Data Privacy Policy

Compliance with data protection has the utmost priority at ITB Consulting GmbH. In order to ensure compliance with the data protection requirements, there is an appointed data protection officer and a data protection concept. For all services offered by ITB Consulting GmbH, there are internal procedural guidelines for compliance with data protection. The services provided by ITB Consulting are in conformity with the legal data protection regulations, the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

All of our employees who come in contact with personal data are prohibited from the unauthorized collection, processing or use of personal data. All employees have been obliged in writing in accordance with § 53 BDSG to maintain data privacy. In addition to this, our employees are regularly trained in compliance with information security and the individual requirements of data protection at ITB Consulting GmbH (information security).

Information obligations for the collection of personal data in accordance with Article 13 EU GDPR

The handling of your personal data should always be comprehensible and transparent for you. In the following, we inform you in accordance with Article 13 GDPR about how we collect and process your data in compliance with the law.

Processing of personal data

Pursuant to Article 4 (1) GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Purpose and legal basis of data processing (Article 13 (1) (c) GDPR)

The use of our website is largely possible without providing personal data. We process personal data on our website only in the following cases:

  • if you use our contact form
  • if you use the chat
  • if you write an article for the ITB blog
  • if you subscribe to our newsletter
  • if you contact us by e-mail

You provide your personal data on a purely voluntary basis. The personal data provided by you will be used only to contact you or, as applicable, to send you our e-mail newsletter.

As a visitor to our website, you can send us your enquiry using the contact form. In this case it is in our legitimate interest within the meaning of Article 6 (1) s. 1 (f) GDPR to process the personal data provided by you in order to contact you regarding your enquiry.

If you write an article in our ITB blog, the legal basis for the data processing is also Article 6 (1) s. 1 (f) GDPR. As you want to take part in a discussion with your blog article, it is in our legitimate interest to process your personal data in order to be able to communicate with you.

If you are not yet our customer, you can subscribe to our newsletter after granting a declaration of consent (Article 6 (1) s. 1 (a) in conjunction with Article 7 GDPR). To confirm the consent, an e-mail confirmation of the consent by the data subject is required (“double opt-in procedure”). You can cancel the newsletter at any time using the unsubscribe link at the end of every e-mail. Alternatively, you can withdraw your consent at any time by writing us a simple e-mail.

In the case of direct e-mail contact, we process the personal data which you have voluntarily provided. These data are processed and stored only for the purpose of contacting you. An internal procedural instruction governs how the sent contact data can be used in compliance with data protection law, and when they have to be deleted.

If you would like to subscribe to the newsletter offered on the website, we need an e-mail address for you as well as information that allows us to check that you are the owner of the given e-mail address and agree to the receipt of the newsletter.

To ensure a consensual newsletter subscription, we use the so-called double opt-in procedure. In the course of this procedure, the potential recipient allows themself to be entered in a mailing list. Then the user receives a confirmation e-mail giving them the option of confirming the subscription with legal effect. Only when the confirmation has been made is the address activated in the mailing list. We use these data only to send the requested information and offers.

This website uses Hubspot to send newsletters.

HubSpot is a software of the company of the same name from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

We have concluded a contract with HubSpot with standard contractual clauses in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.

You can find out more about the data processing agreement with HubSpot here.

Information on HubSpot’s privacy policy can be found here.

You can revoke the granted consent to storage of the data and the e-mail address as well as their use to send the newsletter at any time, for example by using the “unsubscribe” link in the newsletter. The data protection measures are subject to ongoing technical upgrades. For this reason, we request that you keep yourself informed about our data protection measures by consulting our data privacy policy at regular intervals.

Transfer of personal data to third parties / recipients of the data (Article 13 (1) (e) GDPR)

Personal data that you send to us by e-mail, or that we process as described above directly on our website in the context of the use of our contact form, our blog, or the sending of our newsletter, will not be transferred by ITB Consulting to third parties without your explicit consent.

In addition, our website contains links to the websites of various test procedures developed by ITB Consulting, in particular for aptitude and suitability tests. This includes, for example, BT-WISO and TM-WISO. The evaluation of such a test enables the college or institution to which you have applied to make a qualified selection from among the applicants to the respective courses of studies. Due to a tightening of data protection law, in order to participate in such a test procedure, every participant must grant a qualified declaration of consent to the processing of their personal data in the course of online registration for the respective test procedure. This declaration of consent fulfils the requirements of Article 7 GDPR. You will be fully informed about all details of the declaration of consent during the online registration for the corresponding test procedure on the respective website. You can view your declaration of consent there, and withdraw it if you wish, at any time.

In our collaboration with other institutions, e.g. our service providers, within the framework of services we offer, we take the following precaution to ensure the protection of your personal data: personal data may generally be passed on to third parties only if those parties have the required data protection suitability according to our test and a processing contract in accordance with Article 28 GDPR has been signed.

The authority to issue instructions regarding the data protection-compliant handling of personal data provided lies with ITB Consulting GmbH.

Duration of storage and erasure of the data; right to object and right to information (Article 13 (2) (a) and (b) GDPR)

The duration of storage depends on the legal stipulations and the purpose of the data storage. If the purpose of the data processing no longer applies, the data are erased. Otherwise, collected personal data are always erased if the consent is withdrawn, the data are verifiably false, the data were collected illegally, or if legal requirements no longer demand data storage. If there is no legal reason for storage, every data subject has the right to rectification or erasure (Article 16, 17 GDPR), the right to restrict the processing (Article 20 GDPR) of their personal data as well as the right to object (Article 21 GDPR).

If the data subject has granted a declaration of consent, they can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 13 (2) (c) in conjunction with Article 7 (3) GDPR).

On request, every data subject shall have the right to obtain from ITB-Consulting GmbH confirmation as to whether or not we process personal data concerning them (Article 15 GDPR).

Your personal data are not subject to automated decision-making, including profiling, in the course of our processing (Article 13 (2) (f) GDPR).

The right to lodge a complaint with a supervisory authority (Article 13 (2) (d) GDPR)

Notwithstanding any other legal remedies, every data subject has the right to lodge a complaint with the relevant supervisory authority. (The State Data Protection and Freedom of Information Officer NRW:

The controller (Article 13 (1) (a) GDPR)

ITB Consulting GmbH
Koblenzer Strasse 77
53177 Bonn
Telefon: +49 228 82090-0
Telefax: +49 228 82090-38
Managing director Dr. Kristine Heilmann

Data protection officer (Article 13 (1) (b) GDPR)

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg


E-mail correspondence runs on the unsecured internet. We hereby draw attention to the fact that the internet is subject to many security risks, and it is not possible to guarantee absolutely secure transmission. We therefore request that you do not send us any confidential information by e-mail. At the current state of the art, it cannot be ruled out that third parties gain illegal access to the e-mail information sent.

Links and integration of social networks

In some cases, a link to our YouTube channel, Linkedin-Profiles and our Facebook account can be generated from our website. In addition, our website contains links to other websites for which we are not responsible. We have no influence on their content or on whether the operators are compliant with the data protection regulations. Please contact these companies directly to find out about their data protection policy.

Technical and organizational measures (Article 32 GDPR)

ITB Consulting GmbH uses technical and organizational methods within the meaning of Article 32 EU GDPR to protect the personal data made available by you against destruction, loss, unauthorized access and deliberate or negligent manipulation. The compliance of the technical and organizational measures is documented, and is reviewed at regular intervals by ITB Consulting GmbH’s data protection officer.

Use of the ITB booking portal

As part of the registration for certain test procedures, your personal data will be collected, stored and used by us in our online booking portal edoobox. The following types of data are regularly the subject of processing:

  1. personal master data (title, first and last name).
    2. communication data (e-mail address, telephone number)
    3. personal data such as address details or educational background data

The legal basis for the processing of the data is Article 6 (1) GDPR.

The purpose of the data processing is the registration or booking as a participant of certain test procedures of ITB-Consulting GmbH.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Storage beyond this takes place within the framework of the legal storage periods, e.g. in connection with invoicing.

The collection of data for the administration of bookings and the storage of data for invoicing is mandatory. Consequently, there is no possibility for the user to object. The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. As a user, you have the option of changing the data stored about you at any time.
Your data will not be passed on to third parties without your consent, nor will it be used for any purpose other than the administration and invoicing of events. Here you will find the specific privacy policy of the online booking portal: Data privacy policy for the use of the ITB Booking Portal


We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. Matomo does not transmit any data to servers that are outside the control of ITB Consulting GmbH.

The protection of your data is important to us, which is why we have additionally configured Matomo in such a way that your IP address is only recorded in abbreviated form. An assignment to individual users is not possible. Furthermore, we use Matomo without the use of cookies.

Further information on the Matomo terms of use and the data protection regulations can be found at:


We use HubSpot for marketing purposes on our website. HubSpot is a software of the company of the same name from the USA with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

We have concluded a contract with HubSpot with standard contractual clauses in which HubSpot undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level.

You can find out more about the data processing agreement with HubSpot here.

Information on HubSpot’s privacy policy can be found here.

The forms on our website allow visitors to download content and provide their contact information and other demographic information. This information is stored on HubSpot’s servers. We may use this information to contact visitors to our website and to find out which of our services are of interest to them. All information we collect in this context is subject to this privacy policy. We only use this information to optimise our marketing.

Objection to unsolicited advertising e-mails

We hereby expressly object to any use of contact data on our internet pages by third parties for the sending of advertising information material that has not been explicitly requested. ITB Consulting GmbH explicitly reserves the right to take legal steps in the event of unsolicited sending of advertising information, for example spam.