Privacy Protection

At the law firm Herbold & Associates GmbH, we are pleased that you are interested in our website and wish to make your online visit to our internet presence as convenient as possible for you. We are placing great value on the protection of your individual privacy. Below you will therefore find information on the handling of your personal data and your respective rights.


1. Controlling body


With regard to the processing of your personal data in connection with this internet presence, we are the "Controller" within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (“Datenschutzgrundverordnung”; DSGVO).

In this function we can be reached as follows:
Herbold & Associates GmbH
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: info@winning-executives.com
www.winning-executives.com

This Data Privacy Notice applies to the present internet presence, operated by us (hereinafter also referred to as "Website"). Should our internet presence also facilitate access to the offers of other providers ("Third Party Offers"), our Data Privacy Notice shall not apply to such Third Party Offers. In this case we are also not responsible for the processing of your personal information in relation to such Third Party Offers within the meaning of Art. 4 No. 7 DSGVO.


2. Nature and Volume of Data Processing


2.1. Access information/server log files
The service provider (or its web hosting service) collects data (in the form of server log files) every time this website is accessed. Such access information includes the name of the website retrieved, the file, date, time of day of the retrieval, the volume of data transferred, a notice of whether the retrieval was successful, the type of browser and browser version used, the user’s operating system, the referral URL (the webpage previously visited), the IP address, and the inquiring provider.
The service provider uses the log files only for statistical evaluations designed to ensure the operation, security and optimization of this website. The service provider cannot correlate this information with specific individuals, and does not combine it with information from other sources.
The service provider reserves the right to subsequently review the log files if there are concrete grounds to justifiably suspect an illegal use of this website.

2.2. Data processing to process your requests
We collect such personal data you have deliberately provided when you established contact with us, in particular by e-mail or contact form.
Such data are processed only for the correspondence with you and for the purpose for which you have made the data available, always in the context of this communication, as for instance to process your request or to contact you at your request. In this case the processing of personal data is carried out with your consent and is permissible pursuant to Art. 6 (1a) DSGVO.
After completion of your request in full, your data are blocked for further use and erased upon expiry of any storage terms, if so required, unless you have given your express consent to further use of your data, or unless we are otherwise entitled to storage.

2.3. Use of unsolicited data quests
Should you provide us in other cases with your personal data without being requested (e.g. handing over a business card, forwarding by post or e-mail), we shall include these data into the address management software and store it there. This is performed on the basis of Art. 6 (1) f) DSGVO and our legitimate interest in an efficient management of business contact data as well as to ensure the data protection compliant use of such data. These data shall be erased if so requested by you, insofar as there are no statutory retention responsibilities or we are not otherwise entitled to storage.

2.4. Inclusion of third-party services and contents
This website may contain third-party content such as YouTube videos, maps from Google Maps, RSS feeds, or graphics from other webpages. This means that these content providers (hereinafter referred to as the "third-party service providers") are aware of users’ IP addresses since, otherwise, they could not send their content to the users’ browsers. The IP addresses are therefore required if such content is to be provided. We attempt to only use content from third-party service providers who only use the IP addresses to deliver their content. However, we cannot prevent third-party service providers from storing IP addresses, for example for statistical purposes. We will inform users of this website whenever we are made aware that this is done.

2.5. Children and teenagers
Those under 18 years of age should only transmit their personal data in Internet with the approval of their parents or guardians. The service provider neither requests nor collects personal data from children and teenagers.

2.6. Information security
The service provider has taken technical and organizational measures to protect your personal data from loss, destruction, manipulation, and unauthorized access.
In general, the Internet is seen as an unsecure medium. Information that you send us unencrypted via e-mail could possibly be read during transmission by third parties. We therefore do not guarantee legally secure communication via e-mail.
We use filters to eliminate undesired advertising (“SPAM filters”) that could also erroneously identify normal e-mails as spam and automatically delete them. We also automatically delete e-mails that contain malware (“viruses”).
If you would like to send us sensitive data, we recommend that you encrypt it and, if possible, sign it electronically, in order to prevent authorized access and fraud during transmission, or that you send it to us using a conventional mail service.
The service provider’s employees and the service providers it engages are obligated by the service provider to maintain information confidential and to respect the General Data Protection Regulation (“Datenschutzgrundverordnung”; DSGVO), the German Federal Data Protection Act and other professional data protection provisions.

2.7. Links to other webpages
If you use links on this website that lead to external webpages, this Data Privacy Policy does not extend to the external webpages. The service provider guarantees that, at the time the links were set, there were no known violations of current (data protection) laws on the linked webpages.
However, the service provider has no ability to ensure that other service providers conform to data protection and security provisions. You should therefore inform yourself on the other service providers’ webpages regarding the data privacy policies they have to protect you.
If you become aware of an "unsafe" link on this website, we would appreciate it if you would be so kind as to inform the service provider immediately (see the Contact or Legal Notice areas for our contact information) so that we can investigate. Thank you.

2.8. Cookies
When you visit these webpages, information in the form of cookies may be stored on your computer. Cookies are small files stored on your computer by a web server. They allow information to be stored on the access device (such as a PC or smartphone) that is specific to that device.
During this process, no personal data is stored other than your IP address. This information serves to make webpages more user friendly (for example, by storing log-in data), i.e. it allows you to be recognized the next time you visit these webpages and makes it easier for you to navigate through them.
Cookies also serve to collect statistical data on the use of the webpages and analyze it in order to improve the website. For example, they allow a website to cater to your interests or to store your password such that you do not have to retype it each time – if the service provider builds in such an option.
You may of course view this website without cookies and have input regarding how we use cookies. Most browsers offer the option of limiting or completely preventing cookie storage. Please consult the instructions for your browser to see how this works in your case. If you do not accept cookies, your ability to use this website will be reduced, and, in particular, the website will not be as user friendly.
You can manage many online ad cookies from companies via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/uk/your-ad-choices/.

2.9. Google Analytics
This website uses Google Analytics, a web analysis service by Google Inc. (“Google”). Google Analytics uses cookies, i.e. text files, that are stored on users’ computers and allow analysis of how our website is used. The information generated by the cookies when you use this website are generally transmitted to and stored on a Google server in the United States.
If IP anonymization is activated on this website, Google will, however, prior to transmission and storage, truncate the IP addresses of users in European Union member states or in states who have signed the European Economic Area Agreement. Only in exceptional cases will full IP addresses be sent to Google servers in the United States and truncated there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate use of the website by users in order to generate reports on website activities and to perform additional services for the website operator connected with use of the website and the Internet.
The IP address Google Analytics takes from your browser will not be combined with other Google data. Users can set their browser software to prevent storage of cookies. However, we advise users that, in this case, they will not be able to make full use of all the functions on this website.
By using this website, you agree to Google’s processing the data it collects from you as described above, and for the purpose described above.
In addition, users can prevent Google from collecting data on their website usage via cookies (including your IP address) and from processing this data by downloading an installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser add-on, or within mobile device browsers, you may click on this link to prevent Google Analytics from collecting data on your use of this website in the future. The link allows you to store an opt-out cookie on your device. However, if you delete your cookies, you must again click on this link.

2.10. Use of Google Maps
This website uses Google Maps API in order to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about use of the map functions by visitors to our website. More information regarding data processing by Google may be found in the Google privacy policy:
https://policies.google.com/privacy
There you can also change your personal privacy settings via the My Account page.
Detailed instructions for managing your own data in connection with Google products may be found here:
https://support.google.com/accounts/answer/3024190

2.11. Use of script libraries (Google Web Fonts)
We use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website in order to be able to correctly display the contents of our website in an attractive manner on a variety of web browsers. Google Web Fonts is transferred to your browser's cache in order to avoid repeated loading. Contents will be displayed using a default font if your browser does not support Google Web Fonts or does not allow access.
Accessing script libraries or font libraries automatically creates a connection to the operator of the respective library. In such cases, it is theoretically possible that operators of these libraries could collect relevant data although it is currently unclear whether they actually do or for what purpose.
You may access the privacy policy for Google as library operator here: https://www.google.com/policies/privacy/


3. Your rights to information, rectification, blocking, erasure and objection


You have the right to receive information about your personal data stored by us at any time. You also have the right to have your personal data rectified, blocked or erased subject to required data storage in order to process transactions. Please contract us for more information. You will find the contact details at the bottom of the page.
To ensure that data can be blocked at any time, this data must be kept in a lock file for control purposes. You can also request the erasure of this data provided there is no legal obligation to archive this data. To the extent such an obligation exists, we will block your data upon request.
You can make changes or revoke your consent by notifying us accordingly with prospective effect.


4. Data protection information for customers and prospective customers


pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).
Data protection is an important concern for us. Information regarding how we process your data and what rights you are entitled to is set out below.

4.1 Who is responsible for data processing and whom can you contact?
Herbold & Associates GmbH
Michael Grän
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: graen@winning-executives.com
www.winning-executives.com

4.2. Purposes for which data is processed and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of specific data depends on the type of agreed or requested service. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website) contain further details and additional information concerning the purposes for which data is processed.

4.2.1. Consent (Art. 6 para. 1 lit. a) GDPR)
If you have given us your consent to process your personal data, this consent represents the legal basis for the processing referred to in the consent. You can revoke your consent at any time with prospective effect.

4.2.2. Performance of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
We process your personal data in the course of performing our contracts with you. Furthermore, your personal data will be processed within the scope of pre-contractual activities.

4.2.3. Compliance with legal obligations (Art. 6 para. 1 lit. c) GDPR)
We process your personal data if necessary to comply with legal obligations (e.g. commercial or tax laws). It may be necessary to disclose personal data in response to official/judicial measures for the purposes of taking evidence, prosecution or enforcement of civil law claims.

4.2.4. Legitimate interests of the controller or a third party (Art. 6 para. 1 f) GDPR)
We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests. This may be done for the following purposes:

  • For the enhancement of services and products as well as existing systems and processes.
  • For the enrichment of our data through the use or research of publicly accessible data.
  • For statistical analysis or market analyses.
  • For benchmarking.

We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests.

4.3. Categories of personal data we process
We process the following data:

  • Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and similar data)
  • Contact details (address, email address, telephone number and similar data)
  • Payment/Coverage confirmation for Bank and Credit Cards
  • Customer history

In addition, we process personal data from public sources (e.g. Internet, media, press, trade and association registers, civil registers, debtor registers, land registers).
We also process personal data that we have legally obtained from third parties (e.g. mailing list providers, credit agencies) if necessary for the provision of our services.

4.4. Who receives your data?
We share your personal data within our company with those departments that require your data to comply with contractual and legal obligations or to pursue our legitimate interests.
In addition, the following entities/bodies may receive your data:

  • See above
  • Contract processors commissioned by us (Art. 28 GDPR), e.g. IT services, logistics and printing services, external computer centres, support/maintenance of data processing/IT applications, archiving, document processing, compliance services, data validation and plausibility checks, data destruction, customer administration, letter shops, marketing, research, billing, telephony, website management, auditing services, credit institutions.
  • Public authorities and institutions in the event of a legal or official obligation under which we are obliged to disclose, report or share data or the disclosure of data is in the public interest.
  • Bodies and institutions on the basis of our legitimate interest or the legitimate interest of a third party (e.g. shared with public authorities, credit agencies, debt collection, lawyers, courts).


4.5. Transfer of your data to a third country or an international organisation
Data is not processed outside the EU or the EEA.
Data is transmitted to entities in countries outside the European Union (EU) or the European Economic Area (EEA - so-called third countries) should this be necessary for the execution of an order/performance of a contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of ours or that of a third party or if you have given us your consent.
In this context, data may also be processed in a third country in connection with commissioning service providers such as contract data processors. If there is no determination from EU Commission concerning an adequate level of data protection in the respective country, we ensure that your rights and freedoms are adequately protected and guaranteed by means contractual obligations in accordance with EU data protection regulations.

4.6. How long do we store your data?
We process your personal data during the entire course of our business relationship as necessary; this also includes the initiation and performance of a contract.
In addition, we are subject to various retention and documentation obligations that are set out in the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and/or documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also determined in line with statutory limitation periods, which under section 195 et seq. of the German Civil Code (BGB) are generally three years but may be up thirty years in certain cases.

4.7. To what extent is automated decision-making used in individual cases (including profiling)?
We do not use purely automated decision-making procedures as referred to in Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately provided we are required to do so by law.

4.8. Your data protection rights
You have the right to request information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDRP and the right to data portability pursuant to Art. 20 GDPR. In addition, you have right to lodge a complaint with the competent data protection authority (Art. 77 GDPR). As a fundamental principle, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR. However, this right of objection only applies in the event of very special circumstances related to your personal situation. It may also be the case that our rights override your right of objection in certain circumstances. Please contact us if you wish to assert any of these rights:
Herbold & Associates GmbH
Michael Grän
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: graen@winning-executives.com
www.winning-executives.com

4.9. Scope of your duties to provide us your data
You only need to provide data that is necessary for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or data we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request further data from you, you will be separately informed of the voluntary nature of the information.

4.10. Information about your right to object Art 21 GDPR
You have the right to object to the processing of your data at any time on the basis of Art. 6 para. 1 lit f) GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 lit. e) GDPR (data processing in the public interest) on grounds relating to your particular situation. This also applies to profiling on the basis of these provisions within the meaning of Art. 4 no. 4 GDPR.
If you submit an objection, we will no longer process your personal data unless we can substantiate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
We may also process your personal data for direct marketing purposes. You have the right to object at any time if you do not wish to receive advertising. This also applies to profiling insofar as it is connected with such direct advertising. Your objection will be given prospective effect.
We will no longer process your data for direct marketing purposes if you object to processing for these purposes.
The objection can be sent informally to the address listed under No. 4.1.

4.11. Your right to lodge a complaint with a supervisory authority
They have a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
The Hessian Commissioner for Data Protection and Freedom of Information (“Der Hessische Beauftragte für Datenschutz und Informationsfreiheit“)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: +49 61 11 40 80


5. Data protection information for candidates


pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR).
Data protection is an important concern for us. Information regarding how we process your data and what rights you are entitled to is set out below.
Candidate-Data:
We need to process certain information about you in order to provide you with optimal, tailor-made employment opportunities. We only ask for information that we can actually help you with, such as your name, age, contact details, education details, career history, emergency contacts, residence status, financial information (if we need to check your financial background) and social insurance number (of course you are welcome to provide us with more information voluntarily). Where appropriate and permitted by local laws and regulations, we may also collect information about your state of health, diversity information or details of any criminal history.

5.1. Who is responsible for data processing and whom can you contact?
Herbold & Associates GmbH
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: info@winning-executives.com
www.winning-executives.com

5.2. Purposes for which data is processed and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website) contain further details and additions for processing purposes.

5.2.1. Consent (Art. 6 para. 1 lit. a) GDPR)
If you have given us your consent to process your personal data, this consent represents the legal basis for the processing referred to in the consent. You can revoke your consent at any time with prospective effect.

5.2.2. Performance of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
We process your personal data for the purpose of handling the application process. Processing may also be carried out electronically. This is particularly the case if you submit your application documents to us electronically, for example by e-mail or via a web form located on our website.

5.2.3. Compliance with legal obligations (Art. 6 para. 1 lit. c) GDPR)
We process your personal data if necessary to comply with legal obligations.

5.2.4. Legitimate interests of the controller or a third party (Art. 6 para. 1 f) GDPR)
We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests. This may be done for the following purposes:

  • For the enhancement of services and products as well as existing systems and processes.
  • For the enrichment of our data through the use or research of publicly accessible data.
  • For statistical analysis or market analyses.
  • For benchmarking.


5.3. Categories of personal data we process
We process the following data:

  • Last name, first name
  • Contact details (e.g. email address, address, telephone number)
  • Complete application documents (e.g. CV, certificates, references)


5.4 Who receives your data?
We share your personal data within our company with those departments that require your data to comply with contractual and legal obligations or to pursue our legitimate interests.
In addition, the following entities/bodies may receive your data:

  • Customers who have engaged us to perform recruiting
  • Contract processors commissioned by us (Art. 28 GDPR), e.g. IT services, logistics and printing services, external computer centres, support/maintenance of data processing/IT applications, archiving, document processing, compliance services, data validation and plausibility checks, data destruction, customer administration, letter shops, marketing, research, billing, telephony, website management, auditing services, credit institutions.
  • Public authorities and institutions in the event of a legal or official obligation under which we are obliged to disclose, report or share data or the disclosure of data is in the public interest
  • Bodies and institutions on the basis of our legitimate interest or the legitimate interest of a third party (e.g. shared with public authorities, credit agencies, debt collection, lawyers, courts, experts, affiliated companies and executive bodies and supervisory bodies)


5.5. Transfer of your data to a third country or an international organisation
Data is not processed outside the EU or the EEA.
Data is transmitted to entities in countries outside the European Union (EU) or the European Economic Area (EEA - so-called third countries) should this be necessary for the execution of an order/performance of a contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of ours or that of a third party or if you have given us your consent.
In this context, data may also be processed in a third country in connection with commissioning service providers such as contract data processors. If there is no determination from EU Commission concerning an adequate level of data protection in the respective country, we ensure that your rights and freedoms are adequately protected and guaranteed by means contractual obligations in accordance with EU data protection regulations.

5.6. How long do we store your data?
Your data will be stored whilst consulting projects are ongoing. We undertake to delete your data no later than six months after the end of the project if you have not agreed to the long-term storage of your data or if there is any other legitimate interest on the part of the controller. In this context, other legitimate interests may include, for example, burden of proof requirements in proceedings under the General Act on Equal Treatment (AGG).

5.7. To what extent is automated decision-making used in individual cases (including profiling)?
We do not use purely automated decision-making procedures as referred to in Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately provided we are required to do so by law.

5.8. Your data protection rights
You have the right to request information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDRP and the right to data portability pursuant to Art. 20 GDPR.
In addition, you have right to lodge a complaint with the competent data protection authority (Art. 77 GDPR). As a fundamental principle, the right to object to the processing of your personal data by us pursuant to Article 21 GDPR remains available. However, this right of objection only applies in the event of very special circumstances related to your personal situation. It may also be the case that our rights override your right of objection in certain circumstances. Please contact us if you wish to assert any of these rights:
Herbold & Associates GmbH
Michael Grän
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: graen@winning-executives.com
www.winning-executives.com

5.9. Scope of your duties to provide us your data
You are required to provide us the information necessary for the employment application process. As a rule, we will not be able to conclude an employment contract with you without this data. If we request further data from you, you will be separately informed of the voluntary nature of the information.

5.10. Your right to lodge a complaint with a supervisory authority
They have a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
The Hessian Commissioner for Data Protection and Freedom of Information (“Der Hessische Beauftragte für Datenschutz und Informationsfreiheit“)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: +49 61 11 40 80


6. Data protection information for suppliers and service providers


pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).
Data protection is an important concern for us. Information regarding how we process your data and what rights you are entitled to is set out below.

6.1. Who is responsible for data processing and whom can you contact?
Herbold & Associates GmbH
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: info@winning-executives.com
www.winning-executives.com

6.2. Purposes for which data is processed and legal basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other relevant data protection regulations. The processing and use of specific data depends on the type of agreed or requested service. Our contractual documents, forms, declarations of consent and other information provided to you (e.g. on the website) contain further details and additional information concerning the purposes for which data is processed.

6.2.1. Consent (Art. 6 para. 1 lit. a) GDPR)
If you have given us your consent to process your personal data, this consent represents the legal basis for the processing referred to in the consent. You can revoke your consent at any time with prospective effect.

6.2.2. Performance of contractual obligations (Art. 6 para. 1 lit. b) GDPR)
We process your personal data in the course of performing our contracts with you, in particular in the context of our order processing and the use of our services. Furthermore, your personal data will be processed within the scope of pre-contractual activities.

6.2.3. Compliance with legal obligations (Art. 6 para. 1 lit. c) GDPR)
We process your personal data if necessary to comply with legal obligations (e.g. commercial or tax laws).
It may be necessary to disclose personal data in response to official/judicial measures for the purposes of taking evidence, prosecution or enforcement of civil law claims.

6.2.4. Legitimate interests of the controller or a third party (Art. 6 para. 1 f) GDPR)
We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests. This may be done for the following purposes:

  • For the enhancement of services and products as well as existing systems and processes.
  • For the enrichment of our data through the use or research of publicly accessible data.
  • For statistical analysis or market analyses.
  • For benchmarking.

We may also use your personal data to protect our legitimate interests of those of a third party subject to a weighing of interests.

6.3. Categories of personal data we process
We process the following data:

  • Personal data (name, date of birth, place of birth, nationality, marital status, occupation/industry and similar data)
  • Contact details (address, email address, telephone number and similar data)
  • Payment/Coverage confirmation for Bank and Credit Cards
  • Suppliers and service providers history

In addition, we process personal data from public sources (e.g. Internet, media, press, trade and association registers, civil registers, debtor registers, land registers).
We also process personal data that we have legally obtained from third parties (e.g. mailing list providers, credit agencies) if necessary for the provision of our services.

6.4. Who receives your data?
We share your personal data within our company with those departments that require your data to comply with contractual and legal obligations or to pursue our legitimate interests.
In addition, the following entities/bodies may receive your data:

  • See above
  • Contract processors commissioned by us (Art. 28 GDPR), e.g. IT services, logistics and printing services, external computer centres, support/maintenance of data processing/IT applications, archiving, document processing, compliance services, data validation and plausibility checks, data destruction, customer administration, letter shops, marketing, research, billing, telephony, website management, auditing services, credit institutions.
  • Public authorities and institutions in the event of a legal or official obligation under which we are obliged to disclose, report or share data or the disclosure of data is in the public interest.
  • Bodies and institutions on the basis of our legitimate interest or the legitimate interest of a third party (e.g. shared with public authorities, credit agencies, debt collection, lawyers, courts).


6.5. Transfer of your data to a third country or an international organisation
Data is not processed outside the EU or the EEA.
Data is transmitted to entities in countries outside the European Union (EU) or the European Economic Area (EEA - so-called third countries) should this be necessary for the execution of an order/performance of a contract from or with you, if it is legally required (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of ours or that of a third party or if you have given us your consent.
In this context, data may also be processed in a third country in connection with commissioning service providers such as contract data processors. If there is no determination from EU Commission concerning an adequate level of data protection in the respective country, we ensure that your rights and freedoms are adequately protected and guaranteed by means contractual obligations in accordance with EU data protection regulations.

6.6. How long do we store your data?
We process your personal data during the entire course of our business relationship as necessary; this also includes the initiation and performance of a contract.
In addition, we are subject to various retention and documentation obligations that are set out in the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The retention and/or documentation periods specified there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Ultimately, the retention period is also determined in line with statutory limitation periods, which under section 195 et seq. of the German Civil Code (BGB) are generally three years but may be up thirty years in certain cases.

6.7. To what extent is automated decision-making used in individual cases (including profiling)?
We do not use purely automated decision-making procedures as referred to in Article 22 GDPR. Should we use these procedures in individual cases, we will inform you separately provided we are required to do so by law.

6.8. Your data protection rights
You have the right to request information pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDRP and the right to data portability pursuant to Art. 20 GDPR. In addition, you have right to lodge a complaint with the competent data protection authority (Art. 77 GDPR). As a fundamental principle, the right to object to the processing of your personal data by us pursuant to Article 21 GDPR remains available. However, this right of objection only applies in the event of very special circumstances related to your personal situation. It may also be the case that our rights override your right of objection in certain circumstances. Please contact us if you wish to assert any of these rights:
Herbold & Associates GmbH
Michael Grän
An der Welle 4
60322 Frankfurt/Main
Phone: +49 (0) 69 75 93 77 22
Fax: +49 (0) 69 75 93 82 00
E-Mail: graen@winning-executives.com
www.winning-executives.com

6.9. Scope of your duties to provide us your data
You only need to provide data that is necessary for the establishment and implementation of a business relationship or for a pre-contractual relationship with us or data we are legally obliged to collect. Without this data, we will usually not be able to conclude or execute the contract. This may also relate to data required later in the course of the business relationship. If we request further data from you, you will be separately informed of the voluntary nature of the information.

6.10. Information about your right to object Art 21 GDPR
You have the right to object to the processing of your data at any time on the basis of Art. 6 para. 1 lit f) GDPR (data processing on the basis of a balance of interests) or Art. 6 para. 1 lit. e) GDPR (data processing in the public interest) on grounds relating to your particular situation. This also applies to profiling on the basis of these provisions within the meaning of Art. 4 no. 4 GDPR. If you submit an objection, we will no longer process your personal data unless we can substantiate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. The objection can be sent informally to the address listed under No. 6.1.

6.11. Your right to lodge a complaint with a supervisory authority
They have a right to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is: The Hessian Commissioner for Data Protection and Freedom of Information (“Der Hessische Beauftragte für Datenschutz und Informationsfreiheit“)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: +49 61 11 40 80


7. Updating of this Data Privacy Notice


From time to time it may be necessary to update this Data Privacy Notice, for instance, if new statutory or official requirements are adopted or new offers on our internet presence are issued. We shall keep you informed about any developments on this page. We generally recommend reading this Data Privacy Notice regularly to check whether any changes were introduced. You will recognise whether any changes were made as the status at the bottom of this document indicates the last update.

Last updated: May 2018