Privacy Policy

Date: 8th January 2024

The protection of your personal data is an important concern for the website operator

Anthony Johnston
Buchenweg 1
88339 Bad Waldsee

This should provide security to the website visitor of these internet pages.

Authorized representatives: Managing Directors: Anthony Johnston & Katrin Johnston

Email address: kontakt@johnston-consulting.de

Overview of processing

The following overview summarizes the types of data processed and the purposes of their processing and refers to the persons concerned.

Types of data processed

Inventory data (e.g. names, addresses).
Applicant data (e.g. personal information, postal and contact addresses, documents belonging to the application and the information contained therein, such as cover letter, resume, certificates, as well as other information voluntarily provided by applicants regarding their person or qualifications in relation to a specific position).
Content data (e.g. text input, photographs, videos).
Contact data (e.g. email, telephone numbers).
Meta/communication data (e.g. device information, IP addresses).
Usage data (e.g. visited websites, interest in content, access times).
Social data (data subject to social secrecy (§ 35 SGB I) and processed by social security institutions, social assistance agencies or supply authorities).
Location data (data indicating the location of the end user’s device).
Contract data (e.g. subject matter of contract, term, customer category).
Payment data (e.g. bank details, invoices, payment history).

Special categories of data

Data from which racial and ethnic origin can be inferred.

Categories of persons concerned

Employees (e.g. employees, applicants, former employees).
Applicants.
Business and contractual partners.
Interested parties.
Communication partners.
Customers.
Users (e.g. website visitors, users of online services).
Contest and competition participants.

Purposes of processing

Affiliate tracking.
Registration process.
Provision of our online offer and user-friendliness.
Visit action evaluation.
Application process (establishment and any subsequent implementation as well as possible subsequent termination of the employment relationship).
Office and organizational procedures.
Click tracking.
Cross-device tracking (cross-device processing of user data for marketing purposes).
Direct marketing (e.g. by email or post).
Conducting contests and competitions.
Audience formation.
Interest-based and behavior-based marketing.
Contact requests and communication.
Conversion measurement (measurement of the effectiveness of marketing measures).
Profiling (creation of user profiles).
Remarketing.
Reach measurement (e.g. access statistics, recognition of returning visitors).
Security measures.
Tracking (e.g. interest/behavior-based profiling, use of cookies).
Contractual services and service.
Administration and response to inquiries.
Audience formation (determination of target groups relevant for marketing purposes or other output of content).

Relevant Legal Bases

Below, we share the legal bases of the General Data Protection Regulation (GDPR) on which we process personal data. Please note that in addition to the provisions of the GDPR, national data protection requirements in your or our country of residence may apply. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy..

Consent (Art. 6 para. 1 sentence 1 lit. a GDPR) - The data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of a contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR) - Processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.
Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR) - Processing is necessary to comply with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) - Processing is necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring protection of personal data override such interests.
Art. 9 para. 1 sentence 1 lit. b GDPR (Application process as a pre-contractual or contractual relationship) (Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g., health data, such as disability status or ethnic origin) are requested from applicants during the application process so that the controller or the data subject can exercise their rights arising from labor law and social security and social protection law and fulfill their related obligations, their processing is carried out in accordance with Art. 9 para. 2 lit. b GDPR, in case of protection of vital interests of applicants or other persons according to Art. 9 para. 2 lit. c GDPR or for purposes of preventive health care or occupational medicine, for assessment of employee’s ability to work, for medical diagnosis, care or treatment in health or social sector or for management of systems and services in health or social sector according to Art. 9 para. 2 lit. h GDPR. In case of voluntary consent-based communication of special categories of data, their processing is based on Art. 9 para. 2 lit. a GDPR.) - .

National Data Protection Regulations in Germany: In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations apply in Germany. This includes, in particular, the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), which contains special provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes and transmission, as well as automated decision-making in individual cases, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), particularly with regard to the establishment, implementation or termination of employment relationships and the consent of employees. In addition, state data protection laws of individual federal states may apply.

Security Measures

In accordance with legal requirements, taking into account the state of the art, implementation costs, and the nature, scope, circumstances, and purposes of processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as access to it, input, transmission, ensuring availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and response to data breaches. We also take into account the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection by design and by default.

SSL Encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.

Transmission and Disclosure of Personal Data

In the course of our processing of personal data, it happens that the data is transmitted to other places, companies, legally independent organizational units or persons, or they are disclosed to them. Recipients of this data can include payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such a case, we observe the legal requirements and conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.

Data transfer within the corporate group: We can transmit personal data to other companies within our corporate group or grant them access to this data. If this transfer takes place for administrative purposes, the transfer of data is based on our legitimate business and operational interests or takes place if it is necessary to fulfill our contractual obligations or if there is consent from those affected or a legal permission.

Data Processing in Third Countries

If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if the processing takes place in the context of using third-party services or disclosure or transmission of data to other persons, bodies or companies, this only takes place in accordance with legal requirements.

Subject to express consent or contractually or legally required transmission, we process or have the data processed only in third countries with a recognized level of data protection, which include US processors certified under the “Privacy Shield”, or on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the existence of certifications or binding internal data protection regulations (Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en ).

Use of Cookies

Cookies are text files that contain data from visited websites or domains and are stored by a browser on the user’s computer. A cookie primarily serves to store information about a user during or after his visit within an online offer. The stored information can include language settings on a website, login status, a shopping cart, or the location where a video was watched. We also include other technologies that fulfill the same functions as cookies (e.g., when user information is stored using pseudonymous online identifiers, also known as “user IDs”).

The following types and functions of cookies are distinguished:

Temporary cookies (also: session or session cookies): Temporäre Cookies werden spätestens gelöscht, nachdem ein Nutzer ein Online-Angebot verlassen und seinen Browser geschlossen hat.
Permanente Cookies: Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser. Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users used for range measurement or marketing purposes can be stored in such a cookie.
First-party cookies: First-party cookies are set by us.
Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
Necessary (also: essential or absolutely necessary) cookies: Cookies can be absolutely necessary for the operation of a website (e.g., to save logins or other user input or for security reasons).
Statistics, marketing and personalization cookies: Furthermore, cookies are generally also used in the context of range measurement and when the interests or behavior of a user (e.g., viewing certain content, using functions, etc.) are stored in a user profile on individual websites. Such profiles serve to show users e.g. content that corresponds to their potential interests. This procedure is also known as “tracking”, i.e., tracking the potential interests of users. If we use cookies or “tracking” technologies, we will inform you separately in our privacy policy or when obtaining consent.

Notes on legal bases: The legal basis on which we process your personal data using cookies depends on whether we ask you for consent. If this is the case and you consent to the use of cookies, the legal basis for processing your data is the declared consent. Otherwise, the data processed using cookies is processed on the basis of our legitimate interests (e.g., in a business operation of our online offer and its improvement) or if the use of cookies is necessary to fulfill our contractual obligations.

General information on revocation and objection (opt-out): Depending on whether processing is based on consent or legal permission, you have the option at any time to revoke any given consent or to object to the processing of your data by cookie technologies (collectively referred to as “opt-out”). You can initially declare your objection using the settings of your browser, e.g., by deactivating the use of cookies (which can also restrict the functionality of our online offer). An objection to the use of cookies for online marketing purposes can also be declared using a variety of services, especially in the case of tracking, via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/. In addition, you can receive further objection information in the context of the information on the service providers and cookies used.

Processing of cookie data based on consent: Before we process or have data processed in the context of using cookies, we ask users for revocable consent at any time. Before consent has been given, only cookies that are necessary for the operation of our online offer are used. Their use is based on our interest and the interest of users in the expected functionality of our online offer.

Processed data types: Usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Affected persons: Users (e.g., website visitors, users of online services).
Legal bases: Consent (Art. 6 para. 1 sentence 1 lit. a GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Commercial and business services

We process data of our contractual and business partners, e.g., customers and interested parties (collectively referred to as “contractual partners”) within the framework of contractual and comparable legal relationships and associated measures and within the framework of communication with contractual partners (or pre-contractually), e.g., to answer inquiries.

We process this data to fulfill our contractual obligations, to secure our rights and for the purposes of the administrative tasks associated with this information and the organizational structure of the company. We only pass on the data of contractual partners to third parties within the scope of applicable law to the extent necessary for the aforementioned purposes or to fulfill legal obligations or with the consent of contractual partners (e.g., to involved telecommunications, transport and other auxiliary services as well as subcontractors, banks, tax and legal advisors, payment service providers or tax authorities). Contractual partners are informed about further processing forms, e.g., for marketing purposes, within the scope of this privacy policy.

Which data is necessary for the aforementioned purposes is communicated to contractual partners before or during data collection, e.g., in online forms, by special marking (e.g., colors) or symbols (e.g., asterisks or similar), or personally.

We delete the data after expiry of statutory warranty and comparable obligations, i.e., generally after expiry of 4 years, unless the data is stored in a customer account, e.g., as long as it must be kept for legal reasons of archiving (e.g., for tax purposes usually 10 years). Data disclosed to us by the contractual partner within the scope of an order is deleted in accordance with the specifications of the order, generally after completion of the order.

Insofar as we use third-party providers or platforms to provide our services, the terms and conditions and privacy notices of the respective third-party providers or platforms apply in relation to users.

Customer account: Contractual partners can create an account within our online offer (e.g., customer or user account, briefly “customer account”). If the registration of a customer account is required, contractual partners are informed as well as the information required for registration. The customer accounts are not public and cannot be indexed by search engines. In the context of registration and subsequent logins and uses of the customer account, we store the IP addresses of the customers along with the access times in order to be able to prove the registration and prevent any misuse of the customer account.

If customers have terminated their customer account, the data concerning the customer account will be deleted, unless their retention is required for legal reasons. It is up to the customers to secure their data in case of termination of the customer account.

Shop and E-commerce: For economic reasons and to be able to recognize market trends, wishes of contractual partners and users, we analyze the data available to us on business transactions, contracts, inquiries, etc., whereby contractual partners, interested parties, customers, visitors and users of our online offer can fall into the group of affected persons.

The analyses are carried out for the purpose of economic evaluations, marketing and market research (e.g., to determine customer groups with different characteristics). If available, we can take into account the profiles of registered users along with their information, e.g., on services used. The analyses serve us alone and are not externally disclosed unless they are anonymous analyses with summarized, i.e., anonymized values. Furthermore, we respect the privacy of users and process data for analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).

Shop und E-Commerce: We process our customers’ data to enable them to select, purchase or order the selected products, goods and associated services, as well as their payment and delivery or execution.

The necessary information is marked as such in the context of the order or comparable purchase process and includes the information necessary for delivery or provision and billing as well as contact information in order to be able to hold any necessary consultation.

Agency services: We process our customers’ data within the scope of our contractual services, which may include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes, handling, server administration, data analysis/consulting services and training services.

Coaching: We process our clients’ data as well as those of interested parties and other clients or contractual partners (collectively referred to as “clients”) in order to be able to provide our services to them. The processed data, its type, scope, purpose and necessity are determined by the underlying contractual relationship with clients.

In the course of our work, we may also process special categories of data, in particular information about the health of clients, possibly with reference to their sexual life or sexual orientation, as well as data from which racial and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership emerge. In this case, we obtain explicit consent from clients if necessary and otherwise process the special categories of data only if it serves the health of clients, the data is public or other legal permissions exist.

If it is necessary for our contractual performance, to protect vital interests or legally required, or if there is consent from clients, we disclose or transmit the data of clients in compliance with professional regulations to third parties or agents, such as authorities, billing centers and in the field of IT, office or comparable services.

Consulting: We process the data of our clients, clients and interested parties and other clients or contractual partners (collectively referred to as “clients”) in order to be able to provide our consulting services to them. The processed data, its type, scope, purpose and necessity are determined by the underlying contractual relationship with clients.

If it is necessary for our contractual performance, to protect vital interests or legally required, or if there is consent from clients, we disclose or transmit the data of clients in compliance with professional regulations to third parties or agents, such as authorities, subcontractors or in the field of IT, office or comparable services.

Brokerage and mediation services: We process the data of our customers, clients and interested parties (collectively referred to as “customers”) according to the underlying order of customers. We may also process information about the characteristics and circumstances of persons or things belonging to them if this is part of our order. This can include information about personal life circumstances, mobile or immobile property and financial situation.

If necessary for contractual performance or legally required or based on our legitimate interests and approved by customers, we disclose or transmit customer data in the context of coverage inquiries, conclusions and processing of contracts to providers of mediated services/objects, insurers, reinsurers, broker pools, technical service providers, other service providers such as cooperating associations and financial service providers, credit institutions and investment companies as well as social security institutions, tax authorities, tax advisors, legal advisors, auditors, insurance ombudsmen and the Federal Financial Supervisory Authority (BaFin). Furthermore, subject to other agreements, we may commission subcontractors such as sub-brokers.

Project and development services: We process the data of our customers as well as clients (hereinafter collectively referred to as “customers”) in order to enable them to select, purchase or commission the chosen services or works and associated activities as well as their payment and provision or execution.

The necessary information is marked as such in the context of the order, order or comparable conclusion of the contract and includes the information necessary for the provision of services and billing as well as contact information in order to be able to hold any necessary consultations. Insofar as we have access to information from end customers, employees or other persons, we process this in accordance with legal and contractual requirements.

Mediation services: We process the information provided by interested parties in the context of mediation inquiries for the purpose of establishing, conducting and possibly terminating a contract for mediation of offers from providers of their requested products or services.

We use the contact details of interested parties to specify their request using the agreed or otherwise permitted communication channel (e.g., telephone or email) and to suggest suitable providers or offers based on the specified request. In addition, we may ask interested parties at a later date, in accordance with legal requirements, about the success of our mediation service.

We process the data of interested parties as well as providers to fulfill our contractual obligations in order to link the request submitted by interested parties with suitable offers from providers and forward them to corresponding providers or suggest providers.

We may log entries into the online form sent by interested parties in order to be able to prove the existence of the contractual relationship and consents from interested parties in accordance with legal accountability obligations (Art. 5 para. 2 GDPR). This information is stored for a period of three to four years if we need to prove the original request (e.g., to be able to demonstrate our authorization to contact interested parties).

Further information on commercial services: We process the data of our customers and clients (hereinafter collectively referred to as “customers”) in order to enable them to select, purchase or commission the chosen services or works and associated activities as well as their payment and delivery or execution.

Processed data types: Inventory data (e.g., names, addresses), payment data (e.g., bank details, invoices, payment history), contact data (e.g., email, telephone numbers), contract data (e.g., subject matter of contract, term, customer category), usage data (e.g., visited websites, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
Special data categories: Health data (Art. 9 para. 1 GDPR), Data on sexual life or sexual orientation (Art. 9 para. 1 GDPR), Religious or philosophical beliefs (Art. 9 para. 1 GDPR), Data from which racial and ethnic origin emerge.
Affected persons: Interested parties, business and contractual partners, customers.
Purposes of processing: Contractual services and service, contact inquiries and communication, office and organizational procedures, administration and answering of inquiries, security measures, visit action evaluation, interest-based and behavior-based marketing, profiling (creating user profiles), conversion measurement (measuring the effectiveness of marketing measures).
Legal bases: Contract fulfillment and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), Legal obligation (Art. 6 para. 1 sentence 1 lit. c GDPR), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR), Consent (Art. 6 para. 1 sentence 1 lit. a GDPR).

Contact

When contacting us (e.g. via contact form, email, telephone or via social media), the information provided by the inquiring persons is processed to the extent necessary to respond to the contact inquiries and any requested measures.

The response to contact inquiries within the framework of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and otherwise on the basis of legitimate interests in responding to the inquiries.

Processed data types: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. visited websites, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Affected persons: Communication partners.
Purposes of processing: Contact inquiries and communication, administration and response to inquiries.
Legal basis: Performance of contract and pre-contractual inquiries (Art. 6 para. 1 sentence 1 lit. b GDPR), legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).

Used services and service providers:

Zoom: Management of contact inquiries and communication; Service provider: ZOOM Video Communications Inc., San Jose Office, 55 Almaden Boulevard, 6th Floor, San Jose, CA 9511, USA; Website: https://zoom.us/; Privacy policy: https://zoom.us/terms.

Communication via Messenger

We use messenger services for communication purposes and therefore ask you to note the following information on the functionality of the messengers, encryption, use of the metadata of communication and your options for objection.

You can also contact us via alternative means, e.g. by telephone or email. Please use the contact options provided to you or those specified within our online offering.

In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we would like to point out that the communication content (i.e., the content of the message and attached images) is encrypted from end to end. This means that the content of the messages is not visible, not even by the messenger providers themselves. You should always use an up-to-date version of the messenger with activated encryption to ensure that the encryption of message content is ensured.

However, we would like to additionally point out to our communication partners that although the providers of the messengers cannot see the content, they can find out when and with whom communication partners communicate with us as well as technical information about the device used by communication partners and, depending on the settings of their device, also location information (so-called metadata) are processed.

Notes on legal basis: If we ask communication partners for permission before communicating with them via messenger, the legal basis for our processing of their data is their consent. Otherwise, if we do not ask for consent and they contact us on their own initiative, for example, we use messengers in relation to our contractual partners and in the context of contract initiation as a contractual measure and in the case of other interested parties and communication partners on the basis of our legitimate interests in fast and efficient communication and meeting the needs of our communication partners to communicate via messengers. Furthermore, we would like to point out that we do not transmit the contact data provided to us to the messengers without your consent.

Revocation, objection and deletion: You can revoke any given consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete the messages according to our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we can assume that we have answered any information from communication partners, if no reference to a previous conversation is expected and if there are no legal retention obligations to prevent deletion.

Reservation of reference to other communication channels: Finally, we would like to point out that for reasons of your security, we reserve the right not to answer inquiries via messenger. This is the case if, for example, internal contract matters require special confidentiality or if an answer via messenger does not meet formal requirements. In such cases, we refer you to more appropriate communication channels.

Used services and service providers:

Telegram Broadcasts: Telegram Broadcasts - Messenger with end-to-end encryption; Service provider: Telegram, Dubai; Website: https://telegram.org/; Datenschutzerklärung: https://telegram.org/privacy.
WhatsApp: WhatsApp Messenger with end-to-end encryption; Service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; Website: https://www.whatsapp.com/; Privacy policy: https://www.whatsapp.com/legal; Privacy Shield (Ensuring data protection level when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active.

Deletion and restriction of processing:

We can store the logged out email addresses for up to three years based on our legitimate interests before we delete them to prove a previously given consent. The processing of this data is limited to the purpose of a possible defense of claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time. In the case of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a block list (so-called “blacklist”).
The logging of the registration process is carried out based on our legitimate interests for the purpose of proving its proper course. Insofar as we commission a service provider with the sending of emails, this is done based on our legitimate interests in an efficient and secure shipping system.

Notes on legal bases: The sending of newsletters is based on the consent of the recipients or, if consent is not required, based on our legitimate interests in direct marketing, insofar and as far as this is legally permitted, e.g., in the case of advertising to existing customers. Insofar as we commission a service provider with the sending of emails, this is done on the basis of our legitimate interests. The registration process is recorded on the basis of our legitimate interests to prove that it was carried out in accordance with the law.

Privacy Policy

Externe Inhalte

Cookie-Einstellungen