Data Protection

Privacy Policy

We are pleased that you are visiting our website. Protecting your personal data is important to us, and we want you to feel secure when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with this privacy policy and in compliance with the applicable data protection regulations of the General Data Protection Regulation (GDPR) and the national provisions of the Federal Data Protection Act (BDSG).

 

Table of contents

  • Name and contact details of the data controller
  • Contact the data protection officer
  • What is personal data?
  • Purposes of data processing
  • Legal basis for data processing
  • Right to object
  • Network service
  • Use of our website for informational purposes
  • Use of our website for further services
  • Contact us
  • Security
  • Cookies
  • Consent tool
  • Web storage
  • Web analytics
  • Social Media
  • Additional features and content
  • Recipients and data transmission
  • Data transfer to third countries
  • Deletion of your data
  • Your rights
  • Changes to our privacy policy

 

Name and contact details of the data controller

conesprit GmbH, Eduard Breuniger Strasse 6/1, 71522 Backnang, is the operator of the website: https://business-one-consulting.com Controller within the meaning of the GDPR.

 

Contact the data protection officer

You can contact our data protection officer at any time with any data protection concerns at: datenschutz@conesprit.de turn around.

 

What is personal data?

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

Purposes of data processing

The scope and nature of the collection, processing, and use of your data differs depending on whether you are simply visiting our website to access publicly available information or using additional services. Generally, we process your personal data within the scope of our business activities for pre-contractual or contractual purposes. Furthermore, the pursuit of our legitimate interests or compliance with legal requirements may also constitute a purpose for data processing by us. We will inform you about the specific purposes of data processing in the following sections.

 

Legal basis for data processing

We process your personal data on the following legal bases:   

  • To fulfill pre-contractual or contractual obligations (Art. 6 para. 1b) GDPR)
  • Based on your consent (Art. 6 para. 1a) GDPR)
  • Within the framework of a balancing of interests (Art. 6 para. 1f) GDPR)
  • Due to legal requirements (Art. 6 para. 1c) GDPR)

 

In addition, depending on the type and scope of the processing, further legal bases may exist under country-specific regulations. We will inform you about the specific legal bases for data processing in the respective processing activities.

 

Right to object

If we process your personal data based on our overriding legitimate interest (the legal basis for data processing is Article 6(1)(f) GDPR), you have the right to object to this processing at any time on grounds relating to your particular situation. If you exercise your right to object, we will cease processing the data in question. However, further processing remains permissible (except for direct marketing; in this case, we will immediately comply with your objection) if we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims. Further data subject rights remain unaffected.

 

Network service

Our website runs on the network of Hetzner Online GmbH. The server location is Germany.

 

Use of our website for informational purposes

For purely informational use of our website, it is generally not necessary for you to provide personal data. In this case, we only collect the data that your internet browser automatically transmits to us when you access our website, such as:

 

  • your computer's IP address
  • Date and time of page view
  • Your browser type, browser version, and browser settings
  • the operating system used (Windows, iOS, Linux etc.)
  • the amount of data transferred and the status of transfers
  • from which website our site was accessed
  • other similar data and information that serve to prevent threats in the event of attacks on our information technology systems.

 

This is generally done through the use of log files. The purpose of this processing is to ensure the functionality and compatibility of our website for technically trouble-free use, including troubleshooting, as well as protection against technical attacks and misuse. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 f) GDPR. Our legitimate interest lies in the proper operation of our website. The log file data is deleted when it is no longer required for the purpose of processing.

 

Use of our website for further services

If you use additional services offered by our company via our website, you may be required to provide personal data. The specific personal data required for providing the service will be indicated in the respective input form or application. You may provide further information voluntarily. Required fields are marked with an asterisk (*) or the note "Required field". Your data will be processed solely for the purpose of providing the service you have requested. The legal basis for processing your personal data, as well as information on when your personal data will be deleted, can be found in the description of the specific services.

 

Contact us

Contact form

On our website, we offer you the opportunity to contact us using a contact form. The personal data you provide when contacting us via this form will only be processed for the purpose of handling your inquiry. This data will only be shared with third parties if necessary for processing your inquiry. The legal basis for this processing is Article 6(1)(b) GDPR. Your personal data will be deleted when it is no longer needed to fulfill the purpose of your inquiry. Please note that your messages may need to be retained in accordance with statutory retention obligations. In this case, the legal basis is Article 6(1)(c) GDPR.

 

Contact via email

On our website, we offer you the option of contacting us via email. Please note that unencrypted email communication is insecure. It cannot be ruled out that data transmitted in this way may be read, copied, altered, or deleted by unauthorized persons. The personal data you provide when contacting us via email will only be processed for the purpose of handling your email inquiry. It will only be shared with third parties if this is necessary for processing your inquiry. The legal basis for this processing is Article 6(1)(b) GDPR. Your personal data will be deleted when it is no longer needed to fulfill the purpose of your inquiry. Please note that your messages may need to be retained in accordance with statutory retention obligations. In this case, the legal basis is Article 6(1)(c) GDPR.

 

Security

We have secured our website and other systems against loss, destruction, access, alteration, or distribution of your data by unauthorized persons through technical and organizational measures. In particular, your personal data provided in the contact form is transmitted in encrypted form. We use the TLS 1.3 (Transport Layer Security) encryption protocol for this purpose.

 

Cookies

We use cookies to track visitor preferences and optimize our website. Cookies are small text files that are stored on your computer when you visit our website. You can delete cookies at any time. However, this may result in some features no longer being available to you. For information on how to delete cookies, please refer to your browser's help function.

 

Consent tool

Borlabs Cookie

We use the "Borlabs Cookie" service on our website to manage our visitors' cookie settings. The provider is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. Borlabs Cookie is hosted on our own servers, so no data is shared with third parties. The legal basis for using Borlabs Cookie is compliance with a legal obligation pursuant to Art. 6 para. 1 lit. c GDPR. The data processed by Borlabs Cookie includes your consent preferences, consent status, and cookie settings. The service places cookies in your browser to store these preferences. The purpose of the data processing is to manage user consent for cookies and to store user settings regarding cookie usage.

 

Web storage

We use so-called web storage technology (also known as "local data" and "local storage") on our website. The purpose of this is to enable functionalities that we have implemented on our website. Data is stored locally in your browser's memory (called the "cache") and can continue to be processed even after you close the browser window or terminate the program. Third parties cannot access the data stored in web storage. It is not shared with third parties and is not used for advertising purposes. We only use web storage technology where it is absolutely necessary to enable the functionality of our website (see Section 25 of the German Telemedia Act (TMG)). The legal basis for this is Article 6 Paragraph 1 f) of the GDPR. The data collected in this way is stored until you close the browser window (session storage) or clear the cache via your internet browser (local storage). If the use of web storage technology is not absolutely necessary to enable the functionality of our website, we only use it with your consent. The legal basis for this is Article 6(1)(a) GDPR.

 

Web analytics

Lead info

We use the 'Leadinfo' service on our website to identify and analyze business website visitors. The provider is Leadinfo BV (‚Leadinfo‘), Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, The Netherlands. The legal basis for using Leadinfo is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. The data processed by Leadinfo includes your IP address, company-related information based on the IP address, visit time, pages visited, and device information; cookies may be set to recognize returning visitors. The purpose of the data processing is to identify website visitors for B2B lead generation and to gain insights into business visits.

Further information on Leadinfo's privacy policy can be found at: https://www.leadinfo.com/en/privacy/

 

Social Media

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks like Facebook can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media page, the operator of the social media platform can associate this visit with your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. In this case, data collection occurs, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of social media platforms can create user profiles that store your preferences and interests. This allows them to display interest-based advertising to you both on and off the respective social media platform. If you have an account with the respective social network, this interest-based advertising can be displayed on all devices on which you are or have been logged in.

Please also note that we cannot track all data processing activities on social media platforms. Depending on the provider, the operators of the social media platforms may carry out further data processing activities. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

 

Legal basis

Our social media presence is intended to ensure an informative online presence. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g., consent within the meaning of Article 6(1)(a) GDPR).

 

Responsible party and assertion of rights

When you visit one of our social media pages, we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. You can generally assert your rights (access, rectification, erasure, restriction of processing, data portability, and the right to lodge a complaint) against both us and the operator of the respective social media portal.

 

Please note that despite our joint responsibility with the social media platform operators, we do not have full control over the data processing operations of these platforms. Our options are largely determined by the respective provider's company policy.

 

Storage duration

The data we collect directly through our social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request its deletion, you withdraw your consent to its storage, or the purpose for data storage ceases to exist. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular, retention periods – remain unaffected.

We have no control over how long your data is stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

 

Social networks in detail

 

Facebook

We have a profile on Facebook. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads 

It cannot be ruled out that your personal data may also be transferred to Meta Platforms Inc., which is based in the USA. Meta has certified itself under the EU-US Data Privacy Framework to comply with the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. Further information on data protection can be found in Facebook's privacy policy. https://www.facebook.com/about/privacy/

 

XING

We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out 

For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

 

Instagram
Our website integrates features from the Instagram service. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. Currently, it must be assumed that this establishes a direct connection to the provider's services and that at least your IP address and device-related information are collected and used. It is also possible that attempts will be made to store cookies on your computer. Further information can be found in Instagram's privacy policy: http://instagram.com/about/legal/privacy/

 

YouTube

We use the platform YouTube.com to make our own videos publicly available for advertising purposes. We link to our YouTube channel on our website. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. If you click on such a link, YouTube will store and use your data (IP address and other personal data) to provide the service and for its own business purposes. Further information on data protection by YouTube (Google) can be found at: https://www.google.com/policies/privacy/ 

 

Additional features and content

Should we use additional functions and content (e.g. map or text services) on our website, through which we or the service provider process your personal data, we will inform you about this here.

 

Google services

We use Google services on our website. The provider of these services is generally Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. It cannot be ruled out that your personal data may also be transferred to Google LLC, which is based in the USA, or that the use of a Google service may result in Google itself loading further Google services without our control (e.g., YouTube services). Google has certified its compliance with the EU-US Data Privacy Framework, ensuring adherence to the data protection standards applicable in the EU. The certificate can be viewed at [link to certificate]. https://www.dataprivacyframework.gov/s/  can be viewed.

Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

 

Google Fonts

Our website uses external fonts, specifically Google Fonts. Google Fonts is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. In doing so, your browser also transmits personal data to Google LLC in the USA. Google has certified its compliance with the EU-US Data Privacy Framework, ensuring adherence to the level of data protection applicable in the EU. The certificate can be viewed at https://www.dataprivacyframework.gov/s/. The legal basis for the use of Google Fonts is Article 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future by unchecking the box [here / below the link to the consent tool]. Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

 

Google Photos

Our website uses a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: ggpht). In doing so, your browser also transmits personal data to Google LLC in the USA. The legal basis for this data processing is Article 6(1)(a) GDPR. You can find more information about data processing by Google here: https://www.google.com/policies/privacy/

 

Google Maps

This website uses Google Maps, a map service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to display an interactive map. In doing so, your browser also transmits personal data to Google LLC in the USA. The legal basis for this data processing is Article 6(1)(a) GDPR. Further information about data processing by Google can be found here: https://www.google.com/policies/privacy/

 

YouTube NoCookie

We use the YouTube NoCookie service (also known as "YouTube in enhanced privacy mode") on our website to embed videos without using cookies that track user behavior. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. The legal basis for using YouTube NoCookie is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. The data processed by YouTube NoCookie includes your IP address, device information, and information about video interaction. Data is stored in the browser's web storage. The purpose of the data processing is to embed videos while minimizing the use of cookies and improving user data protection.

It is possible that personal data may be transferred to insecure third countries (USA) where data protection standards are lower than in the EU. We have concluded a data processing agreement (DPA) with Google, which ensures that personal data is processed only according to our instructions and in compliance with the GDPR. Google is certified under the EU-US Data Privacy Framework, which regulates the secure processing of data of EU citizens in the USA. Further information on YouTube's NoCookie privacy policy can be found at: https://policies.google.com/privacy#infocollect

Information about the cookies used can be found at: https://policies.google.com/technologies/cookies

 

Sentry

We use the service 'Sentry' on our website to monitor and track errors and performance issues. The provider is Functional Software, Inc. (‚Sentry‘), 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA. The legal basis for using Sentry is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in monitoring and improving the stability, security, and performance of our website by identifying and resolving technical errors. The data processed by Sentry includes your IP address, error and performance data, device and browser information, and details of your interaction with the website; Sentry may also set cookies to support its functionality.

The purpose of data processing is to monitor, detect, and resolve application errors and performance issues. It is possible that personal data may be transferred to third countries (USA) with lower data protection standards than the EU. Sentry is certified under the EU-US Data Privacy Framework, which regulates the secure processing of EU citizens' data in the USA. We have a data processing agreement (DPA) with Sentry that ensures personal data is processed only according to our instructions and in compliance with the GDPR.

Further information on Sentry's privacy policy can be found at: https://sentry.io/privacy/

 

Recipients and data transmission

We have centralized certain data processing operations within our company. These can be handled centrally by our individual business units, for example, to process inquiries. To ensure we fulfill our tasks and contractual obligations, we may also engage external contractors and service providers (e.g., logistics companies or IT service providers). Furthermore, data may be transferred to recipients to whom we are obligated or entitled to disclose it due to contractual or legal requirements, or based on your consent.

 

Data transfer to third countries

Data will only be transferred to third countries (countries outside the EU and the European Economic Area EEA) if this is necessary for the performance of a contract/order/business relationship including its initiation, or is permitted by our legitimate interest or based on your consent, and only in compliance with the data protection requirements prescribed for this purpose.

 

Notice regarding data transfer to the USA

Our website integrates services from companies based in the USA, or we link to these services. When using these services, personal data may be transferred to US servers of the respective service providers.

 

Under the so-called "Data Privacy Framework" (DPF), the EU Commission has recognized the level of data protection for certain US companies as adequate in its adequacy decision of July 10, 2023. The list of certified companies and further information about the DPF can be found on the US Department of Commerce website at https://www.dataprivacyframework.gov/ (in English). In this privacy policy, we inform you which of our service providers are certified under the DPF for each service.

 

Deletion of your data

We process your personal data only for as long as is necessary to fulfill the respective purpose, or until a legal basis for the processing no longer exists (e.g., withdrawal of consent to data processing). We comply with all applicable statutory retention and storage periods.

 

Your rights

You have the right:

  • free of charge Information to obtain information about the personal data we have stored about you (right of access)
  • one Confirmation to request information about whether we process personal data concerning you (right to confirmation)
  • to request that we delete your personal data without undue delay, provided that its processing is no longer necessary and the other requirements of the GDPR for a deletion are fulfilled (right to erasure)
  • the immediate Correction and completion to request the correction of inaccurate personal data concerning you (right to rectification)
  • the restriction to request the processing of your personal data (right to restriction of processing)
  • to receive the personal data concerning you in a structured, commonly used and machine-readable format (right to Data portability)
  • to object to the processing of your personal data (right to object) Contradiction)
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you (Right to a decision in individual cases).
  • at any time your consent to the processing of your personal data with effect for the future revoked.
  • to lodge a complaint with the supervisory authority responsible for data protection if you believe that the processing of your personal data infringes the GDPR (Right of appeal).

For further information about your rights, please contact our data protection officer.

 

Changes to our privacy policy

To ensure that our privacy policy always complies with current legal requirements, we reserve the right to make changes at any time. This also applies if the privacy policy needs to be adapted due to new or revised services, such as new service offerings. The new privacy policy will then apply to your next visit to our website.