Privacy policy for the website www.sperling-consulting.com

A. General information
§ 1 Information on the collection of personal data
(1) In the following, we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In doing so, we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).
(2) Responsible according to Art. 4 para. 7 DS-GVO Sperling Consulting, owner: Sascha Sperling, Friedrich-Ebert-Straße 88, 23909 Ratzeburg, (info@sperling-consulting.com) (see our imprint).
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions. We delete the data arising in this context, if the request is assigned to a contract, after the deadlines for the contract term, otherwise after the storage is no longer necessary, or restrict the processing if there are legal storage obligations.
(4) If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes. In doing so, we will also state the specified criteria for the storage period.

§ 2 Your rights
(1) You have the following rights vis-à-vis the controller with regard to your personal data:
- Right to information,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to the processing,
- Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.

§ 3 Processing of personal data when visiting our website
When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. The legal basis is Art. 6 Para. 1S. 1 lit. f GDPR:

  • P-address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (page visited)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • previously visited page
  • Browser
  • Operating system
  • Language and version of the browser software.

§ 4 Further functions and offers on our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested and use other common functions to analyze or market our offers, which are presented in more detail below. For this purpose, you must generally provide additional personal data or we process such additional data that we use to provide the respective services. The aforementioned data processing principles apply to all data processing purposes described here.
(2) In some cases, we use external service providers to process your data. These are carefully selected by us, are bound by our instructions and are regularly monitored.
(3) Furthermore, we may pass on your personal data to third parties if we offer participation in promotions, competitions, contracts or similar services together with partners. Depending on the service, your data may also be collected by the partners on their own responsibility. You will receive more detailed information when you provide your data or below in the description of the respective offers.
(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

§ 5 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.
(2) Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the performance of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the event of your objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
(3) Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to exercise your objection to advertising is to contact us using the contact details given above.

§ 6 Processing of data from your end devices (“Cookie Policy”)
(1) In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow cookies to be set or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view (2) before going into more detail about your individual choices by describing technically necessary cookies (3) and cookies that you can voluntarily select or deselect (4).
(2) Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below:

  • Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the shared session and your computer can be recognized when you return to our website.
  • Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies set and the duration at any time in your browser settings and delete the cookies manually.

(3) Mandatory functions that are technically necessary to display the website: The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your website visit, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. f GDPR.

(4) Optional cookies if you give your consent: We only set various cookies after you have given your consent, which you can select when you first visit our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve visits to our website, to make it easier for you to use different browsers or end devices, to recognize you when you visit us again or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time without this affecting the lawfulness of processing up to the point of withdrawal.
The functions we use, which you can select and revoke individually via the Consent Manager, are described below.

§ 7 SSL encryption
The visit to our website and the transmission of personal data or personal content of our users takes place via SSL encryption. Please make sure that SSL encryption is activated for you. The use of encryption is easy to recognize: The display in your browser line changes from “http://” to https:// when SSL encryption is activated. Data encrypted via SSL cannot be read by third parties. Therefore, only send your confidential information when SSL encryption is activated and contact us if in doubt.

B. Hosting via Ionos
We host our website with 1&1 IONOS SE. 1&1 IONOS SE offers, among other things, web hosting and is located in Germany at Elgendorfer Str. 57, 56410 Montabaur and in Austria at Gumpendorfer Straße 142/PF 266, 1060 Vienna. We have concluded a data processing agreement with 1&1 IONOS SE. You can find out more about data protection at 1&1 IONOS SE here: https://www.ionos.de/terms-gtc/datenschutzerklaerung/?tid=331672396071. https://www.ionos.de/terms-gtc/datenschutzerklaerung/?tid=331672396071.

C. Special forms of use of websites

  1. use of our e-mail contact
    (1) It is possible to contact us via the e-mail address provided on our website. In this case, the user's personal data transmitted with the e-mail will be stored.
    No data will be passed on to third parties in this context. The data is used exclusively for processing the conversation.
    (2) The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.
    The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
    (3) The processing of personal data from the e-mail serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.
    The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
    (4) The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
    The user has the option of withdrawing his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
  2. Online meetings via Teams
    We use Microsoft Teams on our website to hold online meetings. The provider of the service is the American company Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
    The information collected is stored on Microsoft servers, outside of Europe, mainly in the USA. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers that are certified under the DPF is legally secure (click here for the official DPF list). According to the current status, Microsoft is DPF certified and thus officially complies with applicable data protection laws for international data transfers. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to maintain an adequate level of data protection in the third country.Click here for the official DPF listAccording to the current status, Microsoft is DPF certified and thus officially complies with applicable data protection laws for international data transfers. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to maintain an adequate level of data protection in the third country.
    You can find out more about data protection at Microsoft here: https://privacy.microsoft.com/de-de/privacystatement https://privacy.microsoft.com/de-de/privacystatement
  3. Use of Real Cookie Banner
    Our website uses the Real Cookie Banner tool to manage consents to the storage of cookies and similar technologies in compliance with data protection regulations. The provider is the German company devowl.io GmbH, Tannet 12 in 94539 Grafling.
    Real Cookie Banner records which cookies may be set and documents the user's consent. The processing of the data is carried out on the basis of Art. 6 para. 1 lit. c GDPR in order to comply with our obligations to obtain consent.
    Real Cookie Banner sets technically necessary cookies to store users' consent preferences. These cookies are essential to ensure that the selected cookie settings are taken into account on future visits to our website. The data collected will not be disclosed to third parties and will only be used for the purposes of managing and documenting consent.
    The user has the option of changing the cookie settings at any time via the corresponding button on our website or revoking the consent given. For more information about how Real Cookie Banner works, please refer to the provider's privacy policy: https://devowl.io/privacy-policy/. https://devowl.io/privacy-policy/.
  4. All in One SEO
    Our website uses the All in One SEO plugin, a search engine optimization tool. This plugin helps us improve our website's visibility in search engines by analyzing pages and generating meta data. No personal data of the users is collected directly, but data about the behaviour of the users can be processed through the integration of tracking technologies and cookies (e.g. when using Google Analytics in conjunction with this plugin). The processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. For more information, please refer to the Privacy Policy of All in One SEO: https://aioseo.com/privacy-policy/.
  5. Extendify WordPress Onboarding and KI-Assistant
    Our website uses the Extendify WordPress Onboarding plugin and AI Assistant. This plugin helps us personalize the user experience through AI-powered features that provide suggestions for content and layouts on the website. As part of the processing, usage data such as IP addresses or interaction data could be processed. The processing is carried out on the basis of our legitimate interests in a user-friendly design of the website in accordance with Art. 6 (1) (f) GDPR. For more information on data processing by Extendify, please visit the provider's website: https://extendify.com/privacy-policy/.
  6. Secure Custom Fields
    Our website uses the Secure Custom Fields plugin, which is used to store and manage custom data fields. If this plugin contains personal data, for example in connection with registrations or customer information, this data will be stored securely on the basis of Art. 6 (1) (b) GDPR for the performance of a contract or on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR. All personal data is protected from unauthorized access by appropriate technical and organizational measures.
  7. Single Sign-On
    On our website, we offer the option of registering using single sign-on. This feature allows users to log in to our website using third-party credentials (e.g., Google, Facebook, etc.). As part of the registration process, data such as user name, e-mail address and other authentication data may be collected and processed. This data is only used for authentication and to provide our services. Data processing is carried out on the basis of Art. 6 (1) (b) GDPR for the performance of the user contract. For further information on the processing by the respective third-party provider, please refer to their privacy policy.
  8. Safety
    To ensure the security of our website, we use a security plugin that regularly stores data such as IP addresses, login attempts, error logs and other security-related information. This data is used exclusively to defend against attacks, to ensure the functionality of our website and to prevent security breaches. The processing is carried out on the basis of our legitimate interest in securing our website in accordance with Art. 6 (1) (f) GDPR. The stored data is regularly deleted if it is no longer needed to detect and prevent security incidents.
  9. Performance
    Our website uses a performance plugin that optimises loading times and usability by storing certain data about the use of our website. This may include technical data such as the user's IP address, loading times and interactions with the website. This data is used solely to improve the performance of our website and to provide an optimal user experience. The processing is carried out on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR.

D. Web Analytics with IONOS
Our website uses the web analysis tool IONOS WebAnalytics, a service of 1&1 IONOS SE, Eigendorfer Str. 57, 56410 Montabaur, Germany. IONOS WebAnalytics enables us to perform an anonymized analysis of visitor access to our website without using cookies. Among other things, technical information such as the browser used, the operating system or the referrer URL are collected. This data is used exclusively for statistical purposes and to optimise our website. This data is not merged with other data sources. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR, our legitimate interest lies in the continuous improvement of our website. For more information on data processing by IONOS WebAnalytics, please refer to IONOS' privacy policy: https://www.ionos.de/terms-gtc/index.php?id=516

E. Messaging Service WhatsApp
We use the instant messaging service WhatsApp. The service provider is the American company WhatsApp Inc. A subsidiary of Meta Platforms Inc. For the European area, the company WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is responsible.
WhatsApp processes your data in the USA, among other places. According to the Data Privacy Framework for secure data transfer from the EU to the USA, the use of all US service providers that are certified under the DPF is legally secure (click here for the official DPF list). According to the current status, WhatsApp LLC is DPF certified and thus officially complies with applicable data protection laws for international data transfers.Click here for the official DPF list). WhatsApp LLC is currently DPF certified and thus officially complies with applicable data protection laws for international data transfers.
We will only include you in WhatsApp communications if you consent to this. If you contact us via WhatsApp, this contact also counts as consent for communication via WhatsApp.
WhatsApp uses standard contractual clauses as the legal basis for processing data in third countries. The Standard Contractual Clauses are templates provided by the European Commission that set the EU standard for data security in the context of transfers to third countries. In doing so, WhatsApp undertakes to comply with the European level of data protection when processing personal data. Information on this can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum-20210927
nformation on data processing on WhatsApp can be found here: https://www.whatsapp.com/privacy.

F. Applicant data
All data that you provide to us via our homepage or as an application by other means will be processed solely for the purpose of carrying out the application and selection process and serve solely to assess your professional suitability and to contact you. This includes your title, first name, surname, address, telephone number, e-mail address, CV as well as data on your education and qualifications, Art. 6 para. 1 b) GDPR, 26 BDSG.
If you yourself disclose "special categories of personal data" in accordance with Art. 9 GDPR in the application letter or other documents submitted by you in the application process, your consent also refers to this data. We ask you to refrain from disclosing special categories of personal data in your application as far as possible.
Your application documents will only be passed on to those responsible for evaluating the application and, if necessary, recruiting.
Your applicant data will only be used for application procedures with us. The data and files you submit will be stored and used exclusively for purposes related to the collection and processing of your application.
With your application, you also give your consent to the storage of your applicant data. 6 months after completion of the application process, your applicant data will be deleted. No separate notification will be made about this.
The principles described above also apply to an unsolicited application, i.e. if you are not applying for a specific position or if the applicant data is sent by post or e-mail.

G. Processing of personal data via our Google company profile
We use a profile on the Google Business Profile platform (formerly Google My Business) to present our business and provide information. If you contact us through our profile, leave reviews or interact in any other way, Google processes your data in accordance with Google's privacy policy. We have no influence on data processing by Google. We use the collected data exclusively to process inquiries and to improve our customer communication. Further information on the processing of your data and your rights can be found in this privacy policy.

en_USEnglish
en_USEnglish de_DEDeutsch