1. Data controller

The data controller as per article 4(7) of the General Data Protection Regulation (GDPR) is: 
KRONGAARD GmbH 
Fuhlentwiete 10 
20355 Hamburg  
(Imprint).

2. Contact details for data protection officer

You can reach our data protection officer at dsb-krongaard(at)intersoft-consulting.de or by writing a letter to our postal address marked for the attention of the “Data protection officer”.

3. Your rights

You have the following rights with regard to your personal data:

3.1 General rights

You have a right of access, rights to rectification, erasure and restriction of processing, the right to object and the right to data portability. If the processing of your data is based on consent, you have the right to withdraw your consent with immediate effect.

3.2 Rights where data is processed on the basis of a legitimate interest

As per article 21(1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) (public interest) or (f) (legitimate interests) of article 6(1), including profiling based on those provisions. If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

3.3 Rights where data is processed for direct marketing purposes

Where your personal data is processed for direct marketing purposes, you have the right as per article 21(2) GDPR to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

3.4 Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with a competent supervisory authority about our processing of your personal data.

4. Collection of personal data when using our website

If you use our website for information purposes only, i.e. if you do not register or provide information to us by other means, we only collect the personal data that your browser sends to our server. If you choose to view our website, we collect the following data, which is technically necessary in order to display our website and ensure stability and security (legal basis for processing: article 6(1)(f) GDPR):

IP address, date and time of request, time zone difference from Greenwich Mean Time (GMT), content of request (specific page), access status/HTTP status code, transferred data volume, website from which the request originated, browser, operating system and interface, and the language and version of the browser software.

5. Contacting us by email or a contact form

If you contact us by email or using a contact form, we will save the details you provide (your email address and, if applicable, your name and telephone number) in order to respond to your queries. Where our contact form requests information that is not necessary to be able to contact you, we have marked these fields as optional. This information provides us with more detail about your enquiry and helps us to provide a better response. If you give this information, this is explicitly on a voluntary basis and with your consent as per article 6(1)(a) GDPR. Where this information includes details of communication channels (e.g. email address, telephone number), you also consent to us contacting you by these channels to answer your enquiry. You can withdraw this consent at any time with immediate effect.

We will delete this data once we have no further need to store it, or limit processing if there are statutory retention requirements.

6. Project market/CV upload

6.1 What information do we collect?

You can register with us as an expert contractor on our website. To do so, you need to provide at least the following personal details:

  • Full name
  • Email address
  • Telephone number

You can also provide files containing other personal data, such as

  • a CV
  • a project summary or
  • a photo

using the upload function.

This information will not be publicly visible on the site after uploading. The data you submit to us in your CV and/or other documents will be entered into our IT system so that our consultants can work with this information and find suitable projects for you.

Your data will not be shared with our existing or potential clients without your consent. However, you have the option to send an email authorising us to proactively share your anonymised CV with our clients. In that case, the clients will receive an anonymised copy of your CV without personal data such as name, postal/email address, telephone number and pictures. We will only share your personal contact details (postal/email address, telephone number) with a client if we have your specific consent to do so for that client.

If you decide to apply for projects advertised by KRONGAARD or to send us your documents on a speculative basis, in addition to your personal details you will need to provide information about your career history. You are asked to upload your CV using our form. The CV will then be processed and your details stored in our applicant database. If you send your documents by email, they will likewise be entered into our applicant database. All documents that you send with your email (cover letter, CV, references, other supporting evidence) and the information they contain will be stored. If you provide your application documents in person or by post, we will first digitise them and then likewise enter them into our application database. We will return the original documents to you as soon as possible afterwards.

6.2 Prohibited content

You are solely responsible for the content of the documents you submit. Personal data that you submit to us should generally not include information about the following:

  • Illnesses
  • Possible pregnancy
  • Ethnic origin
  • Political, religious or philosophical beliefs
  • Trade union membership
  • Any information not specifically related to your application

6.3 Processing based on consent?

Where you have provided consent, the legal basis for the processing of your data is article 6(1)(a) GDPR. Where special categories of personal data are being processed, your consent as per article 9(2)(a) GDPR is a supplementary legal basis. By consenting, you authorise us to process your personal data (in particular to the extent set out above) for the described purposes in line with this privacy policy. KRONGAARD may share your personal data with potential clients to the extent necessary to initiate a job match. Your personal data will not be shared with third parties without your express consent unless it is necessary for the performance of a service or contract. If your application for, or our attempt to match you to, a particular position is unsuccessful, you can consent to KRONGAARD continuing to process your data even after the end of that specific job matching process. KRONGAARD may use your details to contact you at a later date, in particular to continue the job match process or begin a new one.

6.4 Editing and deleting your CV data

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the processing of the data is required for the performance of a contract to which you are party or a precontractual measure, then the data will be deleted when it is no longer required for the performance of the contract. Even after concluding the contract, it may be necessary to store your personal data in order to comply with contractual or statutory requirements, in particular retention duties under commercial and tax law, or to protect our legitimate interests:

  • Storing data to the extent required to comply with retention duties to which we are subject under commercial and/or tax law. The statutory retention period is ten years for all documents required for determination of taxable profit, and six years for business correspondence (including emails). The legal basis for this processing is article 6(1)(c) GDPR.
  • In accordance with the provisions of the German Civil Code (BGB), limitation periods can be up to 30 years, but the standard limitation period is three years. We therefore retain contractual and contractually related documents in accordance with these provisions on limitation periods in case it becomes necessary to take legal action. The legal basis for this processing is article 6(1)(f) GDPR.

If your data is being processed on the basis of consent, you can withdraw this consent in whole or in part at any time and with immediate effect by submitting a request to datenschutz@krongaard.de. If you withdraw your consent, this may mean we are unable to match you to vacant positions, in particular if the withdrawal of your consent means that your general or specific application now lacks the typically expected level of detail and potential clients are unable to get a clear picture of you. If you withdraw your consent, we will generally delete your data; if the data is required for the performance of a contract or precontractual measures, it can only be deleted ahead of time if this does not conflict with contractual or statutory requirements.

6.5 Data security

We take precautions to protect your data from misuse by third parties, using measures such as (SSL) encryption, firewalls, anti-hacker software and manual security procedures.

6.6 Data protection officer

For all enquiries relating to privacy and data protection, please contact our data protection officer: datenschutz@krongaard.de.

6.7 Right to lodge a complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law. You can find a list of German supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

7. Use of cookies

When you use our website, cookies are saved on your device. Cookies are small text files that are stored on your hard drive. They are linked to the browser that you are using and provide certain information to the site that placed the cookies. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective.

This website uses the following types of cookies, whose scope and functionality are described below:

7.1 Transient cookies

These cookies are automatically deleted when you close your browser. They include session cookies, which save a session ID that allows different requests from your browser to be linked to the same session and mean we can recognise your device if you return to our website. Session cookies are deleted if you log out or close the browser.

7.2 Persistent cookies

These are automatically deleted after a set period of time, which can vary depending on the cookie. You can delete these cookies at any time in your browser security settings.

7.3 Blocking cookies

You can configure your browser settings according to your preferences. For instance, you can choose to reject third-party cookies or all cookies. Please note that this may mean you are unable to use all functions of this website.

7.4 Cookie Consent with Consent Manager Provider

Our website uses the cookie consent technology of MANDARIN MEDIEN Gesellschaft für digitale Lösungen mbH to obtain your consent to the storage of certain cookies on your terminal device and to document this in accordance with data protection law. The provider of this technology is MANDARIN MEDIEN Gesellschaft für digitale Lösungen mbH, Mueßer Bucht 1, 19063 Schwerin, Germany, https://www.mandarin-medien.de/ (hereinafter "Consent Manager Provider").

When you enter our website, a connection is established to the servers of MANDARIN MEDIEN in order to obtain your consents and other declarations regarding cookie use. Subsequently, MANDARIN MEDIEN stores a cookie in your browser in order to be able to assign the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the MANDARIN MEDIEN cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

The use of the Consent Manager of MANDARIN MEDIEN takes place in order to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c DSGVO.

8. Social bookmarks

Social bookmarks (for social media sites such as Facebook and Twitter) are integrated on this website. Social bookmarks allow users of social media services to save collections of links and news. On our website, these bookmarks have only been included in the form of links to the relevant services. Clicking on the integrated graphic will take you to the operator’s website, i.e. only in that case will your user information be shared with them. For information on how your personal data is handled when using that website, please refer to the site’s privacy policy.

9. YouTube videos

We have embedded YouTube videos in “privacy-enhanced mode” on our site. Only if you click on them will YouTube cookies be loaded and data shared. For further information, please see the YouTube privacy policy at https://policies.google.com/privacy?hl=de&gl=de#content an.

10. Google Web Fonts (local embedding)

This website uses so-called Web Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

11. Spotify

We have integrated features of the Spotify music platform into this website. The provider is Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. You will be able to recognize Spotify plug-ins when you see the green logo on this website. An overview of Spotify’s plug-ins can be found at: https://developer.spotify.com.

The plug-in makes it possible to establish a direct connection between your browser and Spotify’s server when you visit this website. As a result, Spotify receives the information that you visited this website with your IP address. If you click the Spotify button while you are logged into your Spotify account, you have the option to link content from this website with your Spotify profile. Consequently, Spotify will be in a position to allocate your visit to this website to your user account.

We would like to point out that when using Spotify, cookies are used by Google Analytics so that your usage data can also be passed on to Google when using Spotify. Google Analytics is a tool of the Google Group for the analysis of user behavior with headquarters in the USA. Spotify alone is responsible for this integration. We as website operators have no influence on this processing.

Data are stored and analyzed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the attractive acoustic presentation of the website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

For more information, please consult Spotify’s Data Protection Declaration under: https://www.spotify.com/us/legal/privacy-policy/.

If you do not want Spotify to be able to allocate the visit of this website to your Spotify user account, please log out of your Spotify user account while visiting our sites.

12. Website analytics

We use various services for the purposes of analysing and optimising our website. These services are described below. They allow us, for instance, to analyse how many users visit our site, what the most popular search terms are and how users found our site. We collect data including which site referred the user to our site, which pages on our site they visited and how often and for how long they viewed each page. This helps us to improve our services and make them more user-friendly. The data that is collected cannot be used to personally identify individual users. Only anonymous/pseudonymous data is collected. The legal basis for this processing is article 6(1)(f) GDPR.

12.1 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If the relevant consent has been requested, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR; the consent can be revoked at any time.

12.2 Google Analytics

This website uses Google Analytics, a Web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”: text files that are stored on your device and enable an analysis of your use of our website. The information generated by the cookie about your use of the website is generally transmitted to a Google server in the USA and stored there.

However, if IP anonymisation is activated on this website, Google will first truncate your IP address within the territory of an EU/EEA member state. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports about website activity and provide other services relating to website and Internet use to the website operator.

The IP address transmitted to Google Analytics by your browser is not combined with other Google data. You can prevent cookies from being stored by selecting a corresponding setting in your browser software; however, please note that this may prevent you from making full use of all the functions of this website. You can also prevent Google from recording and processing the data about your use of the website (including your IP address) generated by the cookie by downloading and installing the browser plug-in available at the following address: (http://tools.google.com/dlpage/gaoptout?hl=de) verfügbare Browser-Plugin herunterladen und installieren.

You can find more detailed information about Google’s terms of service and data protection at www.google.com/analytics/terms/de.html and www.google.de/intl/de/policies/. Please note that this website uses Google Analytics with the code “anonymizeIp” in order to ensure anonymised IP address registration (“IP masking”).

12.3 Google Ads

The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

The use of Google Ads is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in marketing the operator’s services and products as effectively as possible.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

12.4 Google Remarketing

This website uses the functions of Google Analytics Remarketing. The provider of these solutions is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Remarketing analyzes your user patterns on our website (e.g., clicks on specific products), to allocate a certain advertising target groups to you and to subsequently display matching online offers to you when you visit other online offers (remarketing or retargeting).

Moreover, it is possible to link the advertising target groups generated with Google Remarketing to device encompassing functions of Google. This makes it possible to display interest-based customized advertising messages, depending on your prior usage and browsing patterns on a device (e.g., cell phone) in a manner tailored to you as well as on any of your devices (e.g., tablet or PC).

If you have a Google account, you have the option to object to personalized advertising under the following link: https://www.google.com/settings/ads/onweb/.

The use of Google Remarketing is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the marketing of the operator’s products that is as effective as possible. If a respective declaration of consent was requested, processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.

For further information and the pertinent data protection regulations, please consult the Data Privacy Policies of Google at: https://policies.google.com/technologies/ads?hl=en.

Formation of Target Groups with Customer Reconciliation

For the formation of target groups, we use, among other things, the Google Remarketing customer reconciliation feature. To achieve this, we transfer certain customer data (e.g., email addresses) from our customer lists to Google. If the respective customers are Google users and are logged into their Google accounts, matching advertising messages within the Google network (e.g., YouTube, Gmail or in a search engine) are displayed for them to view.

12.5 Google Conversion-Tracking

This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.

We use Google Conversion Tracking on the basis of Art. 6(1)(f) GDPR. The operator of the website has a legitimate interest in the analysis of the user patterns with the aim of optimizing both, the operator’s web presentation and advertising. If a respective declaration of consent was requested (e.g., concerning the storage of cookies), processing shall occur exclusively on the basis of Art. 6(1)(a) GDPR; the given consent may be revoked at any time.

For more information about Google Conversion Tracking, please review Google’s data protection policy at: https://policies.google.com/privacy?hl=en

12.6. LinkedIn

We use the retargeting tool and conversion tracking function provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). For this purpose, the LinkedIn Insight Tag is integrated on our website. This tag allows LinkedIn to collect pseudonymous statistical data about your visit and use of our website, and to provide us with aggregate statistics based on this data. Generally, the information that is collected includes:

LinkedIn User ID (Cookie ID)
Anonymised IP address
Metadata of website visit, e.g. browser type, visited website

This information also allows us to display relevant offers and recommendations specific to your interests, after you have apprised yourself of particular services, information and offers on our website. This information is stored in a cookie. You can opt out of this tracking at the following address: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

More information about data processing is available at https://www.linkedin.com/legal/privacy-policy, Cookie-Policy: https://www.linkedin.com/legal/cookie_policy

13. Data sharing

Your data will generally not be shared with third parties unless we are legally required to do so, it is necessary for the performance of a contract or you have expressly consented to it.

To the extent necessary for the fulfilment of internal tasks, order processors (including IT service providers) are used. In the event that our service providers come into contact with your personal data, we shall ensure that their processing of the data as per article 28 GDPR likewise meets the requirements of privacy law. Please also refer to the service providers’ own privacy policies. The content of third-party services is the responsibility of the providers of those services, though we do as far as is reasonably practicable check the services to ensure compliance with legal requirements.

We attach great importance to processing your data within the territory of the EU/EEA. However, we may engage service providers that process data outside the EU/EEA. In such cases, before sharing your personal data we ensure that the recipient has put in place an adequate level of data protection, i.e. a level of protection comparable to EU standards, based on EU standard agreements or an adequacy decision such as the EU Privacy Shield.

14. Data security

We have taken extensive technical and operational precautions to protect your data from accidental or deliberate manipulation, loss, destruction or unauthorised access. Our security procedures are regularly reviewed and updated to the latest technical standards.

15. Project alert

With your consent as per article 6(1)(a) GDPR, you can subscription to our project alert, which lets you know about our current projects.
The project alert uses double opt-in registration. This means that after subscribing, we will send an email to the address you provided asking you to confirm that you wish to receive the project alert. Unless you confirm your subscription using this link, you will not receive project alert news from us.

The only mandatory information that is required for us to send you the project alert is your email address. Providing your name is optional and allows us to address you personally. After you confirm your subscription, we save your email address for the purpose of sending the newsletter. The legal basis for processing is article 6(1)(a) GDPR.

You can unsubscribe from the project alert and withdraw your consent at any time and with immediate effect. To unsubscribe, click the button in the project alert email or let us know in writing by emailing projekte@krongaard.de.

16. Newsletter

With your consent pursuant to Article 6, para. 1 (a) GDPR, you can subscribe to our newsletter, with which we inform you about topical subjects in the project industry.

We use what is known as the double opt-in procedure for subscription to our newsletter. This means that after your subscription we will send you an email to the specified email address, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your subscription via this link, you will not receive a newsletter from us. The confirmation link remains valid for 24 hours and expires after that period.

The only mandatory information for sending the newsletter is your email address. The provision of your first name, surname, title and company is voluntary and is used to address you personally. After your confirmation, we will store your email address for the purpose of sending you the newsletter. The legal basis is Article 6, para. 1 (a) GDPR.

Of course, you have the option of unsubscribing from the newsletter at any time and withdrawing your consent with future effect. To do so, please click on the corresponding button in the newsletter sent to you or inform us in writing via email to news@krongaard.de.

16.1 Newsletter tracking

Please note that when we send the newsletter, we evaluate your user behaviour in order to determine whether and when the newsletter was opened. For this evaluation, the emails sent contain what are known as web beacons or tracking pixels, which are stored on our server and loaded when the newsletter is opened. Technical information such as the browser type, time of opening and IP address is transmitted. To carry out the evaluation, we link the aforementioned data and the web beacons with your email address and an individual ID. Links contained in the newsletter also contain this ID and enable us to analyse your click behaviour.

The data is processed anonymously, so the IDs are not directly linked to your other personal data and direct personal referencing is not possible. The legal basis for this data processing is your consent, pursuant to Art. 6, para. 1 (a) GDPR. You can withdraw your consent to tracking at any time with future effect by clicking on the separate link provided for that purpose in each email.

You can withdraw your consent at any time with future effect. In this case, the consent withdrawal applies to the entire newsletter, as a separate withdrawal of consent to tracking is unfortunately not technically possible. To withdraw your consent, simply click on the unsubscribe link provided in each email.

Such tracking is also not possible if you have deactivated the default display of images in your email program. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you allow the images to be displayed manually, the aforementioned tracking will take place. The information from tracking is stored as long as you are subscribed to the newsletter. After unsubscribing, the data will be anonymised and used for purely statistical purposes.

17. Webcast

17.1 Personal data and processing purposes

In the context of your participation in our free online events (e.g. webcasts), we process personal data in order to conduct the event. We process personal data that you enter in the zoom input mask on the basis of our legitimate interest in enabling participation in free online formats of Krongaard GmbH (Art. 6 para. 1 lit. f DSGVO). The following information is required:

  • Name
  • E-mail address

We process other information marked as optional, such as zip code and location, on the basis of your consent (Art. 6 para. 1 lit. a DSGVO). If you have registered for the event, you will receive a one-time reminder email from us before the event begins. Furthermore, we use your data to draw your attention (by e-mail) to this and other events, provided you have consented to receive such mails (Art. 6 para. 1 lit. a DSGVO) or you have already purchased services from us and we want to inform you about similar services or products (§ 7 para. 3 UWG).

17.2 Data transmission

Insofar as we engage service providers to provide technical support for data processing, this is done in strict compliance with the regulations on commissioned data processing (Art. 28 DSGVO).
For the webcast, we use the service provider Zoom Video Communications Inc., which operates worldwide and, as a data recipient, also transmits data to the United States or stores it there. We have concluded an order processing agreement with this service provider, so that Zoom is subject to our instructions. By concluding standard data protection clauses, we can also ensure an appropriate level of data protection outside the EU.

In addition to the data requested in the Zoom input mask, Zoom, as the responsible party, collects your data in order to provide the service. This includes, for example, device information (IP address, operating system, etc.) and data about product and website usage. For more information about how Zoom processes your personal data, please visit the following website:
https://explore.zoom.us/docs/de-de/privacy.html

17.3 Duration of storage, deletion

The personal data will only be stored and used as long as this is necessary for the fulfillment of the respective service or to achieve the purpose underlying the storage, the data processing has not been objected to or a given consent has not been revoked.

17.4 Your rights

You have the following rights with respect to us regarding personal data concerning you:

17.4.1 General rights

You have the right to information, correction, deletion, restriction of processing, objection to processing and data portability. If processing is based on your consent, you have the right to revoke it with effect for the future.

17.4.2 Rights in data processing according to the legitimate interest

Pursuant to Art. 21 (1) DSGVO, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) sentence 1 lit f DSGVO (data processing for the protection of a legitimate interest). In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. Please note that in the event of an objection, participation in online events of Krongaard GmbH may not be possible.

17.4.3 Rights in the case of direct advertising

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing pursuant to Art. 21 (2) DSGVO.
In the event of your objection to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
If you have already purchased services or products from us, we may send you promotional emails about similar products and services that may also be of interest to you. The legal basis for this direct advertising is Section 7 (3) UWG. You can object to the use of your data for advertising using electronic mail at any time without incurring any costs other than the transmission costs according to the basic rates.

17.4.4 Right to complain to a supervisory authority

You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data.

18. Booking appointments

When you contact us using our appointment booking tool, we store the data you share (your email address, name, address information, telephone numbers and other remarks in the free-text field) in order to facilitate making an appointment with you. The booking tool is a function of the Microsoft 365 suite. This is a product from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. As the basis for data processing by recipients whose headquarters are located in third countries (outside of the European Union, Iceland, Liechtenstein, Norway – i.e., the USA in particular), or transmission of data to such countries, Microsoft employs standard contractual clauses approved by the EU Commission (Art. 46(2) and (3) GDPR). These clauses require Microsoft to adhere to EU levels of data protection when processing relevant data outside of the EU. These clauses are based on an implementation decision by the EU Commission. You can find this decision, as well as the clauses etc., here: https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de.

If we request information via our appointment booking tool that is not necessary for making an appointment, this is always marked as optional. This information helps us with the specifics of your request and improves our processing of your wishes. Your information is shared solely on a voluntary basis and with your consent (Art. 6(1)(a) GDPR). If this concerns information on communication channels (e.g. email address, telephone number), you also consent to our contacting you via these communication channels where appropriate in order to address your wishes. You may withdraw this consent at any time with future effect.

We delete data collected within this context once storage is no longer required or restrict their processing if legal retention obligations exist.

19. Direct advertising

In the event that we speak to you by telephone, we collect your data for advertising purposes in order to inform you about products that may be relevant to you. In the process, we collect your name and business telephone number, and potentially also your position within the company and your email address.

The legal basis for data processing is Art. 6(1)(1)(f) GDPR. The purposes associated with this data processing are pursued within the context of a legitimate interest in direct marketing. You have the right to lodge an objection to the processing of your data for the purposes of this type of advertising at any time. To do so, you can contact the data protection address provided in our data privacy statement at any time.

Data are deleted if the specified purpose no longer exists and there are no retention obligations preventing their deletion.

20. Surveys

Following project deployments, we conduct surveys to evaluate the satisfaction of our consultants and clients. The legal basis for this data processing is Article 6(1)(f) GDPR. We have a legitimate interest in conducting such reviews to ensure the quality of service delivery. Please note that you do not have the right to object to this processing.

Survey results are deleted after the expiration of the legally applicable retention periods. This data is recorded in our IT system.

21. LinkedIn Sales Navigator

We use the LinkedIn Sales Navigator software tool to conduct advanced searches of user and company profiles based on specific criteria, save search results, create contact lists, and send automated messages to contacts. This data processing is conducted based on our legitimate business interest under Article 6(1)(f) GDPR. To ensure an adequate level of data protection during the processing of your personal data, we have entered into a data processing agreement with the service provider in accordance with Article 28(3) GDPR.

The services provided by LinkedIn involve the transfer of data from the European Union (EU) to the United States (U.S.) and back. LinkedIn Corporation and its U.S. subsidiaries ("LinkedIn") comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as established by the U.S. Department of Commerce. As such, data transfers to the U.S. are based on the adequacy decision of the European Commission pursuant to Article 45 GDPR.

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected, and no further communication with you is necessary or desired by you.

22. Our company profile on LinkedIn

22.1 Responsible Party

When you visit our LinkedIn company page, we share responsibility for processing your personal data with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/help/linkedin/solve).

We operate our LinkedIn company page to provide information and communicate with you as a user and interested party in our offerings, or as a potential employee/applicant. In accordance with LinkedIn's terms of use, which every user agrees to when creating a LinkedIn profile, we can identify the page's followers and view their profiles as well as other information they have shared. For example, your LinkedIn name and profile picture are visible to us (and other LinkedIn users) when you visit our page or comment on our posts. Therefore, we only collect personal data that, through your active participation, has become a visible part of our LinkedIn company page. We have no interest in collecting or further processing your individual personal data for marketing purposes. Accordingly, we only use the data, if at all, to tailor and improve our offerings.

22.2 Use of Insights and Cookies

In connection with operating our LinkedIn company page, we use LinkedIn’s Insights feature to obtain anonymized statistical data about the users of our LinkedIn page. To facilitate this, LinkedIn places a cookie on the device of any user who visits our LinkedIn company page. Session cookies remain on your device only until you close your browser, while persistent cookies stay on your computer or mobile device until they expire or are manually deleted.

The information stored in these cookies is received, recorded, and processed by LinkedIn, particularly when users engage with LinkedIn services, services provided by other members of the LinkedIn Corporation group, or services offered by third parties that use LinkedIn's infrastructure. Additionally, other entities, such as LinkedIn partners or third parties, may use cookies on LinkedIn services to provide services to companies advertising on LinkedIn. For more detailed information about LinkedIn's use of cookies, please refer to their Cookie Policy.

LinkedIn's Privacy Policy contains further details about their data processing practices.

22.3 Legal Basis for Processing

The operation of the LinkedIn page, including the processing of users' personal data, is carried out on the basis of Article 6(1)(f) GDPR to implement our legitimate interests in providing an information and interaction platform via LinkedIn for and with our users and visitors. Further legal bases for data processing may arise in specific cases from Article 6(1)(a), (b), or (c) GDPR.

22.4 Right to Object

If you wish to object to the processing of your data by us on our LinkedIn company page, either entirely or for specific measures, you can do so by sending a personal message via the LinkedIn company page. You can also object to the processing of Insights data directly to LinkedIn. Additionally, you can object to LinkedIn’s data processing by contacting us directly. Your objection will be promptly forwarded to LinkedIn.

Please note that in the event of such an objection, the use of the LinkedIn company page and access to the services and information offered through it may be limited or not possible at all.

22.5 Retention Period

We delete personal data once the purpose of the data processing has been fulfilled, provided there are no legal reasons preventing the deletion of the data. Beyond this, we retain your personal data only to fulfill any applicable legal retention obligations.

Please note that we have no control over the deletion of your data by LinkedIn itself.

22.6 Transfer to Third Countries

It is possible that collected information may also be processed outside the European Union in the United States. LinkedIn Corporation and its U.S. subsidiaries ("LinkedIn") comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as established by the U.S. Department of Commerce. Accordingly, the data transfer to the U.S. is based on the adequacy decision of the European Commission dated July 10, 2023, pursuant to Article 45 GDPR.

23. Career Site

For the operation and provision of our career site, we transmit your personal data to the service provider talentsconnect AG, ‍Niehler Straße 104 Aufgang B, 2nd floor 50733 Cologne, Germany, registered in the commercial register of the Cologne Local Court under HRB 78264. Your personal data is processed within the framework of the order processing relationship within the meaning of Art. 28 GDPR with Krongaard as the controller and talentsconnect AG as the processor. Please also note the data protection information of the service provider:  https://www.talentsconnect-ag.de/docs/datenschutzerklaerung.

Status 2024