This website uses cookies to enable certain functions and improve the service. By continuing here, you agree to the use of the cookies. More information is available at Data protection.

Data protection

Privacy policy

The provisions set out in the EU General Data Protection Regulation (hereinafter referred to as GDPR) apply throughout Europe. We hereby inform you of our company’s processing of personal data in line with this regulation (see Articles 13 and 14 of the GDPR).

You can find our complete privacy policy here for download:

If you have any questions or comments on this privacy policy, do not hesitate to direct them to the e-mail address stated in section 2 or 3.  
 
List of contents:  

I. Overview

  1. Scope
  2. Controller
  3. Data protection officer
  4. Data security

II. The data processing in detail 

  1. General information concerning data processing 
  2. Accessing the website/application 
  3. Newsletter
  4. Application
  5. Customer Service
  6. Organisation consulting with regard to the implementation of psychosocial risk assessments 
  7. Sales and customer management
  8. Tracking

III. Rights of those affected (data subjects) 

  1. Right to object 
  2. Right to information 
  3. Right of rectification
  4. Right to erasure ("right to be forgotten")
  5. Right to restriction of processing 
  6. Right to data portability 
  7. Right to withdraw consent 
  8. Right to complain

IV. Glossary 


I. Overview

In this section of the privacy policy, you will find information on the scope, the controller for data processing, the data protection officer and data security.  

1. Scope

Data processing by Fürstenberg Institut GmbH can essentially be divided into two categories

  • For the purpose of contract processing, all data required for the execution of a contract with Fürstenberg Institut GmbH will be processed. If external service providers are also involved in the processing of the contract, your data will be passed on to them to the extent required. 
  • When you access the website/application of Fürstenberg Institut GmbH, various information is exchanged between your device and our server. This may also include personal data. The information collected in this manner is used, among other things, to optimize our website or to display advertising in the browser of your end device.

This privacy policy also always applies if elsewhere from one of our offerings (e.g. webinars) reference is made to this privacy policy, regardless of how you access or use it.

All these offerings are also collectively referred to as "Services".  
 

2. Controller

The controller for data processing – i.e. the party that decides on the purposes and means of processing personal data – in conjunction with the services is  

Fürstenberg Institut GmbH 
Gorch-Fock-Wall 3 
20354 Hamburg 
Telephone: +49 (0)40-380820-0 
E-mail: info@fuerstenberg-institut.de 

3. Data protection officer

You can contact our data protection officer as follows:

Contact form:  https://www.dsextern.de/anfragen

DS EXTERN GmbH
Dipl.-Kfm. Marc Althaus 
Frapanweg 22
22589 Hamburg 

4. Data security

In order to develop the measures required in Art. 32 of the GDPR and thus achieve a level of protection commensurate with the risk, we have established an information security management system in our company. 


II. The data processing in detail

In this section of the privacy policy, we inform you in detail concerning the processing of personal data within the framework of our services. For better clarity, we structure this information according to certain functionalities of our services. In the normal use of the services, different functionalities, and thus also different processes, can come into effect successively or simultaneously. 

1. General information on data processing

Unless otherwise stated, the following applies to all processing operations described below: 

a. No obligation to provide data

There is no contractual or legal obligation to provide personal data. You are not obliged to provide data. 


b. Consequences of not providing data

Failure to provide the required data (data marked as mandatory during entry) means that the service in question cannot be provided. Otherwise, not providing data can result in the situation that our services cannot be provided in the same form and quality.

c. Consent

In various cases, you also have the option of giving us your consent (possibly for part of the data) to further processing in conjunction with the processing operations described below. In this case, we will inform you separately in conjunction with the submission of the respective declaration of consent of all modalities and the scope of the consent and of the purposes that we pursue with these processing operations.

d. Transfer of personal data to third countries

If we transfer data to third countries, i.e. countries outside the European Union, then the transfer takes place exclusively in compliance with the legally regulated conditions governing admissibility. The conditions governing admissibility are regulated by Art. 44-49 of the GDPR. 

e. Hosting with external service providers 

Our data processing takes place to a large extent with the involvement of so-called hosting service providers, who provide us with storage space and processing capacities in their data centers and also process personal data on our behalf in accordance with our instructions. These service providers process data either exclusively in the EU or we have guaranteed an adequate level of data protection with the aid of the EU standard data protection clauses.

f. Transmission to government authorities

We transfer personal data to government authorities (including law enforcement agencies) if this is necessary to fulfill a legal obligation to which we are subject (legal basis: sentence 1 of Art. 6(1)(c) of the GDPR) or if it is necessary for asserting, exercising or defending legal claims (legal basis: sentence 1 of Art. 6(1)(f) of the GDPR).

g. Duration of storage

We do not store your data longer than we need it for the respective processing purposes. If the data is no longer required for fulfillment of contractual or legal obligations, it will be regularly deleted, unless its temporary storage is still necessary. Reasons for this could be, for example, the following:

  • Fulfillment of commercial law and tax law retention obligations 
  • Obtaining evidence for legal disputes within the framework of the statutory statute of limitations 

Likewise it is also possible for us to continue to store your data in our facilities if you have given your express consent. 

h. Categories of data

  • Account data: Log-in/user identification and password
  • Personal master data: Title, form of address/gender, first name, last name, date of birth, position
  • Address data: Street, house number, address extensions (if applicable), postcode, city, country 
  • Contact data: Telephone number(s), fax number(s), e-mail address(es)
  • Organisation data (only in the case of organisation consulting projects): Area of activity/location/business unit
  • Registration data: Information about the service through which you have registered; times and technical information concerning registration, confirmation and cancellation; data provided by you when you registered
  • Access data: Date and time of the visit to our service; the page from which the accessing system came to our site; pages accessed during use; session ID data; also the following information about the accessing computer system: Internet protocol address used (IP address), browser type and version, device type, operating system, and similar technical information.
  • Application data: Curriculum vitae, references, supporting documents, work samples, certificates, photos 
  • Data according to Art. 9 of the GDPR: Health data

2. Accessing the website/application

This section describes how we process your personal data when you access our services. We would particularly like to point out that the transmission of access data to external content providers (see under b.) is unavoidable due to the technical functionality of information transmission on the internet.

a. Information on processing 

Category of data: Access data

Purpose: Connection set-up, displaying the service’s contents, detecting attacks on our site by unusual activities, error diagnosis

Legals basis: Art. 6(1)(f) of the GDPR

Legitimate interest (if applicable): Proper function of services, security of data and business processes, preventing misuse, preventing damage caused by interference with information systems

Duration of storage: 7 days

b. Recipients of personal data 

Recipient category: External content providers who provide content (such as images, videos, embedded posts from social networks, ad banners, fonts, update information) that is necessary to display the service 

Affected data: Access data

Legal basis for the data transfer: Order processing (Art. 28 of the GDPR) 

Legitimate interest (if applicable): Proper function of services, (accelerated) display of content


Recipient category: IT security service providers

Affected data: Access data

Legal basis for the data transfer: Order processing (Art. 28 of the GDPR)

Legitimate interest (if applicable): Preventing attacks that exploit weaknesses or gaps in security

3. Newsletter 

Here we describe what happens with the personal data you provide when subscribing to our newsletter: 

a. Information on processing 

Category of data: E-mail address

Purpose: Registration verification (double opt-in), newsletter dispatch 

Legals basis: Art. 6(1)(b) of the GDPR

Duration of storage: Duration of newsletter subscription


Category of data: Personal master data

Purpose: Customization of the newsletter

Legals basis: Art. 6(1)(b) of the GDPR 

Duration of storage: Duration of newsletter subscription


Category of data: Registration data

Purpose: Traceability of newsletter subscription/confirmation/unsubscription 

Legals basis: Art. 6(1)(b), (f) of the GDPR

Legitimate interest (if applicable): Evidence of newsletter subscription/confirmation/unsubscription 

Duration of storage: Duration of newsletter subscription


Category of data: Newsletter user profile data

Purpose: Designing the newsletter to suit individual interests

Legals basis: Art. 6(1)(f) of the GDPR

Legitimate interest (if applicable): Improving our service, advertising purposes 

Duration of storage: Duration of newsletter subscription


b. Recipients of personal data

Recipient category: 
Service provider for sending newsletters 

Affected data: All data stated under a.

Legals basis for the data transfer: Order processing (Art. 28 of the GDPR) 


Recipient category: Service provider for postal dispatch

Affected data: All data stated under a.

Legal basis for the data transfer: Order processing (Art. 28 of the GDPR)

Legitimate interest (if applicable): For transferring printed invitation cards, sending the winnings after taking part in competitions, or similar

4. Application

During an ongoing application process, we process your personal data in the following manner: 

a. Information on processing 

Category of data: Address data, contact data

Purpose: Identification, contact initiation, communication regarding contract initiation 

Legals basis: Art. 6(1)(b) of the GDPR 

Duration of storage: 6 months


Category of data: Personal master data

Purpose: Identification, contact initiation, age check

Legals basis: Art. 6(1)(b) of the GDPR 

Duration of storage: 6 months


Category of data: Application data

Purpose: Applicant selection

Legals basis: Art. 6(1)(b) of the GDPR 

Duration of storage: 6 months

b. Recipients of personal data

Recipient category: Responsible office 

Affected data: All data stated under a.

Legal basis for the data transfer: Art. 6(1)(b) of the GDPR 

5. Client Services

Here we describe how we process your personal data when you contact our Client Services team: 

a. Information on processing

Category of data: Personal master data, contact data, content of queries/complaints 

Purpose: Processing customer queries and user complaints 

Legals basis: Art. 6(1)(b), (f) of the GDPR

Legitimate interest (if applicable): Custome retention, improving our service  

Duration of storage: For processing the query 

b. Recipients of personal data 

Recipient category: Counsellors/law firm

Affected data: Personal master data/contact data/content of queries/complaint

Legitimate interest (if applicable): Processing customer queries and user complaints 

6. Organisation consulting in the context of implementing psychosocial risk assessments

The following information describes how we process your personal data when you undergo a psychosocial risk assessment at the Fürstenberg Institute.

a. Information on processing 

Category of data: Employee lists 

Purpose: Implementing the psychosocial risk assessment within the scope of quantitative surveys 

Legals basis: § 4 of the German Safety and Health at Work Act (ArbeiSchG)

Legitimate interest (if applicable): Sending e-mails to employees in companies, with a link to an employee survey

Duration of storage: Length of the project


Category of data: Participation lists for workshops

Purpose: Implementing the psychosocial risk assessment within the scope of quantitative surveys or steering committee meetings

Legals basis: See above

Duration of storage: See above

b. Recipients of personal data

Recipient category: Responsible office 

Affected data: All data stated under a. 

7. Sales and Customer Management

The following information describes how we process your personal data when you are interested in our services or when a customer relationship exists.

a. Information on processing 

Category of data: Personal master data, address data, contact data 

Purpose: Interested parties/acquisition: preparing an offer, arranging personal acquisition meetings

Legals basis: Art. 6(1)(a), (b) of the GDPR 

Legitimate interest (if applicable): The condition of the occurrence of a possible customer relationship

Duration of storage: For as long as an interactive exchange takes place, or provided there is no objection from the interested party


Category of data: Personal master data, address data, contact data 

Purpose: Existing customers: agreeing the starter package, customer concerns, complaints, contract creation and management, arranging appointments

Legals basis: Art. 6(1)(a), (b) of the GDPR 

Legitimate interest (if applicable): Voraussetzung zur Erfüllung des Vertrages, gute Kundenbetreuung bzw. Pflege Kundenbeziehung

Duration of storage: Duration of the customer relationship

b. Recipients of personal data 

Recipient category: KabelDruck (service provider for custom flyers)

Affected data: Address data, personal master data (name, title) 

Legal basis for the data transfer: Order processing (Article 28 of the GDPR) 

Legitimate interest (if applicable): Delivery of starter package (custom flyers)   

8. Tracking 

Below, we describe how your personal data is processed using tracking technologies to analyse and optimise our services as well as for promotional purposes.

The description of the tracking process also includes information on how you can contest or prevent data processing. Please note that any “opt out” decision regarding processing is generally saved in the form of cookies. If you use our services via a new end device or a different browser, or if you delete the cookies saved to your browser, you will have to opt out again. 

These tracking processes only process personal data in pseudonymised form. No connection is made with a specific, identified natural entity, i.e. the data is not combined with information about the person behind the pseudonym. 

a. Tracking to analyse and optimise our services and their use as well as measure the success of advertising campaigns and optimise the display of advertising

(1) Purposes of processing  

Analysing user behaviour using tracking lets us review the effectiveness of our services, optimise them and adapt them to suit user needs as well as rectify errors. Furthermore, it facilitates the establishing of key values regarding the use of our services (reach, usage intensity, user behaviour) in a statistical manner, based on uniform standard processes, providing us with comparable values across the market. 

Tracking to measure the success of advertising campaigns serves to optimise our advertising in the future and let advertisers also suitably optimise their advertisements. Tracking to optimise the display of advertising intends to show users advertising to suit their interests, increasing the success of advertising and therefore advertising income. 

(2) Legal basis of the processing

For services that explain the behaviour of affected parties on the internet and for the creation of user profiles, informed consent in the sense of the GDPR is required. 

(3) Individual tracking processes used 

Name of service: Google Analytics 

Function: Web analysis 

Possibility to opt out: tools.google.com/dlpage/gaoptout?hl=de

Data transfer outside the EU? No


Name of service: Google AdWords 

Function: Web analysis

Possibility to opt out: tools.google.com/dlpage/gaoptout?hl=de

Data transfer outside the EU? No


Name of service: Google Remarketing

Function: Marketing

Possibility to opt out: https://support.google.com/ads/answer/7395996?hl=de 

Data transfer outside the EU? No

If you would like to opt out of interest-based advertising, you can also go to http://www.youronlinechoices.com, click on ‘Preference Management’ and follow the instructions to prevent the use of data for interest-based advertising by all or a selection of the service providers listed there. You will continue to receive non-interest-based advertising. 


III. Rights of those affected (data subjects) 

1. Right to object 

If we process your personal data for direct marketing purposes, you have the right to object at any time, with future effect, to the processing of personal data concerning yourself for the purpose of such advertising.

You also have the right to object at any time, for reasons arising from your particular situation, with future effect, to the processing of personal data concerning yourself, which is carried out in accordance with Art. 6(1)(e) or (f) of the GDPR.

You can exercise your right to object free of charge. 

You can contact us using the contact details provided under I.2.  

2. Right to information  

You have the right to know whether we process personal data affecting you, what personal data this is, and other information in accordance with Art. 15 of the GDPR. 

3. Right of rectification

You have the right to demand that we correct incorrect personal data affecting you (Art. 16 of the GDPR). Taking the purpose of processing into account, you have the right to demand that incomplete personal data be completed – even in the form of a supplementary explanation. 

4. Right to erasure (“Right to be forgotten”)

You have the right to demand that we immediately delete all personal data affecting you immediately, insofar as one of the reasons in Art. 17(1) of the GDPR applies and processing is not necessary for one of the purposes outlined in Art. 17(3) of the GDPR. 

5. Right to restriction of processing 

You have the right to demand the limitation of the processing of your personal data if one of the requirements outlined in Art. 18(1)(a) to (d) of the GDPR applies.

6. Right to data portability 

You have the right to receive personal data affecting you as provided by you in a structured, standard machine-readable format. Furthermore, you have the right to transfer this data to another responsible authority without hindrance from us, or to have it transferred directly by us insofar as is technically possible. This should always be the case if data processing is based on consent or a contract and the data is processed automatically. This does not apply to data only received in paper form.

7. Right to withdraw consent

If processing is based on consent issued by you, you have the right to revoke your consent at any time. The lawfulness of any processing up to the point of revocation shall remain unaffected

8. Right to complain 

You have the right to complain to a supervisory body.   


IV. Glossary

Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 

Browser: Computer program for displaying websites (e.g. Chrome, Firefox, Safari) 

Cookies: In connection with the World Wide Web, a cookie describes a small text file that is stored locally on the user’s computer when visiting a website. This file stores data about the user’s behaviour. If the browser is called up and the corresponding website is visited repeatedly, the cookie is used and gives the web server information about the user’s surfing behaviour using the stored data. 

In this context, cookies are information that a website stores locally on the visitor's computer in a small text file. This can be settings already made by the user on a page, but also information that the website has collected completely independently from the user. Later, these locally stored text files can be read out again by the same web server from which they were created. Most browsers automatically accept cookies. You can manage cookies using the browser functions (usually under "Options" or "Settings"). As a result, the storage of cookies can be deactivated, made dependent on your consent in individual cases or otherwise restricted. You can also delete cookies at any time. 

Non-member countries: Countries that are not bound to the legal requirements of the EU Data Protection Directive (countries outside the EEA) 

Personal data: Any information relating to an identified or identifiable natural person. Identifiable refers to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. 

Pixels: Pixels are also called tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML e-mails or on web pages. When a document is opened, this small image is loaded from a server on the Internet, where the downloading is recorded. This allows the server operator to see if and when an e-mail has been opened or a website visited. This function is usually implemented by calling up a small program (Javascript). This allows certain types of information on your computer system to be recognized and passed on, such as the content of cookies, the time and date of page accesses, and a description of the page on which the tracking pixel is located. 

Profiling: Any form of automated processing of personal data consisting of the use of that personal data to evaluate certain personal aspects related to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 

Services: Our services to which this privacy policy applies (see Scope). 

Tracking: The collection of data and its evaluation regarding the behaviour of visitors to our services. 

Tracking technologies: Tracking may be done through the activity logs (log files) stored on our web servers or through data collection from your device via pixels, cookies and similar tracking technologies. 

Processing: Any operation or set of operations that is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or any other form of provision, alignment or combination, restriction, erasure or destruction. 


Search

Login

Exclusive section for our customers

As an exclusive service for our customers, we offer you a special selection of further information and material for download. Please log in using your user name and current password.

This content is password protected.

Problems finding the log-in data? Click here.

Contact

ContactLayer Image