Data protection

General information

DATA PROTECTION is a top priority for us.

The following information provides an overview of the use of personal data in our company and in particular when you visit our website. Personal data is any information that can be used to identify you directly or indirectly. For detailed information on the subject of data protection, please refer to our privacy policy listed below this text.

I. Controller

The controller for the processing of your personal data for this purpose within the meaning of the GDPR is

msa-b GmbH
Represented by the managing director: Andreas Nöh
Am Holzbach 10
48231 Warendorf

Phone: +49 2581 91030-0
E-mail: info@die-top-berater.de

msa-b GmbH, ACM Consultants GmbH and DTB Service GmbH are together THE TOP CONSULTANTS. For further information, please refer to the website https://www.die-top-berater.de/.

II. processing of personal data, purpose and legal basis

We process personal data in accordance with Art. 4 GDPR.

This data includes

General personal data (names, addresses, telephone numbers, email addresses),
online data (e.g. IP addresses and device information), user data (e.g. type and number of websites visited, time of page view), log data
image and sound data
all other personal data that you make available to us, e.g. in text form.

Translated with DeepL.com (free version)

Your personal data will be processed

in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the implementation of (pre-)contractual measures,
pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your consent or
pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR to safeguard our legitimate interests
processed.

With regard to the last point, we ensure in advance that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.
Personal data is processed in our company for a variety of reasons:

a) Visiting our website

When you visit our website, personal data is collected in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR in order to ensure the error-free provision of the website.

This includes, in particular, IP addresses, browser type and language, URL accessed, data volumes transferred, operating system used, current screen resolution, date and time of the visit. These are stored as personalised technical ‘cookies’, i.e. short text information, and deleted after 7 days.

b) Contacting us via the contact and online forms on the website or by email, telephone or post

Various contact forms are available on our website. When you contact us, we process your personal data

pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the performance of (pre-)contractual measures,
in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your consent or
in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR necessary to safeguard our legitimate interests.

With regard to the last point, we ensure in advance that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

We only request the personal data that is required to process your enquiry, e.g. your email address in the case of a written response.
The provision of further personal data, e.g. your first name and surname or your position in the company when you first make general contact, can be voluntary, provided that this is not required for the implementation of (pre-)contractual measures.

c) Friendly Captcha

In order to protect us from spam and bots, we use Friendly Captcha from Friendly Captcha GmbH, Am Anger 3-582237 Wörthsee, Germany, e-mail: hello@friendlycaptcha.com on our website in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

The procedure and the type of use of your personal data are noted at https://friendlycaptcha.com/de/legal/privacy-end-users/.

d) Leadinfo

We use the lead generation service of Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Netherlands on our website. This recognises visits by companies to our website on the basis of IP addresses and shows us publicly available information, such as company names or addresses, to simplify the implementation of (pre-)contractual measures with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

In addition, Leadinfo sets two first-party cookies to evaluate B2B user behaviour on our website and processes domains from form entries (e.g. ‘leadinfo.com’) in order to correlate IP addresses with companies and improve services as part of (pre-)contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Further information can be found at www.leadinfo.com .

On the page: www.leadinfo.com/en/opt-out you have an opt-out option. If you opt out, your data will no longer be collected by Leadinfo.

Prevention of access by Leadinfo

If you do not want Leadinfo to identify your IP address when you access our website, you can have the name of your company blocked from access by sending an e-mail to Leadinfo at the following address with the following content:

hallo@leadinfo.com
Subject: opt-out
Name of your company
Commercial register number, if available

e) Use of Microsoft 365 including ‘Microsoft TEAMS’

We use Microsoft 365 including ‘Microsoft TEAMS’ for written communication, audio and video conferences and surveys.

The processing of the personal data mentioned above in this declaration is carried out

pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the performance of (pre-)contractual measures,
pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your consent or
in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR necessary to safeguard our legitimate interests.

With regard to the last point, we ensure in advance that the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail.

The data controller is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, tel. no.: 0035-3170-63117

We would like to point out that Microsoft Ireland Operations Limited is a Microsoft Privacy company, Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052, USA, tel. no. 001-425-882-8080, and that the transfer of data to the USA would therefore be possible. The USA does not have the same data protection rights as the European Union.

To implement the GDPR, Microsoft has drawn up Online Services Terms of Use for itself, which we have contractually agreed. This includes that Germany is specified as the storage location.

Further information on the handling of personal data can be found at https://privacy.microsoft.com/de-de/privacystatement.

f) Cookies

We use cookies to optimise our website for you and to continuously improve it. This includes cookies that are necessary for the control of our commercial business objectives, which are used exclusively for anonymous statistical purposes, for comfort settings or for the display of personalised content. You decide for which category you want to allow cookies. We distinguish between ‘necessary’ cookies, which we use in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR based on our legitimate interest in website design, and cookies for ‘statistics’ and for ‘convenience’ in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR with your consent. Further information and the option to withdraw your consent are provided directly in the cookie banner.

Show cookie settings
Cookie settings

Overview cookies

Overview vendors

g) Google Tag Manager

We use Google Tag Manager for the optimised integration and management of additional tools in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Your IP address is recorded.
The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, e-mail: support-deutschland@google.com.

We would like to point out that Google Ireland Limited belongs to Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and that the transfer of data to the USA is therefore possible. The USA does not have the same data protection rights as the European Union.
We have concluded an agreement with Google in accordance with the EU standard contractual clauses for data processing.

h) Google Analytics 4

With your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we use Google Analytics 4 to collect online & user data in order to optimise the use of our website.

Information on this and on Google's privacy policy and terms of use can be found at https://policies.google.com/technologies/cookies

The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, e-mail: support-deutschland@google.com.

i) Jotform

We have integrated Jotform on this website. The provider is Jotform Inc, 111 Pine St. Suite, 1815 San Francisco, California 94111, USA (hereinafter referred to as Jotform).

Jotform enables us to create online forms to collect messages, enquiries and other input from our website visitors. All entries you make are processed on Jotform's servers.

The use of Jotform is based on our legitimate interest in determining your request in the most user-friendly way possible (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

We will retain the data you provide on the form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Data transfer to the USA is secured by EU standard contractual clauses that we have concluded with Jotform. You can find details here: https://www.jotform.com/gdpr-compliance/dpa/.

The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt00000008UvGAAU&status=Active

Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

III. Order processing

We have commissioned appropriately qualified external service providers for the hosting of the website and the processing of the above-mentioned personal data in accordance with Art. 28 GDPR.
These are service providers for the external hosting of the website, for the internal and external organisation, processing and dissemination of personal and operational data, service providers for the storage and management of data in data centres.
A list of the specific recipients can be provided.

On the basis of a contract, we only work with processors who offer sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the requirements of this Regulation and ensures the protection of the rights of the data subject.

IV. Duration of storage or deletion of data

The data you provide us with will be deleted by us within the specified periods if you object to its use, revoke your consent to its storage or if the purpose of the data storage no longer applies, provided that no legal provisions oblige us to continue storing it.

V. Your application - career information on our website

Thank you for your interest in a career at our company.
When you click on the ‘Career’ button on our website, you will be redirected to our website www.die-top-berater.de/karriere/ after three seconds
There you will find the current job advertisements of our companies and the contact details for sending us your application.
Your personal data will be processed for this purpose in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR in conjunction with Section 26 BDSG. If a contract is concluded, your data will be processed within the scope of the employment relationship and the applicable legal provisions.

If no employment relationship is agreed, your application data will be deleted six months after notification of rejection, provided that there are no retention obligations or rights (e.g. in the event of a complaint under the General Equal Treatment Act) to the contrary.

Furthermore, you can consent to us keeping or using your application documents for a longer period defined in the consent.
If no employment relationship is established after this period or if you revoke your consent during this period, your application data will be deleted in accordance with the statutory provisions.

VI. social media

We have implemented links on our website.

a) Youtube

By clicking on our media, you consent to the videos from YouTube being uploaded directly to our website and to YouTube collecting online, user and log data in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can find YouTube's data protection settings here: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/
Further information on the protection of user data on YouTube can be found here: https://www.youtube.com/intl/ALL_de/howyoutubeworks/our-commitments/protecting-user-data/#privacy-guidelines.

By clicking on the specific YouTube button on our website, you will be forwarded directly to their website. The service provider of YouTube is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, e-mail: support-deutschland@google.com .

We would like to point out that Google Ireland Limited is part of Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

b) LinkedIn

By clicking on the LinkedIn button, you will be redirected to the LinkedIn website.
For contact details, please refer to LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, Sunnyvale, USA.
Further information on the handling of personal data can be found at https://de.linkedin.com/legal/privacy-policy and https://de.linkedin.com/legal/cookie-policy and https://www.linkedin.com/help/linkedin/answer/87150/linkedin-marketing-solutions-und-die-datenschutz-grundverordnung-dsgvo-?lang=de

c) Xing

You will be redirected to the Xing website by clicking on the corresponding button.
The controller here is New Work SE, Strandkai 1, 20457 Hamburg.
The privacy policy with further information can be found at https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

VII. special features of the whistleblower protection system

In order to fulfil our tasks as a reporting office within the framework of whistleblower protection systems, we process personal data that is made available to us in this context, Art. 6 GDPR in conjunction with. § 10 HinSchG.

Regardless of whether we as the reporting centre are responsible for the incoming report, we are subject to the principle of confidentiality.
In particular, we maintain the confidentiality of the identity of the reporting persons, the persons who are the subject of a report and the other persons named in the report. Exceptions to this are only permitted in the event of a legal obligation.

We have taken technical and organisational measures to ensure that the identity of the above-mentioned persons only becomes known to the persons responsible for receiving reports or for taking follow-up measures, as well as to the persons assisting them in the performance of these tasks.

The personal data processed will be deleted three years after the end of the procedure. They may be kept longer under the above-mentioned confidentiality in order to fulfil the requirements of this Act or other legislation, as long as this is necessary and proportionate.

VIII. Your rights as a data subject

If we use your personal data on the basis of your consent, you have the right to withdraw this consent at any time in accordance with Art. 7 GDPR.
If we use your personal data on the basis of our legitimate interest, you can object to this at any time in accordance with Art. 21 GDPR.

For website-related data, please use the technical options listed at the beginning of this privacy policy. In all other cases, please contact us using the above-mentioned contact details of the controller itself or our contact person for data protection at the end of this privacy policy.

We do not carry out automated decisions in individual cases, including profiling.

As a data subject, you also have the following rights

Right to information in accordance with Art. 15 GDPR
Right to rectification in accordance with Art. 16 GDPR
Right to erasure (‘right to be forgotten’) in accordance with Art. 17 GDPR
Right to restriction of processing in accordance with Art. 18 GDPR
Right to data portability in accordance with Art. 20 GDPR
Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.

IX. Data protection contact

If you have any questions about the processing of your personal data, please do not hesitate to contact us. For all questions regarding data protection, a contact person from our legal department is also available to you in confidence at the e-mail address: datenschutz@die-top-berater.de.

(Translation by Deepl)