PRIVACY POLICY

I. Name and address of the responsible person

The responsible person within the context of the general data protection regulation (GDPR) and other national data protection laws of the member states and other legal data protection provisions is:

Huebner Executive Search Consulting GmbH
Noerdliche Auffahrtsallee 64
80638 Munich
Germany

Tel.: +49 89 1711859-0
Fax: +49 89 1711859-9
E-Mail: privacy@stefanhuebner.com
Internet: www.stefanhuebner.com

represented by the Managing Director Stefan Huebner

II. Name and address of the data protection officer

The data protection officer of the responsible person is:

DS Consult + Compliance GmbH
Zimmersmuehlenweg 27
61440 Oberursel
Germany
E-Mail: dsb@d-s.group

III. General information about data protection


1. Scope of personal data processing

Essentially, we only process personal data of our users if this is required to provide a functional website, in addition to our contents and services. Personal data of our users is regularly processed only after their consent. An exception applies in those cases, in which prior collection of consent is not possible for factual reasons and data processing is permitted by legal regulations.

2. Legal basis for processing personal data

Provided we collect consent from the affected person for processing procedures, Art. 6 Para. 1 lit. a EU general data protection regulation (GDPR) shall apply as the legal basis.
If processing of personal data is required for fulfilment of a contract that the affected person is a contractual party of, Art. 6 Para. 1 lit. b GDPR shall apply as the legal basis. This shall also apply to processing procedures that are required to complete pre-contractual measures.
If processing personal data is required to fulfil a legal obligation that our company is subject to, Art. 6 Para. 1 lit. c GDPR shall apply as the legal basis.
In case critical interests of the affected person or another natural person make personal data processing a requirement, Art. 6 Para. 1 lit. d GDPR shall apply as the legal basis.
If processing is required to safeguard a justified interest of our company or a third party and the interests, basic rights, and basic freedoms of the affected party do not outweigh the interests of the first party, Art. 6 Para. 1 lit. f GDPR shall apply as the legal basis for processing.

3. Data deletion and storage duration

The personal data of the affected person shall be deleted or blocked as soon as the purpose of storage is omitted. Storage may also take place if this is prescribed by European or national lawmakers in European Union regulations, laws, or other directives that the responsible person is subject to. Blocking or deleting data also takes place if a storage period prescribed by the named standards expires, unless a requirement for extended data storage is present for contract completion or contract fulfilment.

IV. Provision of the website and creation of log files

1. Description and scope of data processing

Each time our website is accessed, our system collects automated data and information from the computer system of the accessing computer. The provider of these pages also collects and stores information in so-called ‘log files’, which your browser provides to us automatically.

In this case, the following data are collected:

  1. Website accessed
  2. Time and date of server request
  3. Amount of data sent in bytes
  4. Referrer URL and accordingly host name of the accessing computer
  5. Browser type and browser version
  6. Operating system
  7. IP address

The data are also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

2. Legal basis for data processing

The legal basis for temporary storage of data and log files is Art. 6 Para. 1 lit. f GDPR.

3. Purpose of data processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. Therefore the IP address of the user must remain stored for the duration of the session.

Log files are stored to ensure functionality of the website. In addition to this, we use the data to optimise the website and ensure the security of technical information systems.
Evaluation of the data for marketing purposes does not take place in this context.
These purposes also include our justified interest on data processing according to Art. 6 Para. 1 lit. f GDPR.

4. Storage duration

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. If the data has been collected to provide the site, this is the case when the respective session is terminated.

In the case of storing the data in logfiles, this is the case in no later than seven days. A storage that goes beyond this period of time is possible. In this case, the IP address is anonymized after 24 hours at the latest by replacing the last octet of the IP address with zeros.

5. Objection and removal option

The collection of data to provide the website and storage of data in log files is absolutely required for operation of the webpage. For this reason, the user shall not be entitled to object.

V. Use of cookies

a) Description and scope of data processing

Our website uses cookies. Cookies are text files that are saved in the Internet browser or by the Internet browser on the computer system of the user. When a user accesses a website, a cookie can be saved on the operating system of the user. This cookie includes a characteristic sequence of characters that enable clear identification of the browser if the website is accessed again. We use cookies to design our website to be more user-friendly. Several elements of our webpages require that the accessing browser can be identified, also after the page has been changed.

The following data are saved and transferred in these cookies:

  • language settings
  • resolution

We also use cookies on our website that enable analysis of the user’s Internet browsing behaviour.
The following data may be transferred for this purpose:

  • frequency of page access
  • use of website features

The user data collected this way are anonymised by using technical precautions. For this reason, assignment of the data to the accessing user is no longer possible. The data are not saved together with other personal data of the user.

You can also set your browser so that cookies are deactivated. In this case, please note that the full functionality of the website display is no longer guaranteed.

b) Legal basis for data processing

The legal basis for processing personal data by using cookies is provided by Art. 6 Para. 1 lit. f GDPR.
The legal basis for processing personal data using technically necessary cookies is provided by Art. 6 Para. 1 lit. f GDPR.

c) Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for the user. Several functions of our website cannot be provided without the use of cookies. They require that the browser can be recognised again even after the page has been changed.

We require cookies for the following applications:

  • application of language settings

The user data collected by technically necessary cookies are not used to create user profiles.

e) Duration of storage, objection and removal option

Cookies are stored on the computer of the user and transmitted from it to our page. For this reason, you also have full control over the use of cookies as the user. By changing the settings in your Internet browser, you may deactivate or limit the transmission of cookies. Cookies that have already been saved may be deleted at any time. This may also take place automatically. If cookies for our website are deactivated, it may occur that not all features of the website function to the full degree.

f) Use of Google webfonts

Type and purpose of processing
In order to display our content in a browser-spanning, accurate and graphically appealing way, we use Google LLC’s Google Web fonts (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) to display fonts.
The data protection policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

Legal basis
The legal basis for the integration of Google Webfonts and the related data transfer to Google is your consent (art. 6 para. 1 lit. a DSGVO) and the legitimate interest of the person responsible (art. 6 para. 1 lit. f DSGVO) to display the website correctly across browsers and in a graphically appealing manner.

Recipient
Using Google webfonts or font libraries will automatically establish a connection to the library’s operator. Theoretically it is possible – but currently also unclear whether and if necessary for what purposes – that in this case the operator will be collecting Google data.

Storage time
We do not collect any personal data by incorporating Google Webfonts.
For more information about Google Webfonts, see HTTPS://DEVELOPERS.GOOGLE.COM/FONTS/FAQ and the Google Privacy policy: https://www.google.com/policies/privacy/.

Third country transfer
Google processes your data in the United States and is subject to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

Deployment mandatory or required
The provision of personal data is not required by law or by contract. However, the correct presentation of these contents is requiring standard fonts.

Withdrawal of consent
The programming language JavaScript is used regularly to display the content. You can object to data processing by disabling the execution of JavaScript in your browser or by installing a JavaScript blocker. Please note that this may lead to functional restrictions on the website.

VI. E-mail contact

1. Description and scope of data processing

You have the option to get in contact with us by e-mail. During the sending process for this e-mail our servers will be logging the following personal data of the user:

  • sender address
  • date and time
  • recipient address
  • IP address
  • reference
  • message contents
  • possible attachments

No data will be provided to third parties in connection with your contact. The data are only used for processing within this conversation.

2. Legal basis for data processing

The legal basis for processing the data that is transmitted by sending an e-mail is Art. 6 Para. 1 lit. f GDPR. If the purpose of contact via e-mail is to complete a contract, then the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR.

3. Purpose of data processing

In case of contact by e-mail, this is also subject to the required justified interest in processing data.

4. Storage duration

The data will be deleted as soon as it is no longer necessary for achieving the purpose of its collection. For the personal data sent by e-mail, this is the case when the respective conversation with the user is terminated. The conversation ends when it is clear from the circumstances that the facts concerned have been clarified.

If a contract is concluded from the conversation, the data will be deleted after the legal deadlines of 6 – 10 years.

5. Objection and removal option

The user has the option at all times to withdraw his consent to processing personal data. If the user contacts us by e-mail, then he may object to storage of his personal data at any time. In this case, the conversation cannot be continued.

Objections may be submitted by e-mail to privacy@stefanhuebner.com or by post. Our contact data can be found on our website www.stefanhuebner.com.

All personal data that have been stored while the contact was established will be deleted in this case.

VII. Applications by e-mail

1. Description and scope of data processing

You have the option to send us an application by e-mail. During the sending process for this e-mail, our servers will be logging the following data:

  • sender address
  • date and time
  • recipient address
  • IP address
  • reference
  • message contents
  • possible attachments

Initially no data will be provided to third parties in connection with your application. The data are only used for processing within this application process. Provided your consent, your application data can be forwarded to third parties within the scope of our Executive Search Mandate. Therefore we will obtain your prior consent.

2. Legal basis for data processing

In case the user has declared his consent, the legal basis for processing data is Art. 6 Para. 1 lit. a GDPR.
In case the user has transmitted the data by e-mail, the legal basis for processing data is Art. 6 Para. 1 lit. f GDPR.

If an e-mail is sent for the purpose of closing a contract or within the scope of an Executive Search Mandate, the legal basis is provided by Art. 6 Para. 1 lit. b GDPR.

3. Purposes of data processing

The personal data in your application documents and in your e-mails is processed by us exclusively for the purpose of processing your documents within the scope of the application process and in order to get in contact with you. In case of employment and contact by e-mail, this is also subject to the required justified interest in processing data.
The consideration of your application takes place within the scope of our Executive Search Mandates and herein is the required justified interest for data processing. 

4. Storage duration

The data of the application including the annexes will be saved up to twelve months after the completion of the application process. In the event of an employment, this data will be stored within the framework of the contractual relationship.

If your application is used in the course of one of our Executive Search Mandates, your data will be stored until the relevant search and selection process has been completed, you revoke your consent or application or this is due to legal requirements.

5. Objection and removal option

The user has the option at all times to withdraw his consent to processing personal data. If the user contacts us by e-mail, then he may object to storage of his personal data at any time. In this case, the application process can not be continued.

Objections may be submitted by e-mail to privacy@stefanhuebner.com or by post. Our contact data can be found on our website www.stefanhuebner.com.

All personal data that have been stored while the contact was established will be deleted in this case.

VIII. Rights of affected persons

If your personal data are processed, you are an affected person within the context of the GDPR, and you are entitled to the following rights vis-a-vis the responsible person:

1.Right of information

You may demand a confirmation from the responsible person whether your personal data is being processed by us. If data are being processed, you may demand disclosure from the responsible person about the following information:

(1) the purpose that personal data are being processed for;
(2) the categories of personal data which are being processed;
(3) the recipients and categories of recipients that personal data affecting you were disclosed to or will be disclosed to;
(4) the planned duration of storage of personal data affecting you or, if specific information about this is not possible, criteria for specifying the storage duration;
(5) the right to initiate correction or deletion of personal data affecting you, the right to limit the processing of this personal data by the responsible person or the right to object against this processing;
(6) the right to complain to a supervisory authority;
(7) all available information about the origin of the data if personal data were not collected from the affected person;
(8) the presence of automated decision making, including profiling according to Art. 22 Para. 1 and 4 GDPR and in this case, sound information regarding the involved logic and the range and intended effects of data processing of this kind relating to the affected person.

You have the right to demand information whether the personal data affecting you is transmitted to a country located outside of the EU or to an international organisation. In this context, you may demand information concerning suitable guarantees in connection with this transmission according to Art. 46 GDPR.

2. Right to correction

You have the right to correction and/or completion towards the responsible person, provided the personal data affecting you is incorrect or incomplete. The responsible person must correct the data immediately.

3. Right to limitation of processing

Provided the following conditions, you may demand a limitation of the processing of your personal data:
(1) if you dispute the correctness of personal data affecting you for a duration that enables the responsible person to check the correctness of the personal data;
(2) if processing is illegal and you reject deletion of personal data but instead demand a limitation of the use of personal data;
(3) the responsible person does no longer need the personal data for processing purposes, but you require these data for enforcing, exercising, or defending legal claims, or
(4) if you have initiated an objection to processing according to Art. 21 Para. 1 GDPR and it is not yet determined if the justified reasons on behalf of the responsible person outweigh your own reasons.

If processing of the personal data affecting you is limited, then this data may only be processed – despite its storage – with your consent or in order to enforce, exercise, or defend legal claims or in order to protect the rights of another natural or legal person or for reasons involving an important public interest of the European Union or an individual member state.

If limitation of processing is effective according to the requirements indicated above, then you shall be informed by the responsible person before limitation is removed.

4. Right to deletion

4.a. Obligation to delete

You may demand that the responsible person shall immediately delete personal data affecting you and the responsible person shall be obligated to delete this data immediately, provided one of the following reasons is applicable:

(1) Personal data affecting you is no longer necessary for the purposes that they were collected for or they have been processed for otherwise.
(2) You withdraw your consent to processing based on Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR, and there is no other legal basis for processing.
(3) You object to processing according to Art. 21 Para. 1 GDPR and there is no predominant legal reason for processing or you object to processing according to Art. 21 Para. 2 GDPR.
(4) The personal data affecting you have been processed illegally.
(5) Deletion of the personal data affecting you is required to fulfil a legal obligation according to EU laws or the laws of the member states that the responsible person is subject to.
(6) The personal data affecting you were collected in relation to services offered by the information society according to Art. 8 Para. 1 GDPR.

4.b. Information to third parties

If the responsible person has made personal data affecting you public and if he is obligated to deletion according to Art. 17 Para. 1 GDPR, then he shall take appropriate measures in consideration of available technology and implementation costs, including measures of a technical nature in order to inform the person responsible for processing your personal data that you, the affected person, have requested deletion of all links to this personal data or copies or reproductions of your personal data.

4.c. Exceptions

The right to deletion does not apply if processing is required

(1) to exercise the right to freedom of expression of opinion and information;

(2) to fulfil legal obligations that require processing as subject to the laws of the European Union or the member states that the responsible person is subject to, to fulfil a task that is in the interest of the public, or to exercise public authority that has been transferred to the responsible person;

(3) for reasons in the public interest in the area of public health according to Art. 9 Para. 2 lit. h and i, as well as Art. 9 Para. 3 GDPR;

(4) for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes according to Art. 89 Para. 1 GDPR, provided that the right indicated under section a) foreseeably makes implementation of these goals impossible or could seriously affect them, or

(5) to enforce, exercise, or defend legal claims.

5. Right to reporting

If you have enforced the right to correction, deletion, or limitation of processing towards the responsible person, then the responsible person shall be obligated to inform all recipients that personal data affecting you were disclosed to, regarding correction or deletion of data or limited processing, unless this proves to be impossible or this would be connected with disproportionate high efforts.

You have the right towards the responsible person to be informed about these recipients.

6. Right to data transfer

You have the right to receive personal data affecting you that you have been providing to the responsible person in a structured, conventional, machine-readable format. You also have the right to have this data transferred to another responsible person by the responsible person that the personal data was originally provided to without hindrance, provided

(1) processing takes place based on consent according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or another contract according to Art. 6 Para. 1 lit. b GDPR, and

(2) processing takes place with the aid of automated processes.

By exercising this right, you also have the right to cause personal data affecting you to be transferred directly from one responsible person to another responsible person, provided that this is technically feasible. Freedoms and rights of other persons shall not be impaired by this.

The right to data transfer shall not apply to processing personal data that is required to fulfil a task that lies in the public interest or follows from exercising public authority that has been transferred to the responsible person.

7. Right to objection

Based on reasons that result from your own specific situation, you have the right to object to processing personal data affecting you that would take place based on Art. 6 Para. 1 lit. e or f GDPR; this shall also apply to any profiling supported by these provisions.

The responsible person shall then no longer process personal data affecting you, unless he is able to prove urgent reasons for processing worthy of protection, which outweigh your own interests, rights, and freedoms, or in case processing is required for enforcing, exercising, or defending legal claims.

If personal data affecting you are processed to promote direct advertising, you have the right to object at any time to processing personal data affecting you for advertising purposes of this kind; this shall also apply to profiling, provided this is done in connection with this kind of direct advertising.


If you object to data processing for direct advertising, then personal data affecting you will no longer be used for these purposes.

Within the context of the use of services of the information society and notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object via automated processes, which utilise technical specifications.

8. Right to withdraw your declaration of consent

You have the right to withdraw your declaration of consent at any time. By withdrawing your consent, the legality of processing that has taken place based on consent until its withdrawal shall not be affected.

9. Right to complain to a supervisory authority

Other legal administrative or judicial aids notwithstanding, you have the right to complain to a supervisory authority, particularly in the member state of your location, your place of work or the location of the suspected violation, if you are of the opinion that processing personal data affecting you is violating the GDPR.
The supervisory authority that the complaint was submitted to shall inform the complaining party about the status and the results of the complaint, including the option to utilise judicial aids according to Art. 78 GDPR.

The supervisory authority responsible for our company is

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Germany

Tel. +49 981 53 1300
E-Mail: poststelle@lda.bayern.de
Internet: www.lda.bayern.de