kobaltblau Management Consultants GmbH’s data protection policy

We, kobaltblau Management Consultants GmbH (kobaltblau), firmly believe that you should have control over your data and therefore take the protection of your personal data very seriously and strictly adhere to the data protection laws. On this website, personal data is collected only to the extent technically necessary. The data protection policy set out below provides you with an overview of how we guarantee this level of protection, what kind of data we collect for what purpose and what your rights are with regard to your personal data.

If you have any questions regarding data protection, please do not hesitate to contact us.

Any changes we will make to "kobaltblau Management Consultants GmbH's data protection policy" in the future will be published on this page.

This data protection policy comes into force on 21/05/2018.

Responsible body

Company: kobaltblau Management Consultants GmbH
Road, No.: St.-Martin-Str. 114
Postal code, city: 81669 München
Commercial register number: HRB 225912

CEOs: Klaus Eberhardt, Mark Goerke, Hans-Werner Feick

Telephone: +49 89 61 45 51 0
E-Mail:info@kobaltblau.de

Data protection officer

Name: Britta Robbens
E-Mail: datenschutz@kobaltblau.de

1.General information regarding data processing and legal basis

1.1.This data protection policy informs you about the type, scope and purpose of the processing of personal data as part of our websites, functions and contents (hereinafter jointly referred to as “website”). This data protection policy applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) used and on which the online offer is executed.

1.2.The terms used, such as “personal data” or their “processing”, refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

1.3.The personal data of users processed within the scope of the online offer includes usage data (browser type and version, operating system used, URL of the page previously visited, IP address of the accessing computer as well as time of the request) and information regarding content (e.g. entries in an application form).

1.4.The term “user” covers all categories of data subjects. These include our business partners, customers, interested parties and other visitors of our online offers. The terms used, such as “user”, are to be understood as gender-neutral.

1.5.We process personal data of users only in compliance with the relevant data protection laws. This means that the users’ data will only be processed if there is a legal permission to do so, especially if the data processing is required by law, if the user has consented for us to do so, and also on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and the economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR, in particular for range measurements, the creation of profiles for advertising and marketing purposes as well as the collection of access data and the use of services offered by third parties).

1.6.We point out that the legal basis for the processing is either the relevant consent (to process the data in order to be able to provide our services and execute contractual measures, to process the data in order to fulfil our legal obligations), or to process the data in order to protect our legitimate interests (Art. 6 para. 1 lit. a. and Art. 7 GDPR).

1.7.What sources and data do we use? We process personal data of customers, suppliers, interested parties, applicants and employees. We process this data in the context of business relationships, application procedures or employment relationships. We also use data from publicly accessible sources that is allowed to be processed. The legal basis is the fulfilment of (pre-)contractual obligations, legitimate interest, a law or a consent provided by the person concerned.

2.Security measures

2.1.We take organisational, contractual and technical security measures in accordance with the current technical standards in order to ensure that all applicable data protection laws are adhered to and thereby to protect the data processed by us against any accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

2.2.The security measures include in particular the encrypted transmission of data between your browser and our server.

Have you discovered a gap in our security? Then please write to us at security-incident@kobaltblau.de. We will contact you as soon as possible. For encrypted contact, you can also use our certificate.

3.Disclosure of data to third parties and third party providers

3.1.Data will only be disclosed to third parties within the framework of the law. We only disclose user data to third parties if, for example, this is required for contractual purposes on the basis of Art. 6 para. 1 lit. b) GDPR or on the basis of legitimate interests regarding the economic and effective operation of our business operations pursuant to Art. 6 para. 1 lit. f. GDPR.

3.2.In case we use subcontractors to provide our services, we will take appropriate legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data in accordance with the relevant statutory provisions.

3.3.To the extent any content, tools or other means from other providers (hereinafter jointly referred to as "third party providers") are used in the context of this data protection policy, these will only be transferred to countries with an appropriate level of data protection and to countries within the scope of application of the GDPR.

4.Online applications

4.1.Application management: for our online application form and application management we use the platform of the service provider Talention (TFI GmbH, Delphiplatz 1, 42119 Wuppertal) based on our legitimate interest in ensuring a fast and secure recruitment of new employees. For this purpose, we have concluded a data processing agreement with the provider, which obliges the provider to comply with all data protection laws and to process the data only in accordance with our instructions and only for the relevant purpose. You can find further information at https://www.talention.de/datenschutzerklaerung

4.2.If we receive proactive applications by post or e-mail, technical and organisational measures ensure that your personal data will be treated confidentially within the legal provisions. After the application process has concluded, your data will be deleted unless you agree to the data being saved for a longer period of time. The deletion takes place after four months (due to compliance with deadlines for possible lawsuits under the German Anti-Discrimination Act, AGG).

5.Cookies

5.1.Cookies are small text files used by websites to make the user experience more efficient.

By law, we are allowed to save cookies on your device if they are absolutely necessary for the operation of this site. For all other cookie types we need your permission.

The kobaltblau web pages use different cookie types. Some of the cookies appearing on our web sites are placed by third parties.

5.2.How can I reject and delete cookies?

In most Internet browsers you will find information in the "Help" menu item on how you can prevent your browser from accepting cookies, with which setting your browser informs you about the placement of a new cookie and how you can generally reject the use of cookies. Please note that some functions of the website may no longer be available if cookies are deactivated.

For more information about deleting or blocking cookies, please visit: www.meine-cookies.org.

5.3.What types of cookies are there?

Necessary cookies 

Necessary cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

Function cookies

These cookies are not absolutely necessary, but they increase the usability of a website. For example, the location once entered is saved so that when the page is called up again, this location is immediately displayed for the respective user. Similarly, data entered on forms, the size of the font or other types of information, can also be saved.

Statistics cookies 

Statistics cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously.

Marketing cookies 

Marketing cookies are used to follow visitors to websites. The intention is to show advertisements that are relevant and attractive to individual users and are therefore more valuable to publishers and third party advertisers.

5.4.What cookies does kobaltblau use on its websites?

The following overview applies to the domains kobaltblau.de, kobaltblau.com, kobaltblau.fr, ch.kobaltblau.com and all subdomains.

Necessary cookies 

Provider

Name

Purpose

Duration

kobaltblau

cookieconsent_dismissed

Saves the consent status of the user for cookies on the current domain.

1 year

kobaltblau

ga_disable

Storage of the selection that you do not want any Google-Analytics cookies

permanent

Statistics cookies 

Provider

Name

Purpose

Duration

kobaltblau

_ga

Google Analytics: This cookie is used by the “analytics.js” library in order to obtain a unique assignment (client ID). This is a randomly generated number. After the cookie has been generated, it contains every message sent to Google Analytics. Google Analytics itself uses this ID to manage users, sessions and campaigns.

2 years

kobaltblau

_gid

Google Analytics: Registers a unique ID that is used to generate statistical data about how the user uses the website (IP address is anonymised).

1 day

kobaltblau

_gat

Google Analytics: Registers a unique ID that is used to generate statistical data about how the user uses the website (IP address is anonymised).

10 minutes

Talention/ kobaltblau

_tmss

Anonymised session ID to distinguish between the number of visits or returning visitors and new visitors.

1 hour

Talention/ kobaltblau

_tmsu

Anonymised visitor ID to distinguish between different visitors.

1 year

updated with every visit of the site

Talention/ kobaltblau

_tmsx

Note of the site first used for the session and the HTTP referrer to analyse the effectiveness of advertising measures and channels.

1 hour

Marketing cookies 

Provider

Name

Purpose

Duration

youtube.com

YSC

Registers a unique ID to retain statistics of videos on YouTube that were watched by the user.

Session

youtube.com

PREF

Registers a unique ID that is used by Google to retain statistics about how the user uses YouTube vides on different websites.

2 years

youtube.com

VISITOR_INFO1_LIVE

Tries to estimate the user bandwidth on websites with integrates YouTube videos.

8 months

doubleclick.net

IDE

Used by Google DoubleClick to register and report the user's actions on the website after viewing or clicking on any of the provider's advertisements with the aim of measuring the effectiveness of an advertisement and displaying targeted advertising to the user.

2 years

doubleclick.net

test_cookie

Used by Google DoubleClick to check if the user’s browser supports cookies.

15 minutes

6.Google Analytics

6.1.Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by users is generally transferred to a Google server in the USA and saved there.

6.2.Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

6.3.Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services connected with the use of this online offer and the use of the Internet. Pseudonymous user profiles may be created from the processed user data.

6.4.We use Google Analytics only with IP anonymisation enabled. This means that Google will shorten the IP address of users within member states of the European Union or in other states that are a party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

6.5. The IP address transmitted by the user's browser is not merged with other Google data. Users may reject the use of cookies by selecting the appropriate setting in their browser software; users may also prevent Google from collecting and processing data generated by the cookie that relates to their use of the website by downloading and installing the browser plug-in available via the following link:
http://tools.google.com/dlpage/gaoptout?hl=de.

6.6. You can also prevent Google Analytics from collecting your data by clicking on the following link. This will set an opt-out cookie which prevents the collection of your data on future visits to this website:

Disable Google Analytics

6.7.Further information on data use by Google, options for settings and objections can be found on Google's websites: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), http://www.google.com/policies/technologies/ads (“How Google uses cookies in advertising”), http://www.google.de/settings/ads (“Managing information which Googles uses to show you advertisements”).

6.8.We use Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Tool Tag Manager itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, this will remain for all tracking tags implemented with Google Tag Manager. www.google.de/tagmanager/use-policy.html

7.Services of third party service providers

As part of its online offer, kobaltblau offers the possibility to follow its social media offers via so-called “follow buttons”. Online maps and videos are also provided by third parties. Below you will find further information regarding the respective services.

7.1.Twitter:As part of our online offer, Twitter functions can be integrated. These functions are provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "follow" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter in this process. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Twitter. You can find Twitter's data protection policy at http://twitter.com/privacy. You can amend your data protection settings in your Twitter account settings under http://twitter.com/account/settings.

7.2.Facebook:Our pages include a "follow button" to the social network Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA). 

When you visit our pages, the button establishes a direct connection between your browser and the Facebook server. This means that Facebook receives the information that you have visited our site with your IP address.

We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by Facebook. For more information, please see Facebook's data protection policy at http://de-de.facebook.com/policy.php. If you do not want Facebook to be able to link your visit to our pages with your Facebook account, please log out of your Facebook account.

7.3.XING: We use functions of the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany. Every time you visit one of our pages that contains functions of Xing, a connection to Xing’s servers is established. To our knowledge, no personal data is saved. In particular, IP addresses are not saved nor is the usage behaviour evaluated. Data protection policy: https://www.xing.com/app/share?op=data_protection

7.4.LinkedIn: Our online services use functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the "recommend button" in LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website with you and your user account. We point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or how it is used by LinkedIn. Data protection policy: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

7.5.Kununu:is operated by kununu GmbH, Fischhof 3 Top 7, A - 1010 Vienna. Your browser establishes a direct connection to the Kununu servers as soon as you click on the button. We have no influence on what data is collected by Kununu. The purpose and scope of the data collection and the further processing and use of the data by Kununu as well as your relevant rights and setting options to protect the privacy of your data can be found in Kununu's data protection information: http://www.kununu.com/info/datenschutz

7.6.YouTube: embedded videos of the platform “YouTube” from the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy:https://www.google.com/policies/privacy/- Opt-out: https://www.google.com/settings/ads/. If you click on a link to a video, we only enable you to establish a connection to the service offered by YouTube.

7.7.Google Maps:Maps are provided by “Google Maps” from the third party service provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: https://www.google.com/policies/privacy/- Opt-out: https://www.google.com/settings/ads/

8.Users‘ rights

8.1.Right to information: Users have the right to request and receive free of charge information about the personal data we have saved about them.

8.2.Right to correction: In addition, users have the following rights: to have inaccurate data corrected, to place limits on the processing of their personal data, to have their personal data deleted and, if applicable, to assert their rights to data portability and, if they believe unlawful data processing has taken place, to lodge a complaint with the competent supervisory authority.

8.3.Users may also revoke their consent, with effect for the future. Therevocationis to be addressed to the data protection officer

9.Deletion of data

The data saved by us will be deleted as soon as it is no longer required for its intended purpose and there are no legal obligations to retain the data. If the user's data is not deleted because it is required for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.

10.Right to revocation

Users can revoke their consent regarding any future processing of their personal data in accordance with legal requirements at any time. The revocation may be lodged in particular against the processing of the data for the purposes of direct advertising. The revocation must be addressed to the responsible body.

11.Changes to the data protection policy

We reserve the right to change this data protection policy in order to adapt it to changed legal requirements or in the event of changes to our services or to data processing. However, this only applies with regard to declarations on data processing. To the extent user consents are required or parts of the data protection policy contain provisions of a contractual relationship with the users, the changes will only be applied with the users' consent.

Users are asked to regularly inform themselves about the contents of the data protection policy.

Munich, 21/05/2018 
Management board