With this data protection declaration, we would like to inform you about how we collect and process your personal data on www.pawlik.de.
1. Controller within the meaning of data protection law
Pawlik Consultants GmbH
2. Contact data of our Data Protection Officer
Our Data Protection Officer Yannik Wiehl can be reached at:
3. Server log files
Whenever you access our website and each time a file is retrieved, our web server collects log information on these operations. This information does not contain personal data.
The IP address sent by your browser, which may allow the identification of data concerning you, is not stored in our server log files. It is, however, used by some of the technologies listed below, and if necessary immediately anonymized as per the corresponding description. Only in exceptional cases is the data forwarded to third parties. The details regarding this are presented below in the corresponding sections.
We are therefore unable to attribute the data collected to a specific natural person. The following data are collected:
All this information will be evaluated by us exclusively for statistical purposes. These data are not transferred to third parties.
We do not link these data with any other data. Usually, the data are also deleted within one week after a statistical analysis.
We do not disclose your data to third parties in a form in which you could be identified, unless this is required in particular cases by one of the technologies listed below. We also provide you with information on how you can avoid this by disabling these technologies.
4. Data from web forms
a.) Contact forms
For any type of questions, we offer you the option of contacting us by using the form provided on the website. A valid email address is required so that we know where the request originates as well as to be able to respond to the request. Additional information may be provided voluntarily.
The processing of personal data in the input field is performed solely for purposes of responding to your inquiry. In we are contacted via email, the required legitimate interest in the processing of the data also applies.
All other personal data processed during the communication transmission are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
The legal basis for the data processing is Article 6 (1) lit. f) GDPR. If the email contact is initiated with the objective of concluding a contract, the additional legal basis for this processing is Article 6 (1) lit. b) GDPR.
Your data are erased once your inquiry has been resolved.
b.) Order and registration forms
You have the option of ordering and using a number of products on the various pages of our website as well as registering for events.
To do this, we require you to provide us with the data pertaining to the fields in the input box that we have designated as required. Orders or registrations are not possible without this information. We process these data on the basis of Article 6 (1) lit. b) GDPR.
If you provide your postal address, we may also use it to send you information and advertising material.
In accordance with Article 6 (1) lit. f) GDPR, such direct advertising is interpreted as our fundamentally legitimate business interest.
Pursuant to commercial and tax legislation, the retention periods for such data is six years (business letters) and 10 years (contractual and accounting documents)
5. Payment service providers
For payments processed by PayPal, you must only enter your username and password for PayPal. We do not store these data.
If you log on to PayPal, we are sent information on you login status from PayPal according to its terms and conditions. In addition, we receive such personal and account information that you have agreed to pass on to PayPal in order for us to be able to identify you.
You may contact PayPal directly to ask questions concerning data protection:
If you log in to your user account on PayPal, you will find more direct assistance by calling the customer service phone number listed there.
Alternatively, you can select payment by invoice without having to use the PayPal system.
For data processed in this manner, our authorization is based on Article 6 (1) lit. b) GDPR. The data are required for the performance of a contract or prior to entering into a contract.
The retention period of payment-relevant data is ten years.
6. Applications via email and data use
Description and scope of data processing / recipient categories
We offer candidates the option of submitting applications to us online, which requires the disclosure of personal data. The data are delivered to us via email to the address in the job description.
All personal data as well as the attachments to your application are collected and used by us only for purposes of evaluating, analyzing, and classifying the data within the scope of the application process.
Only the competent employees from human resources and the competent managers can access the data provided by you. In all other cases, the data is only transferred to the IT processing officer who directly reports to the aforementioned staff.
a.) Legal basis for the processing of personal data
The legal basis for the processing of personal data to conclude a contract and prior to entering into a contract is Section 26 (1) sentence 1 BDSG-new [Federal Data Protection Act, new version].
b.) Purpose of the data processing
The data are required so that we can contact you and assess your suitability for the position.
c.) Duration of storage
In the event that you apply for a specific vacancy, your data will be stored for the duration of the selection process. If we are unable to offer you a position, we will anonymize your data six months after the fact. All attachments and the entire communication records will be deleted.
If after a specific application process you would like to be taken into consideration for job opportunities, please send us a separate prospective application. We may contact you ourselves if we are interested in storing your documents for longer.
We will hold prospective applications for a period of 3 months. After this time, we will proceed with the anonymization of these applications as described above.
If we decide to offer you a contract and you accept this offer, your documents will be transferred to our human resources administration within the scope of the standard procedures. They will be used within the framework of the relevant legal provisions.
Recipients of your data
Your data is only disclosed to third parties insofar as we are obliged by law to do so or we hire an external service provider to process your data. These service providers will only receive the information necessary to perform their tasks. They may not use it for any other purpose and are required to handle the data in accordance with German and European data protection laws. We conclude appropriate non-disclosure agreements and, if necessary, order processing agreements with each partner.
In accordance with Article 6 (1) lit. b) GDPR, we are entitled process data in this manner insofar as it is necessary prior to entering into or performing contractual relationships.
In accordance with Article 6 (1) lit. f) GDPR, we are entitled to process data in this manner insofar as it serves to practically and suitably prepare information and advertising material for dispatch by mail. No sensitive data concerning you will be processed which you have not provided to us.
These contractual relationships are required by us for purposes of proper business organization.
Cookies are small text files that are placed in the internet browser and stored on the user’s computer. The cookies we use are so-called “transient” or “session cookies”. They are automatically deleted when you finish your session. Cookies do no harm to your computer and do not contain personal data or viruses. Session cookies are deleted automatically when you close the browser. These include, in particular, session cookies. These cookies save a so-called session ID, which can associate the various requests of your browser during the session. This allows for your computer to be recognized whenever you return to the website. Session cookies are deleted if you log out or close the browser.
You can delete the cookies used on your computer at any time. Please find out about the specific steps for doing this in your browser.
The records do not contain any personal data. They are not associated to any personal data provided by you.
|Our cookies contain the following records:|
|Name: sid_1_1 content: a categorized, hexadecimal session code|
|Example: sid_1_1 6a86f6883e3cdd98dfe|
In this declaration, we provide you with extensive information on our data processing pursuant to Article 13 GDPR. You therefore have the choice to use the website in its intended form of presentation.
8. Tracking tools
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and help the website analyze how users use the site. The information generated by the cookie about your use of the website will usually be transmitted to and stored by Google on servers in the United States.
In case of activation of the IP anonymization, Google will truncate the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and truncated by Google servers in the USA.
In such cases, Google ensures a level of data protection that complies with the EU’s regulations. Google is subject to the so-called “Privacy shield” decision of the European Commission:
The certification documents are available at the U.S. Department of Commerce. The minimum standards of the European Commission for the protection of personal data that are stored or processed in the United States are guaranteed by the adequacy decision of the Commission on the “Privacy Shield”.
IP anonymization is active on this website. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider.
We point out that Google Analytics has been extended by the code “gat._anonymizeIp();” on this website to ensure the anonymous collection of IP addresses (so-called IP masking).
You can instruct Google Analytics to refrain from placing tracking cookies. To do this, however, you need to allow Google to place an “opt-out cookie” that restricts any further data collection. Click on the following link to place an opt-out cookie:
9. Social media
Use of the XING share button
Use of the LinkedIn plugin
To ensure the confidentiality of communications with you, we use TLS encryption for the transmission of our website. According to the current state of the art, encryption of 128 bit is deemed as safe. All recent generations of browsers fulfill this level of security. If necessary, you may need to refresh the browser on your PC.
Our employees are committed to confidentiality, which presupposes compliance with the principle of confidentiality pursuant to Article 5 (1) lit. f and (2) GDPR, the fulfillment of which must be demonstrated. Data processing and our technical security measures are continuously adapted to comply with the current circumstances and requirements.
11. Rights of the data subject
Right to lodge a complaint with a supervisory authority
If you do not agree with the processing of your data, you can contact the competent data protection supervisory authority in your place of residence or for our corporate headquarters at any time.
Right of access
You may request information on whether or not we process data concerning you and if so you may receive a free to copy of your data (Article 15 GDPR).
You will then be given additional information, in particular on the purposes of use, on the categories of data, on the origin and recipients of the data, on your rights, on the automatic formation of user profiles, if applicable, on transmissions to recipients outside the EU, i applicable, as well as on the necessary protection measures.
Rectification and erasure
You may request the correction of your data under Article 16 GDPR or their erasure under Article 17 GDPR. Without your express request, we will delete your data as soon as they are no longer necessary for the purpose for which you have provided data. In the event that we are legally obliged to store your data, we will block your data from other uses instead of deleting them (“restriction of processing”).
Restriction of processing
You may request the restriction of processing under Article 18 GDPR. According to this provision, processing can only be conducted based on personal grounds, with your consent, or specific legal reasons. These may be defense of rights and claims of other parties or government interests.
In addition, we will return upon request, in machine-readable format, the data provided to us, with your consent, for processing in automated procedures. You can use this data format to transfer the data to other bodies. Upon request, we will carry this out directly for you and delete our copies.
Revocation of your consent to processing
Insofar as you have granted a special consent for the processing of data, for example, by subscribing to our newsletter or in connection with contact forms, you may informally revoke this consent at any time. Please use our contact details listed below.
Right to object
Pursuant to Article 21 GDPR, you may object to data processing for reasons particular to your situation at any time. The processing will be stopped unless we are able to demonstrate compelling reasons which override your interests.
12. Automated decision-making (Article 22 GDPR)
We do not use any methods to prepare or make decisions by way of the automated processing of data, which may have a legal effect or any other significant adverse effect on you. This applies to both http protocol data and the data you provide to us via web forms or email
13. Changes to data protection declaration
The rapid development of the internet makes it necessary for us to periodically make adjustments to our data protection declaration. In this respect, please refer to the current version of our data protection declaration.
Status: May 2018