to data, the right to rectify incorrect data, to restrict processing, a right to object (see Section 6. of this privacy statement) and a right to erasure (Articles 15 to 18, 21 GDPR, Sections 34, and 35 of the German Federal Data Protection Act (BDSG)). With regard to any of your personal data supplied to us by you, for instance via an input mask or a contact form, based on consent or for the purposes of the fulfillment of a contract existing between us, you have the right to receive the personal data in a structured, commonly used and machine-readable format (Article 20 GDPR). You may assert these rights using the contact details listed in paragraph (2).
(3) As far as the processing of your data is based on consent (legal basis Art. 6 (1) 1 a) GDPR), you have the right to revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. Legal permissions, which refer to the same data, such as storage obligations, remain unaffected by a withdrawal of consent.
(4) We have appointed a commissioner for data protection. The contact details are as follows: Mr. Jörg Müller, hkp Deutschland GmbH, Friedrich-Ebert-Anlage 35-37, 60327 Frankfurt am Main, Germany, firstname.lastname@example.org.
(5) You have the right to lodge a complaint with a data protection supervisory authority, i.e. the Hessian Commissioner for Data Protection in whose jurisdiction we lie, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.
(6) Your request or the respective contractual agreement results in an obligation to provide your data. Without providing requested mandatory details, it will not be possible to place an order, subscribe to the newsletter, join hkp/// plus or register for an event.
(7) No automated decision-making or profiling as defined under Article 22 (1) and (4) GDPR takes place.
14. Changes to the privacy statement
We will update this statement if need be to adapt it to changes relating to the content of the website as well as any legal changes generally. This shall however apply only to statements on data processing. Insofar as user consent is necessary or parts of the privacy statement contain provisions of the contractual relationship with users, these changes will only be made with the consent of users.
Last updated: October 2020