We are pleased that you have visited our website. Below we would like to inform you about how we handle your data in accordance with Article 13 of the General Data Protection Regulation (GDPR).
1. General
The Kölner Institut für Managementberatung GmbH, Domstraße 55-73, 50668 Cologne ("we"), takes the protection of your data and the legal obligations related to this protection very seriously. This privacy policy explains which data we collect, process, and use ("data processing" or "process data") when you visit our website at www.ki-management.com ("website") and how we ensure the protection of your data. If you have any questions that are not answered by this privacy policy, please contact us; our contact details are provided under point 2.
As a user of our website, you should be aware that links may lead you to other websites that are not operated by us but by third parties. Such links are either clearly marked or identifiable by a change in the address bar of your browser. We are not responsible for compliance with data protection regulations and the secure handling of your data on these websites operated by third parties.
2. Person responsible
Responsible for the data collection and processing described below is:
Kölner Institut für Managementberatung GmbH
Managing Directors: Dagmar Hanewinkel, Prof. Dr. Christian Dries
Domstraße 55 – 73
50668 Cologne
Germany
Cologne District Court HRB 96824, VAT ID No.: DE367247319
Phone: (+49) 221 340909-0
E-mail: datenschutz@ki-management.com
Managing Directors: Dagmar Hanewinkel, Prof. Dr. Christian Dries
Shareholders:
Acture Germany GmbH
Headquarters: Hamburg
Hamburg District Court HRB 183504
3. Contact details of the data protection officer
Our company data protection officer is:
datenschutz süd GmbH
Wörthstrasse 15
97082 Würzburg
E-mail: office@datenschutz-sued.de
4. Personal data
Personal data allows the identification of a natural person, such as name, date of birth, address, and email address. You can generally use this website without having to disclose your identity, in whole or in part, to us or to third parties.
Disclosing your identity is only required if you wish to contact us via the website. Without disclosing your identity, we would otherwise not be able to respond to your contact request. It is therefore your free decision whether you contact us via the website and, if necessary, disclose personal data for this purpose.
If you do not disclose your identity to us, you may not be able to use the services on our website or may only be able to use them to a limited extent.
5. Data processing through the use of the website/log files
The website is delivered from a dedicated computer ("server") that automatically collects information each time the website is accessed and stores it in log files. This information includes the following:
- browser type and version (“user agent”),
- operating system used,
- Address of the previously visited website (“referrer URL”),
- Address of the computer you use to access the website (“IP address”)
- and time of access to the website.
This information is transmitted by your browser unless you have configured your browser to suppress the transmission of this information. The data stored in the log files regarding access to this website cannot be assigned to any specific visitor. This data is not merged with other data sources.
The log files serve the functionality of our website. The legal basis for processing personal data is this legitimate interest pursuant to Art. 6 (1) (f) GDPR.
The data will be stored for a period of 32 days. Beyond that, the data will be deleted as soon as it is no longer required for us and there are no statutory or contractual retention periods that prevent deletion.
6. Creation of user profiles
This website uses Matomo, an open-source software for statistical analysis of visitor access. Matomo uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is stored on the provider's server in Germany. The IP address is anonymized immediately after processing and before it is saved. You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
7. Cookies
This website uses cookies to the following extent:
| Cookie Name | Data categories | Purpose of data processing | Technology | Storage period/deletion period | Third-party cookie | Legal basis |
| long | Temporary | Marketing/Tracking | End of session | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| _fbp | Temporary | Marketing/Tracking | 3 months | No | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| AnalyticsSyncHistory | Temporary | Marketing/Tracking | 1 month | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| User Match History | Temporary | Marketing/Tracking | 1 month | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| bcookie | Temporary | Marketing/Tracking | 2 years | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| li_gc | Temporary | Marketing/Tracking | 2 years | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| lidc | Temporary | Marketing/Tracking | 1 day | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) | |
| MATOMO_SESSID | Temporary | Marketing/Tracking | Matomo (by lt) | 14 days | Yes | § 25 Paragraph 1 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter a) |
| PHPSESSID | Temporary | Website functionality | Website (by lt) | End of session | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| lt-fb | Temporary | Website functionality | Website (by lt – Cookie Control) | 1 month | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| lt-gme | Temporary | Website functionality | Website (by lt – Cookie Control) | 1 month | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| lt-li | Temporary | Website functionality | Website (by lt – Cookie Control) | 1 month | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| lt-matomo | Temporary | Website functionality | Website (by lt – Cookie Control) | 1 month | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| qtrans_front_language | Temporary | Website functionality | WordPress | 1 year | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| ppwp_wp_session | Temporary | Website functionality | WordPress | End of session | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| _pk_id.xxx | Temporary | Website functionality | WordPress | 1 year and 1 month | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| _pk_ses.xxx | Temporary | Website functionality | WordPress | End of session | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
| cookie_notice_accepted | Temporary | Website functionality | Website (by lt – Cookie Control) | 1 month | No | § 25 Paragraph 2 No. 2 TDDDG in conjunction with Art. 6 Paragraph 1 Sentence 1 Letter f) |
7.1. Required cookies
We use cookies on our websites that are necessary for the use of our websites.
Cookies are small text files that can be stored and read on your device. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.
Some of these cookies only contain information about certain settings and are not personally identifiable. They may also be necessary to enable user navigation, security, and the implementation of the site.
We use these cookies on the basis of Art. 6 (1) (f) GDPR and Section 25 (2) No. 2 TDDDG.
You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time using the appropriate browser settings and prevent new cookies from being placed. Please note that our websites may then not be displayed and some functions may no longer be technically available.
7.2.Third-party tracking technologies for advertising purposes
We use cross-device tracking technologies so that we can show you targeted advertising on other websites based on your visit to our websites and so that we can understand how effective our advertising efforts have been.
Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, provided you have given your consent via our banner. Your consent is voluntary and can be revoked at any time.
How does tracking work?
When you visit our websites, it is possible that the third-party providers listed below will retrieve recognition features for your browser or your device (e.g. a so-called browser fingerprint), evaluate your IP address, store or read recognition features on your device (e.g. cookies) or gain access to individual tracking pixels.
Third-party providers can use these individual features to recognize your device on other websites. We may commission these third-party providers to display advertising tailored to the pages you visit on our website.
What does cross-device tracking mean?
If you log in to the third-party provider using your own user data, the respective recognition features of different browsers and devices can be linked. For example, if the third-party provider has created a separate feature for the laptop, desktop PC, or smartphone or tablet you use, these individual features can be associated with each other as soon as you use a third-party service with your login data. This allows the third-party provider to target our advertising campaigns across different devices.
7.2.1. Use of Matomo (formerly Piwik)
This website uses the tracking tool Matomo (formerly Piwik), an open source software for statistical analysis of visitor access. Matomo uses so-called "cookies", text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is stored on the provider's server in Germany. The following data is stored and processed by you: anonymized IP address, page views, time, browser data, system data (Windows, Mac, smartphone, etc.). The IP address is anonymized immediately after processing and before it is saved. You can prevent the installation of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.
Data processing is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. The purpose of data processing is the statistical evaluation of page visits.
Here you can decide whether a unique web analysis cookie may be stored in your browser to enable the website operator to collect and analyze various statistical data.
We store your data for a period of 30 days. We also delete your data once it is no longer required, unless there are legal or contractual retention obligations to the contrary.
If you would like to opt out, click the following link to place the Matomo deactivation cookie in your browser.
Your visit to this website is currently being tracked by Matomo Web Analytics. Click here to prevent your visit from being tracked.
Revocation of your consent: You have the right to revoke your consent at any time with future effect. Until you exercise your right of revocation, our data processing is lawful.
7.2.2.Social Plugins
We enable you to use social plugins. However, for data protection reasons, we only integrate the social plugins we use in a deactivated form. Therefore, when you visit our websites, no data is transmitted to social media services. The social plugins integrated on our websites are only activated and used if you have provided a corresponding declaration of consent via our consent banner. Only then, in a second step, will your browser establish a connection to the servers of the operator of the respective social media service.
When you activate a plug-in, the social media service receives, in particular, your IP address and, among other things, information about your visit to our website. This occurs regardless of whether you have an account with the respective social media service. If you are logged in, the data can be directly assigned to your social media profile.
Overall, we have no influence on whether and to what extent the respective social media service processes personal data after activation. However, it is likely that the social media service will create user profiles from your data and use them for the purpose of personalized advertising. Your data will also be used to inform other users of the social media service about your activities on our websites.
Embedding is based on your consent, provided you have given your consent via our consent banner. Please note that the embedding of many social plugins results in your data being processed outside the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or being able to exercise legal recourse. If we use providers in unsafe third countries and you consent, the transfer to an unsafe third country is based on Art. 49 (1) (a) GDPR.
If you no longer wish your personal data to be processed by the activated social plugins, you can prevent future processing by revoking your consent. Until then, data processing remains lawful.
| Provider | Maximum Storage period | Adequate level of data protection | Revocation of consent |
| Facebook Pixel (USA) | 2 years | No adequate level of data protection. The transfer is based on Art. 49 (1) (a) GDPR. | You can revoke your consent to the processing of your data at any time. The easiest way to revoke your consent is to contact us by email using the contact details listed above. |
| LinkedIn Pixel (USA) | 2 years | No adequate level of data protection. The transfer is based on Art. 49 (1) (a) GDPR. | You can revoke your consent to the processing of your data at any time. The easiest way to revoke your consent is to contact us by email using the contact details listed above. |
7.2.2.1.Use of Facebook Pixel
Data processing is carried out on the basis of your consent in accordance with Art. 6 (1) (a) and Section 25 (1) TDDDG GDPR.
In addition, you have the option to object to the recording of your activity outside of Facebook by the Facebook pixel and the use of your data to display Facebook ads on the following page set up by Facebook: https://www.facebook.com/off_facebook_activity/
7.2.2.2.Use of LinkedIn Pixel
Data processing is based on your consent in accordance with Art. 6 (1) (a) and Section 25 (1) of the Telemedia Act (TDDDG) GDPR. The purpose of data processing is the statistical evaluation of page visits.
You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in your web browser settings. Please note that if you do this, you may not be able to fully use all the features of our website. You can also prevent LinkedIn from collecting the aforementioned information by setting an opt-out cookie on one of the websites linked below:
- https://www.linkedin.com/psettings/guest-controls
- http://optout.aboutads.info/?c=2#!/
- http://www.youronlinechoices.com/de/praferenzmanagement/
Please note that this setting will be deleted if you delete your cookies. You can object to the collection and forwarding of personal data or prevent the processing of this data by deactivating the execution of JavaScript in your browser. You can also prevent the execution of JavaScript code altogether by installing a JavaScript blocker (e.g. https://noscript.net/ or https://www.ghostery.com ). We would like to point out that in this case you may not be able to use all functions of our website to their full extent.
Information from the third-party provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Further information on data protection from the third-party provider can be found on the following website: https://www.linkedin.com/legal/privacy-policy
7.2.2.3.Use of map services
We embed map services on our websites that are not stored on our servers. Accessing our pages with embedded map services results in the reloading of content from the third-party provider that provides the map services. This provides the third-party provider with the information that you have accessed our site and the usage data technically required for this purpose.
We have no influence on the further data processing by the third-party provider.
Embedding is based on Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Processing only begins when you submit the corresponding opt-in.
8. Contact us
Contact form
You have the option of contacting us via a web form. To use our contact form, we require your name and email address. You can provide us with additional information voluntarily.
The legal basis for processing is Art. 6 (1) (b) or (f) GDPR. Your data will be processed solely to answer your inquiry and subsequently deleted. You have the right to object under Art. 21 GDPR. Your data will not be passed on to third parties.
Contact via email
You can also contact us by email ( datenschutz@ki-management.com ). The above applies.
9. Use of personal data for advertising purposes
On the website, you may have the option of consenting to the use of any personal data you have entered for advertising purposes by us or third parties.
Consent (Art. 6 (1) (a) GDPR) is granted by clicking on the corresponding checkbox in a contact form or elsewhere on the website. Any consent you may grant applies exclusively to the companies listed exhaustively in the consent form and the services provided by the companies listed there, as well as only to the communication channel specified in the consent form (e.g., email or telephone).
Revocation of your consent You have the right to revoke your consent at any time with future effect. Until you exercise your right of revocation, our data processing remains lawful.
For this purpose, please contact our contact person listed in the imprint at www.ki-management.com. You can also request the text of the consent form there at any time. It is also possible to object to the use of personal data for advertising purposes at any time, regardless of your consent.
Regardless of your consent, we are entitled to use your email address for advertising purposes if we received your email address in connection with a service we offer, the advertising is limited to identical or similar services offered by us, you have not objected to the use of your email address for advertising purposes and we have clearly informed you when collecting your email address and each time it is used that you can object to further advertising use at any time.
9.1 Analysis of user behavior (Google Analytics)
Description: We use the web analysis service Google Analytics. Google uses the information collected to create statistical reports on our website activities, the regional origin of visitors, and the technical characteristics of the devices used to visit our site.
We use Analytics with the "anonymizeIP" extension so that IP addresses are only processed in abbreviated form to reduce the possibility of personal reference. IP anonymization means that Google replaces the end of your IP address with zeros within the European Union before the data is transferred to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there.
Google Analytics, in the sense of server-side analytics, collects data from a weblog that is sent to a web server by default when websites are accessed. If you have consented to the use of Google cookies, Google records the data stored in the cookies, such as a cookie ID. In addition, Google recognizes general information about your device, such as installed software or fonts, and uses this to create a so-called digital fingerprint.
In contrast to simple server-side analytics, the cookie ID or digital fingerprint allows us to attribute multiple actions on our website to the same visitor. This allows us to identify returning visitors and track usage paths within our website. Information about usage paths is particularly important for drawing valuable conclusions about user behavior.
The analytics cookies are named _ga (to recognize returning visitors), _gid (to create statistical groups) and _gat (to reduce data comparison with advanced Google features).
We do not link the data we collect through Google Analytics with personal data we collect through other means. Google is also prohibited from using the data for its own purposes or combining it with data collected elsewhere. Google only provides us with the data in an anonymized and statistical form, so we do not have access to data characteristics that could allow individual persons to be identified.
For comprehensive information about the use of data collected by Google, please see Google's privacy policy (https://policies.google.com/privacy) and in Google's information about cookies (https://policies.google.com/technologies/cookies).
Data categories: IP address through which the device goes online; linked to the IP address, location or country as well as Internet service provider for Internet access; date and time of access; objects on our website that are accessed (clicked) in the browser; type and version of the Internet browser; type and version of the operating system; information on the screen resolution and other technical parameters of the device used; websites from which the user accessed our website; websites that the user accesses from our website; Google ID stored in the cookie; digital fingerprint of the device used calculated by Google
Data recipients (third country transfer if applicable): Google LLC, which we, as a European organization, can contact via Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google is obligated to comply with data protection regulations through a contract for data processing. To the extent that Google transfers data to third countries, Google guarantees that the data will be handled in accordance with EU data protection standards by concluding standard data protection clauses.
Purpose + legal basis: The purpose of this usage analysis is to enable us to further improve our website based on the analysis findings.
The legal basis is a legitimate interest, which arises from the fact that the personal reference of the collected data is greatly reduced, e.g. by anonymizing the IP addresses, that we do not combine the data with other data collections and that visitors to our website have various options available to prevent the collection of data by Google Analytics cookies.
Regardless of this, in accordance with Section 25 of the Telemedia Act (TDDDG), we ask for your consent to set Google cookies via our Cookie Manager.
Storage period: 14 months; this retention period of the raw data allows us to export annual statistics.
10. Email applications
We process your personal data in accordance with applicable data protection regulations based on Art. 88 GDPR and Section 26 (1) BDSG (German Federal Data Protection Act). We process the data you provide to us as part of your email application exclusively for the purpose of selecting applicants. Data will not be processed for any other purpose.
You determine the scope of the data you wish to submit to us as part of your email application. Email applications are transmitted electronically to our human resources department, where they are processed as quickly as possible. The transmission is encrypted. Applications are generally forwarded to the heads of the relevant departments within our company. Your data will not be shared beyond this. Your information will be treated confidentially within our company. If your application is unsuccessful, your documents will be deleted after three months.
Revocation of your consent You have the right to revoke your consent at any time with future effect. Until you exercise your right of revocation, our data processing remains lawful.
11. Newsletter
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: "CleverReach"). CleverReach is a service that can be used to organize and analyze newsletter distribution. The data you enter for newsletter registration (mandatory: name, email address, optional: company/organization, position, and telephone number) will be stored on CleverReach's servers in Germany or Ireland.
A contract for order processing within the meaning of Art. 28 GDPR has been concluded with CleverReach GmbH & Co. KG. This represents the legal basis for the transmission to CleverReach. Further information can be found in CleverReach's privacy policy at: https://www.cleverreach.com/de/datenschutz/.
Our newsletters, sent with CleverReach, allow us to analyze the behavior of newsletter recipients. This allows us to analyze, among other things, how many recipients opened the newsletter message and how often each link in the newsletter was clicked. Conversion tracking also allows us to analyze whether a predefined action (e.g., purchasing a product on this website) occurred after clicking the link in the newsletter. Further information on data analysis by CleverReach newsletters can be found at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing is based on your consent (Art. 6 (1) (a) GDPR). You can revoke this consent at any time with future effect by unsubscribing from the newsletter. We provide a corresponding link in every newsletter message for this purpose.
If you do not want CleverReach to analyze your data, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you revoke your consent and will be deleted from the newsletter distribution list after you unsubscribe. Data stored by us for other purposes remains unaffected.
After you revoke your consent, your email address may be stored on a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist will be used solely for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) (f) GDPR). Storage on the blacklist is not time-limited. You can object to storage if your interests outweigh our legitimate interest.
12. Data transfer to third parties
We may share your personal information within our group of companies where necessary for specific purposes. For example, we conduct our business using central databases and systems. These central databases and systems may be managed or hosted by a group company for some or all of the group companies. We may also share your personal information within our group for internal administrative purposes, because we are required to do so by law, or to improve our services to you.
Companies in our group may only use your personal data as necessary to fulfill the purposes for which they were collected and in accordance with this statement. We have concluded appropriate data protection agreements.
We also transmit your data as part of our contract processing pursuant to Art. 28 GDPR to external service providers who support us in the operation of our websites, central databases, systems, and related processes. Our service providers are strictly bound by our instructions and are contractually obligated accordingly.
Data transfer to third countries
We do not transfer any personal data to a third country outside the EU unless you have consented to such transfer in the above-mentioned cases (see section 6: Social Plugins).
13. Automated decision-making
Automated decision-making – including profiling – pursuant to Art. 22 GDPR does not take place.
If you wish to exercise your rights, please contact us at datenschutz@ki-management.com .
14. User rights
Your rights as a user
When processing your personal data, the GDPR grants you as a website user certain rights:
Right to lodge a complaint with a supervisory authority
According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. This right of complaint can be asserted, in particular, with a supervisory authority in the Member State of your residence, place of work, or place of the alleged violation.
Right to information (Art. 15 GDPR):
You have the right to request confirmation as to whether personal data concerning you is being processed; where this is the case, you have the right to access this personal data and to the information detailed in Article 15 of the GDPR.
Right to rectification and erasure (Articles 16 and 17 GDPR):
You have the right to request the immediate rectification of inaccurate personal data concerning you and, where appropriate, the completion of incomplete personal data.
You also have the right to request that personal data concerning you be deleted immediately if one of the reasons listed in Article 17 GDPR applies, e.g., if the data is no longer required for the purposes pursued.
Right to restriction of processing (Art. 18 GDPR):
You have the right to request restriction of processing if one of the conditions listed in Article 18 GDPR is met, e.g. if you have objected to processing, for the duration of any review.
Right to data portability (Art. 20 GDPR):
In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request that this data be transmitted to a third party.
Right of objection (Art. 21 GDPR):
If data is collected on the basis of Art. 6 (1) (f) (data processing to protect legitimate interests), you have the right to object to processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims.
Revocation of your consent
You have the right to revoke your consent at any time with future effect. Until you exercise your right of revocation, our data processing remains lawful.
Information for participants of our services
Information and data protection notices according to Art. 14 and 21 GDPR of the Cologne Institute for Management Consulting GmbH
This information provides you with an overview of the processing of your personal data when you participate in the services offered by the Kölner Institut für Managementberatung GmbH (KI.M). This includes, in particular, the implementation of personnel diagnostic procedures (e.g., Assessment/Development/Orientation Center) or personnel development measures (e.g., coaching, workshops, training). We inform you about which data we collect from you and how we use it. We also explain your rights under applicable data protection law and tell you who to contact if you have any questions.
Person responsible:
The Cologne Institute for Management Consulting GmbH (KI.M), Domstraße 55-73, 50668 Cologne, email: info@ki-management.com.
Data processing to protect the legitimate interests of the controller:
Our client has provided us with your data on the basis of Section 26, Paragraph 1, Sentence 1 of the New Federal Data Protection Act (BDSG) to establish or implement the employment relationship between you and our client. We also process the data provided to us in accordance with Section 26, Paragraph 1, Sentence 1 of the New Federal Data Protection Act (BDSG) when initiating or within the framework of existing employment relationships for the purpose of conducting personnel diagnostic procedures (e.g., Assessment/Development/Orientation Center) or personnel development measures (e.g., coaching, workshops, training). This also includes the associated support of participants.
The data processing within the framework of the events we organize may relate in particular to the following of your data: name, personnel number, business or organizational unit, age, gender, work telephone number and email address, recommendations made, assessments in various areas of competence, observed behavior within the framework of personnel diagnostics, photo protocols for personnel development measures, transmission of your video signal when using video conferencing software.
Data recipient:
After conducting personnel diagnostic procedures, our client or your (potential) employer will receive, upon request, a report on the results of the personnel diagnostic services, in which the personal strengths, opportunities for improvement, a quantitative overview of the results and the observed behavior are documented.
After completing personnel development measures, our client or your employer receives a list of participants with your name and signature to confirm that you have participated in the measure. For training measures, a photo transcript of the training is usually sent to the participants (including you) for distribution.
If you place a direct order with us, we will transmit your name to credit institutions and, in the case of outstanding claims, to a debt collection agency if there is a data protection authorization to transmit the data, e.g. in accordance with the above-mentioned legal provisions.
We may also share your data with external service providers, such as IT service providers, companies that destroy data, printing service providers, etc., who support us in data processing within the scope of contract processing in accordance with our strict instructions and with whom we have concluded a contract for contract processing in accordance with Art. 28 GDPR. Data processing outside the EU or the EEA does not take place.
We will not sell or otherwise market your personal information to third parties.
Additional information on the use of video conferencing systems :
If we provide a video conferencing system as part of our service, this is also subject to our strict instructions and is protected by a corresponding contract for order processing. Furthermore, we obtain assurances from our providers that the encrypted video signals are processed exclusively on servers within the scope of the GDPR. The providers we commission are US-based companies that are Privacy Shield certified. Recording of the video stream can only be initiated by our employees and only takes place in exceptional cases (e.g., during coaching or individual training) with the express consent of our participants. Recorded videos are deleted as soon as they are no longer required for the required purpose, at the latest 6 months after termination of the service.
Additional information on the use of Rating app “KI.PAT” :
To document observation and evaluation in diagnostic procedures, we use the "KI-PAT" app developed by our spin-off "KI.BIT UG." The application is hosted in the Microsoft Cloud. Microsoft operates the cloud exclusively on servers within the scope of the GDPR, is certified according to the EU-US Privacy Shield, and has concluded OSTs with Microsoft, which contain the EU Standard Contractual Clauses as an appendix. The KI.PAT app does not store data locally on the end devices. After the procedure is completed, the data is downloaded from the application's backend to the KI.M server and immediately deleted from the application.
Data deletion:
After the report on the respective event has been prepared and the results have been communicated to the client, the personal data of the participants will be deleted.
Rights of the data subject:
In accordance with the relevant provisions of the GDPR, data subjects have the right to information (Article 15) about the personal data concerning them, as well as the right to rectification of inaccurate data or erasure (Articles 16 and 17). They also have the right to restriction of processing (Article 18) and, in the cases covered by Article 20 GDPR, the right to data portability.
To assert your rights as a data subject, please contact the person responsible named above.
Contact details of the data protection officer:
Our company data protection officer will be happy to provide you with information or suggestions regarding data protection. You can reach him at the following contact details:
datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg
office@datenschutz-sued.de .
Right to lodge a complaint with a supervisory authority:
Every data subject has the right to lodge a complaint with a supervisory authority if they believe that the processing of data concerning them violates data protection law. This right of complaint may be exercised, in particular, with a supervisory authority in the Member State of the data subject's habitual residence or the place of the alleged violation, e.g., with the supervisory authority in North Rhine-Westphalia.
Information for customers and suppliers
Data protection information according to Art. 13 GDPR for customers and suppliers
Compliance with data protection regulations is very important to us. Below, we would like to inform you about the collection and processing of your personal data.
Person responsible
The controller responsible for data processing is Kölner Institut für Managementberatung GmbH, Domstr. 55-73, 50668 Cologne, Telephone: 0221 340 90 90, E-mail: datenschutz@ki-management.com.
Purpose and legal basis of data processing
We process your personal data for the purpose of customer management, such as preparing offers and financial accounting. The legal basis for data processing, which is necessary to fulfill and execute the contract between you and us, is Art. 6 (1) (b) GDPR. We store the business communication data of our contact persons on the basis of Art. 6 (1) (f) GDPR and in the legitimate interest of providing us with a simple and quick way to contact our customers. If you voluntarily provide us with further personal data about yourself (e.g. date of birth, private contact details), this is based on your consent within the meaning of Art. 6 (1) (a) GDPR.
Obligation to provide your personal data
You are contractually/legally obliged to provide the data we need to execute your contract, as otherwise proper contract processing and billing is not possible.
Recipients of your data
We will only share your data with third parties if we are legally obligated to do so or if the transfer serves our overriding legitimate interests (Article 6 (1) (f) GDPR). We regularly transfer data to an external tax office if the aforementioned requirements are met and the data transfer is necessary.
For data processing, we use external service providers who are strictly bound by instructions. Contracts for order processing have been concluded with them in accordance with the standards of Art. 28 GDPR.
When using service providers based outside the EU or EEA, an appropriate level of data protection is ensured in accordance with currently applicable standards.
Storage period/criteria for determining the storage period
In addition, we store your personal data for as long as this is necessary for the above purpose and the fulfillment of a legal obligation of the controller does not prevent deletion (e.g. statutory documentation and retention obligations under the German Commercial Code and the German Tax Code).
Your data protection rights
You have the right, upon request, to receive free Information about the personal data stored about you (Art. 15 (1) GDPR). In addition, if the legal requirements are met, you have the right to Correction (Art. 16 GDPR), deletion (Art. 17 GDPR) and Restriction the processing (Art. 18 GDPR) of your personal data and Data portability (Article 20 GDPR).
You have the right to withdraw your consent at any time with effect for the future, if the data is processed on the basis of Art. 6 (1) (a). Please address the revocation to: datenschutz@ki-management.com.
You have the right to object to data processing in accordance with Art. 21 GDPR, if the data is processed on the basis of Art. 6 (1) (f) GDPR. Please address your objection to: datenschutz@ki-management.com.
According to Art. 77 GDPR you have the right Complaint to be submitted to a data protection supervisory authority: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, Kavalleriestraße 2–4, 40213 Düsseldorf.
Our Data protection officer (datenschutz süd GmbH) can be reached via office@datenschutz-sued.deWhen contacting our data protection officer, please provide the name of the person responsible named above.
