Privacy
This website is designed to maximize your privacy during your visit: there is explicitly no tracking or analysis of your visit to this website. To create a general access statistic, we record your access with an anonymized IP address in our database.
These notices apply both to your visit to the website and to a specific assignment.
You will receive an overview of the processing of your personal data by the responsible party and your rights as a data subject under data protection law with these notices. The specific data processed and the manner in which they are processed depend on the functionalities of the website used or the services commissioned or agreed upon.
These notices also apply to the current and future authorized representatives and beneficial owners and the possible contractually agreed contacts of legal entities. We ask you to pass these notices on to such persons if applicable.
1. Who is responsible for data processing, and whom can I contact?
Responsible in terms of data protection law is:
Hansjoerg Mueller
Peter-Haupt-Str. 42
97080 Würzburg
Deutschland
Email: info [at] esg-guides.com
Phone: +49 172 844 3414
If you have any questions about the processing procedures by the responsible party or if you wish to exercise your data protection rights, please contact the address mentioned above.
2. What sources and data do we use?
We process personal data that we receive from our customers in the course of our business relationship. Additionally, we process personal data that we have lawfully received from other companies (e.g., to fulfill contracts, carry out orders, or based on your consent) as far as it is necessary for providing our services. Furthermore, we process personal data from publicly accessible sources (e.g., press, media, internet, etc.), as long as we are permitted to collect or third parties have lawfully transmitted them to us.
We process relevant personal data of natural persons who are interested parties, customers, and all other natural persons who are directly or indirectly in contact with us, such as employees of legal entities and visitors to our websites and apps, and possibly applicants.
Relevant personal data primarily include: name, address, and other contact details, data from the fulfillment of our contractual obligations, documentation data, data about the use of our telemedia (websites and apps, newsletters), and other data comparable with the mentioned categories.
Processing within the meaning of the GDPR generally means any operation related to personal data, in particular the collection, storage, use, transmission, or deletion of personal data.
When you access our website, your device transmits the following data: IP address, date, time, accessed pages, protocols, status code, data volume, referrer, user agent, and accessed hostname. In the server log files for page access, your IP address is stored anonymized, and the log entry is deleted after 60 days. Faulty page accesses are logged in separate log files without anonymized IP address and deleted after 7 days.
To create statistics, we also store the following access data in our database for 180 days: IP address (anonymized), date, time, accessed pages, protocols, status code, data volume, referrer, and accessed hostname.
3. For what purposes and on what legal basis do we process your data?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG):
- For the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
The processing of personal data is carried out for the provision of services in the context of the execution of our contracts with our customers and our suppliers and service providers or for the implementation of pre-contractual measures carried out upon request (e.g., from interested parties).
The purpose of data processing is determined by the specific product and may include needs analysis and consulting services. Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
- Within the framework of balancing interests (Art. 6 para. 1 lit. f GDPR)
We process data beyond the actual fulfillment of the contract to protect the legitimate interests of us or third parties, provided your interests do not override the protection of your personal data.
- Based on your consent (Art. 6 para. 1 lit. a GDPR)
As far as you have given us consent to process personal data for specific purposes (e.g., sharing data within the group, evaluating usage behavior), the legality of this processing is based on your consent.
Consent given can be revoked at any time. This also applies to consents given to us before the GDPR became applicable, i.e., before May 25, 2018. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
- Due to legal obligations (Art. 6 para. 1 lit. c GDPR)
Legal obligations arise for us directly from the law, primarily from tax law. The resulting retention obligations for accounting-relevant documents and business letters entitle us to store personal data for up to 10 years, in the case of legally established claims, claims from enforceable settlements or enforceable documents, etc., even up to 30 years.
4. Who receives your data (Who is the recipient of your data)?
We only pass on your data to third parties to the extent necessary to fulfill our contractual and legal obligations. Thus, service providers commissioned by us, such as web hosts and vicarious agents, may receive data for these purposes, provided they maintain data secrecy and comply with the data protection instructions we have given them.
Further data recipients may be those entities for which you have given us your consent for data transmission. In individual cases, due to the specificity of the contractual subject with you, there may be further recipients of your data. These are then specified separately in the contract documents and terms and conditions for the specific business.
5. Are data transferred to a third country or an international organization?
Data transfer to countries outside the European Union (third countries) only takes place to the extent necessary to fulfill the contract, you have given us your consent, or within the scope of processing on the basis of a legitimate interest.
If we use service providers in a third country, they are obliged to comply with the data protection level in Europe by the agreement of the EU standard contractual clauses in addition to our written instructions.
6. How long will your data be stored?
We process and store your personal data as necessary for the duration of our business relationship, which also includes the initiation and execution of a contract. We point out that the business relationship is a continuing obligation usually intended to last for years.
We are also subject to various retention and documentation obligations, which arise, among others, from the Commercial Code (HGB) and the Tax Code (AO). The periods specified there for retention and documentation range from two to ten years.
Finally, the storage duration also depends on the statutory limitation periods, which according to §§ 195 ff of the Civil Code (BGB) usually amount to three years, but in some cases can be up to thirty years.
7. What rights do you have as a data subject?
Every data subject has the right to access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure ("right to be forgotten") (Art. 17 GDPR), the right to restriction of processing (blocking) (Art. 18 GDPR), the right to object (Art. 21 GDPR) (see separate information at the end of this privacy notice) and the right to data portability (Art. 20 GDPR). The right of access and the right to erasure are subject to the restrictions according to §§ 34 and 35 BDSG. Ultimately, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with § 19 BDSG.
If you have given us consent to process your personal data for a specific purpose, you can revoke this consent at any time for the future. This also applies to consents given to us before the GDPR became applicable, i.e., before May 25, 2018. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
8. Are you obliged to provide your data?
Within the framework of the business relationship with you, you must provide only those personal data necessary for the establishment, execution, and termination of the business relationship or which we are legally obliged to collect. Without these data, we will generally have to refuse the conclusion of the contract or the execution of your order or be unable to continue an existing contract and, if necessary, terminate it.
9. To what extent is there an automated decision-making process?
We generally do not use fully automated decision-making pursuant to Art. 22 GDPR to establish and carry out the business relationship. If we use this procedure in individual cases, we will inform you separately if this is required by law.
10. Is profiling conducted?
We do not process your data for profiling.
Information about your right to object under Art. 21 GDPR
Right to object on a case-by-case basis
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Art. 6 para. 1 lit. f GDPR (data processing on the basis of a legitimate interest).
Right to object to data processing for advertising purposes
In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of your personal data for such marketing.
The objection can be made in any form and should be addressed to the above-mentioned email address.