PRIVACY POLICY

Version of 15.02.2021

Thank you for visiting our website and for your interest in our services. We would like you to enjoy your visit to our website and not have to worry about the confidentiality of your data. We are very committed to data protection and consider transparency in the handling of your data to be highly important. Accordingly we wish to inform you about what data we collect, the purposes for which we do this and how you can exercise control over your data at any time.

1. Data controller

The data controller within the meaning of the law governing the processing of personal data is:

Woodmark Consulting AG
Am Hochacker 4
85630 Grasbrunn/Munich

2. Categories of data, purpose and legal basis of the processing

You can of course visit our website without providing any personal information. You can access our privacy policy via the link at the bottom of each page.

We only use your personal data when you visit our website to operate and optimise our website. For this purpose the IP address, various technical data of the end device (e.g. operating system, browser used, etc.) as well as data on the use of our website are collected. We do not store this data beyond the legal retention periods or the fulfilment of the intended purpose. Processing of this data is necessary to ensure the operation of the website. If you do not agree to this processing, we will not be able to provide you with our online services. We evaluate this information statistically in order to make the use of our website even more convenient for all visitors. It is not linked to any personal data already stored by us. The data collected in the course of your use of the website will be deleted after 14 months at the latest. In individual cases the storage of data may be extended in order to enforce legal claims, to defend against any legal claims or due to statutory obligations.

The processing of personal data for the purpose of operating the website as well as network and information security is based on Art. 6 Para. 1 S. 1 lit. f GDPR. There is no legal or contractual obligation on your part to provide data in the context of using our website. However, it is not possible to operate the website or respond to your enquiries without processing your data.

3. Data recipients

Your data will not be disclosed to third parties unless there is a legal obligation to disclose the data. Processing is carried out on the basis of Art. 6 Para. 1 lit. c) GDPR and in connection with the specific order or legal obligation to which we are subject in the individual case. In accordance with Art. 6 Para. 1 lit. c) GDPR, personal data may be processed if the processing is necessary for compliance with a legal obligation to which the controller is subject. Categories of recipients of the data are public bodies in the case of a legal obligation and contract processors who process the data collected online on our behalf, as well as joint controllers with us. The processors involved are:

Haufe-Lexware GmbH & Co. KG
Sendinblue GmbH (Newsletter2Go)
Hootsuite Inc.
GoToWebinar / LogmeIn, Inc.

The joint data controller with us in the case of webinars and workshops is:
Tableau Software, LLC

4. Contact form

When you fill out the contact form, you provide us with personal data. We may collect the following types of data: company, name, job title, email address or phone number and information for the purpose of providing you with an individual offer. We only use this data to respond to your specific enquiry or request and to provide you with information. In order to protect your data we use a recognised encryption process when it is transmitted to us. We will retain your personal data for the period necessary to fulfil the purposes described in this information. Statutory retention periods remain unaffected.

The legal basis for the processing is Art. 6 Para. 1 S. 1 lit a GDPR, and in the case of pre-contractual measures Art. 6 Para. 1 S. 1 lit b GDPR. Submitting the form constitutes your consent to the processing of your data.

5. Newsletter

If you would like to receive the newsletter offered on the website, we require an email address, the name of your company, as well as other information that allows us to verify that you are the owner of the email address provided and that you agree to receive the newsletter. Further data is not collected or only collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.  

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.  

The data you have provided us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be blocked after you unsubscribe. After expiry of the legal retention period of three years (normal statute of limitations), this data will be deleted. Data that has been stored by us for other purposes remains unaffected by this. 

6. Distribution of the newsletter by Sendinblue GmbH

Newsletters are sent by Sendinblue GmbH (formerly Newsletter2Go), Köpenicker Str. 126, 10179 Berlin. Sendinblue is a service with which the distribution of newsletters can be organised and analysed. The data you enter for the purpose of receiving newsletters (e.g. email address) is stored on Sendinblue's servers in Germany. The newsletters we send with Sendinblue enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients have opened the newsletter message and how often which link in the newsletter was clicked. With the help of so-called conversion tracking it can also be analysed whether a predefined action (e.g. purchase of a product on our website) has taken place after the link in the newsletter has been clicked.

For more information on Sendinblue's data analysis, please see: https://help.sendinblue.com/hc/de/articles/360006093519-Konfigurieren-von-Konversionen-zur-Messung-Ihres-E-Mail-Marketing-ROIs?rtype=n2go

If you do not wish any analysis by Sendinblue you must object to being sent the newsletter. An informal letter/email to us is sufficient for this purpose.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from the Sendinblue servers after you unsubscribe from the newsletter. After expiry of the legal retention period of three years (normal statute of limitations), this data will be deleted. Data that has been stored by us for other purposes remains unaffected by this.  
For more details, please refer to the privacy policy of Sendinblue at: https://de.sendinblue.com/legal/privacypolicy/

7. Video library

If you have missed one of our webinars, you can view a recording of it in our video library. For this purpose we collect the following personal data from you: email address, name, company, job title and telephone number. We store your personal data in our customer database.

The legal basis of the processing is the fulfilment of a contract in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. When you register for the video library, a contract is concluded between you and Woodmark Consulting AG.

We will also use your email address to send you our newsletter. The legal basis is our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. You can object to being sent our newsletter at any time and with effect for the future without incurring any costs other than the transmission costs at the basic rates. An informal letter/email to us is sufficient for this purpose.

We will retain your personal data for the period necessary to fulfil the purposes described in this information.

If you register with our technology partner Tableau Software in order to view the recording of a shared webinar, we will pass your data on to Tableau, i.e. your personal data is stored on Tableau's servers in the USA, among other places.

Tableau Software is a joint data controller with us. We have concluded a joint-controllership agreement with Tableau. The legal basis for the transfer of your personal data to the USA is the fulfilment of a contract in accordance with Art. 49 Para. 1 S. 1 lit. b GDPR. We will retain your personal data for the period necessary to fulfil the purposes described in this information.

8. Registration for webinars

On our website you have the opportunity to register for one of our webinars. For this purpose we collect the following personal data from you: email address, name, company, job title and telephone number. We store your personal data in our customer database and for 30 days in our content management system Contao. The webinar is processed by our contract processor GoToWebinar / LogMeIn, Inc. In this process, your personal data may be transferred to the USA.

The legal basis of the processing is the fulfilment of the contract that comes into being between you and Woodmark Consulting AG when you register for the webinar (Art. 6 Para. 1 S. 1 lit. b GDPR).

We will also use your email address to send you our newsletter. The legal basis is our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. You can object to being sent our newsletter at any time and with effect for the future without incurring any costs other than the transmission costs at the basic rates. An informal letter/email to us is sufficient for this purpose.

The webinar is processed by our contract processor GoToWebinar / LogMeIn, Inc. Your personal data may be transferred to the USA in the process.

If you register for a shared webinar with our technology partner Tableau Software we pass your data on to Tableau, i.e. your personal data is stored on Tableau's servers in the USA, among other places.

Tableau Software is a joint data controller with us. We have concluded a joint-controllership agreement with Tableau. The legal basis for the transfer of your personal data to the USA is the fulfilment of a contract in accordance with Art. 49 Para. 1 S. 1 lit. b GDPR.

We will retain your personal data for the period necessary to fulfil the purposes described in this information.

9. Applications

If you are interested in a vacancy and fill out the application form, we collect the following personal data, among others: name, address, email address, telephone number and the data that you send us with your application documents (e.g. references, CV, etc.). You will be required to enter a password as part of your application. With this password and your email address you can log into our application portal and track the status of your application(s).

We will only use your personal data as part of the application process for the purpose of selecting a suitable employee. For this purpose the data you have submitted to us will be recorded and processed in our email and HR systems.

The data processing is based on Art. 88 GDPR and Section 26 Para. 1 of the Federal Data Protection Act (BDSG). We store this data for up to 3 months after the end of the application process. After that, the data will be deleted. If you give us your consent to include you in our talent pool, we store the data for 24 months. The storage of data may be extended in individual cases to enforce legal claims, to defend against any legal claims or due to legal obligations.

In accordance with Art. 13 Para. 2 e) GDPR there is no legal or contractual obligation on your part to provide data as part of the application. However, we may refuse to consider your application due to incomplete information. In this case, we will inform you and delete your data.

Your data will not be disclosed to third parties unless there is a legal obligation to disclose it. This processing is based on Art. 6 Para. 1 S. 1 lit. c GDPR and in connection with the respective order or legal obligation to which we are subject in the individual case. Categories of recipients of the data are public bodies in the event of a legal obligation, HR managers and decision-makers in our company and contract processors who process your applicant data on our behalf. The contract processor involved is Haufe Lexware GmbH & Co. KG.

10. Data processing at trade fairs and events

When you visit one of our trade fair stands our sales staff will collect details of conversations and contacts. This is used to initiate a business relationship on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR. The trade fair records are digitised and stored in our CRM system.
We will also use your email address to send you our newsletter. The legal basis is our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. You can object to being sent the newsletter at any time and with effect for the future, without incurring any costs other than the transmission costs at the basic rates. An informal letter/email to us is sufficient for this purpose.

11. Cookies

On our website we use session cookies. We would like to briefly explain the purpose of these cookies below. Cookies are short texts that we store on your computer. Cookies do not execute any commands on your computer, so they do not pose a security risk.

Session cookies store certain information while you browse our website and are not permanently stored, but deleted again when you leave our website.
Session cookies are used on the basis of Art. 6 Para. 1 f) GDPR. The operation of the website is in the legitimate interest of the data controller.

You can determine the handling of cookies in your browser yourself, you can even reject cookies altogether or configure your browser so that cookies are deleted regularly. You will find sufficient information on this on the Internet.

12. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses "cookies", which are text files placed on your computer to help the website analyse how users use the site. You can find out more about how Google uses this data here: https://policies.google.com/technologies/partner-sites?hl=de

The transfer of data to the USA takes place on the basis of the standard contractual clauses that we have concluded with Google.
Google Analytics is only used if you have given your consent. The legal basis is Art. 6 Para. 1 S. 1 lit. a GDPR.

13. Google Maps

This site uses an API to access the map service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.  

For the purpose of using Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The transfer of data to the USA takes place on the basis of the standard contractual clauses that we have concluded with Google. You can find out more about how Google uses this data here: https://policies.google.com/technologies/partner-sites.

Google Maps is only used if you consent to its use. The legal basis is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a) GDPR.

You can find more information on the treatment of user data in Google's privacy policy:
https://www.google.de/intl/de/policies/privacy/. 

14. Our social media presence

Plug-ins: Our website uses the plug-ins and functions of the social networks Facebook, Twitter, Xing, LinkedIn, Youtube (Google) and Vimeo.

These services are operated by

  • Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,
  • Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (Facebook and Instagram),
  • Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA,
  • Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany,
  • LinkedIn Ireland Limited Company, Wilton Place, Dublin 2, Ireland,
  • Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA,
  • and Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.

You will find an overview of the Facebook plug-ins and their appearance here: 
https://developers.facebook.com/docs/plugins  

If you access Internet pages of our website that are provided with such a plug-in, your browser establishes a direct connection to the servers of Facebook/Twitter/Xing/LinkedIn/Google/Vimeo. The content of the plug-ins is transmitted directly to your browser by the relevant provider and integrated into the page. Through the integration of the plug-ins the relevant provider receives the information that your browser has accessed the corresponding page of our website, even if you don't have a profile or are not currently logged in. This information (including your IP address) is transmitted from your browser directly to a server of the relevant provider (e.g. in the USA, Ireland, Germany) and stored there.

If you are logged in to the particular service, the provider in question can directly assign your visit to our website to your profile. If you interact with the plug-ins, for example by clicking the "Like" button, using the re-tweet function, etc., the corresponding information is also transmitted directly to a server of the relevant provider and stored there. The information is also published on the relevant social media network and displayed there to your contacts or other visitors.  

For the purpose and scope of the data collection and the further processing and use of the data by the providers, as well as your rights in this regard and setting options for protecting your privacy, please refer to the privacy policies of

Facebook: http://www.facebook.com/policy.php  
Twitter: http://twitter.com/privacy
Google: https://www.google.de/intl/de/policies/privacy
Xing: https://privacy.xing.com/de/datenschutzerklaerung    
LinkedIn: https://www.linkedin.com/legal/privacy-policy   
Vimeo: https://vimeo.com/privacy

The legal basis for the transfer of your data is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

Facebook and Instagram profile

We have a profile on Facebook and Instagram. The provider is Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA.

The legal basis for the processing is Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest is the target group-specific design of our posts. We receive aggregated data from Facebook that does not allow us to identify individuals.  

We have concluded an agreement with Facebook on joint controllership for the processing of data (Controller Addendum). This agreement sets out which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. Under the GDPR Facebook Ireland assumes primary responsibility for the processing of Insights data. You can view this agreement at the following link:   
https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in:  
https://www.facebook.com/settings?tab=ads

For details please refer to Facebook's privacy policy:  
https://www.facebook.com/about/privacy/

Twitter profile

We use a Twitter account provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. 
To adjust your settings for advertising activities in your profile on Twitter, please use this link: https://twitter.com/personalization
You can find Twitter's privacy policy here: https://twitter.com/de/privacy

Xing and LinkedIn profile

We use a Xing account provided by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany. You can find the Xing privacy policy here: https://privacy.xing.com/de/datenschutzerklaerung     

We use a LinkedIn account provided by the operator LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. In order to adjust your settings for advertising activities in your profile on LinkedIn, please use this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out    
You can find the LinkedIn privacy policy here: https://www.linkedin.com/legal/privacy-policy    

Youtube

We use a YouTube channel provided by the operator Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information on YouTube's official privacy policy can be found here: http://www.youtube.com/t/privacy_at_youtube     
To embed videos we use the so-called "extended data protection mode" of the provider YouTube. The operator of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Vimeo

We use a Vimeo account provided by the operator Vimeo Inc, 555 West 18th Street New York, New York 10011, USA.
When you visit a page on which a Vimeo video is embedded, your IP address and various technical data of your terminal device such as the operating system and browser used, etc. are stored by Vimeo on servers in the USA.The legal basis for the processing of your data is your consent according to Art. 6 Para. 1 S. 1 lit. a GDPR. You can find more information on data processing by Vimeo at: https://vimeo.com/privacy

15. Social media management software

To manage our social media profiles we use the social media management software Hootsuite, Hootsuite Inc. ,5 East 8th Avenue, Vancouver, V5T 1R6, Canada. Hootsuite is a service that allows us to manage our social media profiles and, for example, prepare, schedule, publish, like and share posts. We have entered into a contract processing agreement with Hootsuite. The EU Commission has issued an adequacy decision for Canada. More information on data processing by Hootsuite can be found at: https://hootsuite.com/de/legal/privacy

16. Your rights in relation to the processing of your personal data

With regard to the processing of personal data, you have various rights, which we would like to inform you about below. You can also find details of your rights in Articles 15 to 21 GDPR and Sections 32 to 37 of the German Federal Data Protection Act ("BDSG").

You have the right to receive information about your personal data. You can also require the correction of incorrect data.

In addition, under certain conditions you have the right to the deletion of your data, the right to restriction of the data processing and the right to data portability. You may object to processing on the basis of Art. 6 Para. 1 lit f) GDPR, as well as to any profiling in accordance with Art. 21 GDPR. Consents that you have given in the context of website use can be revoked informally and without giving reasons at any time with effect for the future.

You can assert all of the above rights in accordance with Articles 15 to 21 GDPR informally towards the data controller by email or post.

You also have the right to complain to the competent data protection supervisory authority if you believe that the processing of your data is unlawful. You can find a list of data protection supervisory authorities and their contact details at:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If you have any questions regarding data protection, please feel free to contact our data protection officer at dsgvo@woodmark.de.


Privacy policy for Facebook

Welcome to our Facebook page. We are very committed to data protection and consider transparency in the handling of your data to be highly important. For this reason we would like to inform you accordingly.

There is an agreement between Facebook and us as joint data controllers in accordance with Art. 26 GDPR. You can access this agreement under the following link. This agreement stipulates that Facebook itself assumes all data protection obligations in connection with Page Insights.

1. Name and address of the data controllers

The persons jointly responsible for the operation of this Facebook page are:

a)
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

You can reach the Facebook data protection officer via the following form: www.facebook.com/help/contact/540977946302970.

and

b)
Woodmark Consulting AG
Am Hochacker 4
85630 Grasbrunn/Munich

You can contact our data protection officer at dsgvo@woodmark.de

2. Categories of data, purpose and legal basis of the processing

With regard to the data processing by Facebook, we refer to its privacy policy at https://de-de.facebook.com/policy.php - also see: https://www.facebook.com/privacy/explanation

Below we explain the data processing operations we carry out.

a. Statistical data

Statistical data of different categories are available to us via the so-called "Insights" of the Facebook page. (https://www.facebook.com/business/a/page/page-insights)

These statistics are generated and provided by Facebook. As the operator of the site we have no influence on the generation and display of these statistics. We cannot disable this function or prevent the generation and processing of the data. For a selectable period of time as well as for the categories of fans, subscribers, persons reached and persons interacting, the following data is provided to us by Facebook in relation to our Facebook: total number of page views, "Like" information, page activity,post interactions, coverage, video views, post reach, comments, shared content, replies, proportion of men and women, country and city of origin, language, shop views and clicks,

clicks on route planners, clicks on telephone numbers. Data on the Facebook groups linked to our Facebook page is also provided in this way. Due to the constant development of Facebook, the availability and processing of the data changes, so that we refer to the above-mentioned Facebook privacy policy for further details.

The processing of personal data is based on Art. 6 Para. 1 f) GDPR. Our legitimate interest is to make our posts and activities on our Facebook page more attractive to users. For example, we use the distributions according to age and gender for customised addressing and the preferred visiting times of users for optimised scheduling of our posts. Information about the type of end devices used by visitors helps us to adapt the visual design of the posts accordingly.

b. Interaction with our account

It is also possible for you to interact with our account. You can do this, for example, by marking a post with "Like", sharing or commenting on it, or by writing to us directly.

When you interact with us there is usually inevitably some data processing by us, as this allows us to see your account and thus gives us access to personal data about you, such as your username, your profile picture or the date or time of the interaction. In accordance with the Facebook terms of use, which each user has agreed to as part of creating a Facebook profile, we may identify subscribers and fans of the site and view their profiles and other information shared by them.

In this context the data collected is information that is only made available to us through an interaction by you with our profile. The processing of personal data is therefore based on Art. 6 Para. 1 b) GDPR.

3. Data recipients

We would like to point out that Facebook may pass on your data to third parties. However, we have no influence on this. You can find more details on this in Facebook's privacy policy:www.facebook.com/privacy/explanation

We do not disclose your data unless we are under a legal obligation to do so. Such transfer is made on the basis of Article 6 Para. 1 c) GDPR and in connection with the respective order or legal obligation to which we are subject in the individual case. Categories of recipients of the data are public bodies in the event of a legal obligation and contract processors who process the data collected online on our behalf, such as web hosts and designers, providers of analytics services, etc.

4. Storage period and deletion

Information on data storage by Facebook can be found in its privacy policy:www.facebook.com/privacy/explanation.

We store all personal data that you transmit to us only for as long as it is needed to fulfil the purposes for which this data was transmitted or as long as this is required by law. On fulfilment of the purpose and/or expiry of the statutory storage periods, the data will be deleted or blocked by us.

5. Rights of the data subject

With regard to the processing of personal data, you have various rights, which we would like to inform you about below. You can also find details of your rights in Articles 15 to 21 GDPR and Sections 32 to 37 of the German Federal Data Protection Act ("BDSG").

You have the right to receive information about your personal data. You can also request the correction of incorrect data.

In addition, under certain conditions you have the right to delete data, the right to restrict data processing and the right to data portability. You may object to processing on the basis of Art. 6 Para. 1 lit f) GDPR, as well as to any profiling in accordance with Art. 21 GDPR. Consents that you have given in the context of website use can be revoked informally and without giving reasons at any time with effect for the future.  

You can assert all of the above rights in accordance with Articles 15 to 21 GDPR informally towards the data controller by email or post.

You also have the right to complain to the competent data protection supervisory authority if you consider that the processing of your data is unlawful. You can find a list of data protection supervisory authorities and their contact details at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

If the processing is carried out by Facebook, you can also contact Facebook directly. This is especially the case if the processing is within the scope of Page Insights. You can contact Facebook using the following form:

https://www.facebook.com/help/contact/2061665240770586.

By post the following address can be used:

Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland

Alternatively, you can of course also contact us and we will forward your request in accordance with our agreement with Facebook in accordance with Art. 26 GDPR.