Privacy policy – HR Metrics Consulting

General information

We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for us.

The use of our Website is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this privacy policy, of the rights to which they are entitled.

Data security

All the data you submit to us will be transferred and encrypted using the customary and secure TLS (Transport Layer Security) standard. A secure TLS connection is indicated by the addition of the letter “s” to “http” (i.e. “https://…”) in your browser address bar or a lock symbol at the bottom of your browser.

We also make use of appropriate technical and organizational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction and access by unauthorized third parties. We continuously improve our security measures in line with the latest technological developments.

Name and Address of the Controller

This privacy statement applies to the processing of data on the website https://hr-metrics.de

by the following data controller:

HR Metrics Consulting GmbH
Managing Director Christian Fritz
Ellen-Gottlieb-Straße 4
79106 Freiburg

Phone: +49 157 321 3112 7
E-Mail: info@hr-metrics.de

Relevant legal basis for personal data processing

In the following we share the legal basis of the General Data Protection Regulation (GDPR), on the basis of which we process the personal data. Please note that in addition to the provisions of the GDPR, the national data protection requirements in your or our country of residence and domicile may apply. Furthermore, if more specific legal bases are relevant in individual cases, we will inform you of this in the data protection declaration.

Consent (Art. 6 Para. 1 S. 1 lit. a GDPR) – The person concerned has given their consent to the processing of their personal data for a specific purpose or for several specific purposes.

Fulfillment of contracts and pre-contractual inquiries (Art. 6 Para. 1 S. 1 lit. b. GDPR) – Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures that are required at the request of the data subject respectively.

Legal obligation (Art. 6 Para. 1 S. 1 lit. c. GDPR) – The processing is necessary to fulfill a legal obligation to which the person responsible is subject.

Legitimate interests (Art. 6 Para. 1 S. 1 lit. f. GDPR) – Processing is necessary to safeguard the legitimate interests of the person responsible or a third party, unless the interests or fundamental rights and freedoms of the data subject, which protect personal data Data require, predominate.

National data protection regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes in particular the law on the protection against misuse of personal data during data processing (Federal Data Protection Act – BDSG).

Safety measures

We take security measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, we shall take appropriate technical and organizational measures to ensure a level of protection level of protection appropriate to the risk.

The measures shall include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to the data and electronic access to the data as well as access to, input of, transfer of, assurance of availability of and

their separation. We have also set up procedures to ensure that data subjects’ rights can be exercised, and that data can be deleted.

Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, selection of hardware, software and processes in accordance with the principle of data protection, by means of technology design and through data protection-friendly default settings.

SSL encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address bar of your browser.

Personal data processing and processing purposes

When you visit our website

You can visit our website without being required to disclose information about your identity. Only the information needed to establish a connection to our website will be automatically sent to our website’s server from your device’s browser.

Each time a user connects to our website, our website will collect a series of general pieces of data and information. This general data and information will be stored in our server’s log files. The following details may be collected:

– the browser types and versions used,

– the operating system of the device accessing our website,

– the webpage from which a system is accessing our website (known as the referrer),

– the subpages on our website being accessed by the system,

– the dates and times of when our website has been accessed,

– the Internet Protocol address (IP address),

– the internet service provider of the system accessing our website,

– any other similar pieces of data and information that can be used to protect our services in the event of an attack on our information technology systems.

We do not draw any conclusions about users when using this general data and information. Instead, we use this information to:

– ensure that the content on our website is displayed correctly,

– optimize our web content and the advertising for our website,

– ensure that our information technology systems and our website’s technology remain in full working order, and

– provide law-enforcement authorities with the information needed to prosecute offenders in the event of a cyberattack.

We therefore evaluate this anonymously collected data and information firstly for statistical purposes and secondly in order to provide better data protection and data security with the ultimate aim of ensuring an optimum level of protection for the personal data we process. The anonymous data saved in the server log files is stored separately from all the personal data provided by a data subject.

Data is deleted as soon as we no longer need it to fulfill the purpose for which it was collected. In the case of data collected to enable operation of the website, this deletion occurs when the user’s browsing session comes to an end.

IP addresses are processed for technical and administrative purposes so that we can establish a stable connection, keep our website secure and in full working order, and — if necessary — trace any unlawful attacks on our website.

In processing your IP address and other information in the log files, we are unable to draw any direct conclusions about your identity.

Used Services and service providers:

Strato AG

Otto-Ostrowski-Straße 7

10249 Berlin

Website: https://www.strato.de
Datenschutz: https://www.strato.de/datenschutz/

When you contact us through email or contact form

Our website includes a contact form, which you can use to contact us electronically. Should you choose to use this option, the data you enter into the contact form will be transferred to us and stored. When completing this form, you will be asked to provide your consent for us to process this data and you will be referred to this privacy statement.

Alternatively, you can contact us at the email address provided. In this case, we will store the personal data provided to us in the email.

This data will not be transferred to third parties and will exclusively be used for the processing of any communication.

We only process the personal data entered into the contact form in order to handle your inquiry. Your choosing to contact us via email also constitutes the necessary legitimate interest on our part to process your data.

The other personal data we process during this procedure is used to prevent the contact form from being misused and to keep our information technology systems secure.

Data is deleted as soon as we no longer need it to fulfill the purpose for which it was collected. Personal data entered into our contact form and for data sent by email will be deleted as soon as we have finished communicating with you about your inquiry. This communication is deemed to be finished when it is apparent from the circumstances that the matter being discussed has been completely resolved.

You may withdraw your consent to the processing of your personal data at any time. In such cases, we will no longer be able to continue communicating with you.

All personal data stored as a result of your inquiry will be deleted. For more information, please see the section on Rights of data subjects.

When you subscribe to our newsletter

You have various opportunities to subscribe to our newsletter on our website.

Provided that you have given your express consent in accordance with Article 6 Paragraph 1 Sentence 1 (a) GDPR, we will use your email address to send you information in line with your preferences at regular intervals. To receive this information, all you need to do is provide us with your email address and select your desired language version.

You may be given the opportunity to enter additional optional personal data (e.g. name, address and telephone number). We will use this data to contact you by phone or post.

After registering, you will receive an email asking you to confirm your subscription so that you can be sent the newsletter. This is known as the double opt-in process. This provides us with proof that the registration process was initiated by you.

You can unsubscribe at any time, e.g. by clicking on the link at the end of each press newsletter. Alternatively, you can inform us at any time of your wish to unsubscribe by sending an email to: info@hr-metrics.de.

Your email address will be deleted as soon as you withdraw your consent to receive our newsletter. For more information, please see the section on Rights of data subjects.

Used Services and service providers:

Rapidmail: email marketing platform; Service provider: rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau; Website: https://www.rapidmail.de

Transfer of personal data to third parties

Except for in the cases specified above (subscription to our newsletter), we only transfer your personal data to third parties if:

– you have given your express consent to this in accordance with Article 6 Paragraph 1 Sentence 1 (a) GDPR,

– this is necessary for the performance of a contract to which you are party in accordance with Article 6 Paragraph 1 Sentence 1 (b) GDPR,

– if we have a legal obligation to transfer the data in accordance with Article 6 Paragraph 1 Sentence 1 (c) GDPR.

As part of our processing of personal data, it also may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or they are disclosed to them. The recipients of this data can include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements that serve to protect your data with the recipients of your data.

Transfer of data to third countries

Insofar as we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) or the processing in the context of the use of third-party services or the disclosure or transfer of data to other persons, offices or companies takes place, this is only done in accordance with the legal requirements.

Subject to express consent or contractually or legally required transfer, we only process or have the data processed in third countries with a recognized level of data protection on the basis of special guarantees, such as contractual obligations through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de)

Cookies

Our website uses cookies. Cookies are text files which are placed and stored on a computer system via a web browser.

Cookies are used on lots of websites and servers. Many cookies contain a unique identifier called a cookie ID. This consists of a string of characters which links webpages and servers to the specific web browser on which the cookie is stored. This enables the webpages and servers visited to differentiate between the data subject’s browser and other web browsers on which other cookies are stored. A specific web browser can be recognized and identified using the unique cookie ID.

Cookies enable us to provide visitors to our site with more user-friendly features, which we would not be able to offer without the use of cookies. We use cookies to optimize the information and services on our website in line with the user’s requirements. As mentioned above, cookies allow us to recognize our website’s users. The purpose of this recognition is to make our website easier to use. For example, visitors to a website which uses cookies do not have to re-enter their login data each time they visit the website because this is automatically taken from the cookie stored on the user’s computer system and entered into the website.

Some of the cookies we use are deleted as soon as the browser session comes to an end, i.e. when the user closes their browser. These cookies are known as session cookies. Other cookies remain on the user’s device and enable us or our partner companies to recognize the user’s browser the next time the user visits our website. These cookies are known as persistent cookies.

Data subjects can, at any time, prevent our website from placing cookies on their device by changing the settings in their web browser, permanently objecting to the placement of cookies. Furthermore, cookies which have already been placed on a device can be deleted at any time via a web browser or other software program. This is possible in all commonly used web browsers. If the data subject disables the placement of cookies in their web browser, they may not be able to make full use of all our website’s features.

Used Services and service providers:

Klaro: open-source consent management platform ; Service provider: KIProtect GmbH, Bismarckstr. 10-12, 10625 Berlin; Website: https://www.heyklaro.com

Web analysis and advertising

We process personal data for the purposes of web analysis and marketing, which can include in particular the marketing of advertising space or the presentation of advertising and other content (collectively referred to as “content”) based on the potential interests of users and the measurement of their effectiveness.

For these purposes, so-called user profiles are created and stored in a file (so-called “cookie”) or similar processes are used, by means of which the user information relevant to the presentation of the aforementioned content is saved. This information can include content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, these can also be processed.

The IP addresses of the users are also saved. However, we use available IP masking procedures (i.e. pseudonymisation by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is saved as part of the online marketing process, but pseudonyms. This means that we, as well as the providers of online marketing processes, do not know the actual identity of the users, but only the information stored in their profiles.

The information in the profiles is usually stored in the cookies or by means of similar processes. These cookies can later generally also be read out on other websites that use the same online marketing process, analyzed for the purpose of displaying content and supplemented with additional data and stored on the server of the online marketing process provider.

As an exception, clear data can be assigned to the profiles. This is the case if the users are, for example, members of a social network whose online marketing process we use and the network connects the profiles of the users with the aforementioned information. We ask you to note that users can make additional agreements with the providers, e.g. through consent during registration.

In principle, we only have access to summarized information about the success of our advertisements. However, we can use so-called conversion measurements to check which of our online marketing processes have led to a so-called conversion, i.e., for example, to the conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.

Unless otherwise stated, we ask you to assume that the cookies used will be stored for a period of two years.

Opposition possibility (opt-out): We refer to the data protection information of the respective provider and the possibilities of objection given to the providers (so-called \ “opt-out \”). Unless an explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this can restrict the functions of our online offer

Used Services and service providers:

Google Analytics: web analysis and marketing; Servivce provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privacy policy: https://policies.google.com/privacy; Opposition possibility (Opt-Out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisement: https://adssettings.google.com/authenticated.

Google Ads Conversion Tracking (former Google AdWords):web analysis and marketing; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://ads.google.com/; Privacy policy: https://services.google.com/sitestats/de.html

Customer Action Analysis: web analysis and marketing; Service provider: AdAnt Media GmbH
Fünfhausenstr. 2,31832 Springe; Website: https://www.adantmedia.com/ ; Privacy policy: https://www.adantmedia.com/index.php/impressum-und-datenschutz/

AdAnt Media Retargeting: web analysis and marketing AdAnt Media GmbH
Fünfhausenstr. 2,31832 Springe; Website: https://www.adantmedia.com/ ; Privacy policy: https://www.adantmedia.com/index.php/impressum-und-datenschutz/

Plugins and tools

We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as “third-party providers”). These can be graphics, videos or social media buttons as well as posts (hereinafter uniformly referred to as “content”).

The integration always presupposes that the third party providers of this content process the IP address of the user, since without the IP address they would not be able to send the content to their browser. The IP address is therefore required for the display of this content or functions. We strive to only use content whose respective providers only use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user’s device and contain, among other things, technical information about the browser and operating system, the websites to be referred to, the time of visit and other information about the use of our online offer, as well as being linked to such information from other sources.

Used Services and service providers:

YouTube: Video content; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland, Company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy policy: https://policies.google.com/privacy; Opposition possibility (Opt-Out): Opt-Out-Plugin: https://tools.google.com/dlpage/gaoptout?hl=de, Settings for the display of advertisement: https://adssettings.google.com/authenticated.

Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com;

Pinterest: Social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) Privacy policy: https://about.pinterest.com/de/privacy-policy.

Google Fonts: External fonts of Google; Service provider: Google LLC., Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.google.com/fonts ; Privacy policy: https://policies.google.com/privacy,

Google Maps: Maps; Service provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https://www.google.com/policies/privacy/

Social Media Presence

We have a presence on several social media platforms, for example through fan pages. This allows us to provide information about us and to get in touch with you. Please note that we have no influence over how your personal data is used on these platforms. Only the operator of each platform has full knowledge of the content of the transmitted data and its use.

As a rule, cookies are stored in your browser when you visit a social media platform.

This can occur even if you are not a member of that particular platform. We have no knowledge of whether your data is transferred outside the European Economic Area.

Any processing of personal data carried out by us on social media platforms is on the basis of Article 6 Paragraph 1 Sentence 1 (f) GDPR. Our legitimate interest is based on presenting us to the outside world in a variety of ways and using the opportunity to communicate with our customers as effectively as possible.

The legal basis may also constitute your consent to data processing pursuant to Article 6 Paragraph 1 Sentence 1 (a) GDPR if you have previously given this to the operator of the social media platform.

The privacy policies of the respective operators provide detailed information about how they process your data, how you can object to the processing of your data, your rights with regard to your data, and other specific information:

Used Services and service providers:

LinkedIn: Social network; Service provider : LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com;

Opposition possibility (Opt-Out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Facebook: Social network; Service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Webiste: https://facebook.com

Cookie information: https://www.facebook.com/policies/cookies/

Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com;

Pinterest: Social network; Service provider: Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”) Privacy policy: https://about.pinterest.com/de/privacy-policy

Twitter: Blog service; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland; Website: https://twitter.com

Xing: Social network; Service provider: XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany; Website: https://xing.com; Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

Planning, organization and auxiliary tools

We use services, platforms and software of other providers (hereinafter referred to as “Third-Party Providers”) for purposes of organization, administration, planning as well as provision of our services. When selecting third-party providers and their services, we observe the legal requirements.

In this context, personal data may be processed and stored on the servers of the third-party providers. This may involve various data that we process in accordance with this privacy policy. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents.

If users are referred to the third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Used Services and service providers:

Microsoft Teams: Service provider: Microsoft Corporation, Redmond, WA 98052-6399, USA; Website: https://www.microsoft.com; Privacy policy: https://privacy.microsoft.com/de-de/privacystatement

Zoom Video Communications: Service provider: Zoom Inc, 55 Almaden Blvd, San Jose, USA; Website: https://zoom.com; Privacy policy: https://explore.zoom.us/de/privacy/

Hubspot: Service provider: HubSpot Inc, 25 First Street, Cambridge, Massachusetts, 02141, USA; Website: www.hubspot.com; Privacy policy: https://legal.hubspot.com/privacy-policy?hubs_content=www.hubspot.com/&hubs_content-cta=Privacy%20Policy

Deletion and Term of Storage

The data processed by us will be deleted in accordance with the legal requirements as soon as the consent permitted for processing is revoked or other permissions are no longer applicable (e.g. if the purpose of processing this data is no longer applicable or is not required for the purpose).

If the data are not deleted because they are required for other legally permissible purposes, their processing will be limited to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be stored for commercial or tax law reasons or whose storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person.

Further information on the deletion of personal data can also be found in the individual data protection information of this data protection declaration.

Rights of data subjects

You have the right:

– to withdraw your previously given consent at any time pursuant to Article 7 Paragraph 3 GDPR. This means that we may no longer continue processing the data which we were processing on the basis of this consent;

– to obtain information about your personal data which we have processed pursuant to Article 15 GDPR. In particular, you have the right to access information about the purposes of processing; the category of personal data; the categories of recipient to whom your data has been or will be disclosed; the envisaged storage period; the existence of a right to rectification, erasure, restriction of or objection to processing, and the lodging of a complaint; the source of your data if we did not collect it; and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about this process;

– to obtain without undue delay the rectification of inaccurate personal data concerning you and stored by us or the completion of such data pursuant to Article 16 GDPR;

– to obtain the erasure of personal data concerning you and stored by us pursuant to Article 17 GDPR, unless processing is necessary for exercising the right of freedom of expression and information, for complying with a legal obligation, for reasons of public interest or for establishing, exercising or defending legal claims;

– to obtain the restriction of processing of your personal data in accordance with Article 18 GDPR if the accuracy of the personal data is contested by you, the processing is unlawful but you do not wish for your data to be deleted, we no longer need the data but you require it for the establishment, exercise or defense of legal claims, or you have objected to the processing pursuant to Article 21 GDPR;

– to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit this data to another controller pursuant to Article 20 GDPR;

– to object, pursuant to Article 21 GDPR, on grounds relating to your particular situation and at any time to processing of your personal data which is based on Article 6 Paragraph 1 (e) GDPR (data processing in the public interest) and Article 6 Paragraph 1 (f) GDPR (data processing on the basis of the consideration of interests); this also applies to profiling based on these provisions as defined in Article 4 (4) GDPR. If you make an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is taking place for the establishment, exercise or defense of legal claims. If you object to processing for direct marketing purposes, we will stop processing your data immediately. In such cases, no particular situation needs to be indicated. This also applies to profiling to the extent that it is related to such direct marketing. If you would like to exercise your right to object, please simply send an email to info@hr-metrics.de;

– to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. As a general rule, you can lodge a complaint with the supervisory authority in your habitual place of residence, your place of work or our registered office.

Updates and amendments to this privacy statement

We may need to amend this privacy statement following updates to our website and offers or due to changes in the law or official requirements. You can always view and print the latest version of our privacy statement on our website.