Privacy Policy

With this data protection declaration, we would like to inform you about how we collect and process your personal data on www.pawlik.de.

1. Controller within the meaning of data protection law

Pawlik Consultants GmbH
Zirkusweg 2
20359 Hamburg

E-Mail: datenschutz@pawlik.de

2. Contact data of our Data Protection Officer

Our Data Protection Officer Yannik Wiehl can be reached at:

Email: wiehl@mw-datenschutz.de

3. Server log files

Whenever you access our website and each time a file is retrieved, our web server collects log information on these operations. This information does not contain personal data.

The IP address sent by your browser, which may allow the identification of data concerning you, is not stored in our server log files. It is, however, used by some of the technologies listed below, and if necessary immediately anonymized as per the corresponding description. Only in exceptional cases is the data forwarded to third parties. The details regarding this are presented below in the corresponding sections.

We are therefore unable to attribute the data collected to a specific natural person. The following data are collected:

  • Name of your internet service provider
  • Browser type and version
  • Operating system used
  • The previous website from which our website was accessed
  • Our websites that you access
  • Name of the retrieved files
  • Date and time of the retrieval
  • Amount of data transferred,
  • Status of whether the retrieval was successful

All this information will be evaluated by us exclusively for statistical purposes. These data are not transferred to third parties.

We do not link these data with any other data. Usually, the data are also deleted within one week after a statistical analysis.

We do not disclose your data to third parties in a form in which you could be identified, unless this is required in particular cases by one of the technologies listed below. We also provide you with information on how you can avoid this by disabling these technologies.

4. Data from web forms

a.) Contact forms

For any type of questions, we offer you the option of contacting us by using the form provided on the website. A valid email address is required so that we know where the request originates as well as to be able to respond to the request. Additional information may be provided voluntarily.

The processing of personal data in the input field is performed solely for purposes of responding to your inquiry. In we are contacted via email, the required legitimate interest in the processing of the data also applies.

All other personal data processed during the communication transmission are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the data processing is Article 6 (1) lit. f) GDPR. If the email contact is initiated with the objective of concluding a contract, the additional legal basis for this processing is Article 6 (1) lit. b) GDPR.

Your data are erased once your inquiry has been resolved.

 

b.) Order and registration forms

You have the option of ordering and using a number of products on the various pages of our website as well as registering for events.

To do this, we require you to provide us with the data pertaining to the fields in the input box that we have designated as required. Orders or registrations are not possible without this information. We process these data on the basis of Article 6 (1) lit. b) GDPR.

If you provide your postal address, we may also use it to send you information and advertising material.

In accordance with Article 6 (1) lit. f) GDPR, such direct advertising is interpreted as our fundamentally legitimate business interest.

Pursuant to commercial and tax legislation, the retention periods for such data is six years (business letters) and 10 years (contractual and accounting documents)

 

5. Payment service providers

For payments processed by PayPal, you must only enter your username and password for PayPal. We do not store these data.

If you log on to PayPal, we are sent information on you login status from PayPal according to its terms and conditions. In addition, we receive such personal and account information that you have agreed to pass on to PayPal in order for us to be able to identify you.

If you use PayPal to pay for an online order, your transaction data are transmitted in accordance with the terms of use and privacy policies of PayPal. We must point out that within the scope of payment processing, data may be transferred to computer networks in countries that do not have similar level of data protection as in the European Union. Data may also be transferred to companies in the PayPal Group. We have no influence on the transfer of these data.

Terms of use and privacy policies of PayPal:

https://www.paypal.com/uk/webapps/mpp/ua/useragreement-full

https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev

You may contact PayPal directly to ask questions concerning data protection:

https://www.paypal.com/uk/selfhelp/contact/email/privacy

If you log in to your user account on PayPal, you will find more direct assistance by calling the customer service phone number listed there.

 

Alternatively, you can select payment by invoice without having to use the PayPal system.

For data processed in this manner, our authorization is based on Article 6 (1) lit. b) GDPR. The data are required for the performance of a contract or prior to entering into a contract.

The retention period of payment-relevant data is ten years.

 

6. Applications via email and data use

Description and scope of data processing / recipient categories

We offer candidates the option of submitting applications to us online, which requires the disclosure of personal data. The data are delivered to us via email to the address in the job description.

All personal data as well as the attachments to your application are collected and used by us only for purposes of evaluating, analyzing, and classifying the data within the scope of the application process.

Only the competent employees from human resources and the competent managers can access the data provided by you. In all other cases, the data is only transferred to the IT processing officer who directly reports to the aforementioned staff.

a.) Legal basis for the processing of personal data

The legal basis for the processing of personal data to conclude a contract and prior to entering into a contract is Section 26 (1) sentence 1 BDSG-new [Federal Data Protection Act, new version].

b.) Purpose of the data processing

The data are required so that we can contact you and assess your suitability for the position.

c.) Duration of storage

In the event that you apply for a specific vacancy, your data will be stored for the duration of the selection process. If we are unable to offer you a position, we will anonymize your data six months after the fact. All attachments and the entire communication records will be deleted.

If after a specific application process you would like to be taken into consideration for job opportunities, please send us a separate prospective application. We may contact you ourselves if we are interested in storing your documents for longer.

We will hold prospective applications for a period of 3 months. After this time, we will proceed with the anonymization of these applications as described above.

If we decide to offer you a contract and you accept this offer, your documents will be transferred to our human resources administration within the scope of the standard procedures. They will be used within the framework of the relevant legal provisions.

Recipients of your data

Your data is only disclosed to third parties insofar as we are obliged by law to do so or we hire an external service provider to process your data. These service providers will only receive the information necessary to perform their tasks. They may not use it for any other purpose and are required to handle the data in accordance with German and European data protection laws. We conclude appropriate non-disclosure agreements and, if necessary, order processing agreements with each partner.

In accordance with Article 6 (1) lit. b) GDPR, we are entitled process data in this manner insofar as it is necessary prior to entering into or performing contractual relationships.

In accordance with Article 6 (1) lit. f) GDPR, we are entitled to process data in this manner insofar as it serves to practically and suitably prepare information and advertising material for dispatch by mail. No sensitive data concerning you will be processed which you have not provided to us.

These contractual relationships are required by us for purposes of proper business organization.

 

7. Cookies
The websites use so-called cookies in several instances. We only use cookies for the purpose of obtaining information about the use of our website so that our web server can automatically adapt to your interests.

Cookies are small text files that are placed in the internet browser and stored on the user’s computer. The cookies we use are so-called “transient” or “session cookies”. They are automatically deleted when you finish your session. Cookies do no harm to your computer and do not contain personal data or viruses. Session cookies are deleted automatically when you close the browser. These include, in particular, session cookies. These cookies save a so-called session ID, which can associate the various requests of your browser during the session. This allows for your computer to be recognized whenever you return to the website. Session cookies are deleted if you log out or close the browser.

You can delete the cookies used on your computer at any time. Please find out about the specific steps for doing this in your browser.

The records do not contain any personal data. They are not associated to any personal data provided by you.

Our cookies contain the following records:
Name: sid_1_1 content: a categorized, hexadecimal session code
Example: sid_1_1 6a86f6883e3cdd98dfe

The legitimation for our use of cookies is given by your consent to their use which you grant to us when you access the website by accepting our data protection declaration (Sections 12I, 13 (1) sentence 2, 15 TMG [German Telemedia Act] – the EU’s pending e-privacy regulation will presumably contain such a consent requirement).
In this declaration, we provide you with extensive information on our data processing pursuant to Article 13 GDPR. You therefore have the choice to use the website in its intended form of presentation.

If you want to use PayPal for payment within the context of the web shop, you need to allow (third-party) cookies in your browser, since PayPal uses cookies for its features.

 

8. Tracking tools

Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer and help the website analyze how users use the site. The information generated by the cookie about your use of the website will usually be transmitted to and stored by Google on servers in the United States.
In case of activation of the IP anonymization, Google will truncate the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and truncated by Google servers in the USA.

In such cases, Google ensures a level of data protection that complies with the EU’s regulations. Google is subject to the so-called “Privacy shield” decision of the European Commission:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

The certification documents are available at the U.S. Department of Commerce. The minimum standards of the European Commission for the protection of personal data that are stored or processed in the United States are guaranteed by the adequacy decision of the Commission on the “Privacy Shield”.

IP anonymization is active on this website. On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider.
Google will not associate your IP address recorded by Google Analytics with any other data. You may refuse the use of cookies by selecting the appropriate settings in your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under

https://tools.google.com/dlpage/gaoptout?hl=en-US.

More information on terms of use and privacy policy can be found under

http://www.google.com/analytics/terms/us.html or under http://www.google.com/analytics/privacyoverview.html.

We point out that Google Analytics has been extended by the code “gat._anonymizeIp();” on this website to ensure the anonymous collection of IP addresses (so-called IP masking).

You can instruct Google Analytics to refrain from placing tracking cookies. To do this, however, you need to allow Google to place an “opt-out cookie” that restricts any further data collection. Click on the following link to place an opt-out cookie:
<a href=”javascript:gaOptout()”>Click here to opt-out of Google Analytics</a>

 

9. Social media

Use of the XING share button

The “XING share button” is used on this website. When accessing this website, your browser temporarily connects to the servers of XING AG, Dammtorstraße 29-32, 20354 Hamburg (“XING”), which enables the features of the “XING share button” (in particular, the calculation/display of the counter). XING does not store any personal data concerning you when accessing this website. In particular, XING does not store any IP addresses. There is also no evaluation of your usage behavior through the use of cookies in connection with the “XING share button”. You can find the current data protection information on the “XING share button” as well as supplementary information on the following website:

https://www.xing.com/app/share?op=data_protection

Use of the LinkedIn plugin

This website integrates plugins of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter referred to as “LinkedIn”). You can identify the LinkedIn plugin by the LinkedIn logo or the “share button” (“recommend”) on this website. Whenever you visit this website, a direct connection is made via the plugin between your browser and the LinkedIn server. LinkedIn receives notification that you have visited this website under your IP address. If you click on the LinkedIn “share button” while you are logged in to your LinkedIn account, you can link the contents of this website to your LinkedIn profile. As a result, LinkedIn can associate your user account to accessing this website. We would like to point out that as a website operator, we do not gain knowledge of the content of the transmitted data nor of their use by LinkedIn. For more details on data collection (purpose, scope, further processing, and use) as well as on your rights and settings options, please refer to the privacy policy of LinkedIn. You will find this information www.linkedin.com/legal/privacy-policy.

 

10. Security

To ensure the confidentiality of communications with you, we use TLS encryption for the transmission of our website. According to the current state of the art, encryption of 128 bit is deemed as safe. All recent generations of browsers fulfill this level of security. If necessary, you may need to refresh the browser on your PC.

Our employees are committed to confidentiality, which presupposes compliance with the principle of confidentiality pursuant to Article 5 (1) lit. f and (2) GDPR, the fulfillment of which must be demonstrated. Data processing and our technical security measures are continuously adapted to comply with the current circumstances and requirements.

 

11. Rights of the data subject

Right to lodge a complaint with a supervisory authority

If you do not agree with the processing of your data, you can contact the competent data protection supervisory authority in your place of residence or for our corporate headquarters at any time.

 

Right of access

You may request information on whether or not we process data concerning you and if so you may receive a free to copy of your data (Article 15 GDPR).

You will then be given additional information, in particular on the purposes of use, on the categories of data, on the origin and recipients of the data, on your rights, on the automatic formation of user profiles, if applicable, on transmissions to recipients outside the EU, i applicable, as well as on the necessary protection measures.

 

Rectification and erasure

You may request the correction of your data under Article 16 GDPR or their erasure under Article 17 GDPR. Without your express request, we will delete your data as soon as they are no longer necessary for the purpose for which you have provided data. In the event that we are legally obliged to store your data, we will block your data from other uses instead of deleting them (“restriction of processing”).

 

Restriction of processing

You may request the restriction of processing under Article 18 GDPR. According to this provision, processing can only be conducted based on personal grounds, with your consent, or specific legal reasons. These may be defense of rights and claims of other parties or government interests.

 

Data portability

In addition, we will return upon request, in machine-readable format, the data provided to us, with your consent, for processing in automated procedures. You can use this data format to transfer the data to other bodies. Upon request, we will carry this out directly for you and delete our copies.

 

Revocation of your consent to processing

Insofar as you have granted a special consent for the processing of data, for example, by subscribing to our newsletter or in connection with contact forms, you may informally revoke this consent at any time. Please use our contact details listed below.

 

Right to object

Pursuant to Article 21 GDPR, you may object to data processing for reasons particular to your situation at any time. The processing will be stopped unless we are able to demonstrate compelling reasons which override your interests.

 

12. Automated decision-making (Article 22 GDPR)

We do not use any methods to prepare or make decisions by way of the automated processing of data, which may have a legal effect or any other significant adverse effect on you. This applies to both http protocol data and the data you provide to us via web forms or email

 

13. Changes to data protection declaration

The rapid development of the internet makes it necessary for us to periodically make adjustments to our data protection declaration. In this respect, please refer to the current version of our data protection declaration.

Status: May 2018