We, BBH Consulting AG, are pleased that you are visiting our website and are interested in our company. We know that careful handling of your personal data is important to you. We are, of course, committed to protecting your data in compliance with the statutory provisions for the protection of personal data.
In the following Privacy Statement, we would like to inform you in particular about how we collect and process your personal data when you use our website as well as about your rights.
This Privacy Statement refers to the following website of BBH Consulting AG:
1. Controller
Controller within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) for the processing of your personal data within the meaning of the statutory provisions on data protection is:
BBH Consulting AG
Pfeuferstraße 7
81373 München, Germany
Email: muenchen(at)bbh-beratung.de
Phone: +49 (0)89 23 11 64-910
2. Data protection officer
If you have any questions regarding data protection or require additional information on data protection-related processes on our website, please feel free to contact our data protection officer:
Mr Victor Stocker
Email: muenchen(at)bbh-beratung.de
Address: BBH Consulting AG, Pfeuferstraße 7, 81373 München, Germany
Phone: +49 (0)89 23 11 64-939
3. Information on the collection and processing of data
You can visit our website without registration or logging in. We only collect, store or use personal data to the extent that this is provided for in the following provisions and we have a lawful basis to do so or you have consented to it. The provision of personal data or giving consent is, in principle, voluntary. There will, in essence, not be any negative effects for you if you do not give us your consent or provide us with personal data.
“Personal data” means any information relating to an identified or identifiable natural person. Personal data include, in particular, name, address, email address, gender, date of birth, phone number, age and bank details.
On our website, we collect and process the following data:
3.1. Standard log files when visiting our website (server log)
When you access our website, the web server automatically collects and stores information. The automatically collected information listed in the following is collected and evaluated to produce statistics on the use of and web traffic to our website and the contents primarily retrieved by the users as well as for the purpose of monitoring our website. In addition, the information specified below is used to ensure the operability and security of our website. The knowledge gained in this context is then used for improving our services as well as optimising our website and is stored for statistical purposes.
These automatically collected data include:
• Domain name or IP address
• Date and time of the server request
• File names and URL/web address you have accessed
• Access status/http status code
• Referrer URL (i.e. the website you have previously accessed)
• Browser
• Operating system and its interface as well as
• Browser software version and language.
The legal basis for the collection of the above-mentioned data is Article 6(1) first sentence lit. (f) GDPR.
This information is stored separately from the further data you might have transmitted to us, in particular for the purpose of processing your enquiries. The data specified above are not linked to such further data. We cannot trace back the data to your person or your individual behaviour.
3.1.1. Plausible Analytics
We use Plausible Analytics, an open source web analytics software, to track user behaviour on our website. The software is hosted by us, which means that no data are transferred to external servers.
Data storage: Any information collected by Plausible Analytics is stored exclusively on our own servers. The data are not forwarded to third parties.
Data protection: Plausible Analytics is designed to respect the privacy of our users. It does not use cookies or store personal data (such as IP addresses).
The following data are processed:
• Date and time of the server request
• File names and URL/web address you have accessed
• Access status/http status code
• Referrer URL (i.e. the website you have previously accessed)
• Browser
• Operating system and its interface as well as
• Browser software version and language.
Purpose of data collection: We use Plausible Analytics to understand how our website is used and to improve our website based on this knowledge.
Legal basis: The data are processed on the basis of our legitimate interest in the analysis of user behaviour on our website according to Article 6 subs. 1 lit. (f) GDPR.
3.2. Under what circumstances and on which legal basis are further “personal data” collected and processed?
We collect and process further personal data only if this is permissible under the applicable provisions regarding the protection of personal data or if you have given us your consent to do so.
If we collect personal data based on your consent, you may withdraw consent at any time notifying the controller (see section 1. above) or our data protection officer (see section 2. above) without the withdrawal of consent affecting the lawfulness of processing based on consent before its withdrawal.
3.2.1. Processing of personal data after contacting us
We process the information and personal data that you provide us with via email for the purpose of making contact or within the context of an enquiry (e.g. email address, name etc.) in order to be able to advise and/or assist you according to your enquiry.
The legal basis for processing your personal data which are provided to us via email and used to respond to and process your email is Article 6(1) first sentence lit. (f) GDPR.
3.3. Cookies
We use cookies on our website in order to be able to provide you with services and website functions that are as convenient and personalised as possible. Cookies are files that are created on your computer by a web server when you use your browser to visit a website. Cookies are used in order to clearly identify your computer for a certain period of time. You can set your browser so that it will inform you about the placement of cookies. This way, the use of cookies will be made transparent for you.
We use necessary cookies on the basis of Article 6(1) first sentence lit. (f) GDPR. These cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies and the operation of a functioning website constitutes our legitimate interest.
4. Links to social media networks / social media buttons
We have integrated the social media buttons of Twitter and LinkedIn (hereinafter: “providers”) in our online presence as links. These links will take you to our respective profile with these providers, enabling you to follow us there. Twitter is a service of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
For data protection reasons, we have decided to embed the social media buttons only as links to our respective profile with the provider. This means that no data concerning you will be transferred to the providers unless you click the respective button. However, as soon as you click the link that we have placed to our respective profile, you will be forwarded to the website of the provider. There, data are transferred to the respective provider. We have no influence on the potential transfer of personal data to and collection of personal data by the providers. We also have no knowledge of the individual purposes of such processing activities or their scope and duration of storage. Whether the providers perform any erasures, generate or assign profiles, or render data anonymous is not known to us either, and is not within our control.
If you click the respective link on our website and are, simultaneously, logged in to the service of one of the aforementioned providers, such provider will directly assign the data collected during the visit of its website to your profile with such provider.
For further information on the purpose and scope of the collection and processing of data by the aforementioned providers, please refer to the respective data protection policy of these providers. There, you will also find further information on your rights and how to adjust your settings to protect your privacy (https://twitter.com/de/privacy and https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy).
Please note that clicking the link to Twitter and, respectively, LinkedIn will cause you to leave the scope of protection and responsibility of our website and that activating the link will lead to Twitter and, respectively, LinkedIn collecting and processing your data, which is not subject to our control.
5. Duration of the storage of personal data
Your personal data, which we are allowed to process on a lawful basis or to the processing of which you have given your consent, are principally only stored for the period of time required for the purposes specified under section 3. above or, alternatively, until you withdraw your previously given consent to the processing of your personal data or you object to such processing.
Your web server log files (cf. section 3.1. above) are deleted by us after three months.
The personal data that you provide us with on our career website within the context of a job application are stored for one year for the purpose of evaluating suitable vacancies. Upon expiration of this period, such data including all documents provided to us with your application are deleted.
6. Data backup and location of processing activities
All our systems on which personal data are stored are password-protected and only accessible to a limited group of persons. Processing and use of the data will take place exclusively in the territory of the Federal Republic of Germany, in a Member State of the European Union or another contracting state of the Agreement on the European Economic Area.
7. Forwarding of data
We will not forward your personal data to any third parties, except if we are authorised to do so or if you have given us your consent. Forwarding of personal data to any public bodies and/or public authorities shall only take place when we are required to do so by mandatory statutory provisions or official or judicial orders.
If the aforementioned requirements are not met, we only forward your personal data to third parties if you have consented thereto (Article 6(1) first sentence lit. (a) GDPR).
8. Your rights
You have the following rights vis-à-vis us regarding your personal data:
• Right to access (Article 15 GDPR),
• Right to rectification and right to erasure (Articles 16 and 17 GDPR),
• Right to restriction of processing (Article 18 GDPR),
• Right to data portability (Article 20 GDPR).
9. Right to lodge a complaint with the data protection supervisory authority
If you believe that our processing of your personal data is not in compliance with the provisions described herein and/or the applicable data protection laws, you also have the right to lodge a complaint with one of the competent data protection supervisory authorities.
10. Right to object
According to Article 21(1) GDPR, you have the right to object at any time to the processing of your personal data within the meaning of Article 6(1) first sentence lit. (e) or (f) GDPR. We kindly ask you to indicate in your objection the reasons why we should no longer process your personal data. You may address your objection to the controller (see section 1.) or to our data protection officer (see section 2.). In case of a substantiated objection, we shall no longer use your personal data for the respective purposes and erase them from our system unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or if processing is necessary to establish, exercise or defend legal claims.
AS AT JULY 2024