Privacy Policy
It is the policy of elmauer institute to respect your privacy regarding any information we may collect communicating with you and while operating our websites managingconsensus.com and elmauer.com.
The following paragraphs describe in detail how we ensure the appropriate use of your personal data.
- Name and Address of the Responsible Person
The person responsible for the purposes of the Data Protection Regulation of the European Union and other national data protection laws of the Member States as well as other data protection regulations is:
EIMC2 GmbH – Elmauer Institute Managing Consensus 2
Hauptstr. 29
85399 Hallbergmoos
Germany
E-Mail: info@elmauer.com
Websites: www.elmauer.com, www.managingconsensus.com
- Name and address of the data protection officer
The data protection officer of the responsible person is:
EIMC2 GmbH – Elmauer Institute Managing Consensus
Kai Elmauer
Hauptstr. 29
85399 Hallbergmoos
Germany
E-Mail: info@elmauer.com
Websites: www.elmauer.com, www.managingconsensus.com
III. General information about data processing
- Scope of Personal Data Processing
In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent can not be obtained for reasons of fact and the processing of the data is permitted by law.
- Legal Basis for Data Processing
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) is the legal basis for the processing of personal data.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b DSGVO is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfill a legal obligation that is subject to our company, Art. 6 para. 1 lit. c DSGVO is the legal basis.
In the event that vital interests of the user or another natural person requires the processing of personal data, Art. 6 para. 1 lit. d DSGVO is the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interest, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 para. 1 lit. f DSGVO is the legal basis for processing.
- Deletion and Storage of Data
The personal data of the user will be stored only until the purpose of the storage is fulfilled. In addition, such storage may take place if provided for by regulations or laws of the European or national legislators in the EU, to which the person responsible is subject. Deletion of the data also takes place when a storage period prescribed by the legal or regulatory standards expires, unless there is a need for further storage of the data for conclusion or fulfillment of a contract.
- Website
- Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer. The following data is collected here:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The Internet service provider of the user
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the system of the user comes to our website
(7) Web sites accessed by the user’s system through our website
The data is stored in the log files of our system. This data will not be processed or stored together with other personal data of the user.
- Legal Basis for Data Processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f DSGVO.
- Purpose of Data Processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
For these purposes, our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f DSGVO.
- Duration of Storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. Further storage is possible. In this case, the IP addresses of the users are deleted or anonymized, so that an identification of the user is no longer possible.
- Objection and Removal
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Therefore there is no option for objection by the user.
- Website Analytic Tools
- Scope of Data Processing
We use website analytic tools to increase the efficiency of our website, for example to determine which pages are more or less accessed. However, no personal data is used.
- Legal Basis for Data Processing
The legal basis for processing the data is Article 6 (1) GDPR.
- Purpose of Data Processing
The analysis helps to increase the user satisfaction with our website. For example, we analyze which pages are called more or less frequently. This makes it possible for us to better adapt the content of our website to the interest and benefit of the users.
- Duration of Storage
Data will be deleted as soon as the purpose of their collection has been fulfilled.
- Objection and Removal
No personal data will be collected. Therefore there is no option for objection by the user.
- E-Mail Contact
- Scope of Data Processing
On our websites we provide users with our e-mail addresses so they can contact us. When we are contacted by e-mail, the user’s personal data transmitted by e-mail will be stored in our e-mail programs.
In this context, we do not disclose any data to third parties. The data is used exclusively for the conversation initiated by the user.
- Legal Basis for Data Processing
The legal basis for the processing of the data transmitted in the course of sending an e-mail is Article 6 (1) lit. f DSGVO. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO.
- Purpose of Data Processing
In the case of contact via e-mail, this communication represents the necessary legitimate interest in the processing of the data.
- Duration of Storage
The data will be deleted when it is no longer necessary for the purpose of the conversation. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
In this context data may be stored for further communication if the conversation indicates a clear interest of the user in further irregular contact, e.g. expressing interest in our services, or inquiries about methodology used in our projects. In this case, we will seek the user’s consent for storage. The consent of the user can be revoked at any time.
- Objection and Removal
At any time the user can revoke his consent to the processing and storage of his personal data. To this end, the user has to contact us in writing or by e-mail to info@elmauer.com, and object to the storage of his personal data. In such a case, the requested and imminent deletion of the data will be confirmed by e-mail. If there is no e-mail address available, the deletion will be carried out without further confirmation.
All personal data stored will be deleted. There will be no further conversation with the user in this matter.
VII. Rights of the Affected Party (User)
If your personal data is processed, DSGVO considers you to be an affected party with the following rights to the person responsible (EIMC2 GmbH):
- Right to information
You may request confirmation from us as to whether any personal information concerning you is processed by us. If this is the case, you can ask our data protection officer for the following information:
(1) the purposes for which the personal data are processed;
(2) the type of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to rectification or deletion of personal data concerning you, a right to restrict processing by the person responsible and a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the source of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.
You also have the right to request information about whether your personal information if processed in or transferred to another country or an international organization. In this case, you can request the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer.
- Right to Rectification
You have a right to rectification and / or completion to the person responsible, if the personal data you process is incorrect or incomplete. The responsible person must make the correction without delay.
- Right to Restriction of Processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal information for a period of time that enables the person responsible to verify the accuracy of your personal information;
(2) the processing is unlawful and you refuse the deletion of the personal data and instead demand the restriction of the use of the personal data;
(3) the person responsible no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest in the European Union or a Member State.
If the processing of your personal data has been restricted in accordance with the above conditions, you will be notified by the person responsible before the restriction is lifted.
- Right to Deletion of Data
- a) Obligation to Delete
You may require the person responsible to delete your personal information without delay, and the person responsible is required to delete that information immediately if one of the following is true:
(1) Personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You revoke your consent, to which the processing acc. Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. DSGVO and there is no other legal basis for processing.
(3) According to. Art. 21 para. 1 DSGVO objection to the processing and there are no prior justifiable reasons for the processing, or you object to processing pursuant Art. 21 para. 2 DSGVO.
(4) Your personal data have been processed unlawfully.
(5) The deletion of personal data concerning you is required to fulfill a legal obligation under European Union law or the law of the Member States to which the person responsible is subject.
(6) The personal data concerning you were collected in relation to services offered pursuant to Art. 8 (1) GDPR.
- b) information to third parties
If the person responsible has made the personal data concerning you public and is required to delete them according to Article 17 (1) of the GDPR, the person responsible shall take appropriate measures, including technical means, taking into account available technology and implementation costs to inform persons who process the personal data that you as affected party have requested deletion of all links to such personal data and deletion of any copies and replications of such personal data.
- c) exceptions
The right to data deletion does not apply if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfill a legal obligation required by the law of the European Union or of the Member States to which the person responsible is subject, or to carry out a task which is in the public interest or in the exercise of official authority conferring on the person responsible has been;
(3) for reasons of public interest in the field of public health pursuant to Art. 9 (2) lit. h and i and Art. 9 (3) GDPR;
(4) for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing, or
(5) to assert, exercise or defend legal claims.
- Right to information
If you have the right of rectification, deletion or restriction of processing to the person responsible, he is obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.
You have a right to the person responsible to be informed about these recipients.
- Right to Data Portability
You have the right to receive personally identifiable information you provide to the person responsible in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another person without hindrance by the person responsible for providing the personal data, provided that
(1) the processing is based on a consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract according to Art. 6 para. 1 lit. b DSGVO, and
(2) the processing is done by automated means.
In exercising this right, you also have the right to obtain a direct transfer of your personal data from one person responsible to another person responsible, insofar as this is technically feasible. Freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the person responsible.
- Right to Object
At any time you have the right to object against the processing of your personal data pursuant to Art. 6 para. 1 lit. e or f DSGVO, for reasons that arise from your particular situation; this also applies to profiling based on these provisions.
The person responsible will no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, exercising or defending legal claims.
If the personal data relating to you are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, of exercising your right to object through automated procedures that use technical specifications.
- Right to Revoke the Consent Declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
- Automated Decision on a Case-by-case Basis, including Profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that will have legal effect or similarly affect you in a similar manner. This does not apply if the decision
(1) is required for the conclusion or performance of a contract between you and the person responsible,
(2) is permitted by Union or Member State legislation to which the person responsible is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or
(3) with your express consent.
However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the person responsible shall take appropriate measures to uphold the rights and freedoms and legitimate interests of a user, including at least the right to obtain the intervention of a person, to express one’s own position and to challenge a decision.
- Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, a user shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, place of work or place of alleged infringement, if he believes that the processing of the personal data contravenes the DSGVO.
The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.