Data protection and privacy

privacy statement

Your trust is important to us. Thierhoff Consulting takes the protection of your personal data and that of all start-ups, investors and entrepreneurs very seriously. Personal data will only be collected, processed or used if the person concerned has consented, if this is necessary for the fulfilment of a contract or if a law permits or prescribes the collection, processing or use. With this data protection declaration we would like to inform you about details of data collection and data processing as well as about the rights you are entitled to in this connection.

  1. Name and address of the person responsible

The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of data protection law is the Data Protection Commissioner:

Thierhoff Consulting
Prof. Dr. Kai Thierhoff
Salierring 32
50677 Cologne, Germany

Phone: +49 (0)221- 430 75 68 – 0
E-mail: info@thierhoff-consulting.de

  1. General information on the processing of personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or one or more specific characteristics which express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. As a consulting firm for startups, Thierhoff Consulting processes personal data only with the user’s consent or if data processing is permitted by law. The legal basis is Art. 6 para. 1 of the EU Basic Data Protection Regulation (DSGVO). According to this provision, the processing of personal data is only permitted if the data subject consents (Art. 6 para. 1 lit. f DSGVO) or if the processing of one of the following purposes is necessary:

  • For the performance of a contract with the data subject or for the implementation of pre-contractual measures at the request of the data subject (Art. 6 para. 1 lit. B DSGVO)
  • To fulfill a legal obligation of our company (Art.6 para.1 lit. C DSVGO).
  • To protect the vital interests of the data subject or of another natural person (Art.6 para. 1 lit. D DSVGO)
  • To perform a task which is in the public interest or which has been entrusted to our company by the public administration (Art.6 para.1 lit e DSVGO)
  • To protect a legitimate interest of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned for the protection of personal data prevail (Art.6 para.1 lit. f DSGVO)
  1. Storage time and data erasure

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if this has been provided for by law. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract. Prescribed storage periods in this sense are e.g. fiscal or commercial retention periods.

  1. Capture of access data (creation of log files)

The website of Thierhoff Consulting – the specialist for consulting start-ups – automatically collects general data and information from the computer system of the calling computer, which are stored in the log files of the server, each time the website is called up. The following data and information are recorded:

  • Browser type including version used
  • Used operating system of the calling computer
  • Date and time of the call
  • IP address of the user
  • Internet service provider of the user
  • Web page from which our website is accessed
  • websites and subwebsites called from our website
  • Other similar data and information that may be used to avert an attack on our system

The data is stored anonymously in the log files of our system. There is no link to other personal data of the user, Thierhoff Consulting does not draw any conclusions about the person concerned.

The legal basis for data processing is Art. 6 Para. 1 lit. f DSGVO. The storage is necessary to ensure the functionality of our website and the correct presentation of the contents. Furthermore, the data serve our statistics and the continuous optimization of our content. Finally, it is stored in order to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack.

The data will not be passed on to third parties unless there is a legal duty of disclosure.

Since the collection and storage of the data in the log files is absolutely necessary for a trouble-free operation of the website, there is no possibility for the user to object.

The data are deleted as soon as they are no longer required for the purpose of their collection. Insofar as the collection was carried out to provide the website free of function, this is the case at the end of the Internet session.

  1. Cookies

We use cookies on our website. Cookies are text files which are stored on your computer by our server and thus certain data is stored. Cookies generally contain a characteristic string of characters that enables the Internet browser to be uniquely identified when the user calls up the website again. This enables the calling browser to be recognised and identified.

Cookies help us to make it easier for you to use the website. Through the recognition of the browser and the storage of previously entered data, the offers and contents of our website can be individually optimised by not having to re-enter data entered by you (e.g. access data, search terms) every time you visit the website. The legal basis for this is Art. 6 Para. 1 lit. f DSGVO.

In addition, we use cookies on our website which enable an analysis of the surfing behaviour of the users. However, the data collected in this way is pseudonymised, i.e. the personal data is replaced by other identifiers (pseudonyms), so that identification of the person concerned is no longer possible without additional information. Since your consent is obtained when you access the website, the legal basis for processing personal data using analysis cookies is Art. 6 Para. 1 lit. a DSGVO.

Since cookies are stored on the user’s computer, you as the user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted by you at any time. If cookies are deactivated for our website, however, it may no longer be possible to use all the functions of the website to their full extent.

  1. Use of Google Analytics

We use the analysis service Google Analytics on our website. Google Analytics stores cookies on your computer and thus enables an analysis of the use of the website by you. The information generated by the cookie, including your IP address, is usually transmitted to a Google server in the USA and stored there. However, the transmitted data will be made anonymous beforehand. On our behalf, Google will evaluate the information transmitted statistically in order to compile reports on website activity and to provide us with further services associated with website and Internet use. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.

To prevent this, you can deactivate or restrict the transmission of cookies in the settings of your Internet browser. Cookies that have already been saved can be deleted by you at any time. If cookies are deactivated for our website, however, it may no longer be possible to use all the functions of the website to their full extent.

  1. Your rights as a data subject

If personal data is processed by you, you are the person concerned within the meaning of the DSGVO and you are entitled to the following rights vis-à-vis us as the person responsible:

1. a) Right of confirmation and information

You can request confirmation from us at any time as to whether personal data concerning you is being processed by us. If this is the case, you have the right to be informed by us about the following circumstances:

  • the categories of personal data which are processed;
  • the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
  • the planned duration of storage of the personal data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage;
  • the existence of a right of rectification or erasure of personal data concerning you, a right to have the processing limited by the controller or a right to object to such processing;
  • the existence of a right of appeal to a supervisory authority;
  • any available information as to the source of the data where the personal data are not collected from the data subject;
  • the existence of automated decision-making, including profiling, in accordance with Art. 22, paragraphs 1 and 4 DPA and, at least in these cases, meaningful information on the logic involved and the scope and intended consequences of such processing for the data subject.

In addition, you have a right of information as to whether personal data are transferred to a state that is not a member of the EU (so-called third country) or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 DSGVO in connection with the transfer.

  1. b) Right to rectification

You have the right to ask us to immediately correct any inaccurate personal data concerning you. You also have the right to ask us to complete incomplete personal data, also by means of a supplementary declaration, taking into account the purposes of the processing.

  1. c) Right to deletion (right to be forgotten)

You can ask us to delete your personal data immediately if one of the following reasons applies:

  • The personal data concerning you are no longer necessary for the purposes for which they were collected or processed in any other way.
  • You revoke the consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO and there is no other legal basis for the processing.
  • You object to the processing pursuant to Art. 21 (1) DSGVO and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21 (2) DSGVO.
  • The personal data concerning you have been processed unlawfully.
  • The deletion of personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the data controller is subject.
  • The personal data concerning you have been collected in relation to information society services offered pursuant to Art. 8 para. 1 DSGVO.

If the personal data concerning you has been made public by Thierhoff Consulting and we are obliged to delete the personal data in accordance with the above principles, we are also obliged to inform other persons responsible for data processing that you as the person concerned have requested the deletion of all links to this personal data or copies or replications of this personal data.

We take appropriate measures in this regard, taking into account the available technology and the implementation costs, also of a technical nature, to comply with these obligations, in any case insofar as the processing is no longer necessary, i.e. legal requirements prescribe this or legitimate interests stand in the way of deletion.

  1. d) Right to restrict processing

Under the following conditions, you may request that we restrict the processing of your personal data:

  • The accuracy of the personal data will be denied to you for a period of time that will allow the responsible person to verify the accuracy of the personal data.
  • The processing is unlawful and you request the restriction of the use of personal data instead of deletion.
  • The personal data is no longer required by us for the purposes of processing, but you need this data for the assertion, exercise or defense of legal claims.
  • You have lodged an objection against the processing pursuant to Art. 21 para. 1 DSGVO and it is not yet clear whether the legitimate reasons of Thierhoff Consulting outweigh your reasons.

Where the processing of personal data concerning you has been restricted, such data may not be processed, with the exception of their storage, without your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. In this case, you will also be informed by us before the restriction is lifted.

  1. e) Right to information

If you have exercised the right to rectification, cancellation or limitation of processing, we are obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves disproportionate effort. In this respect, you may request that we inform you of such recipients.

  1. f) Right to data transferability (“data portability”)

You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. In addition, you have the right to communicate this data to another data controller without being hindered by the data controller to whom the personal data have been provided, provided that the processing is based on the consent pursuant to Art. 6 para. 1 letter a DSGVO or Art. 9 para. 2 letter a DSGVO or on a contract pursuant to Art. 6 para. 1 letter b DSGVO and the processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the data controller.

Furthermore, when exercising your right to data transferability pursuant to Art. 20 para. 1 DSGVO, you may request that the personal data be transferred directly from one responsible party to another responsible party, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.

  1. g) Right of objection

You have the right, for reasons arising from your particular situation, to object to the processing of your personal data by us at any time on the basis of Art. 6 para. 1 letters e or f DSGVO. This also applies to profiling based on these provisions.

Thierhoff Consulting will no longer process personal data in the event of objection, unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is connected with such direct advertising.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.

You have the possibility to exercise your right of objection through automated procedures using technical specifications in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC.

  1. h) Right to revoke a data protection consent

If you have given your consent under data protection law, you have the right to revoke this consent at any time with effect for the future.

  1. i) Automated decisions in individual cases, including profiling

They shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or is similarly substantially prejudicial to them, provided that the decision

  • not required for the conclusion or fulfillment of a contract between you and Thierhoff Consulting

or

  • is permissible by virtue of the laws of the Union or of the Member States to which the person responsible is subject, and those laws contain appropriate measures to safeguard the rights and freedoms and the legitimate interests of the data subject

or

  • with the explicit consent of the person concerned.

However, these decisions may not be based on special categories of personal data under Art. 9 para. 1 DSGVO, unless Art. 9 para. 2 lit. a or g DSGVO applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

If the decision is necessary for the conclusion or performance of a contract between the data subject and the responsible person or is made with the express consent of the data subject, Thierhoff Consulting will take appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the responsible person, to present his own position and to contest the decision.

  1. j) Right to lodge a complaint with the supervisory authority

Notwithstanding any rights you may have against us, you also have the right to complain to any regulatory authority, including but not limited to the Member State in which you reside, your place of work or the location of the alleged infringement, if you believe that the processing of your personal data is in breach of the DSGVO.

The supervisory authority to which the complaint was submitted will inform you of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.

Information/revocation/deletion

On the basis of the Federal Data Protection Act, you can contact us free of charge with questions regarding the collection, processing or use of your personal data and their correction, blocking, deletion or revocation of a consent given. We would like to point out that you have the right to correct incorrect data or delete personal data if there is no legal obligation to store such data.

Stand: December 2018