Data Privacy Policy

Compliance with data protection has the utmost priority at ITB Consulting GmbH. In order to ensure compliance with the data protection requirements, there is an appointed data protection officer and a data protection concept. For all services offered by ITB Consulting GmbH, there are internal procedural guidelines for compliance with data protection. The services provided by ITB Consulting are in conformity with the legal data protection regulations, the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

All of our employees who come in contact with personal data are prohibited from the unauthorized collection, processing or use of personal data. All employees have been obliged in writing in accordance with § 53 BDSG to maintain data privacy. In addition to this, our employees are regularly trained in compliance with information security and the individual requirements of data protection at ITB Consulting GmbH (information security).

Information obligations for the collection of personal data in accordance with Article 13 EU GDPR

The handling of your personal data should always be comprehensible and transparent for you. In the following, we inform you in accordance with Article 13 GDPR about how we collect and process your data in compliance with the law.

Processing of personal data

Pursuant to Article 4 (1) GDPR, “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Purpose and legal basis of data processing (Article 13 (1) (c) GDPR)

The use of our website is largely possible without providing personal data. We process personal data on our website only in the following cases:

if you use our contact form
if you write an article for the ITB blog
if you subscribe to our newsletter
if you contact us by e-mail

You provide your personal data on a purely voluntary basis. The personal data provided by you will be used only to contact you or, as applicable, to send you our e-mail newsletter.

As a visitor to our website, you can send us your enquiry using the contact form. In this case it is in our legitimate interest within the meaning of Article 6 (1) s. 1 (f) GDPR to process the personal data provided by you in order to contact you regarding your enquiry.

If you write an article in our ITB blog, the legal basis for the data processing is also Article 6 (1) s. 1 (f) GDPR. As you want to take part in a discussion with your blog article, it is in our legitimate interest to process your personal data in order to be able to communicate with you.

If you are not yet our customer, you can subscribe to our newsletter after granting a declaration of consent (Article 6 (1) s. 1 (a) in conjunction with Article 7 GDPR). To confirm the consent, an e-mail confirmation of the consent by the data subject is required (“double opt-in procedure”). You can cancel the newsletter at any time using the unsubscribe link at the end of every e-mail. Alternatively, you can withdraw your consent at any time by writing us a simple e-mail.

In the case of direct e-mail contact, we process the personal data which you have voluntarily provided. These data are processed and stored only for the purpose of contacting you. An internal procedural instruction governs how the sent contact data can be used in compliance with data protection law, and when they have to be deleted.

If you would like to subscribe to the newsletter offered on the website, we need an e-mail address for you as well as information that allows us to check that you are the owner of the given e-mail address and agree to the receipt of the newsletter.

To ensure a consensual newsletter subscription, we use the so-called double opt-in procedure. In the course of this procedure, the potential recipient allows themself to be entered in a mailing list. Then the user receives a confirmation e-mail giving them the option of confirming the subscription with legal effect. Only when the confirmation has been made is the address activated in the mailing list. We use these data only to send the requested information and offers.

We use the newsletter software Newsletter2Go. Your data are sent to the company Newsletter2Go GmbH. Newsletter2Go is not permitted to sell your data or to use them for any purpose other than to send the newsletters. Newsletter2Go is a certified German service provider that was selected subject to the requirements of the GDPR and the German Federal Data Protection Act. For further information, go to: https://www.newsletter2go.de/informationen-newsletter-empfaenger/

You can revoke the granted consent to storage of the data and the e-mail address as well as their use to send the newsletter at any time, for example by using the “unsubscribe” link in the newsletter. The data protection measures are subject to ongoing technical upgrades. For this reason, we request that you keep yourself informed about our data protection measures by consulting our data privacy policy at regular intervals.

Transfer of personal data to third parties / recipients of the data (Article 13 (1) (e) GDPR)

Personal data that you send to us by e-mail, or that we process as described above directly on our website in the context of the use of our contact form, our blog, or the sending of our newsletter, will not be transferred by ITB Consulting to third parties without your explicit consent.

In addition, our website contains links to the websites of various test procedures developed by ITB Consulting, in particular for aptitude and suitability tests. This includes, for example, BT-WISO and TM-WISO. The evaluation of such a test enables the college or institution to which you have applied to make a qualified selection from among the applicants to the respective courses of studies. Due to a tightening of data protection law, in order to participate in such a test procedure, every participant must grant a qualified declaration of consent to the processing of their personal data in the course of online registration for the respective test procedure. This declaration of consent fulfils the requirements of Article 7 GDPR. You will be fully informed about all details of the declaration of consent during the online registration for the corresponding test procedure on the respective website. You can view your declaration of consent there, and withdraw it if you wish, at any time.

In our collaboration with other institutions, e.g. our service providers, within the framework of services we offer, we take the following precaution to ensure the protection of your personal data: personal data may generally be passed on to third parties only if those parties have the required data protection suitability according to our test and a processing contract in accordance with Article 28 GDPR has been signed.

The authority to issue instructions regarding the data protection-compliant handling of personal data provided lies with ITB Consulting GmbH.

Duration of storage and erasure of the data; right to object and right to information (Article 13 (2) (a) and (b) GDPR)

The duration of storage depends on the legal stipulations and the purpose of the data storage. If the purpose of the data processing no longer applies, the data are erased. Otherwise, collected personal data are always erased if the consent is withdrawn, the data are verifiably false, the data were collected illegally, or if legal requirements no longer demand data storage. If there is no legal reason for storage, every data subject has the right to rectification or erasure (Article 16, 17 GDPR), the right to restrict the processing (Article 20 GDPR) of their personal data as well as the right to object (Article 21 GDPR).

If the data subject has granted a declaration of consent, they can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal (Article 13 (2) (c) in conjunction with Article 7 (3) GDPR).

On request, every data subject shall have the right to obtain from ITB-Consulting GmbH confirmation as to whether or not we process personal data concerning them (Article 15 GDPR).

Your personal data are not subject to automated decision-making, including profiling, in the course of our processing (Article 13 (2) (f) GDPR).

The right to lodge a complaint with a supervisory authority (Article 13 (2) (d) GDPR)

Notwithstanding any other legal remedies, every data subject has the right to lodge a complaint with the relevant supervisory authority. (The State Data Protection and Freedom of Information Officer NRW
https://www.ldi.nrw.de/index.php).

The controller (Article 13 (1) (a) GDPR)

ITB Consulting GmbH
Koblenzer Strasse 77
53177 Bonn
Telefon: +49 228 82090-0
Telefax: +49 228 82090-38
E-Mail: info@itb-consulting.de
Managing director Dr. Kristine Heilmann

Data protection officer (Article 13 (1) (b) GDPR)

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de

E-Mail

E-mail correspondence runs on the unsecured internet. We hereby draw attention to the fact that the internet is subject to many security risks, and it is not possible to guarantee absolutely secure transmission. We therefore request that you do not send us any confidential information by e-mail. At the current state of the art, it cannot be ruled out that third parties gain illegal access to the e-mail information sent.

Links and integration of social networks

In some cases, a link to our YouTube channel and our Facebook account can be generated from our website. In addition, our website contains links to other websites for which we are not responsible. We have no influence on their content or on whether the operators are compliant with the data protection regulations. Please contact these companies directly to find out about their data protection policy.

Technical and organizational measures (Article 32 GDPR)

ITB Consulting GmbH uses technical and organizational methods within the meaning of Article 32 EU GDPR to protect the personal data made available by you against destruction, loss, unauthorized access and deliberate or negligent manipulation. The compliance of the technical and organizational measures is documented, and is reviewed at regular intervals by ITB Consulting GmbH’s data protection officer.

edoobox (online booking system)

As part of the registration for certain test procedures, your personal data will be collected, stored and used by us in the online booking system edoobox of the company Etzensperger Informatik AG. Edoobox operates in compliance with the GDPR (https://www.edoobox.com/dsgvg-konform – german website). The following types of data are regularly the subject of processing:

1. personal master data (title, first and last name).
2. communication data (e-mail address, telephone number)
3. personal data such as address details

The legal basis for the processing of the data is Article 6 (1) GDPR.

The purpose of the data processing is the registration or booking as a participant of certain test procedures of ITB-Consulting GmbH.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the edoobox booking system, this is the case after the end of the event, storage beyond this takes place within the framework of the legal storage periods, e.g. in connection with invoicing.

The collection of data for the administration of bookings and the storage of data for invoicing is mandatory. Consequently, there is no possibility for the user to object. The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. As a user, you have the option of changing the data stored about you at any time.
Your data will not be passed on to third parties without your consent, nor will it be used for any purpose other than the provision of edoobox and the administration and invoicing of events. Here you can find the privacy policy of the provider edoobox (german website):
https://www.edoobox.com/ueber-edoobox/datenschutzrichtlinien/

Use of web fonts

In order to provide the visitors to our website a uniform display of our contents on all devices, and to minimize loading times, external fonts – Google fonts – are used on this website. Google Fonts is a service provided by Google Inc. (“Google”). These web fonts are downloaded from a server, generally a server of Google in the USA. This tells the server which of our internet pages you have visited. The IP address of the browser of the end device you use to visit these internet pages is also stored by Google. For further information please see the data privacy policy of Google, which you can access here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

Google Analytics

In order to learn how our website is received by users, we use the evaluation tool Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, text files that are stored on your computer and that allow an analysis of your use of the website.

The information about your use of this website generated by the cookie is generally transferred to and saved on a Google server in the USA. When IP anonymization is activated on this website, your IP address will be truncated in advance within Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the USA and truncated there. Google will use this information on behalf of the operator of this website to evaluate your usage of the website, to create reports on website activities, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser within the context of Google Analytics will not be combined with any other data held by Google. You can prevent cookies being stored on your computer by making the corresponding setting in your browser software. We would like to point out, however, that in this case you may not be able to use all of this website’s functions without restriction. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available at the following link::
http://tools.google.com/dlpage/gaoptout?hl=en.

Objection to unsolicited advertising e-mails

We hereby expressly object to any use of contact data on our internet pages by third parties for the sending of advertising information material that has not been explicitly requested. ITB Consulting GmbH explicitly reserves the right to take legal steps in the event of unsolicited sending of advertising information, for example spam.